Security and Privacy in Heterogeneous Wireless and Mobile Networks: Challenges and Solutions

abstract: The rapid advances in wireless communications and networking have given rise to a number of emerging heterogeneous wireless and mobile networks along with novel networking paradigms, including wireless sensor networks, mobile crowdsourcing, and mobile social networking. While offering promising solutions to a wide range of new applications, their widespread adoption and large-scale deployment are often hindered by people's concerns about the security, user privacy, or both. In this dissertation, we aim to address a number of challenging security and privacy issues in heterogeneous wireless and mobile networks in an attempt to foster their widespread adoption. Our contributions are mainly fivefold. First, we introduce a novel secure and loss-resilient code dissemination scheme for wireless sensor networks deployed in hostile and harsh environments. Second, we devise a novel scheme to enable mobile users to detect any inauthentic or unsound location-based top-k query result returned by an untrusted location-based service providers. Third, we develop a novel verifiable privacy-preserving aggregation scheme for people-centric mobile sensing systems. Fourth, we present a suite of privacy-preserving profile matching protocols for proximity-based mobile social networking, which can support a wide range of matching metrics with different privacy levels. Last, we present a secure combination scheme for crowdsourcing-based cooperative spectrum sensing systems that can enable robust primary user detection even when malicious cognitive radio users constitute the majority.Dissertation/ThesisPh.D. Electrical Engineering 201

When Whereabouts is No Longer Thereabouts:Location Privacy in Wireless Networks

Modern mobile devices are fast, programmable and feature localization and wireless capabilities. These technological advances notably facilitate mobile access to Internet, development of mobile applications and sharing of personal information, such as location information. Cell phone users can for example share their whereabouts with friends on online social networks. Following this trend, the field of ubiquitous computing foresees communication networks composed of increasingly inter-connected wireless devices offering new ways to collect and share information in the future. It also becomes harder to control the spread of personal information. Privacy is a critical challenge of ubiquitous computing as sharing personal information exposes users' private lives. Traditional techniques to protect privacy in wired networks may be inadequate in mobile networks because users are mobile, have short-lived encounters and their communications can be easily eavesdropped upon. These characteristics introduce new privacy threats related to location information: a malicious entity can track users' whereabouts and learn aspects of users' private lives that may not be apparent at first. In this dissertation, we focus on three important aspects of location privacy: location privacy threats, location-privacy preserving mechanisms, and privacy-preservation in pervasive social networks. Considering the recent surge of mobile applications, we begin by investigating location privacy threats of location-based services. We push further the understanding of the privacy risk by identifying the type and quantity of location information that statistically reveals users' identities and points of interest to third parties. Our results indicate that users are at risk even if they access location-based services episodically. This highlights the need to design privacy into location-based services. In the second part of this thesis, we delve into the subject of privacy-preserving mechanisms for mobile ad hoc networks. First, we evaluate a privacy architecture that relies on the concept of mix zones to engineer anonymity sets. Second, we identify the need for protocols to coordinate the establishment of mix zones and design centralized and distributed approaches. Because individuals may have different privacy requirements, we craft a game-theoretic model of location privacy to analyze distributed protocols. This model predicts strategic behavior of rational devices that protects their privacy at a minimum cost. This prediction leads to the design of efficient privacy-preserving protocols. Finally, we develop a dynamic model of interactions between mobile devices in order to analytically evaluate the level of privacy provided by mix zones. Our results indicate the feasibility and limitations of privacy protection based on mix zones. In the third part, we extend the communication model of mobile ad hoc networks to explore social aspects: users form groups called "communities" based on interests, proximity, or social relations and rely on these communities to communicate and discover their context. We analyze using challenge-response methodology the privacy implications of this new communication primitive. Our results indicate that, although repeated interactions between members of the same community leak community memberships, it is possible to design efficient schemes to preserve privacy in this setting. This work is part of the recent trend of designing privacy protocols to protect individuals. In this context, the author hopes that the results obtained, with both their limitations and their promises, will inspire future work on the preservation of privacy

Efficient Oblivious Computation Techniques for Privacy-Preserving Mobile Applications

Research area: Information Security and Cryptography, Networking and CommunicationsResearch topic: Privacy-Preserving Computation, Mobile Application SecurityThe growth of smartphone capability has led to an explosion of new applications. Many of the most useful apps use context-sensitive data, such as GPS location or social network information. In these cases, users may not be willing to release personal information to untrusted parties. Currently, the solutions to performing computation on encrypted inputs use garbled circuits combined with a variety of optimizations. However, the capability of resource-constrained smartphones for evaluating garbled circuits in any variation is uncertain in practice. In [1], it is shown that certain garbled circuit evaluations can be optimized by using homomorphic encryption. In this paper, we take this concept to its logical extreme with Efficient Mobile Oblivious Computation (EMOC), a technique that completely replaces garbled circuits with homomorphic operations on ciphertexts. We develop applications to securely solve the millionaire’s problem, send tweets based on location, and compute common friends in a social network, then prove equivalent privacy guarantees to analogous constructions using garbled circuits. We then demonstrate up to 68% runtime reduction from the most efficient garbled circuit implementation. In so doing, we demonstrate a practical technique for developing privacy-preserving applications on the mobile platform

A Privacy-Friendly Architecture for Mobile Social Networking Applications

The resources and localization abilities available in modern smartphones have provided a huge boost to the popularity of location-based applications. In these applications, users send their current locations to a central service provider and can receive content or an enhanced experience predicated on their provided location. Privacy issues with location- based applications can arise from a central entity being able to store large amounts of information about users (e.g., contact information, attributes) and locations (e.g., available businesses, users present). We propose an architecture for a privacy-friendly location hub to encourage the development of mobile location-based social applications with privacy- preserving features. Our primary goal is to store information such that no entity in our architecture can link a user’s identity to her location. We also aim to decouple storing data from manipulating data for social networking purposes. Other goals include designing an architecture flexible enough to support a wide range of use cases and avoiding considerable client-side computation. Our architecture consists of separate server components for storing information about users and storing information about locations, as well as client devices and optional com- ponents in the cloud for supporting applications. We describe the design of API functions exposed by the server components and demonstrate how they can be used to build some sample mobile location-based social applications. A proof-of-concept implementation is provided with in-depth descriptions of how each function was realized, as well as experi- ments examining the practicality of our architecture. Finally, we present two real-world applications developed on the Android platform to demonstrate how these applications work from a user’s perspective

Privacy-preserving proximity detection with secure multi-party computational geometry

Over the last years, Location-Based Services (LBSs) have become popular due to the global use of smartphones and improvement in Global Positioning System (GPS) and other positioning methods. Location-based services employ users' location to offer relevant information to users or provide them with useful recommendations. Meanwhile, with the development of social applications, location-based social networking services (LBSNS) have attracted millions of users because the geographic position of users can be used to enhance the services provided by those social applications. Proximity detection, as one type of location-based function, makes LBSNS more flexible and notifies mobile users when they are in proximity. Despite all the desirable features that such applications provide, disclosing the exact location of individuals to a centralized server and/or their social friends might put users at risk of falling their information in wrong hands, since locations may disclose sensitive information about people including political and religious affiliations, lifestyle, health status, etc. Consequently, users might be unwilling to participate in such applications. To this end, private proximity detection schemes enable two parties to check whether they are in close proximity while keeping their exact locations secret. In particular, running a private proximity detection protocol between two parties only results in a boolean value to the querier. Besides, it guarantees that no other information can be leaked to the participants regarding the other party's location. However, most proposed private proximity detection protocols enable users to choose only a simple geometric range on the map, such as a circle or a rectangle, in order to test for proximity. In this thesis, we take inspiration from the field of Computational Geometry and develop two privacy-preserving proximity detection protocols that allow a mobile user to specify an arbitrary complex polygon on the map and check whether his/her friends are located therein. We also analyzed the efficiency of our solutions in terms of computational and communication costs. Our evaluation shows that compared to the similar earlier work, the proposed solution increases the computational efficiency by up to 50%, and reduces the communication overhead by up to 90%. Therefore, we have achieved a significant reduction of computational and communication complexity

Privacy preservation in social media environments using big data

With the pervasive use of mobile devices, social media, home assistants, and smart devices, the idea of individual privacy is fading. More than ever, the public is giving up personal information in order to take advantage of what is now considered every day conveniences and ignoring the consequences. Even seemingly harmless information is making headlines for its unauthorized use (18). Among this data is user trajectory data which can be described as a user\u27s location information over a time period (6). This data is generated whenever users access their devices to record their location, query the location of a point of interest, query directions to get to a location, request services to come to their location, and many other applications. This data could be used by a malicious adversary to track a user\u27s movements, location, daily patterns, and learn details personal to the user. While the best course of action would be to hide this information entirely, this data can be used for many beneficial purposes as well. Emergency vehicles could be more efficiently routed based on trajectory patterns, businesses could make intelligent marketing or building decisions, and users themselves could benefit by taking advantage of more conveniences. There are several challenges to publishing this data while also preserving user privacy. For example, while location data has good utility, users expect their data to be private. For real world applications, users generate many terabytes of data every day. To process this volume of data for later use and anonymize it in order to hide individual user identities, this thesis presents an efficient algorithm to change the processing time for anonymization from days, as seen in (20), to a matter of minutes or hours. We cannot focus just on location data, however. Social media has a great many uses, one of which being the sharing of images. Privacy cannot stop with location, but must reach to other data as well. This thesis addresses the issue of image privacy in this work, as often images can be even more sensitive than location --Abstract, page iv