Greg Stromire
ABSTRACT
The transformative promise of Smart Cities relies largely on the collection and innovative analysis of data produced by and about its citizens. As more insights are gained from such analysis, its impacts are difficult to predict. Care must be taken to ensure data is transmitted and stored using privacy-protecting methods. Traditional strategies of access control are necessary but insufficient as major security breaches are becoming more commonplace. Attempts to strip data sets of personally identifiable information may appear to protect privacy, but de-anonymization techniques using statistical analysis can uniquely identify a person from surprisingly little information. Strong cryptography, when implemented correctly, can provide these protections.
Appropriately applied cryptography can ensure that breaches reveal nothing about the data it protects. And beyond the confidentiality guarantees from typical cryptographic applications, end-to-end cryptography can also help to ensure privacy is maintained. Sophisticated mechanisms for sharing and revoking access become approachable and inherent to the system. Integrating cryptography at a foundational level allows projects to adapt to new insights without sacrificing privacy. Impacts from breaches are drastically mitigated and unforeseen statistical correlations are next to impossible. Our paper details our experiences, in collaboration with NIST, developing an end-to-end encrypted platform that empowers users with fine-grained control over their own data privacy.
- 2017. Hyperledger Announces Production-Ready Hyperledger Fabric 1.0. Hyperledger.org (Jul 2017). https://www.hyperledger.org/announcements/2017/07/11/ hyperledger-announces-production-ready-hyperledger-fabric-1-0Google Scholar
- Mohit Arora. 2012. How secure is AES against brute force attacks? https: //www.eetimes.com/document.asp?doc_id=1279619Google Scholar
- Garrett Bekker. 2018. 2018 Thales Data Threat Report - Global Edition. https: //dtr.thalesesecurity.com/Google Scholar
- Mark Burnett. 2011. 10,000 Top Passwords. https://xato.net/ 10-000-top-passwords-6d6380716fe0Google Scholar
- Lily Chen, Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray Perlner, and Daniel Smith-Tone. 2016. Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology.Google Scholar
- Mauro Conti, Chhagan Lal, Sushmita Ruj, et al. 2017. A survey on security and privacy issues of bitcoin. arXiv preprint arXiv:1706.00916 (2017).Google Scholar
- Yves-Alexandre De Montjoye, César A Hidalgo, Michel Verleysen, and Vincent D Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Scientific reports 3 (2013), 1376.Google Scholar
- Anna Lysyanskaya. 2002. Signature schemes and applications to cryptographic protocol design. Ph.D. Dissertation. Massachusetts Institute of Technology. Google ScholarDigital Library
- Marja Martinez. 2018. New initiative to create safer streets leaves public concerned about privacy. http://www.kptv.com/story/38033744/ new-initiative-to-create-safer-streets-leaves-public-concerned-about-privacyGoogle Scholar
- David A McGrew and John Viega. 2004. The security and performance of the Galois/Counter Mode (GCM) of operation. In International Conference on Cryptology in India. Springer, 343--355. Google ScholarDigital Library
- Arvind Narayanan and Vitaly Shmatikov. 2008. Robust de-anonymization of large sparse datasets. In Security and Privacy, 2008. SP 2008. IEEE Symposium on. IEEE, 111--125. Google ScholarDigital Library
- R. L. Rivest, A. Shamir, and L. Adleman. 1978. A Method for Obtaining Digital Signatures and Public-key Cryptosystems. Commun. ACM 21, 2 (Feb. 1978), 120--126. Google ScholarDigital Library
- Phillip Rogaway. 2002. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM conference on Computer and communications security. ACM, 98--107. Google ScholarDigital Library
- Nirmalya Roy, Nilavra Pathak, and Archan Misra. 2016. Fine-grained appliance usage and energy monitoring through mobile and power-line sensing. Pervasive and Mobile Computing 30 (2016), 132--150. Google ScholarDigital Library
- Peter Shah. 2015. Lamassu: Storage-Efficient Host-Side Encryption. Google ScholarDigital Library
- L. Sweeney. 2000. Simple Demographics Often Identify People Uniquely. Technical Report Data Privacy Working Paper 3. Carnegie Mellon, Pittsburgh, PA.Google Scholar
- Uber Team. 2012. Rides of Glory. https://perma.cc/GDB8-PD2XGoogle Scholar
- Anthony Tockar. 2014. Riding with the stars: Passenger privacy in the nyc taxicab dataset. Neustar Research, September 15 (2014).Google Scholar
Index Terms
- Empowering Smart Cities with Strong Cryptography for Data Privacy
Recommendations
Privacy-Enhanced Data Collection Scheme for Smart-Metering
Inscrypt 2015: Revised Selected Papers of the 11th International Conference on Information Security and Cryptology - Volume 9589New types of devices, such as smart-meters, wearables and home appliances, have been connected to the Internet recently. Data they send is usually very privacy sensitive, containing personal information about, e.g., household consumption, health status ...
Lightweight Cryptography for RFID Tags
RFID tags pose privacy risks that have only been somewhat addressed. Achieving acceptable levels of security and privacy will require a combination of software and hardware solutions.
A Novel Anonymous RFID Authentication Protocol Providing Strong Privacy and Security
MINES '10: Proceedings of the 2010 International Conference on Multimedia Information Networking and SecurityAs the radio frequency identification (RFID) technology continues to evolve and mature, RFID tags can be implemented in a wide range of applications. Due to the shared wireless medium between the RFID reader and the RFID tag, however, adversaries can ...
Comments