Data Security and Privacy on Intelligent Environments Leandro Marin Area of Applied Mathemetics (DITEC) Faculty of Computer Science University of Murcia leandro@um.es information between these safe computers, the security level could be consider high. Abstract The reduction of the number of trusted users and strong restrictions on the software and hardware used In this paper we present some of the problems for the system can increase in the security level, but related with the data protection and privacy the price paid is the reduction of the usability and on intelligent environments and some of the nowadays, the technology is moving in the opposite solutions that have been considered. direction. Nowadays, the computers have been replaced by 1 Introduction much more complex intelligent environments, in which it is almost impossible to have a control over the soft- Information has always been an object of desire for ma- ware running in our system or the devices connected licious attacker. This is not something new. We can to our network. It is not realistic to consider isolated see multiple examples during the history, but nowa- environments or even ones in which only trusted users days, intelligent environments are making the problem can manipulate the data. The great challenge is to much more dangerous. balance security and usability. We can divide the information management in three different problems: storage, manipulation and trans- 2 Multiple faces, only one problem port. In the past, it could be enough to have the infor- We are going to consider some different cases that, at mation hidden in a safe place and to reduce the num- the end, can be considered only one single problem: ber of people allowed to manipulate the information to zero or almost zero. The communication process was 2.1 Protection of Public Databases based on cryptographic protocols applied by the peo- Consider a database with registers linked to persons ple allowed to manipulate the information under very and some kind of medical information. It is clear restrictive circumstances. that the names and the ID-numbers are identifiers On a first etage, computers replaced humans in that should be protected, but other information like these tasks. This was not a big problem if the comput- postal codes or illness could be interesting to obtain ers used are safe. In order to make a computer safe, the legitimate statistical information, for example, an ill- first idea is to reduce to the minimum the interactions ness related with pollution levels in certain areas. The of this computer with other computers or humans. If problem is that this information can reveal the actual the computer is manipulated only by trusted users and identity of the patient. we use strong cryptographic algorithms to transfer the Copyright © CIKM 2018 for the individual papers by the papers' 2.2 Multiparty Computation authors. Copyright © CIKM 2018 for the volume as a collection Consider the case of a group of two or more users by its editors. This volume and its papers are published under that want to make some kind of computation based the Creative Commons License Attribution 4.0 International (CC on common data, but without revealing to the oth- BY 4.0). ers their own information. The typical example is the Yao’s Millionaire Problem, in which two millionaire that want to know who is the richest without reveal- 3.5 Multiple Implementations ing to the other the amount of money that they have. In some cases, it is really impossible to generate safe implementations. For example in the case of Internet 2.3 White Box Cryptography of Things. We can have a huge amount of computa- Consider a program that should be able to make a tional devices with very limited resources and in that computation using some kind of secret information. case, we can be sure that the security of some of our de- The result can be given, but the secret information vices will be broken. If the information retrieved from should not be revealed. During the computation, the one of these devices can be used to break the following attacker has access to all memory positions. A typical ones, the damage can grow exponentially. So, it is bet- example is the encryption of some kind of information ter to have multiple implementations that make the without revealing the keys. information of one device, not usable to break other ones. 3 Protection techniques 4 Conclusions There are several techniques that can be used to pro- It is non longer reasonable to consider that informa- tect the information: tion can be kept safe in isolated places. Multiple de- vices collect information all around us, even inside our 3.1 Encryption own computers, cell phones or intelligent devices. Pre- serving security and privacy in these environments is This is probably the first idea that we can consider to a serious task and it is connecting different areas of protect the information. This is a good solution when research. the computation can be made in safe environments, but it cannot be applied to all cases. For example, 4.0.1 Acknowledgements the information in databases that should be used by learning algorithms or partially modified by legitimate This research is partially financed by the project users. Multiparty computation and white box environ- TIN2017-86885-R ments are also a problem for standard encryptions. References 3.2 Anonymized Data [1] Alfredo Cuzzocrea. Big Data Provenance: State-Of-The-Art Analysis and Emerging It is necessary to make the information useless to the Research Challenges. In Workshop Proceed- attacker, specially in the case of active attackers that ings of the EDBT/ICDT 2016 Joint Confer- can introduce records or information linking data, in ence (March 15, 2016, Bordeaux, France) order to make visible any transformation made in the data. When the data is given in categories, it is pos- [2] Sjouke Mauw, Yunior Ramrez-Cruz, sible to use a bijection as a method of anonymization. Rolando Trujillo-Rasua Anonymising social graphs in the presence of active 3.3 Statistical Protection attackers. Transactions on Data Privacy 11 (2018) 169198 One of the ideas to protect information is to intro- duce noise in order to make records indistinguishable. [3] Boaz Barak, Oded Goldreich, Russell Im- Many of the definitions of privacy are given in terms of pagliazzo, Steven Rudich, Amit Sahai, probability, so randomness seems to be a good choice, Salil P. Vadhan, and Ke Yang. On the but this randomness should be introduced carefully in (im)possibility of obfuscating programs. In order to avoid interferences with legitimate learning Joe Kilian, editor, Advances in Cryptology algorithms. - CRYPTO 2001, 21st Annual International Cryptology Conference, Santa Barbara, Cal- 3.4 Algebraic Protection ifornia, USA, August 19-23, 2001, Proceed- ings, volume 2139 of Lecture Notes in Com- Another fruitful method is to analyze the kind of le- puter Science, pages 1–18. Springer, 2001. gitimate operations that should be performed on the data to generate algebraic transformations compatible [4] Leandro Marin. White Box Implementa- with the operations. For example, linear transforma- tions Using Non-Commutative Cryptogra- tions are quite useful when the data should be added phy. Sensors. 19. 1122 (2019). and multiplied by constants.