Secure Identification in Social Wireless Networks

The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future

Trajectory and Policy Aware Sender Anonymity in Location Based Services

We consider Location-based Service (LBS) settings, where a LBS provider logs the requests sent by mobile device users over a period of time and later wants to publish/share these logs. Log sharing can be extremely valuable for advertising, data mining research and network management, but it poses a serious threat to the privacy of LBS users. Sender anonymity solutions prevent a malicious attacker from inferring the interests of LBS users by associating them with their service requests after gaining access to the anonymized logs. With the fast-increasing adoption of smartphones and the concern that historic user trajectories are becoming more accessible, it becomes necessary for any sender anonymity solution to protect against attackers that are trajectory-aware (i.e. have access to historic user trajectories) as well as policy-aware (i.e they know the log anonymization policy). We call such attackers TP-aware. This paper introduces a first privacy guarantee against TP-aware attackers, called TP-aware sender k-anonymity. It turns out that there are many possible TP-aware anonymizations for the same LBS log, each with a different utility to the consumer of the anonymized log. The problem of finding the optimal TP-aware anonymization is investigated. We show that trajectory-awareness renders the problem computationally harder than the trajectory-unaware variants found in the literature (NP-complete in the size of the log, versus PTIME). We describe a PTIME l-approximation algorithm for trajectories of length l and empirically show that it scales to large LBS logs (up to 2 million users)

User-Defined Privacy Location-Sharing System in Mobile Online Social Networks

With the fusion of social networks and location-based services, location sharing is one of the most important services in mobile online social networks (mOSNs). In location-sharing services, users have to provide their location information to service provider. However, location information is sensitive to users, which may cause a privacy-preserving issue needs to be solved. In the existing research, location-sharing services, such as friends’ query, does not consider the attacks from friends. In fact, a user may not trust all of his/her friends, so just a part of his/her friends will be allowed to obtain the user’s location information. In addition, users’ location privacy and social network privacy should be guaranteed. In order to solve the above problems, we propose a new architecture and a new scheme called User-Defined Privacy Location-Sharing (UDPLS) system for mOSNs. In our scheme, the query time is almost irrelevant to the number of friends. We also evaluate the performance and validate the correctness of our proposed algorithm through extensive simulations

PrivHome: Privacy-preserving authenticated communication in smart home environment

A smart home enables users to access devices such as lighting, HVAC, temperature sensors, and surveillance camera. It provides a more convenient and safe living environment for users. Security and privacy, however, is a key concern since information collected from these devices are normally communicated to the user through an open network (i. e. Internet) or system provided by the service provider. The service provider may store and have access to these information. Emerging smart home hubs such as Samsung SmartThings and Google Home are also capable of collecting and storing these information. Leakage and unauthorized access to the information can have serious consequences. For example, the mere timing of switching on/off of an HVAC unit may reveal the presence or absence of the home owner. Similarly, leakage or tampering of critical medical information collected from wearable body sensors can have serious consequences. Encrypting these information will address the issues, but it also reduces utility since queries is no longer straightforward. Therefore, we propose a privacy-preserving scheme, PrivHome. It supports authentication, secure data storage and query for smart home systems. PrivHome provides data confidentiality as well as entity and data authentication to prevent an outsider from learning or modifying the data communicated between the devices, service provider, gateway, and the user. It further provides privacy-preserving queries in such a way that the service provider, and the gateway does not learn content of the data. To the best of our knowledge, privacy-preserving queries for smart home systems has not been considered before. Under our scheme is a new, lightweight entity and key-exchange protocol, and an efficient searchable encryption protocol. Our scheme is practical as both protocols are based solely on symmetric cryptographic techniques. We demonstrate efficiency and effectiveness of our scheme based on experimental and simulation results, as well as comparisons to existing smart home security protocols

Novel techniques for location-cloaked applications

Location cloaking has been shown to be cost-effective in mitigating location privacy and safety risks. This strategy, however, has significant impact on the applications that rely on location information. They may suffer efficiency loss; some may not even work with reduced location resolution. This research investigates two problems. 1) How to process location-cloaked queries. Processing such queries incurs significant more workload for both server and client. While the server needs to retrieve more query results and transmit them to the client, the client downloading these results wastes its battery power because most of them are useless. To address these problems, we propose a suite of novel techniques including query decomposition, scheduling, and personalized air indexing. These techniques are integrated into a single unified platform that is capable of handling various types of queries. 2) How a node V can verify whether or not another node P indeed locates in a cloaking region it claims. This problem is challenging due to the fact that the process of location verification may allow V to refine P\u27s location within the region. We identify two types of attacks, transmission coverage attack and distance bounding attack. In the former, V refines a cloaking region by adjusting its transmission range to partially overlap with the region, whereas in the latter, by measuring the round trip time of its communication with P. We present two corresponding counter strategies, and built on top of them, propose a novel technique that allows P to participate in location verification while providing a certain level of guarantee that its cloaking region will not be refined during the process

On the Impact of User Movement Simulations in the Evaluation of LBS Privacy- Preserving Techniques

The evaluation of privacy-preserving techniques for LBS is often based on simulations of mostly random user movements that only partially capture real deployment scenarios. We claim that benchmarks tailored to specific scenarios are needed, and we report preliminary results on how they may be generated through an agent-based context- aware simulator. We consider privacy preserving algorithms based on spatial cloaking and compare the experimental results obtained on two benchmarks: the first based on mostly random movements, and the second obtained from the context-aware simulator. The specific deployment scenario is the provisioning of a friend-finder-like service on weekend nights in a big city. Our results show that, compared to the context- aware simulator, the random user movement simulator leads to significantly different results for a spatial-cloaking algorithm, under-protecting in some cases, and over-protecting in others