Project Details
Projekt Print View

Secure Management of Position Information in Non-trusted Location Server Infrastructures

Subject Area Security and Dependability, Operating-, Communication- and Distributed Systems
Term from 2012 to 2018
Project identifier Deutsche Forschungsgemeinschaft (DFG) - Project number 225564723
 
Final Report Year 2019

Final Report Abstract

Location-based services (LBS) have gained significant popularity since the advent of location-enabled devices such as smartphones. In exchange of the users’ location data, these services offer various functionalities, ranging from effortless provision of contextual information as in nearby points-of-interests, to sharing of personal travel experiences on geo-social networks. However, sharing location information with others can reveal privacy-sensitive information, for example, where a person works or studies, when they drop their children at school, etc., and thus raises privacy concerns, which need to be addresses to ensure the acceptability of such services. One major challenge in ensuring location privacy is that many of these services store private location information on remote servers (“in the cloud”) that are not under the control of the user. Relying on the service provider to protect information from misuse is dangerous since many incidents in the recent past have shown that user information can be leaked, stolen, or lost even from server of service providers that were deemed to be trustworthy. Thus, we argue that the notion of a trustworthy location server infrastructure is at least questionable, and we need to develop technical concepts to protect private location information of users stored on non-trusted servers. Developing such fundamental concepts for securely managing private location information of users on nontrusted server infrastructures and securely sharing this information with various non-trusted location-based applications was the overall goal of the DFG research project “PriLoc” (Privacy-aware Location-Management) at the University of Stuttgart. During the first phase of the project, a Position-Sharing concept was developed that is based on two fundamental principles: (1) non-trusted servers only store imprecise (obfuscated) location information; (2) location information is distributed among several servers of different providers. Together, these concepts ensure that no single provider gains precise knowledge of the user’s locations, thus, we effectively avoid a “single point of failure” of privacy – informally, breaking into servers of many providers is much harder than breaking into the server of a single provider. Privacy degrades gracefully with the number of compromised servers, i.e., the more servers an attacker can break into, the higher will be the precision of the revealed location information. Moreover, the approach allows for providing individual location-based applications with information of well-defined precision by giving applications access to information from different servers and combining imprecise pieces of information into more precise locations. In the second phase of the project, privacy issues related to use of modern geo-social networking platforms such as Twitter have been addressed. The project results show that: (1) location history information that is incrementally shared within these social networking platforms can enable strong attacks that can be used to prune imprecise (obfuscated) location information; (2) existing privacy-enhancing mechanism can be integrated together for providing stronger privacy guarantees; (3) methods that enable privacy-aware and autonomous release of location history information can be efficiently run on resource-constrained mobile devices. Thus, the project emphasizes the highly sensitive nature of aggregated location information i.e., location histories, and offers mechanisms for the privacy-aware use of social networking platforms.

Publications

 
 

Additional Information

Textvergrößerung und Kontrastanpassung