| Pervasive computing envisions a world with ubiquitous computing and also makes the computing disappear. To achieve this, many pervasive applications that actually integrate into users'everyday life are needed. However, worries about the leaking of personal privacy become a great barrier for users enjoying pervasive services. Providing services that are capable of privacy protection is an important prerequisite for the widespread use of pervasive computing.A typical pervasive service can be divided into three sections in the perspective of the personal information flow:the acquisition of personal information, the operation of personal information and the distribution of personal information. There are threats of privacy leaking in all of the three sections. Privacy control delivered in the section of the acquisition of personal information is regarded as the way of the most effective, because firstly, it relieves the sensitivity of information in the source of personal data, in addition, the effects of this kind of way don't rely on the integrity and security of the service providers. There are several problems needs to be solved when protecting privacy in the section of information acquisition, such as how to achieve anonymity in the network layer, the protection of the privacy in authorization, the protection of context privacy, and so on. This dissertation focuses on context privacy and authorization privacy of the section of information acquisition. The specific issues and contributions are as follows:(1) Protection of location privacy in mobile environments. Location data is a kind of typical context data in Pervasive computing, and Location-Based Services (LBS) draw great attention in academic institutions as well as industrial institutions. Most of the traditional researches of location anonymity in LBS deal with snapshot queries, but not with continuous queries of moving user, which is highly probable in real life. The Moving-Pattern Attack (MPA), which utilizes the historical cloaking areas and the moving pattern of the user, is proposed to compromise the algorithms for snapshot. An algorithm exploiting the entropy-based anonymity measurement, Mclique, is presented, and also it's fast version, Fclique. Experiments show that they successfully survive MPA. In addition, although compare to Mclique, Fclique lose 1-3% of the success rate and 1-2% of the re-identifying rate, the average time spending on Fclique is only 25% of that on Mclique.(2) Anonymous authorization mechanism in Pervasive computing. Users suffer from identity exposure when commit authorization with a pervasive service. Thus, anonymous authorization mechanisms are needed. As trust management has done quite well in the distributed authorization area, a quantitative anonymous authorization mechanism based on the Role-Based Trust Management Language (RT) is proposed in this dissertation. It achieves anonymity to the authorizer by getting help from a right delegation role, which assists the searching of the credential chain. It's proved that the worst time complexity of anonymous authorization mechanism is the same with methods of normal authorization. Simulations show that by caching the results of member computing, the time spending on anonymous mechanism is merely 10-25% longer than on normal methods in relatively stable systems.(3) Trust management based on direct certifying. In the pervasive services, the sharing of credentials is an important part of authorization data flow. There is usually privacy-sensitive information in the credentials, such as authorization policies and delegation relationships. Centralized credential gathering and reasoning mechanisms are adopted in traditional trust management systems, leaving the privacy of credentials in high risk, and bearing a low efficiency in reasoning. A distributed credential reasoning mechanism based on direct certifying is proposed. In this mechanism, every node in the distributed system becomes a part of the reasoner, and is in charge of the certifying of certain subgoals. Thus, credentials need not to be widely distributed. The Heuristic Forward-Chaining Algorithm (HFCA) for the searching of delegation chain is proposed, which effectively ease the blindness in pure backward-chaining algorithms. Simulations demonstrate that HFCA gets a better performance in time spending than centralized reasoning and pure backward-chaining algorithm.
|
PDF Full Text Request