1 / 12

Privacy and Security in the Location-enhanced World Wide Web

Privacy and Security in the Location-enhanced World Wide Web. Jason Hong Gaetano Boriello James Landay David McDonald Bill Schilit Doug Tygar. UC Berkeley Intel / UW Intel / UW UW Intel UC Berkeley. PlaceLab Overview.

oma
Download Presentation

Privacy and Security in the Location-enhanced World Wide Web

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy and Security in the Location-enhanced World Wide Web Jason Hong Gaetano Boriello James Landay David McDonald Bill Schilit Doug Tygar UC Berkeley Intel / UW Intel / UW UW Intel UC Berkeley

  2. PlaceLab Overview • Location-enhanced computing major ubicomp focus for over a decade, but few real apps out there • Need low-cost and convenient location finding tech • Need critical mass of useful location-based services • Need techniques to address privacy • Goal of PlaceLab • Provide open software base and community building • Catalyze adoption of location-based services

  3. ~city block A ~few meters B C Key Ideas in PlaceLab • Can use WiFi to determine rough location • Can use overlapping hotspots for better estimation

  4. Key Ideas in PlaceLab • Can use WiFi to determine rough location • Can cache directories of hotspots locally on devices • Continuously updated directories of hotspot locations • Access point MAC address -> Location • Local computation, local storage • Only you know where you are

  5. Key Ideas in PlaceLab • Can use WiFi to determine rough location • Can cache directories of hotspots locally on devices • Can cache location-enhanced content as well • Occasionally connected computing • Ex. Zagat restaurant guide • Location-enhanced web content • Local computation, local storage

  6. Key Ideas in PlaceLab • Can use WiFi to determine rough location • Can cache directories of hotspots locally on devices • Can cache location-enhanced content as well • Can choose when to share location data with others

  7. Privacy of Stakeholders in PlaceLab • End-Users • Network service providers, Web service providers • Anonymizers, mixes, pre-fetching, etc (see workshop paper) • Access point owners • Co-opted for new purpose in PlaceLab • Turn off broadcasting of Access Point (opt out) • Encrypt cached directories • Make location of AP visible only if person actually nearby

  8. Discussion • PlaceBar is a kind of privacy widget, other kinds? • PlaceLab is decentralized, starts with data at edge of network to drive adoption. Applicable elsewhere? • Privacy cuts across HW, OS, networking, UI. What mechanisms and support are needed in these layers? • Ex. How to build plausible deniability into systems? • What are actual privacy concerns for location? • Spatial Granularity, ex. City -> zip -> street • Temporal Granularity, ex. At Tahoe “last month” vs “July 1” • Freshness, ex. “You can have my location if over week old”

  9. Backup

  10. Privacy of Stakeholders in PlaceLab • End-Users • Disconnected mode is relatively safe • Connected mode managed via PlaceBar • Spoofing of personal device’s MAC address • WiFi range ~150 meters, some plausible deniability

  11. Privacy of Stakeholders in PlaceLab • End-Users • Access point owners • Network Service Providers and End-Users • Can use mixes to aggregate and redirect traffic • Access points tend to dynamically assign IP addresses • Overall, hard for network service provides to identify individuals

  12. Privacy of Stakeholders in PlaceLab • End-Users • Access point owners • Network Service Providers and End-Users • Web Service Providers and End-Users • Can correlate past IP addresses with locations • Use anonymizers • Web service provides might not be able to link to identifiable info • P3P extensions? • Pre-fetch chunks of data at a time

More Related