Location cloaking for location privacy protection and location safety protection

Many applications today rely on location information, yet disclosing such information can present heightened privacy and safety risks. A person\u27s whereabouts, for example, may reveal sensitive private information such as health condition and lifestyle. Location information also has the potential to allow an adversary to physically locate and destroy a subject, which is particularly concerned in digital battlefields. This research investigates two problems. The first one is location privacy protection in location-based services. Our goal is to provide a desired level of guarantee that the location data collected by the service providers cannot be correlated with restricted spaces such as home and office to derive who\u27s where at what time. We propose 1) leveraging historical location samples for location depersonalization and 2) allowing a user to express her location privacy requirement by identifying a spatial region. With these two ideas in place, we develop a suite of techniques for location-privacy aware uses of location-based services, which can be either sporadic or continuous. An experimental system has been implemented with these techniques. The second problem investigated in this research is location safety protection in ad hoc networks. Unlike location privacy intrusion, the adversary here is not interested in finding the individual identities of the nodes in a spatial region, but simply wants to locate and destroy them. We define the safety level of a spatial region as the inverse of its node density and develop a suite of techniques for location safety-aware cloaking and routing. These schemes allow nodes to disclose their location as accurately as possible, while preventing such information from being used to identify any region with a safety level lower than a required threshold. The performance of the proposed techniques is evaluated through analysis and simulation

Unobtrusive Location-Based Access Control Utilizing Existing IEEE 802.11 Infrastructure

Mobile devices can sense several types of signals over the air using different radio frequency technologies (e.g., Wi-Fi, Bluetooth, cellular signals, etc.). Furthermore, mobile devices receive broadcast messages from transmitting entities (e.g., network access points, cellular phone towers, etc.) and can measure the received signal strength from these entities. Broadcast messages carry the information needed in case a mobile device chooses to establish communication. We believe that these signals can be utilized in the context of access control, specifically because they could provide an indication of the location of a user\u27s device. Such a “location proof” could then be used to provide access to location-based services. In this research, we propose a location-based access control (LBAC) system that utilizes tokens broadcasted by IEEE 802.11 (Wi-Fi) access points as a location proof for clients requesting access to a resource. This work differs from existing research in that it allows the verification of a client’s location continuously and unobtrusively, utilizing existing IEEE 802.11 infrastructure (which makes it easily deployable), and resulting in a secure and convenient LBAC system. This work illustrates an important application of location-based services (LBS): security. LBAC systems manage access to resources by utilizing the location of clients. The proposed LBAC system attempts to take advantage of the current IEEE 802.11 infrastructure, making it directly applicable to an existing ubiquitous system infrastructure

The survey on Near Field Communication

PubMed ID: 26057043Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.Publisher's Versio

BROSMAP: A Novel Broadcast Based Secure Mobile Agent Protocol for Distributed Service Applications

Mobile agents are smart programs that migrate from one platform to another to perform the user task. Mobile agents offer flexibility and performance enhancements to systems and service real-time applications. However, security in mobile agent systems is a great concern. In this paper, we propose a novel Broadcast based Secure Mobile Agent Protocol (BROSMAP) for distributed service applications that provides mutual authentication, authorization, accountability, nonrepudiation, integrity, and confidentiality. The proposed system also provides protection from man in the middle, replay, repudiation, and modification attacks. We proved the efficiency of the proposed protocol through formal verification with Scyther verification tool

Leveraging Client Processing for Location Privacy in Mobile Local Search

Usage of mobile services is growing rapidly. Most Internet-based services targeted for PC based browsers now have mobile counterparts. These mobile counterparts often are enhanced when they use user\u27s location as one of the inputs. Even some PC-based services such as point of interest Search, Mapping, Airline tickets, and software download mirrors now use user\u27s location in order to enhance their services. Location-based services are exactly these, that take the user\u27s location as an input and enhance the experience based on that. With increased use of these services comes the increased risk to location privacy. The location is considered an attribute that user\u27s hold as important to their privacy. Compromise of one\u27s location, in other words, loss of location privacy can have several detrimental effects on the user ranging from trivial annoyance to unreasonable persecution. More and more companies in the Internet economy rely exclusively on the huge data sets they collect about users. The more detailed and accurate the data a company has about its users, the more valuable the company is considered. No wonder that these companies are often the same companies that offer these services for free. This gives them an opportunity to collect more accurate location information. Research community in the location privacy protection area had to reciprocate by modeling an adversary that could be the service provider itself. To further drive this point, we show that a well-equipped service provider can infer user\u27s location even if the location information is not directly available by using other information he collects about the user. There is no dearth of proposals of several protocols and algorithms that protect location privacy. A lot of these earlier proposals require a trusted third party to play as an intermediary between the service provider and the user. These protocols use anonymization and/or obfuscation techniques to protect user\u27s identity and/or location. This requirement of trusted third parties comes with its own complications and risks and makes these proposals impractical in real life scenarios. Thus it is preferable that protocols do not require a trusted third party. We look at existing proposals in the area of private information retrieval. We present a brief survey of several proposals in the literature and implement two representative algorithms. We run experiments using different sizes of databases to ascertain their practicability and performance features. We show that private information retrieval based protocols still have long ways to go before they become practical enough for local search applications. We propose location privacy preserving mechanisms that take advantage of the processing power of modern mobile devices and provide configurable levels of location privacy. We propose these techniques both in the single query scenario and multiple query scenario. In single query scenario, the user issues a query to the server and obtains the answer. In the multiple query scenario, the user keeps sending queries as she moves about in the area of interest. We show that the multiple query scenario increases the accuracy of adversary\u27s determination of user\u27s location, and hence improvements are needed to cope with this situation. So, we propose an extension of the single query scenario that addresses this riskier multiple query scenario, still maintaining the practicability and acceptable performance when implemented on a modern mobile device. Later we propose a technique based on differential privacy that is inspired by differential privacy in statistical databases. All three mechanisms proposed by us are implemented in realistic hardware or simulators, run against simulated but real life data and their characteristics ascertained to show that they are practical and ready for adaptation. This dissertation study the privacy issues for location-based services in mobile environment and proposes a set of new techniques that eliminate the need for a trusted third party by implementing efficient algorithms on modern mobile hardware

Achieving Location Privacy in iOS Platform Using Location Privacy Framework

Rising popularity of location-services mobile applications and geotagging digitalactivities resulted in astonishing amount of mobility data collected from user devices, raising privacy concerns regarding the way this data is extracted and handled. Despite numerous studies concluded that human location trace is highly unique and poses great re-identification risks, modern mobile operating systems fell short of implementing granular location access mechanism. Existing binary location access resulted into location-based-services being able to retrieve precise user’s coordinates regardless of how much details their functionality actually require and sell it to data brokers. This paper aims to provide practical solution how a mobile operating system (iOS) can adopt a system that enforces better location privacy for user devices with Location Privacy Framework(LPF) that works as a trusted middleware between mobile operating system and third-party apps. LPF provides granulated way of extracting location-related data from device, maximizing privacy by applying geomasking algorithm based on minimum level of accuracy the app needs and ensuring k-anonymity with dummy-generation mechanisms. Furthermore, LPF enforces control over all location data network communication to and from the app to make sure that no identifying data is being shared with data brokers

Real-time vibration monitoring in Android smart phone using Location Based Service

Abstract: In the present study we propose the implementation of Location Based Service for real-time vibration monitoring of a moving vehicle. The purpose of this study is to prevent damage to delicate payload being carried by trucks or trailers which occurs due to vibrations during transportation. We have first designed a vibration detector circuit by connecting a vibration detector to an Arduino-Uno printed circuit board. This board was then interfaced to an Android smart phone with the help of a Bluetooth module. The sensor reading displayed on the Android smart-phone was sent over mobile GPRS to a web-GIS server. The data stored in the GIS database was then dynamically plotted as a line-graph on a web page and also overlaid on Google Earth's satellite image in the form of a KML (Keyhole Markup Language) file

Understanding the current trends in mobile crowdsensing - a business model perspective: case MyGeo Trust

Crowdsensing and personal data markets that have emerged around it have rapidly gained momentum in parallel with the appearance of mobile devices. Collecting information via mobile sensors and the applications relying on these, the privacy of mobile users can be threatened, especially in the case of location-related data. In 2015, a research project called MyGeoTrust was initiated to investigate this issue. One aim of the project was to study the potential business models for a trusted, open-source crowdsourcing platform. This study, carried within the MyGeoTrust project, reviews existing literature about business models, location-based services, and open-source software development. It then investigates the relationship between these topics and mobile crowdsensing. As a whole, this thesis provides an overview on the development of location-based services, as well as the current trends and business models in crowdsensing. The empirical part of the thesis employs embedded case study methodology, acquiring empirical data from several sources. The analyzed case is the MyGeoTrust project itself, and other empirical data is collected via market analysis, interim reports, a user survey, and semi-structured interviews. This material forms the baseline for the empirical study and project-specific recommendations. The findings suggest that creating a two- or multisided platform is the most robust business model for mobile crowdsensing. The identified benefits of platform-based business models include facilitating the value exchange between self-governing groups and possibilities to build positive network effects. This is especially the case with open-source software and open data since the key value for users - or “the crowd” in other terms - is created through network effects. In the context of open business models, strategic planning, principally licensing, plays a central role. Also, for a differentiated platform like MyGeoTrust finding the critical mass of users is crucial, in order to create an appealing alternative to current market leaders. Lastly, this study examines how transformational political or legal factors may shape the scene and create requirements for novel, privacy-perceiving solutions. In the present case study, the upcoming European Union (EU) General Data Protection Regulation (GDPR) legislation is a central example of such a factor