Abstract
In this paper, we focus on security-and-privacy-related issues that confront IT systems during disasters. We summarize these security and privacy issues in the context of two major areas of operation: information gathering and system continuity management. Then we provide the results of a survey on techniques for solving these issues. Finally, we discuss outstanding issues facing these the systems.
Chapter PDF
References
Aranha, D.F., López, J., Hankerson, D.: High-Speed Parallel Software Implementation of the η T Pairing. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 89–105. Springer, Heidelberg (2010)
Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra, L.: Formal analysis of saml 2.0 web browser single sign-on: breaking the saml-based single sign-on for google apps. In: Proc. of the 6th ACM Workshop on Formal Methods in Security Engineering, FMSE 2008, pp. 1–10 (2008)
Atteih, A.S., Algahtani, S.A., Nazmy, A.: Emergency management information system: Case study. In: GM, Unicom for Communication Technologies, http://www.unicomg.com/Home/
Dilmaghani, R.B., Rao, R.R.: A systematic approach to improve communication for emergency response. In: Proceedings of the 42nd Hawaii International Conference on System Sciences, IEEE HICSS 2009, pp. 1–8 (2009)
Bamba, B., Liu, L., Pesti, P., Wang, T.: Supporting anonymous location queries in mobile environments with privacygrid. In: Proc. of 17th International World Wide Web Conference (WWW 2008), pp. 237–246 (2008)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)
Bhaduri, B., Bright, E.A., Vijayraj, V.: Towards a geospatial knowledge discovery framework for disaster management. In: Proc. of ESA-EUSC 2008 (2008)
Bugiel, S., Nurnberger, S., Sadeghi, A., Schneider, T.: Twin clouds: An architecture for secure cloud computing. In: Proc. of Workshop on Cryptography and Security in Clouds, ECRYPT-II (2011)
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 85–90 (2009)
Cucinotta, T., Cecchetti, G., Ferraro, G.: Adopting redundancy techniques for multicast stream authentication. In: Proc. of the The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS 2003 (2003)
de Lanerolle, T.R., Anderson, W., DeFabbia-Kane, S., Fox-Epstein, E., Gochev, D., Morelli, R.: Development of a virtual dashboard for event coordination between multipul groups. In: Proc. of 7th International Conference on Information Systems for Crisis Response and Management, ISCRAM 2010 (2010)
DeCapua, C., Bhaduri, B.: Applications of geospatial technology in international disasters and during hurricane katrina. Available at the Project Site of Capturing Hurricane Katrina Data For Analysis and Lessons-Learned Research (2007)
Eltaief, H., Youssef, H.: Efficient sender authentication and signing of multicast streams over lossy channels. In: Proc. of 2010 IEEE/ACS International Conference on Computer Systems and Applications (AICCSA), pp. 1–7 (2010)
Fajardo, J.T.B., Oppus, C.M.: A mobile disaster management system using the android technology. International Journal of Communications 3, 77–86 (2009)
Fukushima, K., Kiyomoto, S., Miyake, Y.: Towards secure cloud computing architecture - a solution based on software protection mechanism. Journal of Internet Services and Information Security (JISIS) 1(1), 4–17 (2011)
Gedik, M., Liu, L.: A customizable k-anonymity model for protecting location privacy. In: Proc. of the 25th International Conference on Distributed Computing Systems (ICDCS 2005), pp. 620–629 (2005)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proc. of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178 (2009)
Ghinita, G., Kalnis, P., Skiadopoulos, S.: PRIVÉ: Anonymous location-based queries in distributed mobile systems. In: Proc. of 16th International World Wide Web Conference (WWW 2007), pp. 371–380 (2007)
Golle, P., Modadugu, N.: Authenticating streamed data in the presence of random packet loss (extended abstract). In: ISOC Network and Distributed System Security Symposium, pp. 13–22 (2001)
Gomi, H., Hatakeyama, M., Hosono, S., Fujita, S.: A delegation framework for federated identity management. In: Proc. of the 2005 Workshop on Digital Identity Management, DIM 2005, pp. 94–103 (2005)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98. Algorithms and Computation in Mathematics (2006)
Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. of the 1st International Conference on Mobile Systems, Applications, and Services (MobiSys 2003), pp. 163–168 (2003)
Hong, J.I., Landay, J.A.: An architecture for privacy-sensitive ubiquitous computing. In: Proc. of the 2nd International Conference on Mobile Systems, Applications, and Services (MobiSys 2004), pp. 177–189 (2004)
Jansen, W.A.: Cloud hooks: Security and privacy issues in cloud computing. In: Proc. of 44th Hawaii International Conference on System Sciences (HICSS), pp. 1–10 (2011)
Hamlen, K., Kantarcioglu, M., Khan, L., Thuraisingham, B.: Security issues for cloud computing. International Journal of Information Security and Privacy 4(2), 39–51 (2010)
Khorshed, M.T., Ali, A.S., Wasimi, S.A.: Monitoring insiders activities in cloud computing using rule based learning. In: Proc. of 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 757–764 (2011)
Kido, H., Yanagisawa, Y., Satoh, T.: An anonymous communication technique using dummies for location-based services. In: Proc. of IEEE International Conference on Pervasive Services 2005 (ICPS 2005), pp. 88–97 (2005)
Kiyomoto, S., Miyake, Y., Tanaka, T.: On designing privacy-aware data upload mechanism - towards information-gathering system for disasters. In: Proc. of The 11th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2012 (2012)
Lien, Y.-N., Jang, H.-C., Tsai, T.-C.: A manet based emergency communication and information system for catastrophic natural disasters. In: 29th IEEE International Conference on Distributed Computing Systems Workshops, ICDCS Workshops 2009, pp. 412–417 (2009)
Lu, Y., Tsudik, G.: Privacy-preserving cloud database querying. Journal of Internet Services and Information Security (JISIS) 1(4), 5–25 (2011)
Mascetti, S., Bettini, C.: A comparison of spatial generalization algorithms for lbs privacy preservation. In: Proc. of the 1st International Workshop on Privacy-Aware Location-Based Mobile Services (PALMS 2007), pp. 258–262 (2007)
Meissner, A., Luckenbach, T., Risse, T., Kirste, T., Kirchner, H.: Design challenges for an integrated disaster management communication and information system. In: Proc. of DIREN 2002 (co-located with IEEE INFOCOM 2002 (2002)
Miner, S., Staddon, J.: Graph-based authentication of digital streams. In: Proc. of 2001 IEEE Symposium on Security and Privacy, pp. 232–246 (2001)
Mokbel, M.F.: Towards privacy-aware location-based database servers. In: Proc. of the 22nd Internationl Conference on Sata Engineering Workshops (ICDEW 2006), pp. 93–102 (2006)
Mokbel, M.F., Chow, C.Y., Aref, W.G.: The new casper: Query processing for location services without compromising privacy. In: Proc. of the 32nd International Conference on Very Large Data Bases (VLDB 2006), pp. 763–774 (2006)
National Institute of Standard Technology (NIST). Us government cloud computing technology roadmap, vol. ii, release 1.0 (draft). NIST SP500-293 (2011)
Ohya, M., Asada, J., Harada, N., Matsubayashi, R., Hara, M., Takata, R., Naito, M., Waga, M., Katada, T.: Disaster information-gathering system using cellular phone with a global positioning system. In: Proc. of the International Symposium on Management System for Disaster Prevention 2006 (2006)
Park, J.M., Chong, E.K.P., Siegel, H.J.: Efficient multicast stream authentication using erasure codes. ACM Trans. Inf. Syst. Secur. 6(2), 258–285 (2003)
Park, J.M., Chong, E.K.P., Siegel, H.J.: Efficient multicast packet authentication using signature amortization. In: Proc. of 2002 IEEE Symposium on Security and Privacy, pp. 227–240 (2002)
Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: Proc. of 2000 IEEE Symposium on Security and Privacy, pp. 56–73 (2000)
Perry, R.W.: Incident management systems in disaster management. Journal of Disaster Prevention and Management 12(5), 405–412 (2003)
Popovic, K., Hocenski, Z.: Cloud computing security issues and challenges. In: MIPRO, 2010 Proceedings of the 33rd International Convention, pp. 344–349 (2010)
Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Santos, N., Smith, S.W.: Limited delegation for client-side ssl. In: Proc. of the 6th Annual PKI R & D Workshop, pp. 76–90 (2007)
Scipioni, M.P., Langheinrich, M.: Towards a new privacy-aware location sharing platform. Journal of Internet Services and Information Security (JISIS) 1(4), 47–59 (2011)
Scott, M.: On the efficient implementation of pairing-based protocols. Cryptology ePrint Archive, Report 2011/334 (2011), http://eprint.iacr.org/
Sengupta, S., Kaulgud, V., Sharma, V.S.: Cloud computing security–trends and research directions. In: Proc. of 2011 IEEE World Congress on Services (SERVICES), pp. 524–531 (2011)
Shklovski, I., Palen, L., Sutton, J.: Finding community through information and communication technology in disaster response. In: Proceedings of the 2008 ACM Conference on Computer Supported Cooperative Work, CSCW 2008, pp. 127–136 (2008)
Wang, R., Chen, S., Wang, X.: Signing me onto your accounts through facebook and google: a traffic-guided security study of commercially deployed single-sign-on web services. In: Proc. of 2012 IEEE Symposium on Security and Privacy (to appear, 2012)
Waters, B.: Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011)
Wickler, G., Potter, S., Tate, A., Hansberger, J.: The virtual collaboration environment: New media for crisis response. In: Proc. of 8th International Conference on Information Systems for Crisis Response and Management, ISCRAM 2011 (2011)
Wong, C.K., Lam, S.S.: Digital signatures for flows and multicasts. IEEE/ACM Transactions on Networking 7(4), 502–513 (1999)
Wood, T., Cecchet, E., Ramakrishnan, K.K., Shenoy, P., van der Merwe, J., Venkataramani, A.: Disaster recovery as a cloud service: economic benefits & deployment challenges. In: Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, HotCloud 2010 (2010)
Yao, A.C.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164 (1982)
Yao, A.C.-C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167 (1986)
Yao, X., Turoff, M., Hiltz, R.: A field trial of a collaborative online scenario creation system for emergency management. In: Proc. of 7th International Conference on Information Systems for Crisis Response and Management, ISCRAM 2010 (2010)
Zeng, Q.-A., Wei, H., Joshi, V.: An efficient communication system for disaster detection and coordinated emergency evacuation. In: Proc. of Wireless Telecommunications Symposium, WTS 2008, pp. 329–333 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kiyomoto, S., Fukushima, K., Miyake, Y. (2012). Security-and-Privacy-Related Issues on IT Systems During Disasters. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds) Multidisciplinary Research and Practice for Information Systems. CD-ARES 2012. Lecture Notes in Computer Science, vol 7465. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32498-7_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-32498-7_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32497-0
Online ISBN: 978-3-642-32498-7
eBook Packages: Computer ScienceComputer Science (R0)