Conference Paper

Semi-autonomous, Context-Aware Agent Using Behaviour Modelling and Reputation Systems to Authorize Data Operation in the Internet of Things

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

In this paper we address the issue of gathering the "informed consent" of a end user in the Internet of Things. We start by evaluating the legal importance and some of the problems linked with this notion of informed consent in the specific context of the Internet of Things. From this assessment we propose an approach based on a semi-autonomous, rule based agent that centralize all authorization decisions on the personal data of a user and that is able to take decision on his behalf. We complete this initial agent by integrating context-awareness, behavior modeling and community based reputation system in the algorithm of the agent. The resulting system is a "smart" application, the "privacy butler" that can handle data operations on behalf of the end-user while keeping the user in control. We finally discuss some of the potential problems and improvements of the system.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... The work presented in [18] involves the use of a semiautonomous context-aware agent, which takes decisions on behalf of the user. The agent takes into consideration context, behavior, and a community-based reputation system in order to reach a decision. ...
Article
Full-text available
In the Internet of Things (IoT) ecosystem, the volume of data generated by devices in the user’s environment is continually increasing and becoming of particular value. In such an environment the average user is bound to face considerable difficulties in understanding the size and scope of his/her collected data. However, the provisions of the European General Data Protection Regulation (GDPR) require data subjects to be able to control their personal data, be informed, and consent to its processing in an intelligible manner. This paper proposes ADVOCATE platform, a user-centric solution that allows data subjects to easily manage consents regarding access to their personal data in the IoT ecosystem. The proposed platform also assists data controllers to meet GDPR requirements, such as informing data subjects in a transparent and unambiguous manner about the data they will manage, the processing purposes, and periods. The integrity of personal data processing consents and the immutable versioning control of them are protected by a blockchain infrastructure. Finally, the paper provides a prototype implementation of the proposed platform that supports the main consents management functionality.
... The work presented in [6] involves the use of a semi-autonomous contextaware agent, which takes decisions on behalf of the user. The agent takes into account context, behaviour and a community-based reputation system in order to reach a decision. ...
Conference Paper
Full-text available
The value of personal data generated and managed by smart devices which comprise the Internet of Things (IoT) is unquestionable. The EU General Data Protection Regulation (GDPR) that has been recently put in force, sets the cornerstones regarding the collection and processing of personal data, for the benefit of Data Subjects and Controllers. However, applying this regulation to the IoT ecosystem is not a trivial task. This paper proposes ADvoCATE, a user-centric solution that allows data subjects to easily control consents regarding access to their personal data in the IoT ecosystem and exercise their rights defined by GDPR. It also assists Data Controllers and Processors to meet GDPR requirements. A blockchain infrastructure ensures the integrity of personal data processing consents, while the quality thereof is evaluated by an intelligence service. Finally, we present some preliminary details of a partial implementation of the proposed framework.
... To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from While Copigneaux [10] allowed users to identify how and when to be interrupted, this was not expanded nor further described. And so, this paper comes to present which aspects affect the "when" and briefly presents the result of a literature review from privacy and interruption research. ...
Conference Paper
This paper presents an organized set of variables that can aid intelligent privacy agents in predicting the best and necessary moments to interrupt users in order to give them control and awareness over their privacy, avoiding information overload or over choice.
Chapter
The Internet of Things (IoT) provides advanced services by interconnecting a huge number of heterogeneous smart things (virtual or physical devices) through existing interoperable information and communication technologies. Due to its tenuous nature, IoT is vulnerable to different types of attacks, which usually lead to exposure of secrets from the node to the attacker, and compromises the authenticity, integrity, and real-time delivery of data. As such, it is important to have a trust and reputation model to evaluate the trustworthiness of the different players in IoT settings. Trust-based reputation models have been developed for this purpose, but to date, no attempts have been made to compare their performance in an IoT setting. The objective of this work is to implement a multi-agent framework to simulate a smart factory supply chain using IIOT and evaluate the performance of three well-known models: ReGreT, S-IoT, and R-D-C in terms of trustworthiness and cash utility. Based on our experiments, ReGreT performed the best among the three models in terms of evaluating trustworthiness and R-D-C gained the most cash utility.KeywordsInternet of Things (IoT)Multi-agent systemDecision-makingTrustReputationMulti-contextSmart factorySupply chain
Article
Security and knowledge systems effectively identify the node behavior based on device identity, location, social attributes and networking parameters. In this article, we propose a novel approach of Location, Context and Social Objectives Using Knowledge-based Rules and Conflict Resolution for Security (LOCSKS) in the Internet of Things. The proposed system applies Bayesian decision theory and analyzes the node behavior based on prior and posterior knowledge of the location, context and social objectives in IoT. LOCSKS exclusive and economical keys consider the context to service type mapping and risk levels to ensure the location privacy and trust in the system. The knowledge-based and inference rules identity the conformity and conflicting nodes. The conflict resolution approach blocks the invalid nodes, suspends the malicious nodes and delays the suspicious nodes. Simulations indicate that the proposed LOCSKS scheme effectively identifies the node behavior and conflicting conditions, reduce the key violations and enhance location privacy as compared to the existing schemes.
Article
Full-text available
The Internet of Things is aimed at controlling the physical real world using a global network of heterogeneous smart objects that are interconnected through the Internet. Nonetheless, this emergent paradigm still poses challenges in terms of intelligence, autonomy, security, privacy, and interoperability, all of which must be overcome in order for this approach to be consolidated. The integration of Internet of Things with agent technologies has been proposed as an alternative. In this article, we present a general overview of the main preliminary models, theoretical and experimental studies, and applications currently proposed to carry out the agentification of the Internet of Things through modeling smart objects and networks of Internet of Things objects using software agents. Furthermore, we present an analysis of the main strengths, opportunities, weaknesses, and threats of this approach in terms of computational intelligence. Finally, we discuss the main challenges that must be overcome in order for the agentification process of the Internet of Things to become a consolidated paradigm to build cognitive Internet of Things applications.
Article
Full-text available
2011) Individual user behaviour modelling for effective web recommendation. In (Ed.) 2nd In-ternational Conference on e-Education, e-Business, e-Management and E-Learning (IC4E 2011), IEEE, Mumbai India. Abstract— with the growth of the Web, E-commerce activities are also becoming popular. Product recommendation is an effective way of marketing a product to potential customers. Based on a user's previous searches, most recommendation methods employ two dimensional models to find relevant items. Such items are then recommended to a user. Further too many irrelevant recommendations worsen the information overload problem for a user. This happens because such models based on vectors and matrices are unable to find the latent relationships that exist between users and searches. Identifying user behaviour is a complex process, and usually involves comparing searches made by him. In most of the cases traditional vector and matrix based methods are used to find prominent features as searched by a user. In this research we employ tensors to find relevant features as searched by users. Such relevant features are then used for making recommendations. Evaluation on real datasets show the effectiveness of such recommendations over vector and matrix based methods.
Conference Paper
Full-text available
The Internet of Things (IoT) has the potential to transform our daily lives and societies. This is, at least in part, due to its massively distributed and ubiquitous nature. To realize the benefits of the IoT, security and privacy issues associated with the use of the IoT need to be identified and addressed properly. In this paper, our focus is on protecting the privacy of the users of location-based services in the IoT. To achieve this protection, we propose a context-aware adaptive approach for general devices in the IoT, where the general devices are used by users in accessing the location-based services. The proposed approach is based on developing and utilizing an agent to manage location privacy in the context of requested network-based services. The results of an experiment conducted to show the effectiveness and efficiency of this approach are also reported.
Conference Paper
Full-text available
The Internet of Things (IoT) was of a vision in which all physical objects are tagged and uniquely identified using RFID transponders or readers. Nowadays, research into the IoT has extended this vision to the connectivity of Things to anything, anyone, anywhere and at anytime. The IoT has grown into multiple dimensions, which encompasses various networks of applications, computers, devices, as well as physical and virtual objects, referred to as things or objects, that are interconnected together using communication technologies such as, wireless, wired and mobile networks, RFID, Bluetooth, GPS systems, and other evolving technologies. This paradigm is a major shift from an essentially computer-based network model to a fully distributed network of smart objects. This change poses serious challenges in terms of architecture, connectivity, efficiency, security and provision of services among many others. This paper studies the state-of-the art of the IoT. In addition, some major security and privacy issues are described and a new attack vector is introduced, referred to as the “automated invasion attack”.
Conference Paper
Full-text available
Understanding and forecasting the health of an online community is of great value to its owners and managers who have vested interests in its longevity and success. Nevertheless, the association between community evolution and the behavioural patterns and trends of its members is not clearly understood, which hinders our ability of making accurate predictions of whether a community is flourishing or diminishing. In this paper we use statistical analysis, combined with a semantic model and rules for representing and computing behaviour in online communities. We apply this model on a number of forum communities from Boards.ie to categorise behaviour of community members over time, and report on how different behaviour compositions correlate with positive and negative community growth in these forums.
Article
Full-text available
Since a large scale Wireless Sensor Network (WSN) is to be completely integrated into Internet as a core part of Internet of Things (IoT) or Cyber Physical System (CPS), it is necessary to consider various security challenges that come with IoT/CPS, such as the detection of malicious attacks. Sensors or sensor embedded things may establish direct communication between each other using 6LoWPAN protocol. A trust and reputation model is recognized as an important approach to defend a large distributed sensor networks in IoT/CPS against malicious node attacks, since trust establishment mechanisms can stimulate collaboration among distributed computing and communication entities, facilitate the detection of untrustworthy entities, and assist decision-making process of various protocols. In this paper, based on in-depth understanding of trust establishment process and quantitative comparison among trust establishment methods, we present a trust and reputation model TRM-IoT to enforce the cooperation between things in a network of IoT/CPS based on their behaviors. The accuracy, robustness and lightness of the proposed model is validated through a wide set of simulations.
Article
Full-text available
The Privacy Coach is an application running on a mobile phone that supports customers in making privacy decisions when confronted with RFID tags. The approach we take to increase customer privacy is a radical departure from the mainstream research efforts that focus on implementing privacy enhancing technologies on the RFID tags themselves. Instead the Privacy Coach functions as a mediator between customer privacy preferences and corporate privacy policies, trying to find a match between the two, and informing the user of the outcome. In this paper we report on the architecture of the Privacy Coach, and show how it enables users to make informed privacy decisions in a user-friendly manner. We also spend considerable time to discuss lessons learnt and to describe future plans to further improve on the Privacy Coach concept. Comment: 10 pages
Article
Full-text available
Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. Context is a key to adapt suiting user needs. On the other hand, standard access control trusts users once they have authenticated, despite the fact that they may reach unauthorized contexts. We analyse how taking into account dynamic information like context in the authorization subsystem can improve security, and how this new access control applies to interaction patterns, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS), in smart home security.
Article
This article introduces the notion of 'routinisation' into discussions of informed consent. It is argued that the routinisation of informed consent poses a threat to the protection of the personal autonomy of a patient through the negotiation of informed consent. On the basis of a large survey, we provide evidence of the routinisation of informed consent in various types of interaction on the internet; among these, the routinisation of consent to the exchange of health related information. We also provide evidence that the extent of the routinisation of informed consent is dependent on the character of the information exchanged, and we uncover a range of causes of routinisation. Finally, the article discusses possible ways of countering the problem of routinisation of informed consent.
Conference Paper
In this paper we attempt to gain an understanding of the behaviour of users in a multipoint, interactive communication scenario. In particular, we wish to understand the dynamics of user participation at a session level. We present wide-area session level traces of the popular multiplayer networked games Quake and Half-Life. These traces were gathered by regularly polling 2256 game servers located all over the Internet, and querying the number of players present at each server and how long they had been playing. We analyse three specific features of the data: the number of players in a game, the interarrival times between players and the length of a player's session. We find significant time-of-day and network externality effects in the number of players. Player duration times fit an exponential distribution, while interarrival times fit a heavy-tailed distribution. The implications of our findings are discussed in the context of provisioning and charging for network quality of service for multipoint and multicast transmission. This work is ongoing.
Conference Paper
Social sharing on the Web has become very popular in recent years. However, as the amount of information grows rapidly it becomes difficult for a user to discover relevant information. The principle of augmented cognition can be applied to help users on the Social Web. This can be done by modelling the behaviours and interactions of the users in a system in order to discover implicit relations among the users. We describe two related approaches to model user behaviours for different types of social sharing sites. We show that the methods can be used to help users identify social relations that are more important to them, as well as items that are more relevant to their interests.
Article
Specialized elements of hardware and software, connected by wires, radio waves and infrared, will be so ubiquitous that no one will notice their presence.
Article
User-adaptive applications cater to the needs of each individual computer user, taking for example users' interests, level of expertise, preferences, perceptual and motoric abilities, and the usage environment into account. Central user modeling servers collect and process the information about users that different user-adaptive systems require to personalize their user interaction.Adaptive systems are generally better able to cater to users the more data their user modeling systems collect and process about them. They therefore gather as much data as possible and "lay them in stock" for possible future usage. Moreover, data collection usually takes place without users' initiative and sometimes even without their awareness, in order not to cause distraction. Both is in conflict with users' privacy concerns that became manifest in numerous recent consumer polls, and with data protection laws and guidelines that call for parsimony, purpose-orientation, and user notification or user consent when personal data are collected and processed.This article discusses security requirements to guarantee privacy in user-adaptive systems and explores ways to keep users anonymous while fully preserving personalized interaction with them. User anonymization in personalized systems goes beyond current models in that not only users must remain anonymous, but also the user modeling system that maintains their personal data. Moreover, users' trust in anonymity can be expected to lead to more extensive and frank interaction, hence to more and better data about the user, and thus to better personalization. A reference model for pseudonymous and secure user modeling is presented that meets many of the proposed requirements.
Conference Paper
The operation of wireless sensor networks (WSNs) is functionally affected by the selfish and/or malicious network nodes; and their resource constraints complicate the design of any WSN-based protocol and application. Rating nodes' trust and reputation have proven to be an effective solution to improve security, to support decision-making and to promote node collaboration in both wired and wireless networks. However, existing approaches to trust and reputation management emphasize mostly on trust and reputation modeling and ignore the overhead problems brought by their proposed schemes. In this paper, taking into consideration the power and bandwidth constraints of WSNs, we propose a novel agent-based trust and reputation management scheme (ATRM) from a system design point of view. Our objective is to manage trust and reputation with minimal overhead in terms of extra messages and time delay. The main contribution of our work is the introduction of a localized trust and reputation management strategy, which reduces both communication cost and acquisition latency.
More than 50 billion connected devices
  • Ericsson White Paper
Ericsson White paper, "More than 50 billion connected devices", February 2011, 284 23-3149 Uen.
RFID and identity management in everyday life
  • C Van't Hof
  • J Cornelissen
C. van't Hof and J. Cornelissen, "RFID and identity management in everyday life", October 2006, Rathenau Institute, STOA report assigned by the European Parliament.
The internet of things: vision & challenges
  • M Elkhodr
  • S Shahrestani
  • H Cheung
M. Elkhodr, S. Shahrestani S. and H. Cheung, "The internet of things: vision & challenges," April 2013, TENCON Spring Conference, 2013 IEEE, p.218-222.
Modelling and analysis of user behaviour in online communities
  • S Angeletou
  • M Rowe
  • H Alani
S. Angeletou, M. Rowe and H. Alani, "Modelling and analysis of user behaviour in online communities", 2011, The Semantic Web -ISWC 2011, Lecture Notes in Computer Science Volume 7031, p35-50.