Anonymity and k-Choice Identities

We consider pervasive systems and identifiers for objects in these systems. Using unique global identifiers for these objects increases the size of the ID’s and requires some global coordination. However, severe privacy threats are the key issues here.

On the other hand, for performing the goals of a pervasive system the identifiers are normally used in

small local environments

, and we need uniqueness limited to these environments only. This yields an opportunity to re-use the ID’s and in this way anonymize the objects. The problem is that we cannot predict assignment of the objects to local environment or set it in advance, while on the other hand in many application scenarios we cannot change an ID already assigned to an object. Random predistribution of ID’s is a technique that partially solves this problem, but has drawbacks due to the birthday paradox.

We propose a solution in which each object holds

k

preinstalled ID’s (where

k

is a small parameter like

k

 = 2,3,...). While entering a local environment, one of its ID’s not used so far in this local environment is chosen for the object. We analyze probability of a conflict, i.e. of the event that no identity can be chosen for this object. We show that the size of ID’s may be significantly reduced compared to random predistribution without increasing conflict probability. Apart from implementation advantages it contributes to privacy protection: since globally a large number of objects holds the same ID, privacy threats are reduced.