Urban sensing environments: Exploiting the adaptation space for data protection

Abstract

Urban sensing is the foundation for cities to become smart. It comprises multiple domains, such as public surveillance, smart buildings, smart health, crowd sourcing/sensing or environment monitoring. From each of those domains stem digital services that, ideally, elevate the overall life quality of citizens. Prominent examples of such services are e.g., remote climate control of a smart home, light control in buildings based on occupancy sensing, effective routing of emergency vehicles through traffic monitoring data, automatic PH-control for urban water sources, or large scale movement pattern analysis of citizens, just to name a few. The edge computing paradigm plays a major role in urban sensing, as it facilitates the development, operation and optimization of such services. Reduced latency, scalability, bandwidth relief, or reliability are prominent advantages of edge computing based services. However, many of those services process, transmit or store sensitive data. The often constrained resources in edge computing pose critical challenges to data protection aspects of such services. Adaptation is a key enabler to attenuate and deal with many of those challenges. Based on the classical definition of control theory an adaptive system monitors its own performance and adjusts its parameters in the direction of better performance. In the context of protection of data, this involves i) monitoring the system and its environment, ii) analyzing whether changes threaten the satisfaction of security and privacy requirements, and iii) the planning and execution of adaptations, if needed, to ensure the continued satisfaction of these requirements. In this thesis, we exploit the adaptation space to improve or enhance data protection in resource constrained urban sensing environments. First, we present a system model that builds the foundation of an adaptive urban sensing system that has to adhere to some form of data protection regulation. The model focuses on data protection aspects, such as fine grained access control, and supports the definition of privacy policies and how to enact them inside the system. Second, we evaluated several data protection mechanisms by measuring their performance and energy consumption on representative edge devices. The evaluated data protection mechanism include cryptographic block and stream ciphers, secure hashing algorithms, digital signature algorithms, and algorithms needed for key exchange protocols. Based on the evaluation results, we developed a Source Location Privacy (SLP) system, specifically designed to operate in resource constraint environments. Third, we investigated data protection concerns, and how to address them, in the domain of AI-assisted public surveillance. Specifically, we are interested in Video Analysis Pipelines (VAP) and the challenges to data protection such systems are confronted with, i.e., leakage of Personally Identifiable Information (PII) from recorded and transmitted video data. Lastly, we developed a data protection focused adaptation engine for distributed video analysis pipelines. It employs an extended system model and adaptation rules to meet the requirements of AI-assisted VAPs at the Edge. Furthermore, it features an optimization algorithm to improve performance, energy consumption and data protection of a distributed VAP and its functionalities.