Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course.

Similar presentations

Presentation on theme: "Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course."— Presentation transcript:

1 Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course

2 1. Location-based service concepts 2. Preserving Privacy in Location-based Mobile Social Applications 2.1. Introduction 2.2. Motivating applications 2.3. Goals, system and threat model 2.4. Building blocks and their usage 2.5. Privacy analysis and tradeoffs

3 3. Privacy-Preserving Techniques for Location- based Services 3.1. Problems 3.2. Two main approach 3.3. PROBE (Privacy-preserving Obfuscation Environment) 3.4. Private information retrieval (PIR) techniques 3.5. Privacy in some kind of LBS 4. Conclusion


5  A general class of computer program- level services used to include specific controls for location and time data as control features in computer programs (Wikipedia)


7  Users  Usages



10 ◦ Wide-spread adoption (tremendous penetration) ◦ Empower users with knowledge of their vicinity ◦ Numerous untrusted servers offering different services ◦ Proposed design: simple encrypted data store & move the application functionality to client smartphones.

11 ◦ Collaborative Content Downloading ◦ Social Recommendations ◦ Local Businesses ◦ Locations-Based Reminders ◦ Friend Locator

12  System model: ◦ iPhone 3G comes with a 412MHz processor and 512MB of RAM ◦ Smartphones decrypt and consume friends’ data, the server stores users’ data, backs them up, and serve data to users

13  Threat model: ◦ third-party storage server is untrusted ◦ user privacy lost even when the data stored on the server is leaked to an attacker

14  Friendship Proof: ◦ a cryptographic attestation A -> B using symmetric key ◦ Users stores all their proofs from their friends ◦ Communicate via a wireless interface and exchange using a cryptographically secure handshake

15  Transaction Proof: ◦ cryptographically attests that a piece of information belongs to a user ◦ Include message for friends (current location, opinion, something helpful) ◦ message is application-dependent, encrypted with the user’s session key when it is stored on the storage server

16  Interfaces Exposed by the Storage Server

17  Server Interface Privacy and Tradeoffs ◦ Only the friend users with appropriate keys can decrypt the data ◦ improve the performance by tagging each proof stored via a putLocationInfo call with an Id (or public key) of the user that generated the proof ◦ achieve both performance and privacy in this call is to tag the proofs with an userId that changes periodically in a known pattern (known only to friends)

18  Impact of Several Potential Attacks ◦ A compromised client can leak the location privacy of all her friends ◦ Compromised Third-party Storage Server (Stronger Threat Model) ◦ DoS Attacks on the Server


20  Location information is critical for providing customized services, on the other hand, can lead to privacy breaches  attacker may infer sensitive information about the individual by cross-referencing location information about an individual with other information and by exploiting domain knowledge

21  Location obfuscation

22  k-anonymization

23  Based on key elements  The 1 st element: sensitive entities and unreachable entities  The 2 nd element: personal profile  The 3 rd element: probabilistic privacy model  preferences are recorded in the individual personal profile

24  does not require intermediate parties to generate cloaked regions nor the presence of other individuals to achieve anonymity  may be quite expensive

25 Privacy in Location-aware LBS Privacy principles Purpose specification User consent Limited collection Limited use Limited disclosure Limited retention Accuracy and context preservation OpennessCompliance

26 Privacy in Location-aware LBS

27 Privacy in Real-time LBS

28 Privacy and Location Anonymization in LBS

29  LBS present an important parts in the development of human  Customers, regulators and legislators all have an interest in privacy  Privacy can and should be designed into systems by minimizing personal data collection, storage


Download ppt "Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course."

Similar presentations

Ads by Google