presenter: nguyen ba anh hcmc university of technology information system security course
TRANSCRIPT
Privacy preserving in location based
services
Presenter: Nguyen Ba Anh
HCMC University of TechnologyInformation System Security Course
1. Location-based service concepts2. Preserving Privacy in Location-based Mobile Social Applications
2.1. Introduction2.2. Motivating applications2.3. Goals, system and threat model2.4. Building blocks and their usage2.5. Privacy analysis and tradeoffs
Content
3. Privacy-Preserving Techniques for Location-based Services
3.1. Problems3.2. Two main approach3.3. PROBE (Privacy-preserving Obfuscation Environment)3.4. Private information retrieval (PIR) techniques3.5. Privacy in some kind of LBS
4. Conclusion
Content
1. Location-based service concepts
A general class of computer program-level services used to include specific controls for location and time data as control features in computer programs (Wikipedia)
1.1. Location-based service (LBS)
1.2. Types of LBS
1.3. LBS statistic
Users Usages
1.4. Privacy issue
2. Preserving Privacy in Location-based Mobile Social Applications
◦ Wide-spread adoption (tremendous penetration)◦ Empower users with knowledge of their vicinity◦ Numerous untrusted servers offering different
services◦ Proposed design: simple encrypted data store &
move the application functionality to client smartphones.
2.1. Introduction
◦ Collaborative Content Downloading◦ Social Recommendations◦ Local Businesses◦ Locations-Based Reminders◦ Friend Locator
2.2. Motivating applications
System model:◦ iPhone 3G comes with a 412MHz processor and
512MB of RAM◦ Smartphones decrypt and consume friends’ data,
the server stores users’ data, backs them up, and serve data to users
2.3. GOALS, SYSTEM AND THREAT MODEL
Threat model:◦ third-party storage server is untrusted◦ user privacy lost even when the data stored on
the server is leaked to an attacker
2.3. GOALS, SYSTEM AND THREAT MODEL
Friendship Proof:◦ a cryptographic attestation A -> B using
symmetric key◦ Users stores all their proofs from their friends◦ Communicate via a wireless interface and
exchange using a cryptographically secure handshake
2.4. BUILDING BLOCKS AND THEIR USAGE
Transaction Proof:◦ cryptographically attests that a piece of
information belongs to a user◦ Include message for friends (current location,
opinion, something helpful)◦ message is application-dependent, encrypted with
the user’s session key when it is stored on the storage server
2.4. BUILDING BLOCKS AND THEIR USAGE
Interfaces Exposed by the Storage Server
2.4. BUILDING BLOCKS AND THEIR USAGE
Server Interface Privacy and Tradeoffs◦ Only the friend users with appropriate keys can
decrypt the data◦ improve the performance by tagging each proof
stored via a putLocationInfo call with an Id (or public key) of the user that generated the proof
◦ achieve both performance and privacy in this call is to tag the proofs with an userId that changes periodically in a known pattern (known only to friends)
2.5. PRIVACY ANALYSIS AND TRADEOFFS
Impact of Several Potential Attacks◦ A compromised client can leak the location
privacy of all her friends◦ Compromised Third-party Storage Server
(Stronger Threat Model)◦ DoS Attacks on the Server
2.5. PRIVACY ANALYSIS AND TRADEOFFS
3. Privacy-Preserving Techniques for Location-based Services
Location information is critical for providing customized services, on the other hand, can lead to privacy breaches
attacker may infer sensitive information about the individual by cross-referencing location information about an individual with other information and by exploiting domain knowledge
3.1. Problems
Location obfuscation
3.2. Two main approaches
k-anonymization
3.2. Two main approaches
Based on key elements The 1st element: sensitive entities and
unreachable entities The 2nd element: personal profile The 3rd element: probabilistic privacy model preferences are recorded in the individual
personal profile
3.3. PROBE (Privacy-preserving Obfuscation Environment)
does not require intermediate parties to generate cloaked regions nor the presence of other individuals to achieve anonymity
may be quite expensive
3.4. Private information retrieval (PIR) techniques
Privacy in Location-aware LBS
3.5. Privacy in some kind of LBS
Privacy principles
Purpose specification
User consent
Limited collection
Limited use
Limited disclosure
Limited retention
Accuracy and context preservation
Openness
Compliance
Privacy in Location-aware LBS
3.5. Privacy in some kind of LBS
Privacy in Real-time LBS
3.5. Privacy in some kind of LBS
Privacy and Location Anonymization in LBS
3.5. Privacy in some kind of LBS
LBS present an important parts in the development of human
Customers, regulators and legislators all have an interest in privacy
Privacy can and should be designed into systems by minimizing personal data collection, storage
4. Conclusion
THANK YOU FOR LISTENING