1. Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course

2. 1. Location-based service concepts 2. Preserving Privacy in Location-based Mobile Social Applications 2.1. Introduction 2.2. Motivating applications 2.3. Goals, system and threat model 2.4. Building blocks and their usage 2.5. Privacy analysis and tradeoffs

3. 3. Privacy-Preserving Techniques for Location- based Services 3.1. Problems 3.2. Two main approach 3.3. PROBE (Privacy-preserving Obfuscation Environment) 3.4. Private information retrieval (PIR) techniques 3.5. Privacy in some kind of LBS 4. Conclusion

5.  A general class of computer program- level services used to include specific controls for location and time data as control features in computer programs (Wikipedia)

7.  Users  Usages

10. ◦ Wide-spread adoption (tremendous penetration) ◦ Empower users with knowledge of their vicinity ◦ Numerous untrusted servers offering different services ◦ Proposed design: simple encrypted data store & move the application functionality to client smartphones.

11. ◦ Collaborative Content Downloading ◦ Social Recommendations ◦ Local Businesses ◦ Locations-Based Reminders ◦ Friend Locator

12.  System model: ◦ iPhone 3G comes with a 412MHz processor and 512MB of RAM ◦ Smartphones decrypt and consume friends’ data, the server stores users’ data, backs them up, and serve data to users

13.  Threat model: ◦ third-party storage server is untrusted ◦ user privacy lost even when the data stored on the server is leaked to an attacker

14.  Friendship Proof: ◦ a cryptographic attestation A -> B using symmetric key ◦ Users stores all their proofs from their friends ◦ Communicate via a wireless interface and exchange using a cryptographically secure handshake

15.  Transaction Proof: ◦ cryptographically attests that a piece of information belongs to a user ◦ Include message for friends (current location, opinion, something helpful) ◦ message is application-dependent, encrypted with the user’s session key when it is stored on the storage server

16.  Interfaces Exposed by the Storage Server

17.  Server Interface Privacy and Tradeoffs ◦ Only the friend users with appropriate keys can decrypt the data ◦ improve the performance by tagging each proof stored via a putLocationInfo call with an Id (or public key) of the user that generated the proof ◦ achieve both performance and privacy in this call is to tag the proofs with an userId that changes periodically in a known pattern (known only to friends)

18.  Impact of Several Potential Attacks ◦ A compromised client can leak the location privacy of all her friends ◦ Compromised Third-party Storage Server (Stronger Threat Model) ◦ DoS Attacks on the Server

20.  Location information is critical for providing customized services, on the other hand, can lead to privacy breaches  attacker may infer sensitive information about the individual by cross-referencing location information about an individual with other information and by exploiting domain knowledge

21.  Location obfuscation

22.  k-anonymization

23.  Based on key elements  The 1 st element: sensitive entities and unreachable entities  The 2 nd element: personal profile  The 3 rd element: probabilistic privacy model  preferences are recorded in the individual personal profile

24.  does not require intermediate parties to generate cloaked regions nor the presence of other individuals to achieve anonymity  may be quite expensive

25. Privacy in Location-aware LBS Privacy principles Purpose specification User consent Limited collection Limited use Limited disclosure Limited retention Accuracy and context preservation OpennessCompliance

26. Privacy in Location-aware LBS

27. Privacy in Real-time LBS

28. Privacy and Location Anonymization in LBS

29.  LBS present an important parts in the development of human  Customers, regulators and legislators all have an interest in privacy  Privacy can and should be designed into systems by minimizing personal data collection, storage