A review paper on preserving privacy in mobile environments

Technology is improving day-by-day and so is the usage of mobile devices. Every activity that would involve manual and paper transactions can now be completed in seconds using your fingertips. On one hand, life has become fairly convenient with the help of mobile devices, whereas on the other hand security of the data and the transactions occurring in the process have been under continuous threat. This paper, re-evaluates the different policies and procedures used for preserving the privacy of sensitive data and device location.. Policy languages have been very vital in the mobile environments as they can be extended/used significantly for sending/receiving any data. In the mobile environment users always go to service providers to access various services. Hence, communications between the service providers and mobile handsets needs to be secured. Also, the data access control needs to be in place. A section of this paper will review the communication paths and channels and their related access criteria. This paper is a contribution to the mobile domain, showing the possible attacks related to privacy and the various mechanisms used to preserve the end-user privacy. In addition, it also gives acomparison of the different privacy preserving methods in mobile environments to provide guidance to the readers. Finally, the paper summarises future research challenges in the area of privacy preservation. This paper examines the ‘where’ problem and in particular, examines tradeoffs between enforcing location security at a device vs. enforcing location security at an edge location server. This paper also sketches an implementation of location security solution at both the device and the edge location server and presents detailed experiments using real mobility and user profile data sets collected from multiple data sources (taxicabs, Smartphones)

An Approach for Ensuring Robust Support for Location Privacy and Identity Inference Protection

The challenge of preserving a user\u27s location privacy is more important now than ever before with the proliferation of handheld devices and the pervasive use of location based services. To protect location privacy, we must ensure k-anonymity so that the user remains indistinguishable among k-1 other users. There is no better way but to use a location anonymizer (LA) to achieve k-anonymity. However, its knowledge of each user\u27s current location makes it susceptible to be a single-point-of-failure. In this thesis, we propose a formal location privacy framework, termed SafeGrid that can work with or without an LA. In SafeGrid, LA is designed in such a way that it is no longer a single point of failure. In addition, it is resistant to known attacks and most significantly, the cloaking algorithm it employs meets reciprocity condition. Simulation results exhibit its better performance in query processing and cloaking region calculation compared with existing solutions. In this thesis, we also show that satisfying k-anonymity is not enough in preserving privacy. Especially in an environment where a group of colluded service providers collaborate with each other, a user\u27s privacy can be compromised through identity inference attacks. We present a detailed analysis of such attacks on privacy and propose a novel and powerful privacy definition called s-proximity. In addition to building a formal definition for s-proximity, we show that it is practical and it can be incorporated efficiently into existing systems to make them secure

Location-Based Services and Privacy

In this paper we begin by describing location-based services, their evolution and their future directions. We then outline privacy issues raised by such services. In Part III we consider how current Canadian data protection laws apply to location-based services, and indicate where such laws fall short of addressing the full range of issues raised by location-based services. Part IV of the paper explores some technological methods to address the privacy challenges raised by location-based services. The paper concludes with a series of recommendations

User privacy risks and protection in WLAN-based indoor positioning

Using location-based services (LBS) is the new trend for mobile users. LBS mostly exploit GPS and WLAN infrastructures for outdoor and indoor environments, respectively, in order to determine a user's location. After a location is known to a LBS, the network can provide location related contextual information such as nearby events, places, or navigation for the mobile users. Currently, LBS have been specically growing rapidly in the domain of indoor positioning as more public places, e.g. schools, shopping centers, and airports are being equipped with WLAN networks. The aforementioned situation leads to the fact that huge amount of tracking data gets possessed by a wide variety of different LBS and it poses the risk of location privacy violation of citizens. The problem is not only that this information reveals the places that a person has visited, but that it can also expose their behaviors and habits to the LBS and associated third parties. The conditions exacerbate as there are no appropriate regulations on how the tracking data is used by the LBS. In addition, the LBS data servers are under constant attacks by third parties who seek to access this kind of valuable data. Furthermore, the private sector has initiated the tracking of their customers in such places as shopping malls by means of simply collecting their MAC addresses. The thesis is divided into two parts. In the literature part of this thesis, different indoor positioning techniques, location privacy leaks, and the solutions to tackle the problem will be explained. In the second part, we show practical implementation examples about how and at what extent a user may be positioned by the network, based simply on the mobile MAC address or using jointly MAC and signal strength information

A Privacy Enhancing Approach for Identity Inference Protection in Location-Based Services

Recent advances in mobile handheld devices have facilitated the ubiquitous availability of location based services. Systems which provide location based services have always been vulnerable to numerous privacy threats. The more we aim at safe usage of location based services, the more we feel the necessity of a secure location privacy system. Most of the existing systems adopt the mechanism of satisfying k-anonymity which means that the exact user remains indistinguishable among k-1 other users. These systems usually propose the usage of a location anonymizer (LA) to achieve k-anonymity. In this paper we show that satisfying k-anonymity is not enough in preserving location privacy violation. Especially in an environment where a group of colluded service providers collaborate with each other, a userpsilas privacy can be compromised. We present a detailed analysis of such attack on privacy and propose a novel and powerful privacy definition called s-proximity. In addition to building a formal definition for s-proximity, we show that it is practical and it can be incorporated efficiently into existing systems to make them secure