1 / 30

Privacy preserving in location based services

HCMC University of Technology Information System Security Course. Privacy preserving in location based services. Presenter : Nguyen Ba Anh. Content. 1. Location-based service concepts 2. Preserving Privacy in Location-based Mobile Social Applications 2.1. Introduction

edan
Download Presentation

Privacy preserving in location based services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HCMC University of Technology Information System Security Course Privacy preserving in location based services Presenter: Nguyen Ba Anh

  2. Content 1. Location-based service concepts 2. Preserving Privacy in Location-based Mobile Social Applications 2.1. Introduction 2.2. Motivating applications 2.3. Goals, system and threat model 2.4. Building blocks and their usage 2.5. Privacy analysis and tradeoffs

  3. Content 3. Privacy-Preserving Techniques for Location-based Services 3.1. Problems 3.2. Two main approach 3.3. PROBE (Privacy-preserving Obfuscation Environment) 3.4. Private information retrieval (PIR) techniques 3.5. Privacy in some kind of LBS 4. Conclusion

  4. 1. Location-based service concepts

  5. 1.1. Location-based service (LBS) • Ageneral class of computer program-level services used to include specific controls for location and time data as control features in computer programs (Wikipedia)

  6. 1.2. Types of LBS

  7. 1.3. LBS statistic • Users • Usages

  8. 1.4. Privacy issue

  9. 2. Preserving Privacy in Location-based Mobile Social Applications

  10. 2.1. Introduction • Wide-spread adoption (tremendous penetration) • Empower users with knowledge of their vicinity • Numerous untrusted servers offering different services • Proposed design: simple encrypted data store & move the application functionality to client smartphones.

  11. 2.2. Motivating applications • Collaborative Content Downloading • Social Recommendations • Local Businesses • Locations-Based Reminders • Friend Locator

  12. 2.3. GOALS, SYSTEM AND THREAT MODEL • System model: • iPhone 3G comes with a 412MHz processor and 512MB of RAM • Smartphones decrypt and consume friends’ data, the server stores users’ data, backs them up, and serve data to users

  13. 2.3. GOALS, SYSTEM AND THREAT MODEL • Threat model: • third-party storage server is untrusted • user privacy lost even when the data stored on the server is leaked to an attacker

  14. 2.4. BUILDING BLOCKS AND THEIR USAGE • Friendship Proof: • a cryptographic attestation A -> B using symmetric key • Users stores all their proofs from their friends • Communicate via a wireless interface and exchange using a cryptographically secure handshake

  15. 2.4. BUILDING BLOCKS AND THEIR USAGE • Transaction Proof: • cryptographically attests that a piece of information belongs to a user • Include message for friends (current location, opinion, something helpful) • message is application-dependent, encrypted with the user’s session key when it is stored on the storage server

  16. 2.4. BUILDING BLOCKS AND THEIR USAGE • Interfaces Exposed by the Storage Server

  17. 2.5. PRIVACY ANALYSIS AND TRADEOFFS • Server Interface Privacy and Tradeoffs • Only the friend users with appropriate keys can decrypt the data • improve the performance by tagging each proof stored via a putLocationInfo call with an Id (or public key) of the user that generated the proof • achieve both performance and privacy in this call is to tag the proofs with an userId that changes periodically in a known pattern (known only to friends)

  18. 2.5. PRIVACY ANALYSIS AND TRADEOFFS • Impact of Several Potential Attacks • A compromised client can leak the location privacy of all her friends • Compromised Third-party Storage Server (Stronger Threat Model) • DoS Attacks on the Server

  19. 3. Privacy-Preserving Techniques for Location-based Services

  20. 3.1. Problems • Location information is critical for providing customized services, on the other hand, can lead to privacy breaches • attacker may infer sensitive information about the individual by cross-referencing location information about an individual with other information and by exploiting domain knowledge

  21. 3.2. Two main approaches • Location obfuscation

  22. 3.2. Two main approaches • k-anonymization

  23. 3.3. PROBE (Privacy-preserving Obfuscation Environment) • Based on key elements • The 1st element: sensitive entities and unreachable entities • The 2nd element: personal profile • The 3rd element: probabilistic privacy model • preferences are recorded in the individual personal profile

  24. 3.4. Privateinformation retrieval (PIR) techniques • does not require intermediate parties to generate cloaked regions nor the presence of other individuals to achieve anonymity • may be quite expensive

  25. 3.5. Privacy in some kind of LBS Privacy in Location-aware LBS

  26. 3.5. Privacy in some kind of LBS Privacy in Location-aware LBS

  27. 3.5. Privacy in some kind of LBS Privacy in Real-time LBS

  28. 3.5. Privacy in some kind of LBS Privacy and Location Anonymization in LBS

  29. 4. Conclusion • LBS present an important parts in the development of human • Customers, regulators and legislators all have an interest in privacy • Privacy can and should be designed into systems by minimizing personal data collection, storage

  30. THANK YOU FOR LISTENING

More Related