PRESERVATION
Algorithm 6.1: Distributed Coloring Require: INPUT
7.3 Privacy Threats in Smart Buildings
in [36] to automatically turn off the HVAC when the occupant is sleeping or the home is unoccupied. A fusion sensor that consists of wireless motion and door sensors are used to infer occupant activities (e.g., sleeping, left home unoc- cupied, or active). The interested reader may refer to [43] for more detailed information.
7.3.1 Privacy of user behavior
This type of privacy issue stems from the fact that occupants’ identity can be learned and their activities can be collected, tracked, or deduced from the infor- mation generated by IoT devices.
User behavior privacy becomes an issue, in particular, when a smart meter is used in a residential building. The fine-grained energy consumption data generated from the smart meter can be disaggregated into appliance-level infor- mation. The goal of disaggregating power consumption is to provide informa- tion on the breakdown of energy consumption and to profile high-energy-usage appliances. The appliance-level information gives some benefits to many parties [3]: The consumer can get direct feedback related to his/her electric consump- tion and receive automated personalized recommendations, which in turn enables his/her active participation in order to reduce or alter his/her electricity demand.
The utility company can obtain fine-grained data to improve economic modeling and policy recommendations. Finally, R&D institutions and manufacturers can use the fine-grained data to support redesign of energy-efficient appliances, to support energy-efficient marketing, and to improve building simulation models.
However, disaggregation of data also creates privacy issues, since the process is not intrusive.
Nonintrusive load monitoring (NILM) or nonintrusive appliance load monitoring (NIALM) is a technique for analyzing and extracting appliance-level information from power consumption in a nonintrusive fashion. There have been various NILM approaches proposed ever since it was first introduced in [26].
Figure 7.5 shows an example of activities deduced using an NILM approach.
Interested readers may refer to [56] and [3] for more detailed information.
7.3.2 Location privacy
Location privacy is defined as “the ability to prevent unauthorized parties from learning someone’s current or past location” [35]. Sources of location information can either be various technologies used in smart buildings, such as sensors, RFID readers, video cameras, Wi-Fi access points, PIR sensors, and so on, or personal electronic devices used by the occupants themselves, such as smartphones, notebooks, tablets, body sensors, or wearables. It may not be con- sidered an issue for a relatively small environment, like inside of a house, where a user is already known to be located and does not have a lot of internal space to move around. However, in closed public environments, such as airports or shopping centers, or in big office buildings, location privacy becomes a problem.
7.3.2.1 Privacy issues with wireless LANs
Due to the broadcast nature of the wireless LAN technology, it is much eas- ier to obtain private information about the users. The following user data can
1000
000 01 02 03 04 Overnight
period Refrigerator
Getting ready to leave:
showers, breakfast,
etc.
Breakfast
Water
heater Water heater
Water heater
Shower Evening activities:
dinner, showers, laundry, working on computer
05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Time (h)
2000 3000 4000 5000 6000 7000 8000 9000
Power usage (kW)
Figure 7.5: An example of activities deduced from NILM approach. (From A. Molina-Markham et al. Proceedings of the 2nd ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Building, BuildSys ’10, ACM, New York, 2010.)
be disclosed to unauthorized parties during wireless communication: content of the communication, who is sending or receiving data (user identity), when the communication takes place (time) and where the communication takes place (location). While the content can be protected using encryption at applica- tion level, the rest of the information may be available to external entities, as explained below:
1. User identity can be determined from the node information (i.e., MAC and IP addresses).
2. Time information can be related to the time of the transmitted or received packet.
3. Location can be inferred from: (i) the single access point (AP) that receives the transmission, providing a rough estimation; (ii) the transmitted signal strength information from multiple APs which receive the transmission, providing more accurate location information, for instance, by the trian- gulation method or by fingerprint-based localization [4, 57].
When all this information is combined together, the where, when, and who of a wireless communication event can be used for tracking and inferring user behavior.
7.3.2.2 RFID privacy issues
The privacy issue comes from the fact that an RFID tag and reader do not have to be in line of sight. An unauthorized RFID reader at a distance or beyond the wall(s) may try to get access to the tag information and the tag owner may not be aware that his/her tag is being read.
7.3.3 Visual privacy
Visual privacy refers to the private information in the form of image or video.
Today, streets of modern cities and almost all closed public places are equipped with surveillance cameras in order to track suspicious activity and identify crim- inals. We expect that, in the near future, the number of cameras will increase even further with the introduction of smart cameras and vision-based intelligent surveillance systems. Surveillance cameras may also be used as part of ambient- assisted living systems in support of autonomy and well-being of older or dis- abled people. In any case, videos or images of a person carry the richest privacy information about a person and his/her environment. Not only the face of a per- son, but also the clothes, posture, gait, time, and environment can reveal sensitive information.