Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences Primal Pappachan, Martin Degeling, Roberto Yus, Anupam Das, Sruti Bhagavatula, William Melicher, Pardis Emami Naeini, Shikun Zhang, Lujo Bauer, Alfred Kobsa, Sharad Mehrotra, Norman Sadeh, and Nalini Venkatasubramanian Research sponsored by DARPA under agreement number FA8750-16-2-0021 1 IoT is Making our Spaces Smarter Smart Spaces: Cyber-physical systems that

are used to manage buildings and services provided in that environment Services such as Lighting Heating, ventilating, and air conditioning Security, access, and surveillance Fire and seismic safety 2 Example of a Smart Building at UCI Raw Data (SNMP trap) 2016-01-15 17:38:07.463623 | DISMAN-EVENTMIB::sysUpTimeInstance = Timeticks: (167664600) 19 days, 9:44:06.00 SNMPv2-MIB::snmpTrapOID.0

= OID: SNMPv2-SMI::enterprises.14179. SNMPv2-SMI::enterprises.14179. = HexSTRING: 00 19 A9 55 CE B0 NMPv2SMI::enterprises.14179. = INTEGER: 1 SNMPv2-SMI::enterprises.14179. = IpAddress: Applications Donald Bren Hall at UCI Wi-Fi Access Points Surveillance Cameras BLE Beacons Power Outlet / Energy Meters Temperature/HVAC sensors

Semantic Observations Presence Info: Sam is present in Room 2065 or 2089 area at time 2016-01-15 17:38:07.463623 3 Ebb (of Privacy) and Flow (of Data) Action Execution/ Adaptation Detected events may lead to actions data sharing, device actuations.

Privacy preserving Actuation/control Event Detection/ Analysis Sensors data used to detect events of interest to applications. Privacy preserving analysis Sensing/Observation Diverse sensors used to track

objects, entities, envts. Privacy preserving collection Physical World 4 Smartness at the Cost of Privacy? Sensor data, events can be used to detect type of users and events E.g. Berenguer et. al., Lisovich et. al., Eagle and Pentland et. al

Privacy Leakage from TIPPERS WiFi data analysis People Classification Even simple classifiers perform well Time in minutes How Tardy are Faculty to their Classes 5 Our Approach in a Nutshell

Communicate data collection and usage practices broadcast in the space Capture user privacy preferences with help of privacy assistants Enforce enforces user preferences while ensuring building policies Bases on guidelines by FTC, OECD and studies by Langheinrich et. al., Sadeh et. al. 6 Steps Towards Making Smart Spaces Privacy-Aware 7

IoT Resource Registries (IRR) Web app to register privacy policies of IoT resources and services Creates a machine-readable privacy policy which can be used by the IoTA 8 IoT Assistant (IoTA) Discovers local IRRs (via nearby

bluetooth beacons or using mobile devices location sensors) Displays resources and services to the user, provides download links for apps Displays privacy policies for resources, provides controls for resources permissions 9 Privacy-Aware Data Management System (TIPPERS) IoT data management & middleware technology to empower

applications to be built on top of sensor data. Supports collection, storage, management, querying, analysis Supports Semantic View of IoT Space Provides mechanisms for specification and real-time enforcement of privacy policies. 10 Interactions in a Privacy-Aware Smart Space 1

2 3 11 Interactions in a Privacy-Aware Smart Space 4 12 Interactions in a Privacy-Aware Smart Space

5 6 13 Interactions in a Privacy-Aware Smart Space 7 8 14

Interactions in a Privacy-Aware Smart Space 9 10 15 Building Policies States requirements for data collection and management Related to the infrastructure of the building, specific sensors deployed in the building or events taking place inside the building. Examples

A facility manager sets the thermostat temperature of occupied rooms to 70 F to match the average comfort level of users. Translated into sensor settings for enforcement (e.g., Policy gets translated into settings on motion sensors and HVAC) 16 User Preferences Representation of the users expectation of how data pertaining to her should be managed by the pervasive space Examples Do not share the occupancy status of my office in after-hours.

Service Preferences Allow Smart Concierge access to my fine grained location for directions 17 One Language to Interact with them all Express building policies and user preferences Enable interaction between IoTA, IRR and TIPPERS Models space, user and privacy related concepts Machine-readable 18

Space Building model Spatial Model Building Floor Room Corridor

Floors, rooms, zones User Profile Users Student, faculty, ISG group Sensor Settings Professor

Student Actuation parameters for a sensor Sensors modelled using Haystack and Semantic Sensor Network (SSN) Observation ISG 19 19 Privacy practices model Context Location owner, Data collector,

Policy authors Data collected e.g. WiFi AP Connection Data inferred Additional information that can be modelled Retention time Granularity Level of anonymity of data ...

e.g. Location Purpose 20 Language Schema Based on validatable JSON-Schema and REST API Example Policy: Policy related to WiFi data collection inside DBH Example Service Preference: Smart concierge service 21

22 Conclusions Designed a template for future IoT Privacy-Aware Smart Spaces IoT Resource Registries to communicate space policies to users IoT Assistants give users better control over their information in Smart Spaces Privacy-Aware IoT Data Management Systems (TIPPERS) enforce users privacy preferences First version of the language for interaction between 3 components First implementation of the framework at UCI and currently going deployment at CMU 23

Challenges and Ongoing Work Communicating Complete specification of Policy Language Learning user policies Specificity for automation vs generalizability for expressiveness Capturing Automating IRR Conflict resolution Enforcing


Recently Viewed Presentations

  • Senior Parent Powerpoint Class of 2015 Important Phone

    Senior Parent Powerpoint Class of 2015 Important Phone

    Senior Meetings. September 27th and 28th. High School Counselors met with small groups of seniors through English, Capstone, or VARK courses. Yellow folders - Information on how to pay for college, federal student aid, and a flier on ASUMH technical...
  • Scaling Out on Wall Street

    Scaling Out on Wall Street

    OpenFabrics driver for Windows includes support for Network Direct, Winsock Direct and IPoIB protocols. User Mode. Kernel Mode. TCP/Ethernet . Networking. Kernel By-Pass. MPI App. Socket-Based App. MS-MPI. Windows Sockets (Winsock + WSD) Networking Hardware.
  • Local Option Health Insurance Plan SB 364 - Chafin

    Local Option Health Insurance Plan SB 364 - Chafin

    It's the annual window for you to make decisions on health plans and flexible spending accounts (FSAs) Nothing is required . if you are: Not changing your health plan or membership, Not enrolling in an FSA, and. Not participating in...
  • Institutional Research

    Institutional Research

    Nasser Kutkut, PhD, MBA Bio AAAEA - Fort Lee, NJ 10/17/2009 Background Dr. Nasser Kutkut is the director of the Florida Energy Systems Consortium at the Univ. of Central Florida He is also VP of Technology & Business Development at...
  • Microeconomics - Yola

    Microeconomics - Yola

    Microeconomics. Greek word : "Oikonomos" means to "manage the house" Or management of household especially in those matters which are relating to the income and expenses of the family.
  • Second Semester Review Jeopardy - Carey Business School

    Second Semester Review Jeopardy - Carey Business School

    Second Semester Review: Jeopardy Game ... $400 $500 $100 Right Triangle Trigonometry Area 3-D Figures Equations Properties of Circles Team Scores Participant Scores $100 $200 $300 $400 $500 Transformations $200 Team Scores Back to the Board Participant Scores Back to...
  • uhpiuyhpu8yp7y - A Teacher E-Portfolio

    uhpiuyhpu8yp7y - A Teacher E-Portfolio

    EDF 1001 Historical & Philosophical Found. Of Malaysian Education NORHAZWANI KHAMIS SHAZLIN ELAIZA LAZIM ROSZIANA NORDIN
  • Punts Claus En L'Abordatge De La Diabetis

    Punts Claus En L'Abordatge De La Diabetis

    EDUCACIÓ-Revisar la tècnica d'administració de la insulinaAGULLA NOVA. 1 US. 2. 6 . Injectar la insulina a Tº ambient. Revisar que no existeixin bombolles d'aire. Penetrar ràpid la pell. No canviar la direcció de l'agulla durant la inserció o al...