School of Electrical and Computer Engineering
|Ongoing research programs
Location Privacy in the Cellular Age
Apple and Google have further refined the ability of the cellular platform to track user location through a form of “crowd-sourcing.” Individual cell phones report signal strength and location measurements for cell towers and WiFi access points.This data creates a map of radio sources that can be used to rapidly locate a cell phone user. Fine-grained location data enhances location-based services, but also creates a substantial privacy problem -- location data at the level of individual addresses can reveal a great deal about the beliefs, preferences, and behavior of the subscriber. The harm that may occur through marketers' use of such data is considered through an exploration of the philosophy of place. The ability of marketers to de-anonymize location traces is then considered in detail through a unicity distance analysis. The unicity distance results are used to identify effective techniques for exploiting location-based services while maintaining anonymity.
Privacy-Aware Safe Harbors
Online Service Provider safe harbors have been set up in a number of jurisdictions (domestically and internationally) as a compromise to allow a “marketplace of ideas” to flourish online without interference to user activity on the part of service providers. In exchange for limited liability, OSPs often are subject to a “notify and remove” regime that requires them to remove allegedly infringing material when it is brought to their notice. Specific examples of this can be seen in the DMCA in the US and Electronic Commerce Directive Articles 14 and 15 in the EU. The subjects of these regimes commonly include copyright, speech and privacy. However, there is a notable exception in the United States in section 230 of the Communications Decency Act. This section appears to provide blanket immunity without any exceptions for tort liability, often practically taking away any ability of users to pursue claims when their privacy is violated. In this research project we explore whether an increasing ability to identify the source of packets on the Internet has undercut the rationale for OSP safe harbors. We consider whether other regulatory regimes might be more useful in preserving user privacy without placing a substantial burden on service providers.
A Privacy-Aware Architecture for Demand Response Systems
We explore the privacy issues implicated by the development of demand response systems. We begin by highlighting the invasive nature of fine-granularity power consumption data, showing that the data collected by Advanced Metering Infrastructure (AMI) reveals detailed information about behavior within the home. We then show how privacy-aware design principles lead to novel system architectures that realize the benefits of demand response without requiring that AMI data be centrally collected. The resulting systems avoid both harm to subscribers and the potential need to scrap AMI-based demand response efforts in the face of public outcry. We also show that Trusted Platform Modules can be used to develop privacy-sensitive metering infrastructure.
Secure Key Distribution and Revocation for Advanced Metering Infrastructure
The development and deployment of advanced metering infrastructure (AMI) as part of the smart grid has the potential to significantly increase both network efficiency and quality of service. The extent to which AMI will be acceptable to consumers is directly tied to the protection of consumers' consumption data and other personal information. Cryptography is the obvious solution, but there are inherent difficulties in distributing cryptographic keys in this and related communication systems. These difficulties are compounded by the fluid nature of the community of users and the potential for hacking. We have developed key distribution schemes that allow for secure re-keying after the simultaneous ejection of multiple users and complete mesh network connectivity. We have shown how to construct minimal collections of keys necessary to re-secure these key distributions after one or two simultaneous user ejections. We have proven that this problem is NP-Hard for arbitrary key distributions. We draw mathematical connections between r-cover-free families, combinatorial designs and hitting sets to prove these results.