Personal Privacy in Ubiquitous Computing Computing Marc - - PDF document

▶

Dec 24, 2023 295 likes •536 views

Personal Privacy in Ubiquitous Computing March 11, 2008 Personal Privacy in Ubiquitous Computing Computing Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland Approaches to Ubicomp Privacy Disappearing Computer

SLIDE 1

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 1

Personal Privacy in Ubiquitous Computing Computing

Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland

Approaches to Ubicomp Privacy

Disappearing Computer Troubadour Project (10/02 - 05/03)

Promote Absence of Protection as User Empowerment

„ It's maybe about letting them find their own ways of cheating”

Make it Someone Elses Problem

„For [my colleague] it is more appropriate to think about [security

and privacy] issues. It’s not really the case in my case”

Insist that “Good Security” will Fix It

Personal Privacy in Ubiquitous Computing 2

y

„All you need is really good firewalls“

Conclude it is Incompatible with Ubiquitous Computing

„I think you can't think of privacy... it's impossible, because if I do it,

I have troubles with finding [a] Ubicomp future”

14 March 2008

Langheinrich: The DC‐Privacy Troubadour – Assessing Privacy Implications of DC‐Projects. Designing for Privacy WS. DC Tales Conf., 2003.

SLIDE 2

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 2

Today‘s Topics

Background: Ubicomp Privacy

What is privacy? How does ubiquitous computing affect it?

Privacy Infrastructure: PawS

Privacy beacons, privacy proxies, and privacy-aware

databases

Personal Privacy in Ubiquitous Computing 3

databases

Real-World Example: RFID

PawS-RFID: privacy protocols for transparency Shamir Tags: protection against unauthorized readouts

The Vision of Ubiquitous Computing

„The most profound technologies are those that disappear. They weave

Basic Motivation of Ubiquitous Computing

themselves into the fabric of everyday life until they are indistinguishable from it.“

Mark Weiser (1952 – 1999), XEROX PARC

Personal Privacy in Ubiquitous Computing 4

q p g

The computer as a tool for the everyday Integrating computers with intuitive user interfaces Things are aware of each other and the environment

14 March 2008

SLIDE 3

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 3

So what does this mean for personal privacy?

14 March 2008 Personal Privacy in Ubiquitous Computing 5

What is privacy anyway?

14 March 2008 Personal Privacy in Ubiquitous Computing 6

SLIDE 4

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 4

What is Privacy?

„The right to be let alone.“

Louis Brandeis, 1890 (Harvard Law Review)

„The desire of people to choose freely

under what circumstances and to what extent they will expose themselves,

Louis D. Brandeis, 1856 - 1941

14 March 2008 Personal Privacy in Ubiquitous Computing 7

y p , their attitude and their behavior to

thers.“

Alan Westin („Privacy And Freedom“, 1967)

Prof. Emeritus, Columbia University

Alan Westin

Why Privacy?

Privacy isn‘t just about keeping secrets – data exchange and transparency are key issues!

Reasons for Privacy

Free from Nuisance Intimacy Free to Decide for Oneself

Requirement for Democracy

g p y y

14 March 2008 Personal Privacy in Ubiquitous Computing 8

q y

Informational Self-Determination

German Federal Constitutional Court,

Census Decision 1983

„ …an essential requirement

essential requirement for a democratic society that is built on the participatory powers of its citizens.”

SLIDE 5

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 5

So what does this mean for personal privacy?

14 March 2008 Personal Privacy in Ubiquitous Computing 10

Ubicomp Privacy Implications

Data Collection

Scale (everywhere, anytime) Manner (inconspicuous, invisible) Motivation (context!)

Data Types

M.Langheinrich: Privacy by Design – Principles of Privacy‐Aware Ubiquitous Systems. Proc. of UbiComp’01. LNCS2201, Springer, 2001

Personal Privacy in Ubiquitous Computing 11

yp

Observational instead of factual data

Data Access

“The Internet of Things”

14 March 2008

SLIDE 6

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 6

How do we achieve privacy?

14 March 2008 Personal Privacy in Ubiquitous Computing 12

Privacy – Not Just a Recent Fad

Justices Of The Peace Act (England, 1361)

Sentences for Eavesdropping and Peeping Toms

„The poorest man may in his cottage bid defiance to all

the force of the crown. It may be frail; its roof may shake; … – but the king of England cannot enter; all his forces dare not cross the threshold of the ruined tenement“

14 March 2008 Personal Privacy in Ubiquitous Computing 13

dare not cross the threshold of the ruined tenement“

William Pitt the Elder (1708-1778)

1995 European Data Protection Directive 95/46/EC

Defined common European framework for national privacy laws

SLIDE 7

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 7

Basis: Fair Information Principles (FIP)

Drawn up by the OECD, 1980

“Organisation for economic cooperation and development” Voluntary guidelines for member states Goal: ease transborder flow of goods (and information!)

Five Principles (simplified)

Openness

Collection Limitation

Personal Privacy in Ubiquitous Computing 14

Core principles of modern privacy laws world-wide

Implication: Technical solutions must support FIP 1.

Openness

Data access and control

Data security

Collection Limitation

Data subject’s consent

14 March 2008

FIP Challenges in Ubicomp

1.

How to inform subjects about data collections?

2. How to provide access to stored data?
3. How to ensure confidentiality, integrity,

and authenticity (w/o alienating user)? y ( g )

4. How to minimize data collection?
5. How to obtain consent from data subjects?

14 March 2008 Personal Privacy in Ubiquitous Computing 15

M.Langheinrich: Privacy by Design – Principles of Privacy‐Aware Ubiquitous Systems. Proc. of UbiComp’01. LNCS2201, Springer, 2001

SLIDE 8

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 8

Basis: Transparency Protocols

Platform for Privacy Preferences Project (P3P)

Goal: Support automated decision-

making over Web privacy policies

Compare policies with personal preferences Log collection incidents for inspection and auditing

Machine-readable data collection /-usage policy

Who collects and/or processes the data? What information is collected? For what purpose is this data collected

Personal Privacy in Ubiquitous Computing 16

Cranor, Langheinrich, Marchiori, Reagle: The Platform for Privacy Preferences 1.0 Specification. W3C Recommendation, April 2002

Basis: Transparency Protocols

Platform for Privacy Preferences Project (P3P)

Goal: Support automated decision-

making over Web privacy policies

Compare policies with personal preferences Log collection incidents for inspection and auditing

Machine-readable data collection /-usage policy

image="http://www.PrivacySeal.org/Logo.gif"/> </DISPUTES-GROUP> <DISCLOSURE discuri="http://www.CoolCatalog.com/Practices.html" access="none"/> <STATEMENT> <CONSEQUENCE-GROUP> <CONSEQUENCE>a site with clothes you would appreciate</CONSEQUENCE> </CONSEQUENCE-GROUP> <RECIPIENT><ours/></RECIPIENT> <RETENTION><indefinitely/></RETENTION> <PURPOSE><custom/><develop/></PURPOSE> <DATA-GROUP> <DATA name="dynamic.cookies" category="state"/> <DATA name="dynamic.miscdata" category="preference"/> <DATA name="user.gender"/> <DATA name="user.home." optional="yes"/> </DATA GROUP> image="http://www.PrivacySeal.org/Logo.gif"/> </DISPUTES-GROUP> <DISCLOSURE discuri="http://www.CoolCatalog.com/Practices.html" access="none"/> <STATEMENT> <CONSEQUENCE-GROUP> <CONSEQUENCE>a site with clothes you would appreciate</CONSEQUENCE> </CONSEQUENCE-GROUP> <RECIPIENT><ours/></RECIPIENT> <RETENTION><indefinitely/></RETENTION> <PURPOSE><custom/><develop/></PURPOSE> <DATA-GROUP> <DATA name="dynamic.cookies" category="state"/> <DATA name="dynamic.miscdata" category="preference"/> <DATA name="user.gender"/> <DATA name="user.home." optional="yes"/> </DATA GROUP>

Who collects and/or processes the data? What information is collected? For what purpose is this data collected

Personal Privacy in Ubiquitous Computing 17

Cranor, Langheinrich, Marchiori, Reagle: The Platform for Privacy Preferences 1.0 Specification. W3C Recommendation, April 2002

</DATA-GROUP> </STATEMENT> <STATEMENT> <RECIPIENT><ours/></RECIPIENT> <PURPOSE><admin/><develop/></PURPOSE> <RETENTION><indefinitely/></RETENTION> <DATA-GROUP> <DATA name="dynamic.clickstream.server"/> <DATA name="dynamic.http.useragent"/> </DATA-GROUP> </STATEMENT> </POLICY> </DATA-GROUP> </STATEMENT> <STATEMENT> <RECIPIENT><ours/></RECIPIENT> <PURPOSE><admin/><develop/></PURPOSE> <RETENTION><indefinitely/></RETENTION> <DATA-GROUP> <DATA name="dynamic.clickstream.server"/> <DATA name="dynamic.http.useragent"/> </DATA-GROUP> </STATEMENT> </POLICY>

SLIDE 9

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 9

PawS – A Privacy Awareness System

Priv Privacy Pr acy Proxies ies Priv Privacy Beac acy Beacons

Priv Privacy DB acy DB

Personal Privacy in Ubiquitous Computing 18

M.Langheinrich: A Privacy Awareness System for Ubiquitous Computing Environments. Proc. of UbiComp‘02. LNCS2498, Springer, 2002

1. Privacy Beacons

Announce (Unobtrusive) Data Collections

“Protocol Beacons” integrated into communications protocol “Stand-alone Beacons” for video, audio, sensory data Detected by mobile „Privacy Assistant“ (e.g., wristwatch)

Describes Current/Potential Data Collection

Format: machine-readable privacy policy („P3P++”)

Personal Privacy in Ubiquitous Computing 19

P3P+ P3P++ + policy licy

p y p y („ 3 )

Extending it for Ubicomp-specific elements (e.g., sensor data)

PA (Privacy Assistant) Privacy Beacon

SLIDE 10

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 10

2. Privacy Proxies

Service Proxy Solicitates Consent (if Needed)

User proxy compares user preferences with privacy

policy of service provider

Central Access Point for Data Management

Supports updating and deleting data and contracts

Personal Privacy in Ubiquitous Computing 20

User Privacy Proxy Service Privacy Proxy Database

Internet

3. Privacy-Aware Database

All Data is Stored Together With Privacy (P3P) Policy

Data and policy (Metadata) form logical unit

Each Data Access Needs Usage Policy

Database compares allowed/announced and proposed usage Data with non-matching allowed usage is held back Each data access (who, why) is recorded (auditing)

Personal Privacy in Ubiquitous Computing 21

( , y) ( g)

Personal Data Individual Privacy Policy Usage Policy

SLIDE 11

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 11

PawS Example

Printer Proxy Camera Proxy User Privacy Proxy Privacy Beacon User Privacy Proxy

Privacy is compatible with Ubiquitous Computing – technical solutions can support FIP in Ubicomp

Personal Privacy in Ubiquitous Computing 22

PA (Privacy Assistant) Privacy Beacon Devices

Today‘s Topics

Background: Ubicomp Privacy

What is privacy? How does ubiquitous computing affect it?

Privacy Infrastructure: PawS

Privacy beacons, privacy proxies, and privacy-aware

databases

Personal Privacy in Ubiquitous Computing 24

databases

Real-World Example: RFID

PawS-RFID: privacy protocols for transparency Shamir Tags: protection against unauthorized readouts

SLIDE 12

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 12

Today’s RFID Systems

All tags

All tags respond, please!

ID 9.834.12.30

Privacy Policy

The information we learn from customers helps us personalize and continually improve your shopping experience.

6 Ari Juels, RSA Laboratories Personal Privacy in Ubiquitous Computing 25 ID 1.82.221.3 ID 8.95.6.086 ID 2.1.741.850 ID 9.23.114.63 ID 9.834.12.31 ID 9.834.59.01 ID 8.75.03.914

ID 1.82.221.3 ID 8.95.6.086 ID 2.1.741.850 ID 9.834.12.30 ID 9.834.12.31 . . . . Slide Courtesy of Roland Schneider

RFID-PawS

Goal: Fair Information Principles for RFID PawS and RFID

Privacy beacon: RFID-reader Privacy assistant: „watchdog-tag“ Privacy proxies & privacy database

Personal Privacy in Ubiquitous Computing 26

y p p y

Requirements

RFID-standard compatibility Low bandwith

Floerkemeier, Schneider, Langheinrich: Scanning with a Purpose – Supporting the Fair Information Principles in RFID protocols. Proc. of UCS 2004, LNCS3598, Springer, 2005

SLIDE 13

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 13

Example: Openness in RFID-PawS

Protocol extension

Init round all

SUID flag Round size CRC-5 1 bit 6 bits 1 bit 3 bits 5 bits CRC-16 16 bits RPID 96 bits Purpose 16 bits

Collection type

2 bits

Init Round Command in ISO 18000 Part 6

Personal Privacy in Ubiquitous Computing 27

Init_Round Command in ISO 18000 Part 6

Defines start of reading cycle (Aloha-based anti-collision) Defines anti-collision protocol parameters

New: 130 Bits „Privacy-Header“ Extension

Openness using the ReaderPolicyID

Protocol extension

Init round all

SUID flag Round size CRC-5 CRC-16 RPID Purpose

Collection type

Header Data Collector Policy Reader 8 bits 28 bit 24 bits 36 bits extension

all

flag size 1 bit 6 bits 1 bit 3 bits 5 bits 16 bits 96 bits 16 bits

type

2 bits

Personal Privacy in Ubiquitous Computing 28

Each Read Request can be Associated with Data Collector

Data collector, reader, and privacy policy identifiable (auditing) Format follows EPC standard (facilitates implementation) 5F.4A886EC.8EC947.24A68E4F6

SLIDE 14

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 14

Today’s RFID Systems

(with RFID-PawS)

Example Store, Smart Shelf 4: Local Identification; Inventory;

PawDB

ID 9.834.12.30

Privacy Policy

The information we learn from customers helps us personalize and continually improve your shopping experience.

; y; All

PawDB

Data Access & Control

6 Ari Juels, RSA Laboratories Personal Privacy in Ubiquitous Computing 29 ID 1.82.221.3 ID 8.95.6.086 ID 2.1.741.850 ID 9.23.114.63 ID 9.834.12.31 ID 9.834.59.01 ID 8.75.03.914

ID 1.82.221.3 ID 8.95.6.086 ID 2.1.741.850 ID 9.834.12.30 ID 9.834.12.31 . . . . Slide Courtesy of Roland Schneider

Openness

Tomorrow’s RFID-Systems?

PawDB

Example Store, Smart Shelf 4: Local Identification; Inventory;

6 Ari Juels, RSA Laboratories ID 9.834.12.30

PawDB

; y; All

???

Data Access & Control Collection Limitation

Openness User Consent

SLIDE 15

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 15

But what about unauthorized RFID readers?

14 March 2008 Personal Privacy in Ubiquitous Computing 31

Solution: Disabling RFID Tags

„Dead Tags Tell No Tales“

Permanently deactivate tag at checkout

Hard Kill

Cut tag antenna or „fry“ circuit

Soft Kill

Metro RFID De-Activator

Needs password to prevent unauthorized killing

Both Approaches Require Consumer Action

Also voids any post-sales benefits (returns, services, …)

14 March 2008 Personal Privacy in Ubiquitous Computing 32

SLIDE 16

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 16

Alternative: Securing RFID-Tags Against Unauthorized Readouts

General Principle: Lock/Unlock ID With Password

Tag only replies if correct password/secret is sent

Requires RFID-Owner to Know Secret

Password must be transferred at checkout (where to?)

Requires Owner to Know Which Secret to Use

Chicken And Egg Problem: If you don‘t know what tag

it is, how do you know what password to use?

14 March 2008 Personal Privacy in Ubiquitous Computing 33

Deactivation and Password Management… Does Your Solution Work Here?

14 March 2008 Personal Privacy in Ubiquitous Computing 34

SLIDE 17

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 17

Alternative: Shamir Tags

An Example for Zero-Managament Privacy Protection

Default: Tags Take Long Time To Read

Complicates Tracking & Unauthorized Identification Bitwise release, short range (e.g., one random bit/sec) Intermediate results meaningless, since encrypted Decryption requires all bits being read

But: Known Tags Can be Directly Identified

Allows owner to use tags without apparent restrictions Initial partial release of bits enough for instant

identification from a limited set of known tags

14 March 2008 Personal Privacy in Ubiquitous Computing 35

Langheinrich, Marti: Practical Minimalist Cryptography for RFID Privacy. IEEE Systems Journal, Vol. 1, No. 2, 2007

Secret Shares (Shamir 1979)

Polynomial of degree n can be described using at least n+ n+1 points y g g p P1 P2

14 March 2008 Personal Privacy in Ubiquitous Computing 36

P3

SLIDE 18

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 18

Secret Shares (Shamir 1979)

P1 P2

14 March 2008 Personal Privacy in Ubiquitous Computing 37

P3

011010111…1101 Secret s 111000011…101101 101101101…110111 101010011…101101 Shares hi

96‐bit EPC‐Code 106‐bit Shamir Share 318‐bit Shamir Tag

10‐bit x‐value 96‐bit y‐value

111000011101010001010111010101101010100…1010101110101 Shamir Tag

318‐bit Shamir Tag

P1 P2

14 March 2008 Personal Privacy in Ubiquitous Computing 38

SLIDE 19

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 19

011010111…1101 Secret s 111000011…101101 101101101…110111 101010011…101101 Shares hi

96‐bit EPC‐Code 106‐bit Shamir Share 318‐bit Shamir Tag

10‐bit x‐value 96‐bit y‐value

111000011101010001010111010101101010100…1010101110101 Shamir Tag

318‐bit Shamir Tag

ver Time 111000011101010001010111010101101010100…1010101110101 Initial Reply

16‐bit Reply

111000011101010001010111010101101010100…1010101110101

+1 bit

111000011101010001010111010101101010100…1010101110101

+1 bit

Instant identification

f known items

Bit Disclosure Ov 111000011101010001010111010101101010100…1010101110101

+1 bit 14 March 2008 Personal Privacy in Ubiquitous Computing 39 +1 bit

111000011101010001010111010101101010100…1010101110101 111000011101010001010111010101101010100…1010101110101

+1 bit

Unknown tags will eventually be identified

Preventing Tracking

T 3

111000011101010001010111010101101010100…1010101110101

Tag 1

111000011101010001010111010101101010100…1010101110101

Tag 1

000101111010101111101011010100011011010…0110111101001

Tag 3 Original Readout Readout 1 (overlap: 16) Readout 2 (overlap: 5) Readout 3 (overlap: 5)

010100111000110101010110010100001010101…1010100001100

Tag 2

Subsequent readouts receive only substring of bits

Insufficient data to track tag repeatedly E.g., tag population of 109 over 3 million tag have 5 bits in common

14 March 2008 Personal Privacy in Ubiquitous Computing 40

SLIDE 20

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 20

# of Overlapping Bits Between 2 Readouts

6 Ari Juels, RSA Laboratories

E.g., a 0.12% chance that the same 5 bit positions are read from >=2 tags

t1 t2

More Privacy Through Less Security?

Shamir Tags Require No Consumer Effort

Delay upon first use, but no

no passwords passwords to manage!

Not useful for „important“ items (passports, e-money) Does not alleviate user concerns (tags remain active)

Building Block for Comprehensive Solution

g p

Strong crypto for passports, drug-authenticity, … Clipping/killing for concerned consumers Unconcerned consumers get basic protection „for free“ Combined with PawS-like background infrastructure

14 March 2008 Personal Privacy in Ubiquitous Computing 42

SLIDE 21

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 21

Today‘s Topics

Background: Ubicomp Privacy

What is privacy? How does ubiquitous computing affect it?

Privacy Infrastructure: PawS

Privacy beacons, privacy proxies, and privacy-aware

databases

Personal Privacy in Ubiquitous Computing 43

databases

Real-World Example: RFID

PawS-RFID: privacy protocols for transparency Shamir Tags: protection against unauthorized readouts

Where to Go From Here? (Current Activities)

Further Application of Shamir Tags

Highly distributed version (Hitachi mu-chips) As location-based access control

The Role of Mobile Phones as Interaction Devices

Open-source 1d bar code recognition toolkit

p g

As a universal information appliance & control device Security and privacy issues in mobile phone use

Understanding Implicit Interactions

Within context of augmented toy environments

14 March 2008 Personal Privacy in Ubiquitous Computing 44

SLIDE 22

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 22

Where to Go From Here? (Current Activities)

Further Application of Shamir Tags

Highly distributed version (Hitachi mu-chips) As location-based access control

The Role of Mobile Phones as Interaction Devices

Open-source 1d bar code recognition toolkit

Langheinrich, Marti: RFID Privacy Using Spatially Distributed Shared Secrets. Proc. of UCS 2007. LNCS4836, 2007 Langheinrich: Secure Localized Storage Based on Super‐Distributed RFID‐Tag Infrastructures. Journal of Location Based Services. Accepted for publication, 2008 Adelmann, Langheinrich, Flörkemeier: A Toolkit for Bar‐Code‐Recognition and ‐Resolving on Camera Phones – Jump Starting the Internet of Things. Proc. of Mobile and Embedded Systems Workshop (MEIS’06), 2006

p g

As a universal information appliance & control device Security and privacy issues in mobile phone use

Understanding Implicit Interactions

Within context of augmented toy environments

14 March 2008 Personal Privacy in Ubiquitous Computing 45

Roduner, Langheinrich, Flörkemeier, Schwarzentrub: Operating Appliances with Mobile Phones – Strengths and Limits of a Universal Interaction Device. Proc. of Pervasive 2007, LNCS4480, 2007 Mayrhofer, Langheinrich, De Luca (eds.): Security and Privacy Issues in Mobile Phone Usage (SPMU’08),

Proceedings. Workshop at Pervasive 2008, Sydney, Australia, 2008.

Hinske, Langheinrich, Lampe: Towards Guidelines for Designing Augmented Toy Environments. Proc. of the 6th ACM Conference on Designing Interactive Systems (DIS 2008), ACM Press, 2008.

Summing Up!

14 March 2008 Personal Privacy in Ubiquitous Computing 46

SLIDE 23

Personal Privacy in Ubiquitous Computing March 11, 2008 Marc Langheinrich ETH Zurich 23

Take Home Message(s)

Privacy is more than just „good security“

It‘s about sharing and control

Smart environments pose new challenges

Novel data types, increased # of incidents, hidden collection

Security and privacy must be usable to be useful!

Almost never primary goals, get easily „in the way“

Goal: privacy mechanisms that „just work“

PawS: transparency and control for smart environments Shamir Tags: protection from unauthorized readouts

14 March 2008 Personal Privacy in Ubiquitous Computing 47