Privacy in (mobile) telecommunications services

Telecommunications services are for long subject to privacy regulations. At stake are traditionally: privacy of the communication and the protection of traffic data. Privacy of the communication is legally founded. Traffic data subsume under the notion of data protection and are central in the discussion. The telecommunications environment is profoundly changing. The traditionally closed markets with closed networks change into an open market with open networks. Within these open networks more privacy sensitive data are generated and have to be exchanged between growing numbers of parties. Also telecommunications and computer networks are rapidly being integrated and thus the distinction between telephony and computing disappears. Traditional telecommunications privacy regulations are revised to cover internet applications. In this paper telecommunications issues are recalled to aid the on-going debate. Cellular mobile phones have recently be introduced. Cellular networks process a particular category of traffic data namely location data, thereby introducing the issue of territorial privacy into the telecommunications domain. Location data are bound to be used for pervasive future services. Designs for future services are discussed and evaluated for their impact on privacy protection.</p

Self-certified sybil-free pseudonyms

Accurate and trusted identifiers are a centerpiece for any security architecture. Protecting against Sybil attacks in a privacy-friendly manner is a non-trivial problem in wireless infrastructureless networks, such as mobile ad hoc networks. In this paper, we introduce self-certified Sybil-free pseudonyms as a means to provide privacy-friendly Sybil-freeness without requiring continuous online availability of a trusted third party. These pseudonyms are self-certified and computed by the users themselves from their cryptographic longterm identities. Contrary to identity certificates, we preserve location privacy and improve protection against some notorious attacks on anonymous communication systems

Privacy Preserving User Data Publication In Social Networks

Recent trends show that the popularity of Social Networks (SNs) has been increasing rapidly. From daily communication sites to online communities, an average person\u27s daily life has become dependent on these online networks. Additionally, the number of people using at least one of the social networks have increased drastically over the years. It is estimated that by the end of the year 2020, one-third of the world\u27s population will have social accounts. Hence, user privacy protection has gained wide acclaim in the research community. It has also become evident that protection should be provided to these networks from unwanted intruders. In this dissertation, we consider data privacy on online social networks at the network level and the user level. The network-level privacy helps us to prevent information leakage to third-party users like advertisers. To achieve such privacy, we propose various schemes that combine the privacy of all the elements of a social network: node, edge, and attribute privacy by clustering the users based on their attribute similarity. We combine the concepts of k-anonymity and l-diversity to achieve user privacy. To provide user-level privacy, we consider the scenario of mobile social networks as the user location privacy is the much-compromised problem. We provide a distributed solution where users in an area come together to achieve their desired privacy constraints. We also consider the mobility of the user and the network to provide much better results

When Whereabouts is No Longer Thereabouts:Location Privacy in Wireless Networks

Modern mobile devices are fast, programmable and feature localization and wireless capabilities. These technological advances notably facilitate mobile access to Internet, development of mobile applications and sharing of personal information, such as location information. Cell phone users can for example share their whereabouts with friends on online social networks. Following this trend, the field of ubiquitous computing foresees communication networks composed of increasingly inter-connected wireless devices offering new ways to collect and share information in the future. It also becomes harder to control the spread of personal information. Privacy is a critical challenge of ubiquitous computing as sharing personal information exposes users' private lives. Traditional techniques to protect privacy in wired networks may be inadequate in mobile networks because users are mobile, have short-lived encounters and their communications can be easily eavesdropped upon. These characteristics introduce new privacy threats related to location information: a malicious entity can track users' whereabouts and learn aspects of users' private lives that may not be apparent at first. In this dissertation, we focus on three important aspects of location privacy: location privacy threats, location-privacy preserving mechanisms, and privacy-preservation in pervasive social networks. Considering the recent surge of mobile applications, we begin by investigating location privacy threats of location-based services. We push further the understanding of the privacy risk by identifying the type and quantity of location information that statistically reveals users' identities and points of interest to third parties. Our results indicate that users are at risk even if they access location-based services episodically. This highlights the need to design privacy into location-based services. In the second part of this thesis, we delve into the subject of privacy-preserving mechanisms for mobile ad hoc networks. First, we evaluate a privacy architecture that relies on the concept of mix zones to engineer anonymity sets. Second, we identify the need for protocols to coordinate the establishment of mix zones and design centralized and distributed approaches. Because individuals may have different privacy requirements, we craft a game-theoretic model of location privacy to analyze distributed protocols. This model predicts strategic behavior of rational devices that protects their privacy at a minimum cost. This prediction leads to the design of efficient privacy-preserving protocols. Finally, we develop a dynamic model of interactions between mobile devices in order to analytically evaluate the level of privacy provided by mix zones. Our results indicate the feasibility and limitations of privacy protection based on mix zones. In the third part, we extend the communication model of mobile ad hoc networks to explore social aspects: users form groups called "communities" based on interests, proximity, or social relations and rely on these communities to communicate and discover their context. We analyze using challenge-response methodology the privacy implications of this new communication primitive. Our results indicate that, although repeated interactions between members of the same community leak community memberships, it is possible to design efficient schemes to preserve privacy in this setting. This work is part of the recent trend of designing privacy protocols to protect individuals. In this context, the author hopes that the results obtained, with both their limitations and their promises, will inspire future work on the preservation of privacy

A Customizable k-Anonymity Model for Protecting Location Privacy

Continued advances in mobile networks and positioning technologies have created a strong market push for location-based services (LBSs). Examples include location-aware emergency services, location based service advertisement, and location sensitive billing. One of the big challenges in wide deployment of LBS systems is the privacy-preserving management of location-based data. Without safeguards, extensive deployment of location based services endangers location privacy of mobile users and exhibits significant vulnerabilities for abuse. In this paper, we describe a customizable k-anonymity model for protecting privacy of location data. Our model has two unique features. First, we provide a customizable framework to support k-anonymity with variable k, allowing a wide range of users to benefit from the location privacy protection with personalized privacy requirements. Second, we design and develop a novel spatio-temporal cloaking algorithm, called CliqueCloak, which provides location k-anonymity for mobile users of a LBS provider. The cloaking algorithm is run by the location protection broker on a trusted server, which anonymizes messages from the mobile nodes by cloaking the location information contained in the messages to reduce or avoid privacy threats before forwarding them to the LBS provider(s). Our model enables each message sent from a mobile node to specify the desired level of anonymity as well as the maximum temporal and spatial tolerances for maintaining the required anonymity. We study the effectiveness of the cloaking algorithm under various conditions using realistic location data synthetically generated using real road maps and traffic volume data. Our experiments show that the location k-anonymity model with multi-dimensional cloaking and tunable k parameter can achieve high guarantee of k anonymity and high resilience to location privacy threats without significant performance penalty

Practical privacy enhancing technologies for mobile systems

Mobile computers and handheld devices can be used today to connect to services available on the Internet. One of the predominant technologies in this respect for wireless Internet connection is the IEEE 802.11 family of WLAN standards. In many countries, WLAN access can be considered ubiquitous; there is a hotspot available almost anywhere. Unfortunately, the convenience provided by wireless Internet access has many privacy tradeoffs that are not obvious to mobile computer users. In this thesis, we investigate the lack of privacy of mobile computer users, and propose practical enhancements to increase the privacy of these users. We show how explicit information related to the users' identity leaks on all layers of the protocol stack. Even before an IP address is configured, the mobile computer may have already leaked their affiliation and other details to the local network as the WLAN interface openly broadcasts the networks that the user has visited. Free services that require authentication or provide personalization, such as online social networks, instant messengers, or web stores, all leak the user's identity. All this information, and much more, is available to a local passive observer using a mobile computer. In addition to a systematic analysis of privacy leaks, we have proposed four complementary privacy protection mechanisms. The main design guidelines for the mechanisms have been deployability and the introduction of minimal changes to user experience. More specifically, we mitigate privacy problems introduced by the standard WLAN access point discovery by designing a privacy-preserving access-point discovery protocol, show how a mobility management protocol can be used to protect privacy, and how leaks on all layers of the stack can be reduced by network location awareness and protocol stack virtualization. These practical technologies can be used in designing a privacy-preserving mobile system or can be retrofitted to current systems

Efficient, Secure and Privacy-Preserving PMIPv6 Protocol for V2G Networks

To ensure seamless communications between mobile Electric Vehicles (EVs) and EV power supply equipment, support for ubiquitous and transparent mobile IP communications is essential in Vehicle-to-Grid (V2G) networks. However, it initiates a range of privacy-related challenges as it is possible to track connected EVs through their mobile IP addresses. Recent works are mostly dedicated to solving authentication and privacy issues in V2G networks in general. Yet, they do not tackle the security and privacy challenges resulting from enabling mobile IP communications. To address these challenges, this paper proposes an Efficient, Secure and Privacy-preserving Proxy Mobile IPv6 (ESP-PMIPv6) protocol for the protection of mobile IP communications in V2G networks. ESP-PMIPv6 enables authorised EVs to acquire a mobile IPv6 address and access the V2G network in a secure and privacy-preserving manner. While ESP-PMIPv6 offers mutual authentication, identity anonymity and location unlinkability for the mobile EVs, it also achieves authorised traceability of misbehaving EVs through a novel collaborative tracking scheme. Formal and informal security analyses are conducted to prove that ESP-PMIPv6 meets these security and privacy goals. In addition, via a simulated assessment, the ESP-PMIPv6 is proven to achieve low authentication latency, low handover delay, and low packet loss rate in comparison with the PMIPv6 protocol

Road Network Mix-zones for Anonymous Location Based Services

Abstract-We present MobiMix, a road network based mix-zone framework to protect location privacy of mobile users traveling on road networks. An alternative and complementary approach to spatial cloaking based location privacy protection is to break the continuity of location exposure by introducing techniques, such as mix-zones, where no applications can trace user movements. However, existing mixzone proposals fail to provide effective mix-zone construction and placement algorithms that are resilient to timing and transition attacks. In MobiMix, mix-zones are constructed and placed by carefully taking into consideration of multiple factors, such as the geometry of the zones, the statistical behavior of the user population, the spatial constraints on movement patterns of the users, and the temporal and spatial resolution of the location exposure. In this demonstration, we first introduce a visualization of the location privacy risks of mobile users traveling on road networks and show how mixzone based anonymization breaks the continuity of location exposure to protect user location privacy. We demonstrate a suite of road network mix-zone construction and placement methods that provide higher level of resilience to timing and transition attacks on road networks. We show the effectiveness of the MobiMix approach through detailed visualization using traces produced by GTMobiSim on different scales of geographic maps

A Heuristic Algorithm for Mobility-aware Location Obfuscation

Mobile users not only use on-demand location-based services increasingly (e.g., checking in on online social networks), but also other mobile applications that provide a service based on location traces of users (e.g., fitness tracking, health monitoring, etc.). This type of continuous tracking of user location introduces specific challenges to protection of location-privacy of mobile users. One of the challenges is ensuring the preservation of privacy levels of user location over time. Also, it is essential to build a location obfuscation area that results in high confusion for an adversary. In this paper, we address these challenges by proposing and evaluating a heuristic obfuscation algorithm that is mobility aware. Specifically, our heuristic algorithm reasons about a user's next location by taking into account user mobility history and direction of movement. Our experiments show that our approach outperforms a mobility-agnostic random obfuscation mechanism