A trust-based Approach to Control

Privacy Exposure in Ubiquitous

Computing Environments

By: Tesfaye Z.
email: tesfuzewduab@gmail.com
Bahirdar/Ethiopia
Executive Summery
• A tradeoff exists in these systems: the more sources of
data and the higher fidelity in those sources which can
improve people’s decision, the more privacy reduction.
• there is generally no a priori trust relationship
• we first show how trust evaluation process of the user’s
system can be based on previous interactions and peer
recommendations.
• A solution then relied on trust to control privacy disclosure
is proposed that depends on pre-defined privacy policy.
Background
• Defined as 'present everywhere’
• is also described as Pervasive Computing;
• appear everywhere and anywhere in contrast to that of
desktop computing
• Ubiquitous Computing devices are tiny, invisible
microprocessors embedded in any type of objects like
clothes,home,cars,watches etc.,
• How it differ from traditional computing?
Limited BW and Geographical positions will changes
Introductions
 Manage information quickly, efficiently
 Removes complexity of new technologies.
 Convenient access

 High Security risk

i.e. exposure personal informatios
 Vulnerability
Proposed solutions
• 1. trust evaluations of user’s system
• i. Based on previous interactions
• ii. Based on peer recommendations
• To calculate trust value
• Trust estimations
a. trusted
b. public
c. distrusted
• 2. control privacy based on predefined policy
• Apply pre-defined trust-based privacy policies.
A Ubiquitous Environment Scenario

Smart home:
Consider the following

1. All things done

automatically and
timely
2. Location sensors
3. Humidity sensors
4. All equipment's are
connected to central
servers
• Now Assume You are in the office
1. servers get a service request (Ri) which needs
to know your current location and activity
• 2. based on IP and Name server =>request from your Kid
and answer them your locations
• 3. Ri from unfamiliar =>shouldn't reply
• 4. Ri from secretary
• How would the system distinguish and evaluate different
Ri coming to it?

•
Methodology
• Traditional authentication and access control are effective
only where the system knows
which users are going to access and
what their access rights are.
Drawback: not flexible
Solutions: decision to should rely on some kind of
trust developed with past interactions.
• There are two different stages in our solution:
• i) we estimate the trust value for each request coming
from an entity;
• ii) we exploit the trust based privacy policy to make
decision how much private data should release to the
guest.
Approach
• Trust?
• A trust B=>B does something which A expects
• A not trust B=> the result is not what A expects
• With Privacy, it involves the handling and protection of
sensitive personal information.
• TP,Q ( trust of P on Q)=>TP,Q∈ [0,100]
• P completely trusts Q if TP,Q = 100 and completely
distrusts Q if TP,Q = 0.
Trust Evaluation
• system P to evaluate the trust value of any principal Q is
as follows:[servers receive a request Q which wishes to
get user’s personal current activity]
• 1. examine the query: request comes from a common
source or not
• 2. If it is from a familiar starting point, the servers will
transfer the query to the trust calculation module.
• 3.
Time-Based Past Interaction History
• past interaction history is usually recorded in log files
• successful and unsuccessful interactions between Q andP
established on the past behaviors
• unsuccessful interaction [UIt] => principal did not get the
outcome as it expected.
• Successful interaction [SIt] => expected outcome.
• The trust value of Q as calculated by a system P

Where A,α and β

• adjustable positive numbers
shown in above Figure with α = 1, β = 2, and A = 1,SIt=23 and Uit=9:

TPQ = 70

For second, SIt=28 and Uit=9

TPQ = 76
Peer Recommendation
• required when the system has no or not enough
information about a principal.
• If there exists certain peer having more interactions with
this principal, his suggestion should be likely logical
and important for assessing the trust value.
•