1 / 61

ITS – Challenges for privacy-security-safety

ITS – Challenges for privacy-security-safety. Scott CADZOW, C3L for i-Tour. Agenda and aim of seminar.

snowy
Download Presentation

ITS – Challenges for privacy-security-safety

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITS – Challenges for privacy-security-safety Scott CADZOW, C3L for i-Tour

  2. Agenda and aim of seminar • From the assertion that Intelligent Transport Systems will revolutionise society with aims to improve the safety of citizens when using any means of transport by leveraging the international communications network. • What is ITS intending to achieve? • How does ITS fit to the core human right of protection of privacy? • What is the regulatory meaning of privacy? • How do you comply to privacy protection? • How can technology assist in privacy protection?

  3. Your speaker? • Scott CADZOW • Expert and rapporteur for: • TETRA security specifications • The suite of guidance documents for effective security standards development • covering Common Criteria, Risk analysis, and security requirements engineering • Frequent member and leader of Specialist Task Forces • He is chairman of the ETSI ITS Security group and also its counterpart in ISO TC204.16 • Has been vice-chairman of ETSI Project TETRA WG6 (Security) and the TETRA Security and Fraud Prevention Group (SFPG) • Has bee vice-chairman of the ETSI Lawful Interception group. • Has contributed ENISA reports on network resilience, supply chain integrity, and on measures to counter internet bullying.

  4. Definition • Privacy is defined as the right of the individual to have his identity and agency protected from any unwanted scrutiny and interference. • It reinforces the individual's right to decisional autonomy and self-determination. • Privacy is a fundamental right protected by the Universal Declaration of Human Rights and by various legislative orders including the EU Convention for the Protection of Human Rights and Fundamental Freedoms

  5. Some statistics • Deaths on EU27 roads: • Dropped from 56,247 in 2000 to 34,500 in 2009 • Downward trend is persistent and ITS should aim to accelerate the trend • Vehicles on EU27 roads: • Increased from 334/1000 inhabitants in 1991 to 473/1000 in 2009 • Assertion: Manufacturers want to continue this increase • Public transport use: • Flat at 7% for train use in EU27 • Flat at 9% for bus use in EU27 • Assertion: Directive wants this to change from flat to increase

  6. Some figures • 1. Safety • Traffic carnage in the UK is estimated to cost 1% of GDP (£18billion) • 2. Efficiency • Congestion costs an estimated in 1% of EU total GDP or 100B€ p.a. (or £18billion in the UK alone) • 3. Environmental sustainability • Transport accounts for 30% of total energy consumption in the EU, with the vast majority being consumed by road transport.

  7. ITS network: a network of sensors

  8. What is the new thinking? • Use vehicles as sensors • Use people as sensors • Use vehicles as computing nodes • Use people as data sources • Distribute knowledge

  9. What are the new problems? • Use vehicles as sensors • Who does it give its sensor data to? Does it trust the receiver will use it well? • Use people as sensors • What are you sensing? Is this going to come back and adversely affect me? • Use vehicles as computing nodes • Is this realistic? How much excess computing power is a car maker going to install? • Use people as data sources • Not just sensor data but opinions too? • Distribute knowledge • To whom and who pays?

  10. What can ITS do with data? • Identify virtual communities • How people travel and for what may give travel service providers better knowledge of how to ticket, how to schedule, how to better serve, different communities • Provide data for recommender systems

  11. Top level objectives for privacy • ITS has to meet the expectations of privacy established by: • OECD Declaration of Human Rights • EU Data Protection laws • EU Convention on human rights • Privacy is a right and expectation and not a technology

  12. ITS aim: to improve safety

  13. Co-operative awareness • Vehicles signalling their presence by radio • Where and what I am reported continuously for all to hear • Short range radio (5.9GHz, 100mW transmitter, about 200m range) • Not cellular, no infrastructure assumed • Every vehicle aware of every other vehicle in the local area • Raw data for collision avoidance and other applications

  14. Event notification messages • Geo-routed indication of events • Crash, congestion, adverse weather … • Receiving vehicles forward the message within and towards the affected geographic area • Broadcast over radio for all to hear • 5.9GHz, low power, short range, no infrastructure • Intent is to warn other drivers and get them to change their behaviour

  15. CAM and DENM and PII • PII = Personal Identifying Information • CAM and DENM identify behaviour: • Where a vehicle is • How it is being driven • Long term analysis may derive personal data: • Start and end points of journey • Correlation to objects at end points of journey: • house (home?), shop (socio-economic group?), church (religion?), school (family status?)

  16. Privacy concerns • Transmitter has no knowledge of who receives the data • Transmitter has no knowledge if the receiver is good (restricts processing to only ITS application) or bad (makes additional use of data) • Any potential for bad actors is bad and needs to be designed out of the system

  17. Pseudonymity is not an answer • pseudonymity: act of ensuring that a user may use a resource or service without disclosing its user identity, but can still be accountable for that use • Many aspects of behaviour are carried in immutable data – i.e. data that cannot be made pseudonymous • CAM and DENM content • Network addresses • GeoLocations

  18. ITS aim: to improve environment

  19. Give feedback to users about environmental consequences of their travel behaviour with a view to encourage change Key pollutants CO2 – climate change PM – air quality European standard COPERT IV - model and databases of emission factors

  20. Vehicle Emission calculation • - Passenger cars • - Motorcycles • Mopeds • Vans / small trucks • Urban buses • Coaches Engine Fuel Fuel - Gasoline - Diesel - LPG Engine state - Cold start - Hot start Engine capacity Speed Outside temperature Emission standard

  21. Illustration Passenger car Gasoline Engine technology year 2002 Engine capacity of 1.5 litre Cold start Temperature 20 oC Travel distance 18.1 km Travel speed 80 km/h Fuel use 128 g PM emission 0.022 g CO2 emission 3592 g

  22. ITS aim: to reduce congestion

  23. Congestion problem • People in location “A” want to get to location “B” at the same time as lots of other people • Transport network capacity insufficient to meet demand • The “Dawkins” solution: • Move/copy what everyone wants at “B” to “A” • Stagger the journey start times for all travellers

  24. ITS aim: encourage use of public transport

  25. Objective: to develop a routing system capable to: • support multi-modal routing • handle real-time information • consider multi-criteria evaluation functions • increase environmental awareness of travellers • generate personalized advice • learn preferences of users

  26. Multimodal trips

  27. Supernetwork approach User specifies which modes are available Multiple unimodal networks supernetwork Uni-modal networks are inter-connected by transfer links

  28. Compiling the supernetwork Time dependent method to account for congested travel times Time expanded method to account for time tables of public transport

  29. Link costs function (to weight different factors) C = β0+ T * β1+ T * α1 * β2+ T * α2 * β3+ T * α3 * β4

  30. Example of parameters

  31. Which Real-time data?

  32. Safety No delays Fast Preferences Convenience Emission Low cost

  33. Privacy and the protection of people

  34. What the regulation covers • data controller: • natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data • data processor: • natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller • processing of personal data: • any operation or set of operations which is performed upon personal data, whether or not by automatic means • Examples of processing are collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. • data subject: • person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity • data subject's consent: • any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed

  35. Requirements • Identify type of information/data users can upload and access: • determine if private (identity revealing) or public data • Trust-based access control mechanism allowing users to upload content • Can trust be private? • Virtual user communities’ characteristics • Does this reveal data that would otherwise be private? • Recommender system • How personal does it need to be to be effective?

  36. ProtectingUser Privacy • Privacy protection protects a person. • A person is described by what they do, where they do, when they do it, what they do it with, and with whom they do it • ITS users share their activity with each other and with the system • Need to protect exploit of that data by other parties

  37. Combination of technology & process • Design for Assurance : Ensure that security provisions can be measured and evaluated • Root is "Common Criteria for Security Assurance Evaluation" published as ISO 15408 and interpretation for standards development in ETSI EG 202 387 • Privacy by Design: adopt practices throughout the design, implementation and operation that maximise privacy • identify data leakage • address the human element in system deployment • address the policies of the system users, maintainers & managers • consider end of life data disposal

  38. Protecting User Privacy - risk reduction

  39. Privacy, data protection and security • Privacy is a fundamental right • Article 12 UDHR: • No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks • Article 8 EU Convention for the Protection of Human Rights and Fundamental Freedoms: Right to respect for private and family life • Everyone has the right to respect for his private and family life, his home and his correspondence. • There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

  40. Privacy, data protection and security • Assigns rights to citizens on how data related to them is protected • Enshrined in law in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data • Supplemented by Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

  41. Privacy, data protection and security • Personal data • shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity • Processing of personal data • shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction • “data subject’s” consent • shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed

  42. Privacy, data protection and security • The means to give assurance of the confidentiality, integrity and availability of data and services • Offers technical and procedural means to support regulation • Security supports … • Privacy (Privacy Enhancing Technologies) • COM(2007) 228 final: “COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on Promoting Data Protection by Privacy Enhancing Technologies (PETs)” • Data protection

  43. Content privacy – user generated

  44. Content privacy – provided

  45. Content privacy – interactive sessions

  46. One person – multiple persona

  47. Consequences for ITS • ITS carries personal data both directly and indirectly in all its variants: • Advanced Traveller Information Systems (ATIS) • Location and route is personal information • Advanced Traffic Management Systems (ATMS) • ITS-Enabled Transportation Pricing Systems • Concessionary fares require exchange of personal data • Advanced Public Transportation Systems (APTS) • Vehicle-to-Infrastructure Integration (VII) – ETSI • CAM and DENM • Vehicle-to-Vehicle Integration (V2V) – ETSI • CAM and DENM

  48. Wider concept

  49. User Privacy versus User security • Security is not a synonym for privacy • But security techniques will give some protection of privacy • Security techniques counter risk of • Interception, Masquerade, Manipulation, Repudiation

  50. Protecting User Privacy • Separation of identification and authorisation entities • Anonymous at point of service delivery • Identity and behaviour made non-linkable without collusion and difficult even with collusion

More Related