Presentation is loading. Please wait.

Presentation is loading. Please wait.

Preserving Location Privacy in Wireless LANs Presented by Alvin Yonggang Yun April 9, 2008 CSCI 388 - Wireless and Mobile Security.

Published bySamuel Matthews Modified over 9 years ago

Similar presentations

Presentation on theme: "Preserving Location Privacy in Wireless LANs Presented by Alvin Yonggang Yun April 9, 2008 CSCI 388 - Wireless and Mobile Security."— Presentation transcript:

1 Preserving Location Privacy in Wireless LANs Presented by Alvin Yonggang Yun April 9, 2008 CSCI 388 - Wireless and Mobile Security

2 Authors ► ► Tao Jiang University of Maryland ► ► Helen J. Wang Microsoft Research ► ► Yih-Chun Hu University of Illinois Presented MobiSys’07, June 11–13, 2007, San Juan, Puerto Rico, USA

3 Do you care someone know where you are?

4 Someone does care location privacy

5 220,000 Cell Towers Can Find You

6 Location-based Services Location-based Networking (Always connected + Continuous services) Location-based Fitness Assistant and Shopping Assistant

7 Location and Location Privacy ► Location Information can be obtained through direct communication with the respective entity or through indirect means such as observation and inference. ► The claim/right of individuals, groups and institutions to determine for themselves, when, how and to what extent location information about them is communicated to others. ► Location privacy is the ability to prevent other parties from learning one’s current or past location

8 Problem ► Broadcast nature of wireless networks and widespread deployment of Wi-Fi hotspots makes it easy to remotely locate a user by observing wireless signals. ► Location information can be used by malicious individuals for blackmail, stalking, and other privacy violations.

9 What’s NEW? Adjustable Privacy Entropy More detail below Balance Location Privacy Location-based Services Privacy

10 Paper Overview So, how to improve location privacy? Obfuscate 3 types of privacy-compromising information: ► Sender identity ► Time of transmission ► Signal strength

11 Paper Overview Why? Because of 5 types of leakage of location information in the course of wireless communications: ► Sender node identity ► Time ► Location ► Receiver node identity -- resolved: MIX-net or Crowd ► Content -- resolved: encryption

12 FOCUS ► Anonymize the user or node identity with frequently changing pseudonyms: MAC address in this paper ► Unlink different pseudonyms of the same user with silent periods: optimal model ► Reduce the transmission range through transmit power control

13 Design Overview ► Driven by real-system implementation and field experiments along with analysis and simulations ► Privacy level available to choose, for both privacy-sensitive users and non- privacy- sensitive users. ► Evaluate system based on real-life mobility data and wireless LAN coverage

14 Research Background ► ► Y.-C. Hu and H. J. Wang. Location privacy in wireless networks. In Proceedings of the ACM SIGCOMM Asia Workshop, Beijing, 2005. – extension and improvement ► ► M. Gruteser and D. Grunwald. Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. In WMASH ’ 03 ► ► L. Huang, K. Matsuura, H. Yamane, and K. Sezaki. Enhancing wireless location privacy using silent period. ► ► C. Shannon. A mathematical theory of communication. Bell Systems Technical Journal, 27:379–423, 623–656 – Entropy ( metric of privacy level )

15 Related Work ► Location technologies – RF-based ► Application-Level Location Privacy ► Network-Level Location Privacy ► RF Fingerprintin g

16 Related Work Location technologies ► Only consider RF-based localization systems ► Location accuracy achievement: Indoor---< 1 meter in 50% time Outdoor ---15-30 meters as median ► Two phases: Training phase – “war-driving” to collect a large amount of signal data Positioning phase – compare to the radio map

17 Related Work Application-Level Location Privacy ► Anonymous usage of location-based services through spatial and temporal ► Design protocols and APIs that consider the privacy issues in the transfer of location information to external services ► Target location information provided by applications ► This paper: Privacy of location information that can be inferred from the wireless transmissions of network users

18 Related Work Network-Level Location Privacy ► Frequently changing user pseudonyms: blind signatures for anonymous communication ► Silent periods ► Pseudo-randomly chosen channel – assume AP operator is trusted

19 Related Work Network-Level Location Privacy ► Frequently changing user pseudonyms: blind signatures for anonymous communication – vs – Sender identity with MAC changing ► Silent periods – vs – Opportunistic Silent periods ► Pseudo-randomly chosen channel – vs – Reduce transmission power: less APs in range -- even AP cannot be trusted

20 Anonymous Communication ► Bob and the Server want to prevent outsiders from knowing the fact that they are communicating - Unlinkablility ► Bob wants to prevent the server from knowing its identity - Sender (Source) anonymity

21 Related Work Network-Level Location Privacy Definition ► Silent period: The time when privacy- sensitive users intentionally do not transmit, in order to reduce the effectiveness of correlation based on mobility pattern of users ► Opportunistic silent period: Optimal silent period calculation methodology

22 Related Work Network-Level Location Privacy Again… Obfuscate 3 types of privacy-compromising information: ► Sender identity ► Time of transmission ► Signal strength

23 Related Work RF Fingerprinting ► Requires high speed and high resolution Analog-to-Digital Converter – Expensive to deploy ► Prevented by intentionally adding strong noise ► The paper can’t resolve this, important future work…

24 Attacker Model ► Silent attackers: sniffer, do not emit any signals, only listen and localize mobile users ► Exposed attackers: network providers, trustworthy? How about accidentally leak  Active attackers: adjust base station transmission power  Passive attackers: no change on base station

25 Measure of Privacy How good we can preserve location privacy? We need to quantify… Privacy Entropy Given an attacker and the set of all mobile users U, let be the bservation of the attacker about the user at some location L. Given observation, the attacker computes a probability distribution P over users Entropy is the number of bits of additional information the attacker needs to definitively identify the user. P robability (%) = 1  enough information to identify the user

26 Ways to go… ► Pseudonym for sender identity ► Opportunistic Silent Period for transmission time ► Transmit power control for signal strength

27 Pseudonym ► Anonymity is a prerequisite for location privacy ► User must use frequently chahging pseudonyms for communications ► Pseudonyms: MAC address, IP address

28 How to choose pseudonym? Important! Avoid address collisions Let AP assign MAC addresses to users/clients o Join Address(well known address) is used to avoid MAC conflicts o MAC Address is got from the MAC address pool o Nonce – Cryptographic nonce, a 128-bit string used only once for multiple simultaneous requests

29 How to choose pseudonym? Why not choose IP address? ► MAC is enough, we do not need to extract and obfuscate application layer user identities ► Sources cannot easily communicate with AP during IP changes ( trusted anonymous bulletin boards with cryptographic mechanisms is used )

30 When to change pseudonym? Opportunistic Silent Period ONLY allows address changes just before the start of a new association ( between client and AP ) H = (N) Attacker can attempt to correlate different pseudonyms with the same user. Silent period can reduce such correlations.

31 Opportunistic Silent Period ► During silent period, a user does not send any wireless transmissions ► The effectiveness of silent periods depends heavily on user density. ( higher  better ) ► Forced silent periods can disrupt communications. Opportunistic silent period minimizes disruption, which takes place during idle time between communications

32 Opportunistic Silent Period Data shows opportunistic silent periods are quite suitable for WLAN: CDF of session duration from Dartmouth campus-wide WLAN traceCDF of Duration between Sessions from Dartmouth campus-wide WLAN trace

33 Methodology for choosing a Silent Period ► Efficacy of silent period depends on user density ► Mobility pattern data consists: ► Mobility pattern data consists: Probability that user i is linked to the new pseudonym among the Candidate: P i is the probability distribution used for privacy entropy

34 Maximize privacy entropy ► Previous work shows the silent periods must be randomized ( no detail in this paper… ) ► Random silent period = T d + T r T d : deterministic silent periods ( previous work ) T d : deterministic silent periods ( previous work ) T r : between 0 and T r : between 0 and So, larger offers better possible privacy? Not necessary…

35 Case Study Mobility data of Seattle bus system 5-days training set and 8-hour test set

36 Case Study Mobility data of Seattle bus system 5-days training set and 8-hour test set

37 Maximize privacy entropy Choose close to but not greater than 12 minutes

38 Optimal silent period: upper bound on the necessary silent period Balance Location Privacy Service Quality Privacy

39 Control Signal Strength ► Reduce Location Precision: number of APs within the user’s communication range ► Transmit power control(TPC): minimize the number of APs in the range while ensuring at least one AP for connectivity ( assume APs do not adjust transmit power ) ► TPC scheme: hold transmit power to the lowest possible productive level to minimize imposed interference

40 RSS-based Silent TPC ► Mobile station must perform TPC silently ► The only information available to mobile station is the received signal strength(RSS) from APs within range ► Challenging: due to reflection, scattering, multipath fading and absorption of radio waves

41 Asymmetry and Variations of Channels ► Goal: determine the relationship between the two directions of a channel and use the path loss in one direction to infer the loss in the other direction ► Two scenarios: corner of an office open outdoor space

42 Asymmetry of 802.11 channels RSSI reading for both directions are strongly correlated

43 Path loss margin (PLM) Definition: PLM is the magnitude of the maximum difference between path losses in opposite directions that result from environmental influences and wireless channel asymmetry

44 PLM calculation

45

46 From the experimental results on path asymmetry and variation above, we choose PLM: 11.3dB for indoor 10.5dB for outdoor So, PLM = 10 dB

47 Silent TPC Design ► Design Goal: adjust transmit power of mobile station(no AP), to reduce the numbers of Aps in range by only using the path loss observed from the opposite direction of the path, from the in- range Aps to the mobile station ► The minimum signal strength reaches AP must be greater than RS

48 TPC vs RSSI Transmission power is controlled by configuration parameters provided by Atheros drivers

49 Silent TPC Scheme TPC scheme can work only when receive signal strength of two APs differs by at least 20 dB

50 Effectiveness of Silent TPC ► More than 73% of the sports(356) have RSS difference more than 20dB, and can use TPC to improve privacy

51 APs in range between TPC

52 Operational Model User Interface: Privacy Mode Alert Message

53 Operational Model

54 Contributions ► Solution to preserve better location privacy ► Solution can be applied to cellular networks ► Frequently change pseudonyms (MAC) ► Pause opportunistically for silent period ► Perform silent TPC to reduce the location precision

55 Future work ► The system sacrifice service quality, not good for real-time application ► Silent TPC scheme reduces the signal-to- noise ratio received at AP, and reduces the transmission data rate ► Wireless card rate control

56 My thoughts ► MAC address selection model is vulnerable to Man-in-the-middle attack and DoS attack ► T r (max) should be different from various scenarios/conditions, hard to implement TPC in reality ► TPC scheme has 20dB limit, big concern for better AP deployment ► Not all wireless drivers support TPC

57

Download ppt "Preserving Location Privacy in Wireless LANs Presented by Alvin Yonggang Yun April 9, 2008 CSCI 388 - Wireless and Mobile Security."

Similar presentations

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card.

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
FM-BASED INDOOR LOCALIZATION 20130107 TsungYun 1.

FM-BASED INDOOR LOCALIZATION TsungYun 1.
Delay and Throughput in Random Access Wireless Mesh Networks Nabhendra Bisnik, Alhussein Abouzeid ECSE Department Rensselaer Polytechnic Institute (RPI)

Delay and Throughput in Random Access Wireless Mesh Networks Nabhendra Bisnik, Alhussein Abouzeid ECSE Department Rensselaer Polytechnic Institute (RPI)
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.

© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.
1 William Lee Duke University Department of Electrical and Computer Engineering Durham, NC 27708 Analysis of a Campus-wide Wireless Network February 13,

1 William Lee Duke University Department of Electrical and Computer Engineering Durham, NC Analysis of a Campus-wide Wireless Network February 13,
Wi-Fi Neighborcast: Enabling communication among nearby clients

Wi-Fi Neighborcast: Enabling communication among nearby clients
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Component-Based Routing for Mobile Ad Hoc Networks Chunyue Liu, Tarek Saadawi & Myung Lee CUNY, City College.

Component-Based Routing for Mobile Ad Hoc Networks Chunyue Liu, Tarek Saadawi & Myung Lee CUNY, City College.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.

5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
Semester 1 2011-2012 EEE449 Computer Networks The Data Link Layer Part 2: Media Access Control En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex,

Semester EEE449 Computer Networks The Data Link Layer Part 2: Media Access Control En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex,
1 Algorithms for Bandwidth Efficient Multicast Routing in Multi-channel Multi-radio Wireless Mesh Networks Hoang Lan Nguyen and Uyen Trang Nguyen Presenter:

1 Algorithms for Bandwidth Efficient Multicast Routing in Multi-channel Multi-radio Wireless Mesh Networks Hoang Lan Nguyen and Uyen Trang Nguyen Presenter:
1 Wireless and Mobile Networks EECS 489 Computer Networks Z. Morley Mao Monday March 12, 2007 Acknowledgement:

1 Wireless and Mobile Networks EECS 489 Computer Networks Z. Morley Mao Monday March 12, 2007 Acknowledgement:
6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.

6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.
Wi-Fi Neighborcast: Enabling communication among nearby clients

Wi-Fi Neighborcast: Enabling communication among nearby clients
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition.

6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition.
Adapted from: Computer Networking, Kurose/Ross 1DT066 Distributed Information Systems Chapter 6 Wireless, WiFi and mobility.

Adapted from: Computer Networking, Kurose/Ross 1DT066 Distributed Information Systems Chapter 6 Wireless, WiFi and mobility.
COGNITIVE RADIO FOR NEXT-GENERATION WIRELESS NETWORKS: AN APPROACH TO OPPORTUNISTIC CHANNEL SELECTION IN IEEE 802.11-BASED WIRELESS MESH Dusit Niyato,

COGNITIVE RADIO FOR NEXT-GENERATION WIRELESS NETWORKS: AN APPROACH TO OPPORTUNISTIC CHANNEL SELECTION IN IEEE BASED WIRELESS MESH Dusit Niyato,

Similar presentations

Ads by Google