Presentation is loading. Please wait.

Presentation is loading. Please wait.

LocationSafe: Granular Location Privacy for Mobile IoT

Published byBenjamin Lorenz Modified over 6 years ago

Similar presentations

Presentation on theme: "LocationSafe: Granular Location Privacy for Mobile IoT"— Presentation transcript:

1 LocationSafe: Granular Location Privacy for Mobile IoT
Joshua Joy, Minh Le, Mario Gerla UCLA

2 Permissions Are Overwhelming
There are currently 324 Android Permissions [3] Many users feel overwhelmed and do not understand permissions [2] 17% paid attention to permissions during install (survey and lab experiment) 3% could answer comprehension questions (survey)

3 Over-Privileged Permissions
Principe of least-privilege over-privilege 82% Android and 50% iOS free apps track user location [1] Many apps do not work unless permissions are granted (location, contacts, call logs, browser history)

4 Today’s Location Protection
How precise ? How frequent ?

5 Facebook Messenger Attack (2015)
Facebook’s default setting is to include location information with all messages. Marauder’s Map scrapes the location data from your Facebook Messenger page, and plots it on a map [7].

6 Facebook Messenger Attack Explained
Each message includes latitude and longitude, more than 5 decimal places of precision [7] Pinpoint the sender’s location to less than a meter.

7 XPrivacy (Android) Fake data or no data at all
Does not balance privacy and utility! Only for Android!

8 seL4 First operating-system kernel with an end-to-end proof of implementation correctness and security enforcement [5] However, there is no security or correctness enforcement between the kernel and device driver (GPS) [6] Device support is not the kernel's problem Device support is the user's problem

9 GPSD Background Daemon that can speak to the majority of GPS sensors and exposes a uniform API to the caller Included in Android, iOS, Windows Mobile, UAVs, driverless cars Open Source

10 LocationSafe Granular location privacy

11 Privacy Goals Pluggable and adaptive privacy policies via modules. Privacy policy depends on app (navigation vs social network) Location precision knob Release frequency knob Achieve high utility!

12 Threat Model Assume the underlying OS is not malicious or adversarial
Applications may (maliciously) be over-privileged and fetch data very frequently or with high precision when not strictly required Applications may attempt to act as sybil or provide e fake application identifiers

13 Local (Distributed) Privacy

14 Who Needs the Data? Applications (e.g., Maps, Snapchat)
Third Party Analysts (Data Scientists)

15 Application Privacy

16 Application Utility 5-20km truncation before utility degrades [8]

17 Aggregate Analytics Grid Privacy

18 Grid Privacy Analyst issues query for region(s) to monitor
Data owner selects region(s) to share as well as privacy strength and release frequency Data owner responds with multiple locations Analyst aggregates and subtracts noise

19 Correctness and Secrecy
Theoretical analysis of the privacy mechanism Open source, sign binaries, inspect code

20 Performance Evaluation
Android Nexus 7 Tablet

21 Privacy Policy Design “Radius privacy” or “Privatizing within a grid”
Need population student to measure comprehension

22 Future Work Open source privacy module Integrate into CyanogenMod
Support query-response mechanism Evaluate functionality on range of apps

23 Thank You! Questions?

24 References [1] Appthority App Reputation Report, 2014
[2] Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner. Android permissions: user attention, comprehension, and behavior. SOUPS 2012 [3] List of Android Permissions - [4] XPrivacy - [5] seL4 - [6] seL4 FAQ - [7] Marauder’s Map - [8] Micinski, Kristopher, Philip Phelps, and Jeffrey S. Foster. "An empirical study of location truncation on android." Weather 2 (2013): 21.

Download ppt "LocationSafe: Granular Location Privacy for Mobile IoT"

Similar presentations

Operating System Security

Operating System Security
Mobile DevOps Mobile Apps + APIs = Mobile DevOps Alex Gaber Crittercism QCon New York 2014.

Mobile DevOps Mobile Apps + APIs = Mobile DevOps Alex Gaber Crittercism QCon New York 2014.
Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.

Policy Weaving for Mobile Devices Drew Davidson. Smartphone security is critical – 1200 to 1400 US Army troops to be equipped with Android smartphones.
Nokia Research Center Usable Security for Smartphones Cynthia Kuo Senior Researcher October 26, 2010 1.

Nokia Research Center Usable Security for Smartphones Cynthia Kuo Senior Researcher October 26,
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
An Empirical Study of Location Truncation on Android Kristopher Micinski Philip Phelps Jeffrey S. Foster University of Maryland, College Park 0.

An Empirical Study of Location Truncation on Android Kristopher Micinski Philip Phelps Jeffrey S. Foster University of Maryland, College Park 0.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-

1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-
By Ronny Bull, Chaitanya Pinnamaneni, Alex Stuart.

By Ronny Bull, Chaitanya Pinnamaneni, Alex Stuart.
THE MOBILE UNDERGROUND ACTIVITIES IN CHINA Lion Gu, Trend Micro RUXCON 2014 11/10/2014.

THE MOBILE UNDERGROUND ACTIVITIES IN CHINA Lion Gu, Trend Micro RUXCON /10/2014.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
William Enck, Machigar Ongtang, and Patrick McDaniel.

William Enck, Machigar Ongtang, and Patrick McDaniel.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Presentation By Deepak Katta

Presentation By Deepak Katta
Sophos Mobile Security

Sophos Mobile Security
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.

Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.
ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

Similar presentations

Ads by Google