Privacy In Multi-Agent And Dynamical Systems

The use of private data is pivotal for numerous services including location--based ones, collaborative recommender systems, and social networks. Despite the utility these services provide, the usage of private data raises privacy concerns to their owners. Noise--injecting techniques, such as differential privacy, address these concerns by adding artificial noise such that an adversary with access to the published response cannot confidently infer the private data. Particularly, in multi--agent and dynamical environments, privacy--preserving techniques need to be expressive enough to capture time--varying privacy needs, multiple data owners, and multiple data users. Current work in differential privacy assumes that a single response gets published and a single predefined privacy guarantee is provided. This work relaxes these assumptions by providing several problem formulations and their approaches. In the setting of a social network, a data owner has different privacy needs against different users. We design a coalition--free privacy--preserving mechanism that allows a data owner to diffuse their private data over a network. We also formulate the problem of multiple data owners that provide their data to multiple data users. Also, for time--varying privacy needs, we prove that, for a class of existing privacy--preserving mechanism, it is possible to effectively relax privacy constraints gradually. Additionally, we provide a privacy--aware mechanism for time--varying private data, where we wish to protect only the current value of it. Finally, in the context of location--based services, we provide a mechanism where the strength of the privacy guarantees varies with the local population density. These contributions increase the applicability of differential privacy and set future directions for more flexible and expressive privacy guarantees

Privacy Preserving Physical Layer Authentication Scheme for LBS based Wireless Networks

With the fast development in services related to localisation, location-based service (LBS) gains more importance amongst all the mobile wireless services. To avail the service in the LBS system, information about the location and identity of the user has to be provided to the service provider. The service provider authenticates the user based on their identity and location before providing services. In general, sharing location information and preserving the user’s privacy is a highly challenging task in conventional authentication techniques. To resolve these challenges in authenticating the users, retaining users’ privacy, a new SVD (singular value decomposition) based Privacy Preserved Location Authentication Scheme (SPPLAS) has been proposed. In this proposed method, physical layer signatures such as channel state information (CSI) and carrier frequency offset (CFO) are used for generating secret key required for encrypting the user’s location and identity information, and thus encrypted user’s information is sent to service provider for authentication. Secret key is generated by applying SVD on CSI vector. The proposed scheme aids in authenticating the user through location information while protecting the user’s privacy. The performance of the proposed method is evaluated in terms of bit mismatch, leakage and bit error rate performance of receiver and adversary. The simulation results show that the proposed scheme achieves better robustness and security than the existing location-based authentication techniques

Shortest Path Computation with No Information Leakage

Shortest path computation is one of the most common queries in location-based services (LBSs). Although particularly useful, such queries raise serious privacy concerns. Exposing to a (potentially untrusted) LBS the client's position and her destination may reveal personal information, such as social habits, health condition, shopping preferences, lifestyle choices, etc. The only existing method for privacy-preserving shortest path computation follows the obfuscation paradigm; it prevents the LBS from inferring the source and destination of the query with a probability higher than a threshold. This implies, however, that the LBS still deduces some information (albeit not exact) about the client's location and her destination. In this paper we aim at strong privacy, where the adversary learns nothing about the shortest path query. We achieve this via established private information retrieval techniques, which we treat as black-box building blocks. Experiments on real, large-scale road networks assess the practicality of our schemes.Comment: VLDB201

Semantics-aware obfuscation for location privacy

The increasing availability of personal location data pushed by the widespread use of locationsensing technologies raises concerns with respect to the safeguard of location privacy. To address such concerns location privacy-preserving techniques are being investigated. An important area of application for such techniques is represented by Location Based Services (LBS). Many privacy-preserving techniques designed for LBS are based on the idea of forwarding to the LBS provider obfuscated locations, namely position information at low spatial resolution, in place of actual users' positions. Obfuscation techniques are generally based on the use of geometric methods. In this paper, we argue that such methods can lead to the disclosure of sensitive location information and thus to privacy leaks. We thus propose a novel method which takes into account the semantic context in which users are located. The original contribution of the paper is the introduction of a comprehensive framework consisting of a semantic-aware obfuscation model, a novel algorithm for the generation of obfuscated spaces for which we report results from an experimental evaluation and a reference architecture

PRIVACY PRESERVATION IN LOCATION-BASED PROXIMITY SERVICES

One of the most common location-based services (LBS) in the geo-aware social network market is the notification of friends geographically in proximity. In addition to the privacy threats related to the use of traditional LBS, there are other privacy threats specific to proximity services. Existing privacy-preserving solutions for LBS are not effective or directly applicable. For this reason, we developed techniques that specifically address the privacy threats of this type of services. The proposed techniques let a user control what is disclosed about her location and formally guarantee that these requirements are satisfied. An extensive empirical evaluation was performed, by using a dataset of user movement generated using an agent-based simulator, in which agents reflect the behavior of typical users of proximity services. The techniques were also integrated in a fully functional privacy-aware proximity service, for which we developed desktop and mobile clients

LOCATION SHARING: PRIVACY THREATS AND PROTECTION

In recent years there has been a growing increase in the number of users that use smartphones,tablets, wearable technologies and other devices that users have with them constantly. The capability of these latest generation mobile devices to detect the position of the users has led to the emergence of ad-hoc services as well as geo-aware social networks (GeoSN). Even if the sharing of our locations can enhance many useful services, there are several practical cases that unveil the danger of sharing location indiscriminately. For instance, let\u2019s suppose that a user has just told everyone that he is on vacation (and not at his house): if he adds how long his trip is, then thieves know exactly how much time they have to rob him. Many contributions in the scientific literature have shown how through the location information it is possible to infer several information about the user. It has been shown that it is possible to identify user\u2019s identity, if he is anonymous in the LBS, and, if the user is not anonymous, it is feasible to infer user\u2019s home location, habits and also politic preferences and sexual orientation. The scientific literature reflects this concerns, proposing many contributions that deal with privacy, in general, and location privacy, specifically. This dissertation deals with location privacy in Location Based Services and Geo-Social Networks. The goal is two-fold: on one hand we want to motivate the importance of the location privacy topic by identifying the privacy threats of sharing locations. In particular we study a new privacy threat, the co-location threat, and we further study an already known threat stemming from the use of distance preserving transformations.On the other hand, we want to propose privacy preserving techniques and tools: we propose a novel privacy preserving technique as well as presenting three (spatial and/or temporal) cloaking techniques, specifically designed for privacy techniques in which the privacy is granted by the use of a location\u2019s generalisation

A Solution for Privacy-Preserving and Security in Cloud for Document Oriented Data (By Using NoSQL Database)

Cloud computing delivers massively scalable computing resources as a service with Internet based technologies those can share resources within the cloud users. The cloud offers various types of services that majorly include infrastructure as services, platform as a service, and software as a service and security as a services and deployment model as well. The foremost issues in cloud data security include data security and user privacy, data protection, data availability, data location, and secure transmission. In now day, preserving-privacy of data and user, and manipulating query from big-data is the most challenging problem in the cloud. So many researches were conducted on privacy preserving techniques for sharing data and access control; secure searching on encrypted data and verification of data integrity. This work  included preserving-privacy of document oriented data security, user privacy in the three phases those are data security at rest, at process and at transit by using Full Homomorphic encryption and decryption scheme to achieve afore most mentioned goal. This work implemented on document oriented data only by using NoSQL database and  the encryption/decryption algorithm such as RSA and Paillier’s cryptosystem in Java package with MongoDB, Apache Tomcat Server 9.1, Python, Amazon Web Service mLab for MongoDB as remote server.  Keywords: Privacy-Preserving, NoSQL, MongoDB, Cloud computing, Homomorphic encryption/decryption, public key, private key, RSA Algorithm, Paillier’s cryptosystem DOI: 10.7176/CEIS/11-3-02 Publication date:May 31st 202

Leveraging Client Processing for Location Privacy in Mobile Local Search

Usage of mobile services is growing rapidly. Most Internet-based services targeted for PC based browsers now have mobile counterparts. These mobile counterparts often are enhanced when they use user\u27s location as one of the inputs. Even some PC-based services such as point of interest Search, Mapping, Airline tickets, and software download mirrors now use user\u27s location in order to enhance their services. Location-based services are exactly these, that take the user\u27s location as an input and enhance the experience based on that. With increased use of these services comes the increased risk to location privacy. The location is considered an attribute that user\u27s hold as important to their privacy. Compromise of one\u27s location, in other words, loss of location privacy can have several detrimental effects on the user ranging from trivial annoyance to unreasonable persecution. More and more companies in the Internet economy rely exclusively on the huge data sets they collect about users. The more detailed and accurate the data a company has about its users, the more valuable the company is considered. No wonder that these companies are often the same companies that offer these services for free. This gives them an opportunity to collect more accurate location information. Research community in the location privacy protection area had to reciprocate by modeling an adversary that could be the service provider itself. To further drive this point, we show that a well-equipped service provider can infer user\u27s location even if the location information is not directly available by using other information he collects about the user. There is no dearth of proposals of several protocols and algorithms that protect location privacy. A lot of these earlier proposals require a trusted third party to play as an intermediary between the service provider and the user. These protocols use anonymization and/or obfuscation techniques to protect user\u27s identity and/or location. This requirement of trusted third parties comes with its own complications and risks and makes these proposals impractical in real life scenarios. Thus it is preferable that protocols do not require a trusted third party. We look at existing proposals in the area of private information retrieval. We present a brief survey of several proposals in the literature and implement two representative algorithms. We run experiments using different sizes of databases to ascertain their practicability and performance features. We show that private information retrieval based protocols still have long ways to go before they become practical enough for local search applications. We propose location privacy preserving mechanisms that take advantage of the processing power of modern mobile devices and provide configurable levels of location privacy. We propose these techniques both in the single query scenario and multiple query scenario. In single query scenario, the user issues a query to the server and obtains the answer. In the multiple query scenario, the user keeps sending queries as she moves about in the area of interest. We show that the multiple query scenario increases the accuracy of adversary\u27s determination of user\u27s location, and hence improvements are needed to cope with this situation. So, we propose an extension of the single query scenario that addresses this riskier multiple query scenario, still maintaining the practicability and acceptable performance when implemented on a modern mobile device. Later we propose a technique based on differential privacy that is inspired by differential privacy in statistical databases. All three mechanisms proposed by us are implemented in realistic hardware or simulators, run against simulated but real life data and their characteristics ascertained to show that they are practical and ready for adaptation. This dissertation study the privacy issues for location-based services in mobile environment and proposes a set of new techniques that eliminate the need for a trusted third party by implementing efficient algorithms on modern mobile hardware

Acceptable Margin of Error : Quantifying Location Privacy in BLE Localization

Location privacy poses a critical challenge as the use of mobile devices and location-based services becomes more and more widespread. Proximity-detection data can reveal sensitive information about individuals, making it essential to preserve their location data. One way to achieve privacy protection is by adding noise to ground-truth data, which can introduce uncertainty while still allowing moderate utility for proximity-detection services and Received Signal Strength (RSS)-based localization. However, it is important to carefully adjust the amount of noise added in order to balance the privacy and accuracy concerns. This paper expands our previous work on evaluating location privacy bounds based on measurement error and intentionally added noise. Our model builds upon existing work in differential privacy and introduces other techniques to estimate privacy bounds specific to proximity data. By using real-world measurement data, we measure the privacy-accuracy trade-off and suggest cases where additional noise could be added. Our framework can be utilized to inform privacy-preserving location-based applications and guide the selection of appropriate noise levels in order to achieve the desired privacy-accuracy balance.acceptedVersionPeer reviewe