Secure Management of Position Information in Non-trusted Location Server Infrastructures
Final Report Abstract
Location-based services (LBS) have gained significant popularity since the advent of location-enabled devices such as smartphones. In exchange of the users’ location data, these services offer various functionalities, ranging from effortless provision of contextual information as in nearby points-of-interests, to sharing of personal travel experiences on geo-social networks. However, sharing location information with others can reveal privacy-sensitive information, for example, where a person works or studies, when they drop their children at school, etc., and thus raises privacy concerns, which need to be addresses to ensure the acceptability of such services. One major challenge in ensuring location privacy is that many of these services store private location information on remote servers (“in the cloud”) that are not under the control of the user. Relying on the service provider to protect information from misuse is dangerous since many incidents in the recent past have shown that user information can be leaked, stolen, or lost even from server of service providers that were deemed to be trustworthy. Thus, we argue that the notion of a trustworthy location server infrastructure is at least questionable, and we need to develop technical concepts to protect private location information of users stored on non-trusted servers. Developing such fundamental concepts for securely managing private location information of users on nontrusted server infrastructures and securely sharing this information with various non-trusted location-based applications was the overall goal of the DFG research project “PriLoc” (Privacy-aware Location-Management) at the University of Stuttgart. During the first phase of the project, a Position-Sharing concept was developed that is based on two fundamental principles: (1) non-trusted servers only store imprecise (obfuscated) location information; (2) location information is distributed among several servers of different providers. Together, these concepts ensure that no single provider gains precise knowledge of the user’s locations, thus, we effectively avoid a “single point of failure” of privacy – informally, breaking into servers of many providers is much harder than breaking into the server of a single provider. Privacy degrades gracefully with the number of compromised servers, i.e., the more servers an attacker can break into, the higher will be the precision of the revealed location information. Moreover, the approach allows for providing individual location-based applications with information of well-defined precision by giving applications access to information from different servers and combining imprecise pieces of information into more precise locations. In the second phase of the project, privacy issues related to use of modern geo-social networking platforms such as Twitter have been addressed. The project results show that: (1) location history information that is incrementally shared within these social networking platforms can enable strong attacks that can be used to prune imprecise (obfuscated) location information; (2) existing privacy-enhancing mechanism can be integrated together for providing stronger privacy guarantees; (3) methods that enable privacy-aware and autonomous release of location history information can be efficiently run on resource-constrained mobile devices. Thus, the project emphasizes the highly sensitive nature of aggregated location information i.e., location histories, and offers mechanisms for the privacy-aware use of social networking platforms.
Publications
-
Position Sharing for Location Privacy in Nontrusted Systems. In Proceedings of the 9th Annual IEEE International Conference on Pervasive Computing and Communication (PerCom 2011), Seattle, WA, USA, 2011
Frank Dürr, Pavel Skvortsov, Kurt Rothermel
-
Map-Aware Position Sharing for Location Privacy in Non-trusted Systems. Pervasive Computing – Proceedings of the 10th International Conference on Pervasive Computing (Pervasive 2012), Lecture Notes in Computer Science, vol. 7319. Springer, Berlin, Heidelberg, 2012
Pavel Skvortsov, Frank Dürr, Kurt Rothermel
-
PShare: Position Sharing for Location Privacy Based on Multi-secret Sharing. In Proceedings of the 10th IEEE International Conference on Pervasive Computing and Communications (PerCom 2012), Lugano, Switzerland, 2012
Marius Wernke, Frank Dürr, Kurt Rothermel
-
Efficient Position Sharing for Location Privacy Using Binary Space Partitioning. Mobile and Ubiquitous Systems: Computing, Networking, and Service – MobiQuitous 2012, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 120, Springer, Berlin, Heidelberg, 2013
Marius Wernke, Frank Dürr, Kurt Rothermel
-
Protecting Movement Trajectories through Fragmentation. In Proceedings of the 10th EAI Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous 2013), Tokyo, Japan, 2013
Marius Wernke, Frank Dürr, Kurt Rothermel
-
Speed Protection Algorithms for Privacy-aware Location Management. In Proceedings of the 9th International Conference on Wireless and Mobile Computing, Networking and Communication (WiMob 2013), Lyon, France, 2013
Marius Wernke, Frank Dürr, Kurt Rothermel
-
A Classification of Location Privacy Attacks and Approaches. Personal and Ubiquitous Computing, 18(1), Springer, January 2014
Marius Wernke, Pavel Skvortsov, Frank Dürr, Kurt Rothermel
-
Optimized Location Update Protocols for Secure and Efficient Position Sharing. In Proceedings of the 2nd International Conference on Networked Systems (NetSys 2015), Cottbus, Germany, 2015
Zohaib Riaz, Frank Dürr, Kurt Rothermel
-
On the Privacy of Frequently Visited User Locations. In Proceedings of the 17th IEEE International Conference on Mobile Data Management (MDM 2016), Porto, Portugal, 2016
Zohaib Riaz, Frank Dürr, Kurt Rothermel
-
Understanding Vulnerabilities of Location Privacy Mechanisms against Mobility Prediction Attacks. In Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous 2017), Melbourne, Australia, 2017
Zohaib Riaz, Frank Dürr, Kurt Rothermel
-
Location Privacy and Utility in Geo-social Networks: Survey and Research Challenges. In Proceedings of the 16th Annual Conference on Privacy, Security, and Trust (PST 2018), Belfast, United Kingdom, 2018
Zohaib Riaz, Frank Dürr, and Kurt Rothermel