A summary of Pervasive Security and Privacy by - A Brief Reflection on Challenges and Opportunities

Florian Alt IEEE Computing Edge, December 2022 DOI [0]

Table of Contents

• A summary of Pervasive Security and Privacy by - A Brief Reflection on Challenges and Opportunities
  • Table of Contents
  • Summary
    • The State of Security and Privacy in Pervasive Computing
    • Implications
      • Security and Privacy Decision Overload
      • Unawareness of Data Sensitivity
      • Sensing Close to the Body
      • Unclear Flow of Data
      • Multidevice Environments
    • Challenges and Opportunities
      • Designing Appropriate Mechanisms
      • Involvement of Different Stakeholders
      • Out-of-the-Box Security and Privacy
      • Adaptive security and Privacy Mechanisms
  • Citations

Summary

Pervasive computing developments open up the opportunity for different human experiences and research. However, security and privacy methods must take into account what these new developments bring to the table; including both the positives and the negatives of such computing. With this technology, user states and contexts can be more easily inferred as well as their emotional and cognitive states.

This article is meant to give an overview of the challenges and opportunities that arise within the security and privacy domain of pervasive computing.

The State of Security and Privacy in Pervasive Computing

The mainframe era involved securing the intellectual rights of technologies stored on big iron. The personal computing era involved securing protecting the privacy and data of everyday users. The pervasive computing era will involve protecting all of the data generating and capturing devices that a user not only owns but interacts with.

Pervasive computing includes both traditional computing devices, but also edge devices, smart devices and appliances, and internet software. Pervasive computing allows for sensitive data to be accessed both locally and remotely, and therefore presents new challenges w.r.t security and privacy.

Boundaries between domains are changing. For example, their used to be a barrier between work and home, but with the COVID-19 pandemic, work and home became one. This opened the doors to new attack vectors as it became more common for people to work from home.

Implications

Security and Privacy Decision Overload

As we interface with more and more computers, we (as users) become overloaded with different authentication schemes and practices. Additionally, all of the devices that we interact with have many different privacy permissions and options that the user might not be aware of and therefore enable or disable.

Unawareness of Data Sensitivity

It is possible to generate many data points about an individual from a single sensor. Therefore, it is imperative that users not only know about these different data points, but also the implications for each data point. However, it is currently very difficult to inform users of the importance of each data point.

Sensing Close to the Body

Many of the data sensitivity problems arises from users wearing sensors close to the body. These sensors can pick up on health related information about an individual. Current sensor providers do very little to protect this information. Therefore figuring out methods of obscuring or reducing the collection of such information is important.

Unclear Flow of Data

It is very difficult to understand where all of the data from internet of things (IoT) devices is being stored. Thus the flow of data from a sensor to the end-user is unclear. What data goes to the cloud? What stays locally? How is data accessed? Who can access that data? How is it processed? Which data is being collected? Novel solutions (i.e., privacy labels/badges) must be developed to answer these questions to protect consumers.

Multidevice Environments

There is a push by hardware and software developers to integrate experiences tightly together via multidevice communication. For example, logging into Netflix on a smart TV through your cell phone. However, these multidevice experiences raise security and privacy concerns as there are more points of failure and attack vectors as the number of devices involved scales.

Challenges and Opportunities

Designing Appropriate Mechanisms

Better security interfaces need to be designed to promote users to protect their data. Furthermore, good enough security practices (i.e., password authentication) need to be revisited to see if and where areas of improvement need to occur to better protect end users.

Involvement of Different Stakeholders

The end user is not the enemy with respect to security. Therefore, pervasive computing technologies and experiences need to take into account the security practices and limitations that end users experience and accommodate that. For example, replacing password authentication with bio-metrics.

Out-of-the-Box Security and Privacy

Pervasive computing technologies need to be secure out-of-the-box and involve very little user interaction to enable sensible security and privacy settings.

Adaptive security and Privacy Mechanisms

Pervasive computing can allow for authentication schemes based on the state of the user. However, this information must simultaneously be protected and secured in order to prevent data leaks.

Citations