Location Privacy Protection in the Mobile Era and Beyond

As interconnected devices become embedded in every aspect of our lives, they accompany many privacy risks. Location privacy is one notable case, consistently recording an individual’s location might lead to his/her tracking, fingerprinting and profiling. An individual’s location privacy can be compromised when tracked by smartphone apps, in indoor spaces, and/or through Internet of Things (IoT) devices. Recent surveys have indicated that users genuinely value their location privacy and would like to exercise control over who collects and processes their location data. They, however, lack the effective and practical tools to protect their location privacy. An effective location privacy protection mechanism requires real understanding of the underlying threats, and a practical one requires as little changes to the existing ecosystems as possible while ensuring psychological acceptability to the users. This thesis addresses this problem by proposing a suite of effective and practical privacy preserving mechanisms that address different aspects of real-world location privacy threats. First, we present LP-Guardian, a comprehensive framework for location privacy protection for Android smartphone users. LP-Guardian overcomes the shortcomings of existing approaches by addressing the tracking, profiling, and fingerprinting threats posed by different mobile apps while maintaining their functionality. LP-Guardian requires modifying the underlying platform of the mobile operating system, but no changes in either the apps or service provider. We then propose LP-Doctor, a light-weight user-level tool which allows Android users to effectively utilize the OS’s location access controls. As opposed to LP-Guardian, LP-Doctor requires no platform changes. It builds on a two year data collection campaign in which we analyzed the location privacy threats posed by 1160 apps for 100 users. For the case of indoor location tracking, we present PR-LBS (Privacy vs. Reward for Location-Based Service), a system that balances the users’ privacy concerns and the benefits of sharing location data in indoor location tracking environments. PR-LBS fits within the existing indoor localization ecosystem whether it is infrastructure-based or device-based. Finally, we target the privacy threats originating from the IoT devices that employ the emerging Bluetooth Low Energy (BLE) protocol through BLE-Guardian. BLE-Guardian is a device agnostic system that prevents user tracking and profiling while securing access to his/her BLE-powered devices. We evaluate BLE-Guardian in real-world scenarios and demonstrate its effectiveness in protecting the user along with its low overhead on the user’s devices.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/138563/1/kmfawaz_1.pd

Location Privacy Protection in Social Networks

University of Technology Sydney. Faculty of Engineering and Information Technology.Social networks have become more ubiquitous due to new advances in smartphone technology. This has provided an opportunity for social network service providers to utilise location information of users in their services. For example, Facebook Places, Foursquare and Yelp are popular social networks that mostly rely on utilising users' location data in their services. They offer a variety of useful services, from location recommendations to nearby friend alerts. However, protecting location privacy of users is still an open challenge for social network service providers. It has been shown that hiding real identity and choosing a pseudonym does not guarantee to protect a user's privacy since privacy may be invaded by analysing position data only. This is really a big issue since other private information of users can be revealed by analysing their location data (e.g., home address, health condition, interests, etc.). In this study, we investigate the location privacy issue of social networks and propose several solutions. We classify the proposed solutions into three categories based on the selected approaches, i.e. (i) differential privacy-based, (ii) cryptography-based, and (iii) anonymity-based solutions. We first study the approach in which differential privacy is utilised to preserve privacy of users. In this regard, we develop Distance-Based Location Privacy Protection mechanism (DBLP2), a customisable location privacy protection approach that is uniquely designed for social network users. It utilises the concept of social distance to generalise users' location data before it is published in a social network. The level of generalisation is decided based on the social distance between users. Secondly, we study cryptography-based methods for location privacy protection in Location-Based Services (LBS) and social networks. In this domain, we propose three cryptography-based and privacy-aware location verification schemes to preserve location privacy of users: (i) Privacy-Aware and Secure Proof Of pRoximiTy (PASPORT), (ii) Secure, Privacy-Aware and collusion Resistant poSition vErification (SPARSE), and (iii) a blockchain-based location verification scheme. These schemes prevent location spoofing attacks conducted by dishonest users while protect location privacy of users. To the best of our knowledge, majority of the existing location verification schemes do not preserve location privacy of users. Thirdly, we investigate anonymity as another approach to preserve users' privacy in social networks. In this regard, we first study the relevant protocols and discuss their features and drawbacks. Then, we introduce Harmonized and Stable DC-net (HSDC-net), a self-organizing protocol for anonymous communications in social networks. As far as we know, social networks do not offer any secure anonymous communication service. In social networks, privacy of users is preserved using pseudonymity, i.e., users select a pseudonym for their communications instead of their real identity. However, it has been shown that pseudonymity does not always result in anonymity (perfect privacy) if users' activities in social media are linkable. This makes users' privacy vulnerable to deanonymization attacks. Thus, by employing a secure anonymous communication service, social network service providers will be able to effectively preserve users' privacy. We perform extensive experiments and provide comprehensive security and privacy analysis to evaluate performance of the proposed schemes and mechanisms. Regarding the DBLP2 mechanism, our extensive analysis shows that it offers the optimum data utility regarding the trade-off between privacy protection and data utility. In addition, our experimental results indicate that DBLP2 is capable of offering variable location privacy protection and resilience to post processing. For the SPARSE scheme, our analysis and experiments show that SPARSE provides privacy protection as well as security properties for users including integrity, unforgeability and non-transferability of the location proofs. Moreover, it achieves a highly reliable performance against collusions. To validate performance of the PASPORT scheme, we implement a prototype of the proposed scheme on the Android platform. Extensive experiments indicate that the proposed method can efficiently protect location-based applications against fake submissions. For the proposed blockchain-based scheme, our prototype implementation on the Android platform shows that the proposed scheme outperforms other currently deployed location proof schemes. Finally, our prototype implementation of the HSDC-net protocol shows that it achieves low latencies that makes it a practical protocol. In summary, this research study focuses on developing new mechanisms for preserving location privacy of social network users. This is done through different approaches. Moreover, extensive effort is made to make the current location-related schemes and protocols privacy-aware. In this regard, several solutions in the form of scheme, mechanism, and protocol are introduced and their performance is evaluated. The results of this research work have also been presented in seven papers published in peer-reviewed journals and conferences

An Investigation of Power Saving and Privacy Protection on Smartphones

With the advancements in mobile technology, smartphones have become ubiquitous in people\u27s daily lives and have greatly facilitated users in many aspects. For a smartphone user, power saving and privacy protection are two important issues that matter and draw serious attentions from research communities. In this dissertation, we present our studies on some specific issues of power saving and privacy protection on a smartphone. Although IEEE 802.11 standards provide Power Save Mode (PSM) to help mobile devices conserve energy, PSM fails to bring expected benefits in many real scenarios. We define an energy conserving model to describe the general PSM traffic contention problem, and propose a solution called HPSM to address one specific case, in which multiple PSM clients associate to a single AP. In HPSM, we first use a basic sociological concept to define the richness of a PSM client based on the link resource it consumes. Then we separate these poor PSM clients from rich PSM clients in terms of link resource consumption, and favor the former to save power when they face PSM transmission contention. Our evaluations show that HPSM can help the poor PSM clients effectively save power while only slightly degrading the rich\u27s performance in comparison to the existing PSM solutions. Traditional user authentication methods using passcode or finger movement on smartphones are vulnerable to shoulder surfing attack, smudge attack, and keylogger attack. These attacks are able to infer a passcode based on the information collection of user\u27s finger movement or tapping input. as an alternative user authentication approach, eye tracking can reduce the risk of suffering those attacks effectively because no hand input is required. We propose a new eye tracking method for user authentication on a smartphone. It utilizes the smartphone\u27s front camera to capture a user\u27s eye movement trajectories which are used as the input of user authentication. No special hardware or calibration process is needed. We develop a prototype and evaluate its effectiveness on an android smartphone. Our evaluation results show that the proposed eye tracking technique achieves very high accuracy in user authentication. While LBS-based apps facilitate users in many application scenarios, they raise concerns on the breach of privacy related to location access. We perform the first measurement of this background action on the Google app market. Our investigation demonstrates that many popular apps conduct location access in background within short intervals. This enables these apps to collect a user\u27s location trace, from which the important personal information, Points of Interest (PoIs), can be recognized. We further extract a user\u27s movement pattern from the PoIs, and utilize it to measure the potential privacy breach. The measurement results also show that using the combination of movement pattern related metrics and the other PoI related metrics can help detect the privacy breach in an earlier manner than using either one of them alone. We then propose a preliminary solution to properly handle these location requests from background

A realisation of ethical concerns with smartphone personal health monitoring apps

The pervasiveness of smartphones has facilitated a new way in which owners of devices can monitor their health using applications (apps) that are installed on their smartphones. Smartphone personal health monitoring (SPHM) collects and stores health related data of the user either locally or in a third party storing mechanism. They are also capable of giving feedback to the user of the app in response to conditions are provided to the app therefore empowering the user to actively make decisions to adjust their lifestyle. Regardless of the benefits that this new innovative technology offers to its users, there are some ethical concerns to the user of SPHM apps. These ethical concerns are in some way connected to the features of SPHM apps. From a literature survey, this paper attempts to recognize ethical issues with personal health monitoring apps on smartphones, viewed in light of general ethics of ubiquitous computing. The paper argues that there are ethical concerns with the use of SPHM apps regardless of the benefits that the technology offers to users due to SPHM apps’ ubiquity leaving them open to known and emerging ethical concerns. The paper then propose a need further empirical research to validate the claim

ConXsense - Automated Context Classification for Context-Aware Access Control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.Comment: Recipient of the Best Paper Awar

Information Producers, Information Consumers : Location Data Privacy in Institutional Settings

Peer reviewedPreprin

ABAKA : a novel attribute-based k-anonymous collaborative solution for LBSs

The increasing use of mobile devices, along with advances in telecommunication systems, increased the popularity of Location-Based Services (LBSs). In LBSs, users share their exact location with a potentially untrusted Location-Based Service Provider (LBSP). In such a scenario, user privacy becomes a major con- cern: the knowledge about user location may lead to her identification as well as a continuous tracing of her position. Researchers proposed several approaches to preserve users’ location privacy. They also showed that hiding the location of an LBS user is not enough to guarantee her privacy, i.e., user’s pro- file attributes or background knowledge of an attacker may reveal the user’s identity. In this paper we propose ABAKA, a novel collaborative approach that provides identity privacy for LBS users considering users’ profile attributes. In particular, our solution guarantees p -sensitive k -anonymity for the user that sends an LBS request to the LBSP. ABAKA computes a cloaked area by collaborative multi-hop forwarding of the LBS query, and using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). We ran a thorough set of experiments to evaluate our solution: the results confirm the feasibility and efficiency of our proposal

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Understanding Shoulder Surfing in the Wild: Stories from Users and Observers

Research has brought forth a variety of authentication systems to mitigate observation attacks. However, there is little work about shoulder surfing situations in the real world. We present the results of a user survey (N=174) in which we investigate actual stories about shoulder surfing on mobile devices from both users and observers. Our analysis indicates that shoulder surfing mainly occurs in an opportunistic, non-malicious way. It usually does not have serious consequences, but evokes negative feelings for both parties, resulting in a variety of coping strategies. Observed data was personal in most cases and ranged from information about interests and hobbies to login data and intimate details about third persons and relationships. Thus, our work contributes evidence for shoulder surfing in the real world and informs implications for the design of privacy protection mechanisms