Skip to main content

Evaluating and Controlling Personal Privacy in Smart Environments

Researchers: Patrick Tague, Anthony Rowe

Research Area: Secure Home Computing

Abstract

Smart environments are created when typical occupied spaces are equipped with sensing and actuating features that allow the environment to customize itself according to the users' requirements or for the users to interact with the space in some way. A common example of a smart environment is a modern heating and cooling system that uses fine-grained sensing and actuation to control the temperature and humidity according to a specified schedule or in response to user behaviors. In this context, the smart environment is required to collect a significant amount of information about the building occupants, and a curious system administrator or malicious attacker could use this sensor data to extract personal information about the building occupants. As a specific example of this type of privacy threat, we have shown that occupancy data over time (periodic samples of the number of occupants in each room) are sufficient to expose the labeled location traces of individual users over the course of each day in the data set. Based on this threat model, we aim to develop context-aware privacy controls for the sensing and actuation systems that prescribe bounds on the granularity and quality of data collected in order to minimize the risk of privacy breach. This goal requires development of concrete metrics to evaluate the risks in a particular context and for a particular sensing configuration.

Outcomes: With initial seed funding from Google, we aim to develop a privacy-aware sensing system that minimizes the risk of personal privacy breach in smart environments by limiting the amount of data collected by the system.