Future Security: 5th Security Research Conference, Fraunhofer Verlag, 2010.
Future Security: 5th Security Research Conference, Berlin, 7.-9. September 2010
Modern surveillance systems collect a massive amount of data. In contrast to conventional systems that store raw sensor material, modern systems take advantage of smart sensors and improvements in image processing. They extract relevant information about the observed objects of interest, which is then stored and processed during the surveillance process. Such high-level information is, e.g., used for situation analysis and can be processed in different surveillance tasks. Modern systems have become powerful, can potentially collect all kind of user information and make it available to any surveillance task. Hence, direct access to the collected high-level data must be prevented. Each surveillance task should only access information that is required to fulfil its specified objective. Multiple approaches for anonymization exist, but they do not consider the special requirements of surveillance tasks. Furthermore surveillance systems can be used for varying reasons, e.g., thievery protection or location-based services for social networks. Hence, the specification of sensitive data is strongly connected to the objective of a surveillance task. This work identifies different classes of surveillance tasks and the according sensitive data. Based on these classes existing approaches for anonymization are examined and it is shown to what extent they can be used. Afterwards the existing approaches are extended to fulfil the requirements of the specific classes of surveillance tasks. Anonymization strategies cannot be seen isolated. They must interact with an identity management system, which handles all objects that should be anonymized, and with other components of the surveillance systems. Thus a framework is presented that enforces the anonymization strategies and realizes privacy-aware access to personal data related to the objects.