Nilothpal Talukder

Privometer: Privacy protection in social networks

The increasing popularity of social networks, such as Facebook and Orkut, has raised several privacy concerns. Traditional ways of safeguarding privacy of personal information by hiding sensitive attributes are no longer adequate. Research shows that probabilistic classification techniques can effectively infer such private information. The disclosed sensitive information of friends, group affiliations and even participation in activities, such as tagging and commenting, are considered background knowledge in this process. In this paper, we present a privacy protection tool, called Privometer, that measures the amount of sensitive information leakage in a user profile and suggests self-sanitization actions to regulate the amount of leakage. In contrast to previous research, where inference techniques use publicly available profile information, we consider an augmented model where a potentially malicious application installed in the users friend profiles can access substantially more information. In our model, merely hiding the sensitive information is not sufficient to protect the user privacy. We present an implementation of Privometer in Facebook.

Design, analysis, and deployment of omnipresent Formal Trust Model (FTM) with trust bootstrapping for pervasive environments

The rapid decrease in the size of mobile devices, coupled with an increase in capability, has enabled a swift proliferation of small and very capable devices into our daily lives. With such a prevalence of pervasive computing, the interaction among portable devices needs to be continuous and invisible to device users. As these devices become better connected, collaboration among them will play a vital role in sharing resources in an ad-hoc manner. The sharing of resources works as a facilitator for pervasive devices. However, this ad hoc interaction among devices provides the potential for security breaches. Trust can fight against such security violations by restricting malicious nodes from participating in interactions. Therefore, we need a unified trust relationship model between entities, which captures both the needs of the traditional computing world and the world of pervasive computing where the continuum of trust is based on identity, physical context or a combination of both. Here, we present a context specific and reputation-based trust model along with a brief survey of trust models suitable for peer-to-peer and ad-hoc environments. This paper presents a multi-hop recommendation protocol and a flexible behavioral model to handle interactions. One other contribution of this paper is the integration of an initial trust model; this model categorizes services or contexts in different security levels based on their security needs, and these security needs are considered in trust bootstrapping. The other major contribution of this paper is a simple method of handling malicious recommendations. This paper also illustrates the implementation and evaluation of our proposed formal trust model.

Preventing multi-query attack in location-based services

Despite increasing popularity, Location-based Services (LBS) (e.g., searching nearby points-of-interest on map) on mobile handheld devices have been subject to major privacy concerns for users. The existing third-party privacy protection methods hide the exact location of users from service providers by sending cloaking regions (CR) that contain several other user locations in the vicinity. However, this has not ensured LBS full immunity from the privacy concerns. In this paper, we describe a serious privacy problem of LBS called multi-query attack. In this attack, the exact location of the service requester can be inferred by the adversary through obtaining cloaking regions that are shrunk or extended in subsequent queries. This problem can be addressed by judiciously retaining, over a period of time, the cloaking regions for the same set of users. Most methods in the literature are weakened for considering only a static snapshot of users during evaluation. Thus, any update due to user movements in real time becomes very costly. Our proposed approach, ANNC (Adaptive Nearest Neighborhood Cloaking) ,emphasizes developing disjoint sets of users dynamically over time in order to share the common CRs. The CRs are organized in balanced binary trees with restricted height. Thus ANNC achieves the balance between search efficiency and quality of cloaking with higher anonymity levels. The experimental evaluation demonstrates that ANNC will be more efficient in practice than other well-known approaches.

Usability of mobile computing technologies to assist cancer patients

Medical researchers are constantly looking for new methods for early detection and treatment of incurable diseases. Cancer can severely hinder the lives of patients if they are not constantly attended to. Cancer patients can be assisted with the aid of constant monitoring by a support group and a continual sense of self-awareness through monitoring, which can be enabled through pervasive technologies. As human life expectancy rises, incidents of cancer also increase, which most often affects the elderly. Cancer patients need continuous follow-up because of the state of their disease and the intensity of treatment. Patients have often restricted mobility, thus it is helpful to provide them access to their health status without the need to travel. There has been much effort towards wireless and internet based health care services, but they are not widely accepted due to the lack of reliability and usability. In this paper, we present a software called Wellness Monitor (WM). The purpose of WM is to utilize the portability and ubiquity of small handheld devices such as PDAs, cell phones, and wrist watches to ensure secured data availability, customized representation, and privacy of the data collected through small wearable sensors. WM explores how the social and psychological contexts that encompass the patients could be enhanced by utilizing the same technology, an aspect which is mostly unexplored. A further goal was to provide continuous psychological assistance.

Design and implementation of S-MARKS: A secure middleware for pervasive computing applications

As portable devices have become a part of our everyday life, more people are unknowingly participating in a pervasive computing environment. People engage with not a single device for a specific purpose but many devices interacting with each other in the course of ordinary activity. With such prevalence of pervasive technology, the interaction between portable devices needs to be continuous and imperceptible to device users. Pervasive computing requires a small, scalable and robust network which relies heavily on the middleware to resolve communication and security issues. In this paper, we present the design and implementation of S-MARKS which incorporates device validation, resource discovery and a privacy module.

Privacy Challenges in Context-sensitive Access Control for Pervasive Computing Environment

The widespread prevalence of pervasive devices and applications has raised the concerns of privacy. Granting Access to Resources and Context sensitive information causes information leakage through inference or obfuscation. Again, the open and dynamic collaborative environment of pervasive computing has rendered the traditional access control models like Role based models to be unfit. Even though Trust based models came to rescue in such circumstances, privacy is mostly compromised in the big picture. In this paper, we have drawn examples from pervasive computing environment and illustrated some scenarios of privacy violation. We have presented a trust based access control model for pervasive healthcare environment to prevent information leakage on accessing constraint information that yields privacy violation in the end. We have addressed information leak from three perspectives of constraint information satisfaction to grant access to the resources. They are satisfy any, satisfy all and hierarchical constraints. Furthermore, the model eliminates requirements for maintaining any keys or access rights certificates for privacy protection. This lightweight model helps ensure the resource constrained small pervasive devices like PDA, cell phones use the access control model effectively and efficiently with privacy of the individuals preserved in the first place.

FPCS: A Formal Approach for Privacy-Aware Context-Based Services

The emergence of new technologies and the proliferation of mobile and handheld devices have facilitated development of context-based services. Common examples include the location based services. However, the revelation of the context and static information gives rise to new and very complex privacy concerns in such services. In this paper, we propose a formal model to regulate the privacy level of information passed to the service provider without disrupting the quality of information required for service access. The framework takes on two forms based on the receiver of the request generalization task to a trusted party or local device. A formal attack model assumes different levels of knowledge by the attacker and demonstrates the relative concerns of static information over contexts.

Service sharing with trust in pervasive environment: now it's time to break the jinx

In such as a highly dynamic and open environment, it has become a challenge to deploy multiple context-sensitive services due to the unwillingness of service provider to share resources. This apprehension to share resources stems mainly from a lack of trust. Sometimes infrastructure plays pivotal role to solve this issue with dynamic access control to replace traditional static policies. But when it comes to effective resource sharing in an infrastructure-less environment we face problems such as poor storage and computational capability. In this paper, we have developed a lightweight and distributed trust model based on recommendation, which will guarantee that service providers can securely share an unlimited number of resources, limited only by their hardware and bandwidth limitations. The multi-hop recommendation protocol incorporates a flexible behavioral model to handle interactions during service sharing and usage. This protocol will also assess risk using recommendations from context-sensitive services, in the trust framework, to help ensure smooth access to resources and services.

Smart Tracker: Light Weight Infrastructure-less Assets Tracking solution for Ubiquitous Computing Environment

From container terminals, healthcare services, libraries to household, the role of Asset Tracking Applications has become indispensable. As the organizations grow, so do their volume of assets, soon it becomes very cumbersome to track these assets in real time and accurately prepare a financial report to avoid overbuys. Rapid development of Wireless Area Network and Radio Frequency transmitting active and passive devices like RFID tags have bolstered the deployment of Wireless Asset Tracking applications in all these disciplines. But apart from organizations where costly network infrastructures are in place to support such a reliable asset tracking task, the areas like ports, warehouses, truck stops, parks, mines, rescue spots still suffer from appropriate solutions that can cope with the adverse scenario of being devoid of infrastructure. Even high end Location Based Systems (LBS) like GPS are not scaled well in such situations. To meet these challenges, our approach presents a common platform that can locate different active and passive RF transmitting objects over the range of distances on small handheld devices. To effectively utilize the resources of the constrained handheld devices like PDA and cell phones, a light weight algorithm has been used. Our approach follows an extensible and modular architecture which offers applications from different platforms to customize and extend their functionalities. Smart Tracker has been implemented and evaluated with PDAs, RFID tags, WiFi sources for both indoor and outdoor applications.

A formal context specific trust model (FTM) for multimedia and ubiquitous computing environment

In order to ensure secure sharing of resources in an ad-hoc network of handheld devices in a multimedia and ubiquitous computing environment, mutual collaboration is essential. However, the limitations, such as poor storage and computational capability of these multimedia and ubiquitous devices stand as the bottleneck for effective sharing of resources. As a result of this drawback, the adversaries are obtaining access to the new doors for security breaches. Mutual Trust is the weapon used to combat security violations by restricting malicious devices from participating in any interaction in such an open and dynamic environment. In this paper, we present a context-specific and reputation-based trust model along with a brief survey and a comparative study of the existing trust models found in the literature. To the best of our knowledge, our model is the first formal trust model for multimedia and ubiquitous computing, which incorporates multi-hop recommendation capability and flexible behavioral model to handle interactions among devices. The other major contribution of this universal trust model is a simple protocol for circumventing malicious recommendations and handling them for achieving accuracy. This paper also illustrates the implementation and evaluation detailed of our proposed omnipresent formal trust model.