171 research outputs found

    User privacy risks and protection in WLAN-based indoor positioning

    Get PDF
    Using location-based services (LBS) is the new trend for mobile users. LBS mostly exploit GPS and WLAN infrastructures for outdoor and indoor environments, respectively, in order to determine a user's location. After a location is known to a LBS, the network can provide location related contextual information such as nearby events, places, or navigation for the mobile users. Currently, LBS have been specically growing rapidly in the domain of indoor positioning as more public places, e.g. schools, shopping centers, and airports are being equipped with WLAN networks. The aforementioned situation leads to the fact that huge amount of tracking data gets possessed by a wide variety of different LBS and it poses the risk of location privacy violation of citizens. The problem is not only that this information reveals the places that a person has visited, but that it can also expose their behaviors and habits to the LBS and associated third parties. The conditions exacerbate as there are no appropriate regulations on how the tracking data is used by the LBS. In addition, the LBS data servers are under constant attacks by third parties who seek to access this kind of valuable data. Furthermore, the private sector has initiated the tracking of their customers in such places as shopping malls by means of simply collecting their MAC addresses. The thesis is divided into two parts. In the literature part of this thesis, different indoor positioning techniques, location privacy leaks, and the solutions to tackle the problem will be explained. In the second part, we show practical implementation examples about how and at what extent a user may be positioned by the network, based simply on the mobile MAC address or using jointly MAC and signal strength information

    Location Security -- Where to Enforce?

    Get PDF
    Enforcing security in location based services is very crucial in the current mobile world. Past literature has examined both location and identity obfuscation techniques in order to optimally tradeoff security/privacy with utility − this primarily addresses the ‘how to enforce location security problem’; however, it does not address the ‘where to enforce location security problem’. This paper examines the ‘where’ problem and in particular, examines tradeoffs between enforcing location security at a device vs. enforcing location security at an edge location server. This paper also sketches an implementation of location security solutions at both the device and the edge location server and presents detailed experiments using real mobility and user profile data sets collected from various data sources (taxicabs, Smartphones). Our results show that while device-based solutions do not require trust in the edge location server, they either suffer from high false positive rate (about 25% probability of not meeting the desired security requirement) or low utility (about 600 meters higher error in obfuscated location data)

    Privacy protection in location based services

    Get PDF
    This thesis takes a multidisciplinary approach to understanding the characteristics of Location Based Services (LBS) and the protection of location information in these transactions. This thesis reviews the state of the art and theoretical approaches in Regulations, Geographic Information Science, and Computer Science. Motivated by the importance of location privacy in the current age of mobile devices, this thesis argues that failure to ensure privacy protection under this context is a violation to human rights and poses a detriment to the freedom of users as individuals. Since location information has unique characteristics, existing methods for protecting other type of information are not suitable for geographical transactions. This thesis demonstrates methods that safeguard location information in location based services and that enable geospatial analysis. Through a taxonomy, the characteristics of LBS and privacy techniques are examined and contrasted. Moreover, mechanisms for privacy protection in LBS are presented and the resulting data is tested with different geospatial analysis tools to verify the possibility of conducting these analyses even with protected location information. By discussing the results and conclusions of these studies, this thesis provides an agenda for the understanding of obfuscated geospatial data usability and the feasibility to implement the proposed mechanisms in privacy concerning LBS, as well as for releasing crowdsourced geographic information to third-parties

    User-centric privacy preservation in Internet of Things Networks

    Get PDF
    Recent trends show how the Internet of Things (IoT) and its services are becoming more omnipresent and popular. The end-to-end IoT services that are extensively used include everything from neighborhood discovery to smart home security systems, wearable health monitors, and connected appliances and vehicles. IoT leverages different kinds of networks like Location-based social networks, Mobile edge systems, Digital Twin Networks, and many more to realize these services. Many of these services rely on a constant feed of user information. Depending on the network being used, how this data is processed can vary significantly. The key thing to note is that so much data is collected, and users have little to no control over how extensively their data is used and what information is being used. This causes many privacy concerns, especially for a na ̈ıve user who does not know the implications and consequences of severe privacy breaches. When designing privacy policies, we need to understand the different user data types used in these networks. This includes user profile information, information from their queries used to get services (communication privacy), and location information which is much needed in many on-the-go services. Based on the context of the application, and the service being provided, the user data at risk and the risks themselves vary. First, we dive deep into the networks and understand the different aspects of privacy for user data and the issues faced in each such aspect. We then propose different privacy policies for these networks and focus on two main aspects of designing privacy mechanisms: The quality of service the user expects and the private information from the user’s perspective. The novel contribution here is to focus on what the user thinks and needs instead of fixating on designing privacy policies that only satisfy the third-party applications’ requirement of quality of service

    Privacy Preserving User Data Publication In Social Networks

    Get PDF
    Recent trends show that the popularity of Social Networks (SNs) has been increasing rapidly. From daily communication sites to online communities, an average person\u27s daily life has become dependent on these online networks. Additionally, the number of people using at least one of the social networks have increased drastically over the years. It is estimated that by the end of the year 2020, one-third of the world\u27s population will have social accounts. Hence, user privacy protection has gained wide acclaim in the research community. It has also become evident that protection should be provided to these networks from unwanted intruders. In this dissertation, we consider data privacy on online social networks at the network level and the user level. The network-level privacy helps us to prevent information leakage to third-party users like advertisers. To achieve such privacy, we propose various schemes that combine the privacy of all the elements of a social network: node, edge, and attribute privacy by clustering the users based on their attribute similarity. We combine the concepts of k-anonymity and l-diversity to achieve user privacy. To provide user-level privacy, we consider the scenario of mobile social networks as the user location privacy is the much-compromised problem. We provide a distributed solution where users in an area come together to achieve their desired privacy constraints. We also consider the mobility of the user and the network to provide much better results

    Ortsbezogene Anwendungen und Dienste: 9. Fachgespräch der GI/ITG-Fachgruppe Kommunikation und Verteilte Systeme ; 13. & 14. September 2012

    Get PDF
    Der Aufenthaltsort eines mobilen Benutzers stellt eine wichtige Information für Anwendungen aus den Bereichen Mobile Computing, Wearable Computing oder Ubiquitous Computing dar. Ist ein mobiles Endgerät in der Lage, die aktuelle Position des Benutzers zu bestimmen, kann diese Information von der Anwendung berücksichtigt werden -- man spricht dabei allgemein von ortsbezogenen Anwendungen. Eng verknüpft mit dem Begriff der ortsbezogenen Anwendung ist der Begriff des ortsbezogenen Dienstes. Hierbei handelt es sich beispielsweise um einen Dienst, der Informationen über den aktuellen Standort übermittelt. Mittlerweile werden solche Dienste kommerziell eingesetzt und erlauben etwa, dass ein Reisender ein Hotel, eine Tankstelle oder eine Apotheke in der näheren Umgebung findet. Man erwartet, nicht zuletzt durch die Einführung von LTE, ein großes Potenzial ortsbezogener Anwendungen für die Zukunft. Das jährlich stattfindende Fachgespräch "Ortsbezogene Anwendungen und Dienste" der GI/ITG-Fachgruppe Kommunikation und Verteilte Systeme hat sich zum Ziel gesetzt, aktuelle Entwicklungen dieses Fachgebiets in einem breiten Teilnehmerkreis aus Industrie und Wissenschaft zu diskutieren. Der vorliegende Konferenzband fasst die Ergebnisse des neunten Fachgesprächs zusammen.The location of a mobile user poses an important information for applications in the scope of Mobile Computung, Wearable Computing and Ubiquitous Computing. If a mobile device is able to determine the current location of its user, this information may be taken into account by an application. Such applications are called a location-based applications. Closely related to location-based applications are location-based services, which for example provides the user informations about his current location. Meanwhile such services are deployed commercially and enable travelers for example to find a hotel, a petrol station or a pharmacy in his vicinity. It is expected, not least because of the introduction of LTE, a great potential of locations-based applications in the future. The annual technical meeting "Location-based Applications and Services" of the GI/ITG specialized group "Communication and Dsitributed Systems" targets to discuss current evolutions in a broad group of participants assembling of industrial representatives and scientists. The present proceedings summarizes the result of the 9th annual meeting

    Advancing security information and event management frameworks in managed enterprises using geolocation

    Get PDF
    Includes bibliographical referencesSecurity Information and Event Management (SIEM) technology supports security threat detection and response through real-time and historical analysis of security events from a range of data sources. Through the retrieval of mass feedback from many components and security systems within a computing environment, SIEMs are able to correlate and analyse events with a view to incident detection. The hypothesis of this study is that existing Security Information and Event Management techniques and solutions can be complemented by location-based information provided by feeder systems. In addition, and associated with the introduction of location information, it is hypothesised that privacy-enforcing procedures on geolocation data in SIEMs and meta- systems alike are necessary and enforceable. The method for the study was to augment a SIEM, established for the collection of events in an enterprise service management environment, with geo-location data. Through introducing the location dimension, it was possible to expand the correlation rules of the SIEM with location attributes and to see how this improved security confidence. An important co-consideration is the effect on privacy, where location information of an individual or system is propagated to a SIEM. With a theoretical consideration of the current privacy directives and regulations (specifically as promulgated in the European Union), privacy supporting techniques are introduced to diminish the accuracy of the location information - while still enabling enhanced security analysis. In the context of a European Union FP7 project relating to next generation SIEMs, the results of this work have been implemented based on systems, data, techniques and resilient features of the MASSIF project. In particular, AlienVault has been used as a platform for augmentation of a SIEM and an event set of several million events, collected over a three month period, have formed the basis for the implementation and experimentation. A "brute-force attack" misuse case scenario was selected to highlight the benefits of geolocation information as an enhancement to SIEM detection (and false-positive prevention). With respect to privacy, a privacy model is introduced for SIEM frameworks. This model utilises existing privacy legislation, that is most stringent in terms of privacy, as a basis. An analysis of the implementation and testing is conducted, focusing equally on data security and privacy, that is, assessing location-based information in enhancing SIEM capability in advanced security detection, and, determining if privacy-enforcing procedures on geolocation in SIEMs and other meta-systems are achievable and enforceable. Opportunities for geolocation enhancing various security techniques are considered, specifically for solving misuse cases identified as existing problems in enterprise environments. In summary, the research shows that additional security confidence and insight can be achieved through the augmentation of SIEM event information with geo-location information. Through the use of spatial cloaking it is also possible to incorporate location information without com- promising individual privacy. Overall the research reveals that there are significant benefits for SIEMs to make use of geo-location in their analysis calculations, and that this can be effectively conducted in ways which are acceptable to privacy considerations when considered against prevailing privacy legislation and guidelines

    Internet of Things data contextualisation for scalable information processing, security, and privacy

    Get PDF
    The Internet of Things (IoT) interconnects billions of sensors and other devices (i.e., things) via the internet, enabling novel services and products that are becoming increasingly important for industry, government, education and society in general. It is estimated that by 2025, the number of IoT devices will exceed 50 billion, which is seven times the estimated human population at that time. With such a tremendous increase in the number of IoT devices, the data they generate is also increasing exponentially and needs to be analysed and secured more efficiently. This gives rise to what is appearing to be the most significant challenge for the IoT: Novel, scalable solutions are required to analyse and secure the extraordinary amount of data generated by tens of billions of IoT devices. Currently, no solutions exist in the literature that provide scalable and secure IoT scale data processing. In this thesis, a novel scalable approach is proposed for processing and securing IoT scale data, which we refer to as contextualisation. The contextualisation solution aims to exclude irrelevant IoT data from processing and address data analysis and security considerations via the use of contextual information. More specifically, contextualisation can effectively reduce the volume, velocity and variety of data that needs to be processed and secured in IoT applications. This contextualisation-based data reduction can subsequently provide IoT applications with the scalability needed for IoT scale knowledge extraction and information security. IoT scale applications, such as smart parking or smart healthcare systems, can benefit from the proposed method, which  improves the scalability of data processing as well as the security and privacy of data.   The main contributions of this thesis are: 1) An introduction to context and contextualisation for IoT applications; 2) a contextualisation methodology for IoT-based applications that is modelled around observation, orientation, decision and action loops; 3) a collection of contextualisation techniques and a corresponding software platform for IoT data processing (referred to as contextualisation-as-a-service or ConTaaS) that enables highly scalable data analysis, security and privacy solutions; and 4) an evaluation of ConTaaS in several IoT applications to demonstrate that our contextualisation techniques permit data analysis, security and privacy solutions to remain linear, even in situations where the number of IoT data points increases exponentially

    Highly Scalable and Secure Mobile Applications in Cloud Computing Systems

    Get PDF
    Cloud computing provides scalable processing and storage resources that are hosted on a third-party provider to permit clients to economically meet real-time service demands. The confidentiality of client data outsourced to the cloud is a paramount concern since the provider cannot necessarily be trusted with read access to voluminous sensitive client data. A particular challenge of mobile cloud computing is that a cloud application may be accessed by a very large and dynamically changing population of mobile devices requiring access control. The thesis addresses the problems of achieving efficient and highly scalable key management for resource-constrained users of an untrusted cloud, and also of preserving the privacy of users. A model for key distribution is first proposed that is based on dynamic proxy re-encryption of data. Keys are managed inside the client domain for trust reasons, computationally-intensive re-encryption is performed by the cloud provider, and key distribution is minimized to conserve communication. A mechanism manages key evolution for a continuously changing user population. Next, a novel form of attribute-based encryption is proposed that authorizes users based on the satisfaction of required attributes. The greater computational load from cryptographic operations is performed by the cloud provider and a trusted manager rather than the mobile data owner. Furthermore, data re-encryption may be optionally performed by the cloud provider to reduce the expense of user revocation. Another key management scheme based on threshold cryptography is proposed where encrypted key shares are stored in the cloud, taking advantage of the scalability of storage in the cloud. The key share material erodes over time to allow user revocation to occur efficiently without additional coordination by the data owner; multiple classes of user privileges are also supported. Lastly, an alternative exists where cloud data is considered public knowledge, but the specific information queried by a user must be kept private. A technique is presented utilizing private information retrieval, where the query is performed in a computationally efficient manner without requiring a trusted third-party component. A cloaking mechanism increases the privacy of a mobile user while maintaining constant traffic cost
    • …
    corecore