One of the main goals of the pervasive computing domain is to provide the user with task support for everyday tasks. This task support should be realized by pervasive applications that are seamlessly integrated in the environment, for example embedded into devices such as everyday objects. To automate configuration, context information is shared between these devices. The shared context can contain private information that should not be made public. System support, which helps to develop pervasive applications, should therefore contain mechanisms that utilize security and privacy methods when handling context. Pervasive applications can then use these mechanisms and create pervasive environments while preserving the user's privacy. Here, we show how context information can be processed and queried in a privacy-preserving manner. By securing the authenticity and integrity of context information and creating a secure context distribution algorithm, we show how pervasive applications can use and share context securely. Second, we introduce secure role assignment as a mechanism for environment adaptation which is built on context information. Similar to context, roles need to be protected and secured during distribution. Additionally, we add system support for secure roles which can be used for role-based access control by pervasive applications. Third, we create a secure key-exchange mechanism that can be used to secure the communication between users and devices. This is an essential step that needs to be performed before any private information can be shared among them. Fourth, we introduce a framework for the automatic generation of a privacy policy. This framework creates an individual privacy policy that can be used to share context between users, devices or applications while preserving the user's will with regard to context privacy.

Privacy, Security and Trust within the Context of Pervasive Computing is an edited volume based on a post workshop at the second international conference on Pervasive Computing. The workshop was held April18-23, 2004, in Vienna, Austria. The goal of the workshop was not to focus on specific, even novel mechanisms, but rather on the interfaces between mechanisms in different technical and social problem spaces. An investigation of the interfaces between the notions of context, privacy, security, and trust will result in a deeper understanding of the "atomic" problems, leading to a more complete understanding of the social and technical issues in pervasive computing.

The mechanisms which support secure communication, privacy protection and accountability are crucial parts of most computing systems. Pervasive computing is characterized by the large-scale collection, distribution and aggregation of information related to individuals and their activities. From the outset, the inherent privacy and IT security issues of pervasive computing have been an area of critical focus, and associated unforeseeable consequences for the individual have been mentioned. This book addresses these issues, and seeks to demonstrate that carefully devised protection mechanisms can become enablers for multilaterally acceptable and trustworthy digital interactions and ICT-based cooperations. It explores new facets of privacy protection and accountability for digitally recorded real-world actions as well as novel forms of communication in a descriptive manner.A thorough investigation of main pervasive computing concepts is presented, together with a motivation and elicitation of security requirements within the emergency response application domain; also the state-of-the-art of existing security mechanisms is discussed. The areas covered include: digital pseudonyms and auditing mechanisms, efficient encryption techniques and concepts for end-to-end secure messaging, as well as pervasive computing approaches to first response.The book will be of interest to anybody involved in the design, realization and use of secure and privacy-preserving pervasive computing systems and applications.

It is easy to imagine that a future populated with an ever-increasing number of mobile and pervasive devices that record our minute goings and doings will significantly expand the amount of information that will be collected, stored, processed, and shared about us by both corporations and governments. The vast majority of this data is likely to benefit us greatly—making our lives more convenient, efficient, and safer through custom-tailored and context-aware services that anticipate what we need, where we need it, and when we need it. But beneath all this convenience, efficiency, and safety lurks the risk of losing control and awareness of what is known about us in the many different contexts of our lives. Eventually, we may find ourselves in a situation where something we said or did will be misinterpreted and held against us, even if the activities were perfectly innocuous at the time. Even more concerning, privacy implications rarely manifest as an explicit, tangible harm. Instead, most privacy harms manifest as an absence of opportunity, which may go unnoticed even though it may substantially impact our lives. In this Synthesis Lecture, we dissect and discuss the privacy implications of mobile and pervasive computing technology. For this purpose, we not only look at how mobile and pervasive computing technology affects our expectations of—and ability to enjoy—privacy, but also look at what constitutes "privacy" in the first place, and why we should care about maintaining it. We describe key characteristics of mobile and pervasive computing technology and how those characteristics lead to privacy implications. We discuss seven approaches that can help support end-user privacy in the design of mobile and pervasive computing technologies, and set forward six challenges that will need to be addressed by future research. The prime target audience of this lecture are researchers and practitioners working in mobile and pervasive computing who want to better understand and account for the nuanced privacy implications of the technologies they are creating. Those new to either mobile and pervasive computing or privacy may also benefit from reading this book to gain an overview and deeper understanding of this highly interdisciplinary and dynamic field.

This book constitutes the thoroughly refereed post-proceedings of the First International Conference on Security in Pervasive Computing held in Boppard, Germany in March 2003. The 19 revised full papers presented together with abstracts of 4 invited talks and a workshop summary were carefully selected during two rounds of reviewing and improvements. The papers are organized in topical sections on location privacy, security requirements, security policies and protection, authentication and trust, secure infrastructures, smart labels, verifications, and hardware architectures.

This book constitutes the refereed proceedings of the Third International Conference on Security in Pervasive Computing, SPC 2006, held in York, UK, in April 2006. The 16 revised papers presented together with the extended abstract of 1 invited talk were carefully reviewed and selected from 56 submissions. The papers are organized in topical sections on protocols, mechanisms, integrity, privacy and security, information flow and access control, and authentication.

The mechanisms which support secure communication, privacy protection and accountability are crucial parts of most computing systems. Pervasive computing is characterized by the large-scale collection, distribution and aggregation of information related to individuals and their activities. From the outset, the inherent privacy and IT security issues of pervasive computing have been an area of critical focus, and associated unforeseeable consequences for the individual have been mentioned.This book addresses these issues, and seeks to demonstrate that carefully devised protection mechanisms can become enablers for