privacy preserving in location based services
DESCRIPTION
HCMC University of Technology Information System Security Course. Privacy preserving in location based services. Presenter : Nguyen Ba Anh. Content. 1. Location-based service concepts 2. Preserving Privacy in Location-based Mobile Social Applications 2.1. Introduction - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/1.jpg)
Privacy preserving in location based
services
Presenter: Nguyen Ba Anh
HCMC University of TechnologyInformation System Security Course
![Page 2: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/2.jpg)
1. Location-based service concepts2. Preserving Privacy in Location-based Mobile Social Applications
2.1. Introduction2.2. Motivating applications2.3. Goals, system and threat model2.4. Building blocks and their usage2.5. Privacy analysis and tradeoffs
Content
![Page 3: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/3.jpg)
3. Privacy-Preserving Techniques for Location-based Services
3.1. Problems3.2. Two main approach3.3. PROBE (Privacy-preserving Obfuscation Environment)3.4. Private information retrieval (PIR) techniques3.5. Privacy in some kind of LBS
4. Conclusion
Content
![Page 4: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/4.jpg)
1. Location-based service concepts
![Page 5: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/5.jpg)
A general class of computer program-level services used to include specific controls for location and time data as control features in computer programs (Wikipedia)
1.1. Location-based service (LBS)
![Page 6: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/6.jpg)
1.2. Types of LBS
![Page 7: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/7.jpg)
1.3. LBS statistic Users Usages
![Page 8: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/8.jpg)
1.4. Privacy issue
![Page 9: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/9.jpg)
2. Preserving Privacy in Location-based Mobile Social Applications
![Page 10: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/10.jpg)
◦ Wide-spread adoption (tremendous penetration)◦ Empower users with knowledge of their vicinity◦ Numerous untrusted servers offering different
services◦ Proposed design: simple encrypted data store &
move the application functionality to client smartphones.
2.1. Introduction
![Page 11: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/11.jpg)
◦ Collaborative Content Downloading◦ Social Recommendations◦ Local Businesses◦ Locations-Based Reminders◦ Friend Locator
2.2. Motivating applications
![Page 12: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/12.jpg)
System model:◦ iPhone 3G comes with a 412MHz processor and
512MB of RAM◦ Smartphones decrypt and consume friends’ data,
the server stores users’ data, backs them up, and serve data to users
2.3. GOALS, SYSTEM AND THREAT MODEL
![Page 13: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/13.jpg)
Threat model:◦ third-party storage server is untrusted◦ user privacy lost even when the data stored on
the server is leaked to an attacker
2.3. GOALS, SYSTEM AND THREAT MODEL
![Page 14: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/14.jpg)
Friendship Proof:◦ a cryptographic attestation A -> B using
symmetric key◦ Users stores all their proofs from their friends◦ Communicate via a wireless interface and
exchange using a cryptographically secure handshake
2.4. BUILDING BLOCKS AND THEIR USAGE
![Page 15: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/15.jpg)
Transaction Proof:◦ cryptographically attests that a piece of
information belongs to a user◦ Include message for friends (current location,
opinion, something helpful)◦ message is application-dependent, encrypted with
the user’s session key when it is stored on the storage server
2.4. BUILDING BLOCKS AND THEIR USAGE
![Page 16: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/16.jpg)
Interfaces Exposed by the Storage Server
2.4. BUILDING BLOCKS AND THEIR USAGE
![Page 17: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/17.jpg)
Server Interface Privacy and Tradeoffs◦ Only the friend users with appropriate keys can
decrypt the data◦ improve the performance by tagging each proof
stored via a putLocationInfo call with an Id (or public key) of the user that generated the proof
◦ achieve both performance and privacy in this call is to tag the proofs with an userId that changes periodically in a known pattern (known only to friends)
2.5. PRIVACY ANALYSIS AND TRADEOFFS
![Page 18: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/18.jpg)
Impact of Several Potential Attacks◦ A compromised client can leak the location
privacy of all her friends◦ Compromised Third-party Storage Server
(Stronger Threat Model)◦ DoS Attacks on the Server
2.5. PRIVACY ANALYSIS AND TRADEOFFS
![Page 19: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/19.jpg)
3. Privacy-Preserving Techniques for Location-based Services
![Page 20: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/20.jpg)
Location information is critical for providing customized services, on the other hand, can lead to privacy breaches
attacker may infer sensitive information about the individual by cross-referencing location information about an individual with other information and by exploiting domain knowledge
3.1. Problems
![Page 21: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/21.jpg)
Location obfuscation
3.2. Two main approaches
![Page 22: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/22.jpg)
k-anonymization
3.2. Two main approaches
![Page 23: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/23.jpg)
Based on key elements The 1st element: sensitive entities and
unreachable entities The 2nd element: personal profile The 3rd element: probabilistic privacy model preferences are recorded in the individual
personal profile
3.3. PROBE (Privacy-preserving Obfuscation Environment)
![Page 24: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/24.jpg)
does not require intermediate parties to generate cloaked regions nor the presence of other individuals to achieve anonymity
may be quite expensive
3.4. Private information retrieval (PIR) techniques
![Page 25: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/25.jpg)
Privacy in Location-aware LBS
3.5. Privacy in some kind of LBS
Privacy principles
Purpose specification
User consent
Limited collection
Limited use
Limited disclosure
Limited retention
Accuracy and context preservation
Openness
Compliance
![Page 26: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/26.jpg)
Privacy in Location-aware LBS
3.5. Privacy in some kind of LBS
![Page 27: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/27.jpg)
Privacy in Real-time LBS
3.5. Privacy in some kind of LBS
![Page 28: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/28.jpg)
Privacy and Location Anonymization in LBS
3.5. Privacy in some kind of LBS
![Page 29: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/29.jpg)
LBS present an important parts in the development of human
Customers, regulators and legislators all have an interest in privacy
Privacy can and should be designed into systems by minimizing personal data collection, storage
4. Conclusion
![Page 30: Privacy preserving in location based services](https://reader035.vdocument.in/reader035/viewer/2022062222/568163ee550346895dd5631d/html5/thumbnails/30.jpg)
THANK YOU FOR LISTENING