Private Data Protection in Ubiquitous Computing Malika Yaici Laboratoire LTII University of Bejaia Bejaia, 06000, Algeria yaici_m@hotmail.com Samia Ameza * , Ryma Houari † and Sabrina Hammachi ‡ Computer Department, University of Bejaia Bejaia, 06000, Algeria * ameza_samia@yahoo.fr † ri.houari@hotmail.fr ‡ hassiba_rima@yahoo.fr Abstract—A system in ubiquitous computing consists of a large amount of heterogeneous users and devices that communicate with each other. Users in this dynamic field communicate with lightweight and autonomous devices, which accentuate security problems and make them more complex. The existing mechanisms and solutions are inadequate to address new challenges mainly for problems of authentication and protection of privacy. In this paper, a new security architecture called Tree Based distributed Privacy Protection System is proposed. It supports protection of users private data and addresses the shortcomings of systems like GAIA, OpenID and User-directed Privacy Protection (UPP). Furthermore, it takes into account the domain dissociation property, in order to achieve decentralized data protection. Keywords–Ubiquitous Computing; Security; Private Data Pro- tection; Privacy; Integrity. I. I NTRODUCTION The growing number of Internet users and the integration of mobile clients has changed distributed computer science, by allowing the creation of smart and communicating envi- ronments, thus offering to the user the opportunity to make interactions with its environment and its equipments easily and transparently leading to the concept of ubiquitous computing. Its origins date back to 1991, when Mark Weiser [1] presented his futuristic vision of the 21st century computing by establishing the foundations of pervasive computing. It aims to integrate computer technology in man’s everyday life in various fields (Health, Public services, etc.). To improve inter- activity, it offers the user the ability to access various features and services of its environment and from any mobile device (personal digital assistant PDA, tablet computer, smartphone, etc). The emergence of these devices has created new security problems for which solutions and existing mechanisms are inadequate, especially concerning the problems of authenti- cation and users’ private data protection. In such a system, the existence of a centralized and homogeneous security policy is in fact not desirable. It is therefore necessary to give more autonomy to security systems, mainly by providing them with mechanisms establishing dynamic and flexible cooperation and collaboration. Mobile devices and the Internet of Things (IoT) present some problems such as incorrect location information, privacy violation, and difficulty of end-user control. A conceptual model is presented in [2] to satisfy requirements which in- clude a privacy-preserving location supporting protocol us- ing wireless sensor networks for privacy-preserving child- care and safety where the end-user has authorized credentials anonymity. In [3], the author uses the framework of contextual integrity related to privacy, developed by Nissenbaum in 2010 [4], as a tool to understand citizen’s response to the implementation of IoT related technology in a supermarket. The purpose was to identify and understand specific changes in information practices brought about by the IoT that may be perceived as privacy violations. Issues identified included the mining of medical data, invasive targeted advertising, and loss of auton- omy through marketing profiles or personal affect monitoring. Dhasarathan et al. [5] present an intelligent model to protect user’s valuable personal data based on multi-agents. A hybrid hash-based authentication technique as an end point lock is proposed. It is a composite model coupled with an anomaly detection interface algorithm for cloud user’s privacy preserving (intrusion detection, unexpected activities in normal behavior). In [6], the authors focus on information privacy protection in a post-release phase. Without entirely depending on the information collector, an information owner is provided with powerful means to control and audit how his/her released information will be used, by whom, and when. A set of innovative owner-controlled privacy protection and violation detection techniques have been proposed: Self-destroying File, Mutation Engine System, Automatic Receipt Collection, and Honey Token-based Privacy Violation Detection. A next gen- eration privacy-enhanced operating system, which supports the proposed mechanisms, is introduced. Such a privacy-enhanced operating system stands for a technical breakthrough, which offers new features to existing operating systems. Efficiency and scalability become critical criteria for pri- vacy preserving protocols in the age of Big Data. In [7], a new Private Set Intersection (PSI) protocol, based on a novel approach called oblivious Bloom intersection is presented. The PSI problem consists of two parties, a client and a server, which want to jointly compute the intersection of their private input sets in a manner that at the end the client learns the intersection and the server learns nothing. The proposed protocol uses a two-party computation approach, which makes use of a new variant of Bloom filters called by the author Garbled Bloom filters, and the new approach is referred to as Oblivious Bloom Intersection. Private Information Retrieval (PIR) protocols allow users to learn data items stored on a server which is not fully trusted, 1 Copyright (c) IARIA, 2016. ISBN: 978-1-61208-505-0 UBICOMM 2016 : The Tenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies