Privacy preserving in location based

services

Presenter: Nguyen Ba Anh

HCMC University of TechnologyInformation System Security Course

1. Location-based service concepts2. Preserving Privacy in Location-based Mobile Social Applications

2.1. Introduction2.2. Motivating applications2.3. Goals, system and threat model2.4. Building blocks and their usage2.5. Privacy analysis and tradeoffs

Content

3. Privacy-Preserving Techniques for Location-based Services

3.1. Problems3.2. Two main approach3.3. PROBE (Privacy-preserving Obfuscation Environment)3.4. Private information retrieval (PIR) techniques3.5. Privacy in some kind of LBS

4. Conclusion

Content

1. Location-based service concepts

A general class of computer program-level services used to include specific controls for location and time data as control features in computer programs (Wikipedia)

1.1. Location-based service (LBS)

1.2. Types of LBS

1.3. LBS statistic

Users Usages

1.4. Privacy issue

2. Preserving Privacy in Location-based Mobile Social Applications

◦ Wide-spread adoption (tremendous penetration)◦ Empower users with knowledge of their vicinity◦ Numerous untrusted servers offering different

services◦ Proposed design: simple encrypted data store &

move the application functionality to client smartphones.

2.1. Introduction

◦ Collaborative Content Downloading◦ Social Recommendations◦ Local Businesses◦ Locations-Based Reminders◦ Friend Locator

2.2. Motivating applications

System model:◦ iPhone 3G comes with a 412MHz processor and

512MB of RAM◦ Smartphones decrypt and consume friends’ data,

the server stores users’ data, backs them up, and serve data to users

2.3. GOALS, SYSTEM AND THREAT MODEL

Threat model:◦ third-party storage server is untrusted◦ user privacy lost even when the data stored on

the server is leaked to an attacker

2.3. GOALS, SYSTEM AND THREAT MODEL

Friendship Proof:◦ a cryptographic attestation A -> B using

symmetric key◦ Users stores all their proofs from their friends◦ Communicate via a wireless interface and

exchange using a cryptographically secure handshake

2.4. BUILDING BLOCKS AND THEIR USAGE

Transaction Proof:◦ cryptographically attests that a piece of

information belongs to a user◦ Include message for friends (current location,

opinion, something helpful)◦ message is application-dependent, encrypted with

the user’s session key when it is stored on the storage server

2.4. BUILDING BLOCKS AND THEIR USAGE

Interfaces Exposed by the Storage Server

2.4. BUILDING BLOCKS AND THEIR USAGE

Server Interface Privacy and Tradeoffs◦ Only the friend users with appropriate keys can

decrypt the data◦ improve the performance by tagging each proof

stored via a putLocationInfo call with an Id (or public key) of the user that generated the proof

◦ achieve both performance and privacy in this call is to tag the proofs with an userId that changes periodically in a known pattern (known only to friends)

2.5. PRIVACY ANALYSIS AND TRADEOFFS

Impact of Several Potential Attacks◦ A compromised client can leak the location

privacy of all her friends◦ Compromised Third-party Storage Server

(Stronger Threat Model)◦ DoS Attacks on the Server

2.5. PRIVACY ANALYSIS AND TRADEOFFS

3. Privacy-Preserving Techniques for Location-based Services

Location information is critical for providing customized services, on the other hand, can lead to privacy breaches

attacker may infer sensitive information about the individual by cross-referencing location information about an individual with other information and by exploiting domain knowledge

3.1. Problems

Location obfuscation

3.2. Two main approaches

k-anonymization

3.2. Two main approaches

Based on key elements The 1st element: sensitive entities and

unreachable entities The 2nd element: personal profile The 3rd element: probabilistic privacy model preferences are recorded in the individual

personal profile

3.3. PROBE (Privacy-preserving Obfuscation Environment)

does not require intermediate parties to generate cloaked regions nor the presence of other individuals to achieve anonymity

may be quite expensive

3.4. Private information retrieval (PIR) techniques

Privacy in Location-aware LBS

3.5. Privacy in some kind of LBS

Privacy principles

Purpose specification

User consent

Limited collection

Limited use

Limited disclosure

Limited retention

Accuracy and context preservation

Openness

Compliance

Privacy in Location-aware LBS

3.5. Privacy in some kind of LBS

Privacy in Real-time LBS

3.5. Privacy in some kind of LBS

Privacy and Location Anonymization in LBS

3.5. Privacy in some kind of LBS

LBS present an important parts in the development of human

Customers, regulators and legislators all have an interest in privacy

Privacy can and should be designed into systems by minimizing personal data collection, storage

4. Conclusion

THANK YOU FOR LISTENING