Data Security and Privacy concepts in SIMPLI-CITY apply to a few areas, relating firstly to the user's mobile device: personal data stored on the device and applications running there, secondly to isolation of requests and data used by services running in the SIMPLI-CITY server, next to data stored in the cloud infrastructure and also to the connections and access mechanisms between all of these areas.
Technologies like the Trusted Platform Module (TPM) could provide a mobile device with tamper-resistant full device encryption. However, there is currently no hardware available that implements the mobile equivalent, the Mobile Trusted Module (MTM). Therefore, the security features provided by mobile operating systems (OS), such as a key store for cryptographic keys and application sandboxing, can only be trusted if we assume that the device hardware and firmware have not been tampered with (for example with a rootkit). As such, the security of the data should be considered compromised if the device is lost or stolen.
To ensure data security and integrity even after the device is lost, the data could be encrypted with a cryptographically secure algorithm, using a passkey that is not stored on the device. For convenience, the key could be stored on a wireless token (Nicholson et al. 2006). Alternatively, the SIMPLI-CITY Personal Mobility Assistant (PMA) could be based on a platform that has hardware TPM implementation (such as x86 hardware), or a software implementation could be used as implemented on Windows RT tablets. To ensure confidentiality and integrity of the data during transfer between the mobile device and the SIMPLI-CITY services or the cloud-hosted infrastructure, all communication should be done over encrypted connections. The industry standard HTTPS is widely used, and available on all platforms and devices with which SIMPLI-CITY might interact. Through use of HTTPS, the separate parts of SIMPLI-CITY may interact with each other with the knowledge that the connections are secure and confidential. The endpoints are authenticated, by verifying that the certificates are valid and therefore the chain of trust is intact.
A cloud storage deployment can have applications running in virtual machines. In this case the physical servers that host the virtual machines need to be configured so that the virtual machines are completely isolated in the sense of independent processing of requests, data separation for different users and groups and secure access. Any data stored in the cloud, related to a user should be protected from third parties. Users of mobile platforms that store private data (calendars, contacts, etc.) and enable apps to access those are already accustomed to explicitly giving permission for apps to use that data. Without the user's explicit permission, the data is not accessible to the app. Additionally the state of the art in data privacy research focuses on preserving the privacy of users even when their sensitive information is being mined to detect trends (Aggarwal and Phillip, 2008, Fung et al. 2010). As there is no way to guarantee that apps or services will use sensitive data in a confidential manner, SIMPLI-CITY will implement a user-id per application which is private to that application. The method of reviewing apps and services in SIMPLIC-CITY will verify that apps running on the mobile device will only have access to its own unique user-id. Thus a user can have different apps installed on the mobile device even using the same services but with different user-ids.
Additionally, SIMPLI-CITY could allow for multiple levels of data accuracy, so that for example an application might be told that a user has an appointment in Berlin in the morning, instead of the exact time and location. Another area to ensure user privacy is not compromised in SIMPLI-CITY through unauthorized access to or unnecessary transfer of their data, is via information that is used by SIMPLI-CITY to query services for data or data processing. Most importantly in this is the location of the user, which is used to retrieve most relevant data. By tracking multiple requests for data and storing the associated location and information that uniquely identifies a user, services that are provided through SIMPLI-CITY could potentially encroach on a user’s privacy. To prevent this, methods (similar to generic data privacy anonymisation methods) have been proposed (Liu, Ling, 2009) that mask the exact position of the user, and make it impossible to distinguish one user from another.
The measures that are taken to ensure this have been documented in the ‘SIMPLI-CITY Holistic Security and Privacy Concept’ deliverable D3.3 which is available on the SIMPLI-CITY website at http://simpli-city.eu/documents. All developments in SIMPLI-CITY will follow the recommendations in the policy.