Privacy preserving in location based services

advertisement
HCMC University of Technology
Information System Security Course
Presenter: Nguyen Ba Anh
1. Location-based service concepts
2. Preserving Privacy in Location-based Mobile
Social Applications
2.1.
2.2.
2.3.
2.4.
2.5.
Introduction
Motivating applications
Goals, system and threat model
Building blocks and their usage
Privacy analysis and tradeoffs
3. Privacy-Preserving Techniques for Locationbased Services
3.1. Problems
3.2. Two main approach
3.3. PROBE (Privacy-preserving Obfuscation
Environment)
3.4. Private information retrieval (PIR) techniques
3.5. Privacy in some kind of LBS
4. Conclusion

A general class of
computer programlevel services used to
include specific
controls for location
and time data as
control features in
computer programs
(Wikipedia)

Users

Usages
◦ Wide-spread adoption (tremendous penetration)
◦ Empower users with knowledge of their vicinity
◦ Numerous untrusted servers offering different
services
◦ Proposed design: simple encrypted data store &
move the application functionality to client
smartphones.
◦
◦
◦
◦
◦
Collaborative Content Downloading
Social Recommendations
Local Businesses
Locations-Based Reminders
Friend Locator

System model:
◦ iPhone 3G comes with a 412MHz processor and
512MB of RAM
◦ Smartphones decrypt and consume friends’ data,
the server stores users’ data, backs them up, and
serve data to users

Threat model:
◦ third-party storage server is untrusted
◦ user privacy lost even when the data stored on the
server is leaked to an attacker

Friendship Proof:
◦ a cryptographic attestation A -> B using symmetric
key
◦ Users stores all their proofs from their friends
◦ Communicate via a wireless interface and exchange
using a cryptographically secure handshake

Transaction Proof:
◦ cryptographically attests that a piece of information
belongs to a user
◦ Include message for friends (current location,
opinion, something helpful)
◦ message is application-dependent, encrypted with
the user’s session key when it is stored on the
storage server

Interfaces Exposed by the Storage Server

Server Interface Privacy and Tradeoffs
◦ Only the friend users with appropriate keys can
decrypt the data
◦ improve the performance by tagging each proof
stored via a putLocationInfo call with an Id (or
public key) of the user that generated the proof
◦ achieve both performance and privacy in this call is
to tag the proofs with an userId that changes
periodically in a known pattern (known only to
friends)

Impact of Several Potential Attacks
◦ A compromised client can leak the location privacy
of all her friends
◦ Compromised Third-party Storage Server (Stronger
Threat Model)
◦ DoS Attacks on the Server


Location information is critical for providing
customized services, on the other hand, can
lead to privacy breaches
attacker may infer sensitive information
about the individual by cross-referencing
location information about an individual with
other information and by exploiting domain
knowledge

Location obfuscation

k-anonymization





Based on key elements
The 1st element: sensitive entities and
unreachable entities
The 2nd element: personal profile
The 3rd element: probabilistic privacy model
preferences are recorded in the individual
personal profile


does not require intermediate parties to
generate cloaked regions nor the presence of
other individuals to achieve anonymity
may be quite expensive
Privacy in Location-aware LBS
Purpose
specification
Compliance
User consent
Limited
collection
Openness
Privacy
principles
Accuracy and
context
preservation
Limited use
Limited
retention
Limited
disclosure
Privacy in Location-aware LBS
Privacy in Real-time LBS
Privacy and Location Anonymization in LBS



LBS present an important parts in the
development of human
Customers, regulators and legislators all have
an interest in privacy
Privacy can and should be designed into
systems by minimizing personal data
collection, storage
Download