Security-and-Privacy-Related Issues on IT Systems During Disasters

  • Shinsaku Kiyomoto
  • Kazuhide Fukushima
  • Yutaka Miyake
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7465)


In this paper, we focus on security-and-privacy-related issues that confront IT systems during disasters. We summarize these security and privacy issues in the context of two major areas of operation: information gathering and system continuity management. Then we provide the results of a survey on techniques for solving these issues. Finally, we discuss outstanding issues facing these the systems.


Cloud Computing Cloud Service Mobile Terminal Cloud Environment Governmental Organization 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aranha, D.F., López, J., Hankerson, D.: High-Speed Parallel Software Implementation of the η T Pairing. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 89–105. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra, L.: Formal analysis of saml 2.0 web browser single sign-on: breaking the saml-based single sign-on for google apps. In: Proc. of the 6th ACM Workshop on Formal Methods in Security Engineering, FMSE 2008, pp. 1–10 (2008)Google Scholar
  3. 3.
    Atteih, A.S., Algahtani, S.A., Nazmy, A.: Emergency management information system: Case study. In: GM, Unicom for Communication Technologies,
  4. 4.
    Dilmaghani, R.B., Rao, R.R.: A systematic approach to improve communication for emergency response. In: Proceedings of the 42nd Hawaii International Conference on System Sciences, IEEE HICSS 2009, pp. 1–8 (2009)Google Scholar
  5. 5.
    Bamba, B., Liu, L., Pesti, P., Wang, T.: Supporting anonymous location queries in mobile environments with privacygrid. In: Proc. of 17th International World Wide Web Conference (WWW 2008), pp. 237–246 (2008)Google Scholar
  6. 6.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)Google Scholar
  7. 7.
    Bhaduri, B., Bright, E.A., Vijayraj, V.: Towards a geospatial knowledge discovery framework for disaster management. In: Proc. of ESA-EUSC 2008 (2008)Google Scholar
  8. 8.
    Bugiel, S., Nurnberger, S., Sadeghi, A., Schneider, T.: Twin clouds: An architecture for secure cloud computing. In: Proc. of Workshop on Cryptography and Security in Clouds, ECRYPT-II (2011)Google Scholar
  9. 9.
    Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 85–90 (2009)Google Scholar
  10. 10.
    Cucinotta, T., Cecchetti, G., Ferraro, G.: Adopting redundancy techniques for multicast stream authentication. In: Proc. of the The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS 2003 (2003)Google Scholar
  11. 11.
    de Lanerolle, T.R., Anderson, W., DeFabbia-Kane, S., Fox-Epstein, E., Gochev, D., Morelli, R.: Development of a virtual dashboard for event coordination between multipul groups. In: Proc. of 7th International Conference on Information Systems for Crisis Response and Management, ISCRAM 2010 (2010)Google Scholar
  12. 12.
    DeCapua, C., Bhaduri, B.: Applications of geospatial technology in international disasters and during hurricane katrina. Available at the Project Site of Capturing Hurricane Katrina Data For Analysis and Lessons-Learned Research (2007)Google Scholar
  13. 13.
    Eltaief, H., Youssef, H.: Efficient sender authentication and signing of multicast streams over lossy channels. In: Proc. of 2010 IEEE/ACS International Conference on Computer Systems and Applications (AICCSA), pp. 1–7 (2010)Google Scholar
  14. 14.
    Fajardo, J.T.B., Oppus, C.M.: A mobile disaster management system using the android technology. International Journal of Communications 3, 77–86 (2009)Google Scholar
  15. 15.
    Fukushima, K., Kiyomoto, S., Miyake, Y.: Towards secure cloud computing architecture - a solution based on software protection mechanism. Journal of Internet Services and Information Security (JISIS) 1(1), 4–17 (2011)Google Scholar
  16. 16.
    Gedik, M., Liu, L.: A customizable k-anonymity model for protecting location privacy. In: Proc. of the 25th International Conference on Distributed Computing Systems (ICDCS 2005), pp. 620–629 (2005)Google Scholar
  17. 17.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proc. of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178 (2009)Google Scholar
  18. 18.
    Ghinita, G., Kalnis, P., Skiadopoulos, S.: PRIVÉ: Anonymous location-based queries in distributed mobile systems. In: Proc. of 16th International World Wide Web Conference (WWW 2007), pp. 371–380 (2007)Google Scholar
  19. 19.
    Golle, P., Modadugu, N.: Authenticating streamed data in the presence of random packet loss (extended abstract). In: ISOC Network and Distributed System Security Symposium, pp. 13–22 (2001)Google Scholar
  20. 20.
    Gomi, H., Hatakeyama, M., Hosono, S., Fujita, S.: A delegation framework for federated identity management. In: Proc. of the 2005 Workshop on Digital Identity Management, DIM 2005, pp. 94–103 (2005)Google Scholar
  21. 21.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 89–98. Algorithms and Computation in Mathematics (2006)Google Scholar
  22. 22.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. of the 1st International Conference on Mobile Systems, Applications, and Services (MobiSys 2003), pp. 163–168 (2003)Google Scholar
  23. 23.
    Hong, J.I., Landay, J.A.: An architecture for privacy-sensitive ubiquitous computing. In: Proc. of the 2nd International Conference on Mobile Systems, Applications, and Services (MobiSys 2004), pp. 177–189 (2004)Google Scholar
  24. 24.
    Jansen, W.A.: Cloud hooks: Security and privacy issues in cloud computing. In: Proc. of 44th Hawaii International Conference on System Sciences (HICSS), pp. 1–10 (2011)Google Scholar
  25. 25.
    Hamlen, K., Kantarcioglu, M., Khan, L., Thuraisingham, B.: Security issues for cloud computing. International Journal of Information Security and Privacy 4(2), 39–51 (2010)CrossRefGoogle Scholar
  26. 26.
    Khorshed, M.T., Ali, A.S., Wasimi, S.A.: Monitoring insiders activities in cloud computing using rule based learning. In: Proc. of 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 757–764 (2011)Google Scholar
  27. 27.
    Kido, H., Yanagisawa, Y., Satoh, T.: An anonymous communication technique using dummies for location-based services. In: Proc. of IEEE International Conference on Pervasive Services 2005 (ICPS 2005), pp. 88–97 (2005)Google Scholar
  28. 28.
    Kiyomoto, S., Miyake, Y., Tanaka, T.: On designing privacy-aware data upload mechanism - towards information-gathering system for disasters. In: Proc. of The 11th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2012 (2012)Google Scholar
  29. 29.
    Lien, Y.-N., Jang, H.-C., Tsai, T.-C.: A manet based emergency communication and information system for catastrophic natural disasters. In: 29th IEEE International Conference on Distributed Computing Systems Workshops, ICDCS Workshops 2009, pp. 412–417 (2009)Google Scholar
  30. 30.
    Lu, Y., Tsudik, G.: Privacy-preserving cloud database querying. Journal of Internet Services and Information Security (JISIS) 1(4), 5–25 (2011)Google Scholar
  31. 31.
    Mascetti, S., Bettini, C.: A comparison of spatial generalization algorithms for lbs privacy preservation. In: Proc. of the 1st International Workshop on Privacy-Aware Location-Based Mobile Services (PALMS 2007), pp. 258–262 (2007)Google Scholar
  32. 32.
    Meissner, A., Luckenbach, T., Risse, T., Kirste, T., Kirchner, H.: Design challenges for an integrated disaster management communication and information system. In: Proc. of DIREN 2002 (co-located with IEEE INFOCOM 2002 (2002)Google Scholar
  33. 33.
    Miner, S., Staddon, J.: Graph-based authentication of digital streams. In: Proc. of 2001 IEEE Symposium on Security and Privacy, pp. 232–246 (2001)Google Scholar
  34. 34.
    Mokbel, M.F.: Towards privacy-aware location-based database servers. In: Proc. of the 22nd Internationl Conference on Sata Engineering Workshops (ICDEW 2006), pp. 93–102 (2006)Google Scholar
  35. 35.
    Mokbel, M.F., Chow, C.Y., Aref, W.G.: The new casper: Query processing for location services without compromising privacy. In: Proc. of the 32nd International Conference on Very Large Data Bases (VLDB 2006), pp. 763–774 (2006)Google Scholar
  36. 36.
    National Institute of Standard Technology (NIST). Us government cloud computing technology roadmap, vol. ii, release 1.0 (draft). NIST SP500-293 (2011)Google Scholar
  37. 37.
    Ohya, M., Asada, J., Harada, N., Matsubayashi, R., Hara, M., Takata, R., Naito, M., Waga, M., Katada, T.: Disaster information-gathering system using cellular phone with a global positioning system. In: Proc. of the International Symposium on Management System for Disaster Prevention 2006 (2006)Google Scholar
  38. 38.
    Park, J.M., Chong, E.K.P., Siegel, H.J.: Efficient multicast stream authentication using erasure codes. ACM Trans. Inf. Syst. Secur. 6(2), 258–285 (2003)CrossRefGoogle Scholar
  39. 39.
    Park, J.M., Chong, E.K.P., Siegel, H.J.: Efficient multicast packet authentication using signature amortization. In: Proc. of 2002 IEEE Symposium on Security and Privacy, pp. 227–240 (2002)Google Scholar
  40. 40.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: Proc. of 2000 IEEE Symposium on Security and Privacy, pp. 56–73 (2000)Google Scholar
  41. 41.
    Perry, R.W.: Incident management systems in disaster management. Journal of Disaster Prevention and Management 12(5), 405–412 (2003)MathSciNetCrossRefGoogle Scholar
  42. 42.
    Popovic, K., Hocenski, Z.: Cloud computing security issues and challenges. In: MIPRO, 2010 Proceedings of the 33rd International Convention, pp. 344–349 (2010)Google Scholar
  43. 43.
    Sahai, A., Waters, B.: Fuzzy Identity-Based Encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  44. 44.
    Santos, N., Smith, S.W.: Limited delegation for client-side ssl. In: Proc. of the 6th Annual PKI R & D Workshop, pp. 76–90 (2007)Google Scholar
  45. 45.
    Scipioni, M.P., Langheinrich, M.: Towards a new privacy-aware location sharing platform. Journal of Internet Services and Information Security (JISIS) 1(4), 47–59 (2011)Google Scholar
  46. 46.
    Scott, M.: On the efficient implementation of pairing-based protocols. Cryptology ePrint Archive, Report 2011/334 (2011),
  47. 47.
    Sengupta, S., Kaulgud, V., Sharma, V.S.: Cloud computing security–trends and research directions. In: Proc. of 2011 IEEE World Congress on Services (SERVICES), pp. 524–531 (2011)Google Scholar
  48. 48.
    Shklovski, I., Palen, L., Sutton, J.: Finding community through information and communication technology in disaster response. In: Proceedings of the 2008 ACM Conference on Computer Supported Cooperative Work, CSCW 2008, pp. 127–136 (2008)Google Scholar
  49. 49.
    Wang, R., Chen, S., Wang, X.: Signing me onto your accounts through facebook and google: a traffic-guided security study of commercially deployed single-sign-on web services. In: Proc. of 2012 IEEE Symposium on Security and Privacy (to appear, 2012)Google Scholar
  50. 50.
    Waters, B.: Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  51. 51.
    Wickler, G., Potter, S., Tate, A., Hansberger, J.: The virtual collaboration environment: New media for crisis response. In: Proc. of 8th International Conference on Information Systems for Crisis Response and Management, ISCRAM 2011 (2011)Google Scholar
  52. 52.
    Wong, C.K., Lam, S.S.: Digital signatures for flows and multicasts. IEEE/ACM Transactions on Networking 7(4), 502–513 (1999)CrossRefGoogle Scholar
  53. 53.
    Wood, T., Cecchet, E., Ramakrishnan, K.K., Shenoy, P., van der Merwe, J., Venkataramani, A.: Disaster recovery as a cloud service: economic benefits & deployment challenges. In: Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, HotCloud 2010 (2010)Google Scholar
  54. 54.
    Yao, A.C.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164 (1982)Google Scholar
  55. 55.
    Yao, A.C.-C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167 (1986)Google Scholar
  56. 56.
    Yao, X., Turoff, M., Hiltz, R.: A field trial of a collaborative online scenario creation system for emergency management. In: Proc. of 7th International Conference on Information Systems for Crisis Response and Management, ISCRAM 2010 (2010)Google Scholar
  57. 57.
    Zeng, Q.-A., Wei, H., Joshi, V.: An efficient communication system for disaster detection and coordinated emergency evacuation. In: Proc. of Wireless Telecommunications Symposium, WTS 2008, pp. 329–333 (2008)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Shinsaku Kiyomoto
    • 1
  • Kazuhide Fukushima
    • 1
  • Yutaka Miyake
    • 1
  1. 1.KDDI R & D Laboratories Inc.Fujimino-shiJapan

Personalised recommendations