Flexible fair and collusion resistant pseudonym providing system

In service providing systems, user authentication is required for different purposes such as billing, restricting unauthorized access, etc., to protect the privacy of users, their real identities should not be linked to the services that they use during authentication. A good solution is to use pseudonyms as temporary identities. On the other hand, it may also be required to have a backdoor in pseudonym systems for identity revealing that can be used by law enforcement agencies for legal reasons. Existing systems that retain a backdoor are either punitive (full user anonymity is revealed), or they are restrictive by revealing only current pseudonym identity of. In addition to that, existing systems are designed for a particular service and may not fit into others. In this paper, we address this gap and we propose a novel pseudonym providing and management system. Our system is flexible and can be tuned to fit into services for different service providers. The system is privacy-preserving and guarantees a level of anonymity for a particular number of users. Trust in our system is distributed among all system entities instead of centralizing it into a single trusted third party. More importantly, our system is highly resistant to collusions among the trusted entities. Our system also has the ability to reveal user identity fairly in case of a request by law enforcement. Analytical and simulation based performance evaluation showed that Collusion Resistant Pseudonym Providing System (CoRPPS) provides high level of anonymity with strong resistance against collusion attacks

Privacy-Preserving Health Data Collection for Preschool Children

With the development of network technology, more and more data are transmitted over the network and privacy issues have become a research focus. In this paper, we study the privacy in health data collection of preschool children and present a new identity-based encryption protocol for privacy protection. The background of the protocol is as follows. A physical examination for preschool children is needed every year out of consideration for the children's health. After the examination, data are transmitted through the Internet to the education authorities for analysis. In the process of data collection, it is unnecessary for the education authorities to know the identities of the children. Based on this, we designed a privacy-preserving protocol, which delinks the children’s identities from the examination data. Thus, the privacy of the children is preserved during data collection. We present the protocol in detail and prove the correctness of the protocol

PEPSI: Privacy-Enhanced Participatory Sensing Infrastructure.

Participatory Sensing combines the ubiquity of mobile phones with sensing capabilities of Wireless Sensor Networks. It targets pervasive collection of information, e.g., temperature, traffic conditions, or health-related data. As users produce measurements from their mobile devices, voluntary participation becomes essential. However, a number of privacy concerns -- due to the personal information conveyed by data reports -- hinder large-scale deployment of participatory sensing applications. Prior work on privacy protection, for participatory sensing, has often relayed on unrealistic assumptions and with no provably-secure guarantees. The goal of this project is to introduce PEPSI: a Privacy-Enhanced Participatory Sensing Infrastructure. We explore realistic architectural assumptions and a minimal set of (formal) privacy requirements, aiming at protecting privacy of both data producers and consumers. We design a solution that attains privacy guarantees with provable security at very low additional computational cost and almost no extra communication overhead

Privacy aware collaborative traffic monitoring via anonymous access and autonomous location update mechanism

Collaborative Traffic Monitoring, CTM, systems collect information from users in the aim of generating a global picture of traffic status. Users send their location information including speed and directions, and in return they get reports about traffic in certain regions. There are two major approaches for the deployment of CTM systems. The first approach relies on dedicated communication infrastructure (DI). This approach is still being investigated by researchers and there is no important deployments done yet. The other approach utilizes existing communication infrastructures (EI) such as Wi-Fi, GSM, and GPRS for communication between users and traffic server. Due to the sensitivity of location information, different privacy preserving techniques have been proposed for both DI and EI approaches. In DI approach the concentration was on anonymous access using pseudonyms. In EI approach privacy techniques concentrate on hiding the identity of a particular user within other k-1 users at the same region or time stamp by using cloaking. Cloaking means generalization of location or time stamp so that other k-1 users will have the same generalized value. Unfortunately, cloaking decreases the quality of the data and requires a Trusted Third Party (TTP) to determine the cloaked region or cloaked time stamp. In this thesis, we propose a Privacy Aware Collaborative Traffic Monitoring System (PA-CTM) that considers the privacy and security properties of VANETs and existing infrastructures. PA-CTM provides a client server architecture that relies on existing infrastructures and enhances privacy by (1) Using a robust Collusion Resistant Pseudonym Providing System, CoRPPS, for anonymous access. Users are able to change their pseudonyms and hence hide their complete trajectory information form traffic server; (2) Utilizing a novel Autonomous Location Update Mechanism, ALUM, that does not rely on a Trusted Third Party and uses only local parameters (speed and direction) for triggering a location update or pseudonym change. Our performance results showed that CoRPPS provides a high level of anonymity with strong resistant against collusion attacks. Performance results also showed that ALUM is effective for traffic monitoring in terms of both privacy and utility

Efficient Location Privacy In Mobile Applications

Location awareness is an essential part of today\u27s mobile devices. It is a well-established technology that offers significant benefits to mobile users. While location awareness has triggered the exponential growth of mobile computing, it has also introduced new privacy threats due to frequent location disclosures. Movement patterns could be used to identify individuals and also leak sensitive information about them, such as health condition, lifestyle, political/religious affiliations, etc. In this dissertation we address location privacy in the context of mobile applications. First we look into location privacy in the context of Dynamic Spectrum Access (DSA) technology. DSA is a promising framework for mitigating the spectrum shortage caused by fixed spectrum allocation policies. In particular, DSA allows license-exempt users to access the licensed spectrum bands when not in use by their respective owners. Here, we focus on the database-driven DSA model, where mobile users issue location-based queries to a white-space database in order to identify idle channels in their area. We present a number of efficient protocols that allow users to retrieve channel availability information from the white-space database while maintaining their location secret. In the second part of the dissertation we look into location privacy in the context of location-aware mobile advertising. Location-aware mobile advertising is expanding very rapidly and is forecast to grow much faster than any other industry in the digital era. Unfortunately, with the rise and expansion of online behavioral advertising, consumers have grown very skeptical of the vast amount of data that is extracted and mined from advertisers today. As a result, the consensus has shifted towards stricter privacy requirements. Clearly, there exists an innate conflict between privacy and advertisement, yet existing advertising practices rely heavily on non-disclosure agreements and policy enforcement rather than computational privacy guarantees. In the second half of this dissertation, we present a novel privacy-preserving location-aware mobile advertisement framework that is built with privacy in mind from the ground up. The framework consists of several methods which ease the tension that exists between privacy and advertising by guaranteeing, through cryptographic constructions, that (i) mobile users receive advertisements relative to their location and interests in a privacy-preserving manner, and (ii) the advertisement network can only compute aggregate statistics of ad impressions and click-through-rates. Through extensive experimentation, we show that our methods are efficient in terms of both computational and communication cost, especially at the client side