Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course
1. Location-based service concepts 2. Preserving Privacy in Location-based Mobile Social Applications 2.1. Introduction 2.2. Motivating applications 2.3. Goals, system and threat model 2.4. Building blocks and their usage 2.5. Privacy analysis and tradeoffs
3. Privacy-Preserving Techniques for Location- based Services 3.1. Problems 3.2. Two main approach 3.3. PROBE (Privacy-preserving Obfuscation Environment) 3.4. Private information retrieval (PIR) techniques 3.5. Privacy in some kind of LBS 4. Conclusion
A general class of computer program- level services used to include specific controls for location and time data as control features in computer programs (Wikipedia)
Users Usages
◦ Wide-spread adoption (tremendous penetration) ◦ Empower users with knowledge of their vicinity ◦ Numerous untrusted servers offering different services ◦ Proposed design: simple encrypted data store & move the application functionality to client smartphones.
◦ Collaborative Content Downloading ◦ Social Recommendations ◦ Local Businesses ◦ Locations-Based Reminders ◦ Friend Locator
System model: ◦ iPhone 3G comes with a 412MHz processor and 512MB of RAM ◦ Smartphones decrypt and consume friends’ data, the server stores users’ data, backs them up, and serve data to users
Threat model: ◦ third-party storage server is untrusted ◦ user privacy lost even when the data stored on the server is leaked to an attacker
Friendship Proof: ◦ a cryptographic attestation A -> B using symmetric key ◦ Users stores all their proofs from their friends ◦ Communicate via a wireless interface and exchange using a cryptographically secure handshake
Transaction Proof: ◦ cryptographically attests that a piece of information belongs to a user ◦ Include message for friends (current location, opinion, something helpful) ◦ message is application-dependent, encrypted with the user’s session key when it is stored on the storage server
Interfaces Exposed by the Storage Server
Server Interface Privacy and Tradeoffs ◦ Only the friend users with appropriate keys can decrypt the data ◦ improve the performance by tagging each proof stored via a putLocationInfo call with an Id (or public key) of the user that generated the proof ◦ achieve both performance and privacy in this call is to tag the proofs with an userId that changes periodically in a known pattern (known only to friends)
Impact of Several Potential Attacks ◦ A compromised client can leak the location privacy of all her friends ◦ Compromised Third-party Storage Server (Stronger Threat Model) ◦ DoS Attacks on the Server
Location information is critical for providing customized services, on the other hand, can lead to privacy breaches attacker may infer sensitive information about the individual by cross-referencing location information about an individual with other information and by exploiting domain knowledge
Location obfuscation
k-anonymization
Based on key elements The 1 st element: sensitive entities and unreachable entities The 2 nd element: personal profile The 3 rd element: probabilistic privacy model preferences are recorded in the individual personal profile
does not require intermediate parties to generate cloaked regions nor the presence of other individuals to achieve anonymity may be quite expensive
Privacy in Location-aware LBS Privacy principles Purpose specification User consent Limited collection Limited use Limited disclosure Limited retention Accuracy and context preservation OpennessCompliance
Privacy in Location-aware LBS
Privacy in Real-time LBS
Privacy and Location Anonymization in LBS
LBS present an important parts in the development of human Customers, regulators and legislators all have an interest in privacy Privacy can and should be designed into systems by minimizing personal data collection, storage