Privacy-Aware Smart Buildings: Ensuring Privacy Policies and Preferences

Smart buildings equipped with IoT technology raise concerns about privacy. This research explores capturing, communicating, and enforcing privacy policies and preferences in smart buildings, addressing issues like data collection, user preferences, and policy enforcement based on FTC and OECD guidelines and relevant studies.

• Privacy
• Smart Buildings
• IoT
• Data Privacy
• Policy Enforcement

lago_nea Follow

Uploaded on Sep 08, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences Primal Pappachan, Martin Degeling, Roberto Yus, Anupam Das, Sruti Bhagavatula, William Melicher, Pardis Emami Naeini, Shikun Zhang, Lujo Bauer, Alfred Kobsa, Sharad Mehrotra, Norman Sadeh, and Nalini Venkatasubramanian Research sponsored by DARPA under agreement number FA8750-16-2-0021 1

2. IoT is Making our Spaces Smarter Smart Spaces: Cyber-physical systems that are used to manage buildings and services provided in that environment Services such as Lighting Heating, ventilating, and air conditioning Security, access, and surveillance Fire and seismic safety 2 Special needs

3. Example of a Smart Building at UCI Raw Data (SNMP trap) 2016-01-15 17:38:07.463623 | DISMAN-EVENT- MIB::sysUpTimeInstance = Timeticks: (167664600) 19 days, 9:44:06.00 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.14179.2.6.3.53 SNMPv2-SMI::enterprises.14179.2.6.2.35.0 = Hex- STRING: 00 19 A9 55 CE B0 NMPv2- SMI::enterprises.14179.2.6.2.36.0 = INTEGER: 1 SNMPv2-SMI::enterprises.14179.2.6.2.43.0 = IpAddress: 169.234.57.122 Applications Donald Bren Hall at UCI Wi-Fi Access Points Surveillance Cameras BLE Beacons Power Outlet / Energy Meters Temperature/HVAC sensors Semantic Observations Presence Info: Sam is present in Room 2065 or 2089 area at time 2016-01-15 17:38:07.463623 3

4. Ebb (of Privacy) and Flow (of Data) Action Execution/ Adaptation Detected events may lead to actions data sharing, device actuations. Privacy preserving Actuation/control Event Detection/ Analysis Sensors data used to detect events of interest to applications. Privacy preserving analysis Privacy preserving collection Sensing/Observation Diverse sensors used to track objects, entities, envts. 4 Physical World

5. Smartness at the Cost of Privacy? Sensor data, events can be used to detect type of users and events E.g. Berenguer et. al., Lisovich et. al., Eagle and Pentland et. al Privacy Leakage from TIPPERS WiFi data analysis People Classification How Tardy are Faculty to their Classes Time in minutes Even simple classifiers perform well 5

6. Our Approach in a Nutshell Communicate data collection and usage practices broadcast in the space Capture user privacy preferences with help of privacy assistants Enforce enforces user preferences while ensuring building policies 6 Bases on guidelines by FTC, OECD and studies by Langheinrich et. al., Sadeh et. al.

7. Steps Towards Making Smart Spaces Privacy- Aware 7

8. IoT Resource Registries (IRR) Web app to register privacy policies of IoT resources and services Creates a machine-readable privacy policy which can be used by the IoTA 8

9. IoT Assistant (IoTA) Discovers local IRRs (via nearby bluetooth beacons or using mobile device s location sensors) Displays resources and services to the user, provides download links for apps Displays privacy policies for resources, provides controls for resources permissions 9

10. Privacy-Aware Data Management System (TIPPERS) IoT data management & middleware technology to empower applications to be built on top of sensor data. Supports collection, storage, management, querying, analysis Supports Semantic View of IoT Space Provides mechanisms for specification and real-time enforcement of privacy policies. 10

11. Interactions in a Privacy-Aware Smart Space 1 2 3 11

12. Interactions in a Privacy-Aware Smart Space 4 12

13. Interactions in a Privacy-Aware Smart Space 5 6 13

14. Interactions in a Privacy-Aware Smart Space 8 7 14

15. Interactions in a Privacy-Aware Smart Space 9 10 15

16. Building Policies States requirements for data collection and management Related to the infrastructure of the building, specific sensors deployed in the building or events taking place inside the building. Examples A facility manager sets the thermostat temperature of occupied rooms to 70 F to match the average comfort level of users. Translated into sensor settings for enforcement (e.g., Policy gets translated into settings on motion sensors and HVAC) 16

17. User Preferences Representation of the user s expectation of how data pertaining to her should be managed by the pervasive space Examples Do not share the occupancy status of my office in after-hours. Service Preferences Allow Smart Concierge access to my fine grained location for directions 17

18. One Language to Interact with them all Express building policies and user preferences Enable interaction between IoTA, IRR and TIPPERS Models space, user and privacy related concepts Machine-readable 18

19. Space Building model Spatial Model Building Floor Room Corridor Floors, rooms, zones User Profile Users Student, faculty, ISG group Sensor Professor Student ISG Settings 19 19 Actuation parameters for a sensor Observation Sensors modelled using Haystack and Semantic Sensor Network (SSN) ontologies

20. Privacy practices model Context Additional information that can be modelled Location owner, Data collector, Policy authors Retention time Data collected Granularity e.g. WiFi AP Connection Level of anonymity of data Data inferred ... e.g. Location Purpose 20 e.g. Location tracking in Concierge

21. Language Schema Based on validatable JSON-Schema and REST API Example Policy: Policy related to WiFi data collection inside DBH Example Service Preference: Smart concierge service 21

22. 22

23. Conclusions Designed a template for future IoT Privacy-Aware Smart Spaces IoT Resource Registries to communicate space policies to users IoT Assistants give users better control over their information in Smart Spaces Privacy-Aware IoT Data Management Systems (TIPPERS) enforce user s privacy preferences First version of the language for interaction between 3 components First implementation of the framework at UCI and currently going deployment at CMU 23

24. Challenges and Ongoing Work Communicating Complete specification of Policy Language Learning user policies Specificity for automation vs generalizability for expressiveness Capturing Automating IRR Conflict resolution Enforcing 24 Mapping from higher level policies to sensor settings