A Mutual P3P Methodology for Privacy Preserving Context-Aware Systems Development

프라이버시 보호 상황인식 시스템 개발을 위한 쌍방향 P3P 방법론

  • Published : 2008.03.31

Abstract

One of the big concerns in e-society is privacy issue. In special, in developing robust ubiquitous smart space and corresponding services, user profile and preference are collected by the service providers. Privacy issue would be more critical in context-aware services simply because most of the context data themselves are private information: user's current location, current schedule, friends nearby and even her/his health data. To realize the potential of ubiquitous smart space, the systems embedded in the space should corporate personal privacy preferences. When the users invoke a set of services, they are asked to allow the service providers or smart space to make use of personal information which is related to privacy concerns. For this reason, the users unhappily provide the personal information or even deny to get served. On the other side, service provider needs personal information as rich as possible with minimal personal information to discern royal and trustworthy customers and those who are not. It would be desirable to enlarge the allowable personal information complying with the service provider's request, whereas minimizing service provider's requiring personal information which is not allowed to be submitted and user's submitting information which is of no value to the service provider. In special, if any personal information required by the service provider is not allowed, service will not be provided to the user. P3P (Platform for Privacy Preferences) has been regarded as one of the promising alternatives to preserve the personal information in the course of electronic transactions. However, P3P mainly focuses on preserving the buyers' personal information. From time to time, the service provider's business data should be protected from the unintended usage from the buyers. Moreover, even though the user's privacy preference could depend on the context happened to the user, legacy P3P does not handle the contextual change of privacy preferences. Hence, the purpose of this paper is to propose a mutual P3P-based negotiation mechanism. To do so, service provider's privacy concern is considered as well as the users'. User's privacy policy on the service provider's information also should be informed to the service providers before the service begins. Second, privacy policy is contextually designed according to the user's current context because the nomadic user's privacy concern structure may be altered contextually. Hence, the methodology includes mutual privacy policy and personalization. Overall framework of the mechanism and new code of ethics is described in section 2. Pervasive platform for mutual P3P considers user type and context field, which involves current activity, location, social context, objects nearby and physical environments. Our mutual P3P includes the privacy preference not only for the buyers but also the sellers, that is, service providers. Negotiation methodology for mutual P3P is proposed in section 3. Based on the fact that privacy concern occurs when there are needs for information access and at the same time those for information hiding. Our mechanism was implemented based on an actual shopping mall to increase the feasibility of the idea proposed in this paper. A shopping service is assumed as a context-aware service, and data groups for the service are enumerated. The privacy policy for each data group is represented as APPEL format. To examine the performance of the example service, in section 4, simulation approach is adopted in this paper. For the simulation, five data elements are considered: $\cdot$ UserID $\cdot$ User preference $\cdot$ Phone number $\cdot$ Home address $\cdot$ Product information $\cdot$ Service profile. For the negotiation, reputation is selected as a strategic value. Then the following cases are compared: $\cdot$ Legacy P3P is considered $\cdot$ Mutual P3P is considered without strategic value $\cdot$ Mutual P3P is considered with strategic value. The simulation results show that mutual P3P outperforms legacy P3P. Moreover, we could conclude that when mutual P3P is considered with strategic value, performance was better than that of mutual P3P is considered without strategic value in terms of service safety.

Keywords

References

  1. Ackeman, M.S., "Privacy in pervasive environments: next generation labeling protocols," Personal and Ubiquitous Computing, Vol. 8 No. 6, 2004, pp. 430-439 https://doi.org/10.1007/s00779-004-0305-8
  2. Adams, C. and Katos, V., "Privacy challenges for location aware technologies," IFIP International Federation for Information Processing, Vol. 191, 2005, pp. 303-310 https://doi.org/10.1007/0-387-31166-1_22
  3. Agrawal, R., Kiernan, J., Srikant, R. and Xu, Y., "XPref: A preference language for P3P," Computer Networks, Vol. 48 No. 5, 2005, pp. 809-827 https://doi.org/10.1016/j.comnet.2005.01.004
  4. Berendt, B., Ganther, O. and Spiekermann, S., "Privacy in e-commerce: Stated preferences vs. actual behavior," Communications of the ACM, Vol. 48, No. 4, 2005, pp. 101-106
  5. Cranor, L., Langheinrich, M., Marchiori, M. and Reagle, J., "The platform for privacy preferences 1.0 (P3P1.0) specification," W3C Recommendation, HTML Version at www.w3.org/TR/P3P/, April 2002
  6. Culnan, M.J. and Bies, R.J., "Consumer privacy: Balancing economic and justice considerations," Journal of Social Issues, Vol. 59, No. 2, 2003, pp. 323-342 https://doi.org/10.1111/1540-4560.00067
  7. Duckham, M. and Kulik, L., "A formal model of obfuscation and negotiation for location privacy," Pervasive 2005, Munich, Germany, 2005, pp. 152-170
  8. Jutla, D.N., Bodorik, P. and Zhang, Y.J., "PeCAN: An architecture for users' privacy-aware electronic commerce contexts on the semantic web," Information Systems, Vol. 31, No. 4-5, 2006, pp. 295-320 https://doi.org/10.1016/j.is.2005.02.004
  9. Hogben, G., Jackson, T. and Wilikens, M., "A fully compliant research implementation of the P3P standard for privacy protection: Experiences and recommendations," Lecture Notes in Computer Science, Vol. 2502, 2002, pp. 104-125
  10. Kolari, P., Ding, L., Kagal, L., Ganjugunte, S., Joshi, A. and Finin, T., Enhancing P3P framework through policies and trust, UMBC Technical Report, TR-CS-04-13. September Vol. 9, 2004
  11. McBride, B., Wenning, R. and Cranor, L., "An rdf Schema for P3P," W3C Note, 25 January 2002
  12. Neustaedter, C. and Greenberg, S., "The design of a context-aware home media space for balancing privacy and awareness," Lecture Notes in Computer Science, Vol. 28, Vol. 64, 2003, pp. 297-314
  13. Price, B., Adam, K. and Nuseibeh, B., "Keeping ubiquitous computing to yourself: A practical model for user control of privacy," International Journal of Human- Computer Studies, Vol. 63, No. 1-2, 2005, pp. 228-253 https://doi.org/10.1016/j.ijhcs.2005.04.008
  14. Redell, D., Information technology and the privacy of the individual, Daft ACM Whitepaper on Computer and Privacy, September 1992
  15. W3C, http://www.w3.org/TandS/QL/QL98/pp/APPEL-QLW.html, 1998
  16. W3C, http://www.w3.org/TR/2002/WD-P3Ppreferences-20020415/, 2002