Efficient Location Privacy In Mobile Applications

Location awareness is an essential part of today\u27s mobile devices. It is a well-established technology that offers significant benefits to mobile users. While location awareness has triggered the exponential growth of mobile computing, it has also introduced new privacy threats due to frequent location disclosures. Movement patterns could be used to identify individuals and also leak sensitive information about them, such as health condition, lifestyle, political/religious affiliations, etc. In this dissertation we address location privacy in the context of mobile applications. First we look into location privacy in the context of Dynamic Spectrum Access (DSA) technology. DSA is a promising framework for mitigating the spectrum shortage caused by fixed spectrum allocation policies. In particular, DSA allows license-exempt users to access the licensed spectrum bands when not in use by their respective owners. Here, we focus on the database-driven DSA model, where mobile users issue location-based queries to a white-space database in order to identify idle channels in their area. We present a number of efficient protocols that allow users to retrieve channel availability information from the white-space database while maintaining their location secret. In the second part of the dissertation we look into location privacy in the context of location-aware mobile advertising. Location-aware mobile advertising is expanding very rapidly and is forecast to grow much faster than any other industry in the digital era. Unfortunately, with the rise and expansion of online behavioral advertising, consumers have grown very skeptical of the vast amount of data that is extracted and mined from advertisers today. As a result, the consensus has shifted towards stricter privacy requirements. Clearly, there exists an innate conflict between privacy and advertisement, yet existing advertising practices rely heavily on non-disclosure agreements and policy enforcement rather than computational privacy guarantees. In the second half of this dissertation, we present a novel privacy-preserving location-aware mobile advertisement framework that is built with privacy in mind from the ground up. The framework consists of several methods which ease the tension that exists between privacy and advertising by guaranteeing, through cryptographic constructions, that (i) mobile users receive advertisements relative to their location and interests in a privacy-preserving manner, and (ii) the advertisement network can only compute aggregate statistics of ad impressions and click-through-rates. Through extensive experimentation, we show that our methods are efficient in terms of both computational and communication cost, especially at the client side

Location Privacy-Preserving Strategies for Secondary Spectrum Use

The scarcity of wireless spectrum resources and the overwhelming demand for wireless broadband resources have prompted industry, government agencies and academia within the wireless communities to develop and come up with effective solutions that can make additional spectrum available for broadband data. As part of these ongoing efforts, cognitive radio networks (CRNs) have emerged as an essential technology for enabling and promoting dynamic spectrum access and sharing, a paradigm primarily aimed at addressing the spectrum scarcity and shortage challenges by permitting and enabling unlicensed or secondary users (SUs) to freely search, locate and exploit unused licensed spectrum opportunities. Despite their great potentials for improving spectrum utilization efficiency and for addressing the spectrum shortage problem, CRNs suffer from serious location privacy issues, which essentially tend to disclose the location information of the SUs to other system entities during their usage of these open spectrum opportunities. Knowing that their whereabouts may be exposed, SUs can be discouraged from joining and participating in the CRNs, potentially hindering the adoption and deployment of this technology. In this thesis, we propose frameworks that are suitable for CRNs, but also preserve the location privacy information of these SU s. More specifically, 1. We propose location privacy-preserving protocols that protect the location privacy of SUs in cooperative sensing-based CRNs while allowing the SUs to perform their spectrum sensing tasks reliably and effectively. Our proposed protocols allow also the detection of malicious user activities through the adoption of reputation mechanisms. 2. We propose location privacy-preserving approaches that provide information-theoretic privacy to SU s’ location in database-driven CRNs through the exploitation of the structured nature of spectrum databases and the fact that database-driven CRNs, by design, rely on multiple spectrum databases. 3. We propose a trustworthy framework for new generation of spectrum access systems in the 3.5 GHz band that not only protects SUs’ privacy, but also ensures that they comply with the unique system requirements, while allowing the detection of misbehaving users

Security Supports for Cyber-Physical System and its Communication Networks

A cyber-physical system (CPS) is a sensing and communication platform that features tight integration and combination of computation, networking, and physical processes. In such a system, embedded computers and networks monitor and control the physical processes through a feedback loop, in which physical processes affect computations and vice versa. In recent years, CPS has caught much attention in many different aspects of research, such as security and privacy. In this dissertation, we focus on supporting security in CPS and its communication networks. First, we investigate the electric power system, which is an important CPS in modern society. as crucial and valuable infrastructure, the electric power system inevitably becomes the target of malicious users and attackers. In our work, we point out that the electric power system is vulnerable to potential cyber attacks, and we introduce a new type of attack model, in which an attack cannot be completely identified, even though its presence may be detected. to defend against such an attack, we present an efficient heuristic algorithm to narrow down the attack region, and then enumerate all feasible attack scenarios. Furthermore, based on the feasible attack scenarios, we design an optimization strategy to minimize the damage caused by the attack. Next, we study cognitive radio networks, which are a typical communication network in CPS in the areas of security and privacy. as for the security of cognitive radio networks, we point out that a prominent existing algorithm in cooperative spectrum sensing works poorly under a certain attack model. In defense of this attack, we present a modified combinatorial optimization algorithm that utilizes the branch-and-bound method in a decision tree to identify all possible false data efficiently. In regard to privacy in cognitive radio networks, we consider incentive-based cognitive radio transactions, where the primary users sell time slices of their licensed spectrum to secondary users in the network. There are two concerns in such a transaction. The first is the primary user\u27s interest, and the second is the secondary user\u27s privacy. to verify that the payment made by a secondary user is trustworthy, the primary user needs detailed spectrum utilization information from the secondary user. However, disclosing this detailed information compromises the secondary user\u27s privacy. to solve this dilemma, we propose a privacy-preserving scheme by repeatedly using a commitment scheme and zero-knowledge proof scheme

A Review of Research on Privacy Protection of Internet of Vehicles Based on Blockchain

Numerous academic and industrial fields, such as healthcare, banking, and supply chain management, are rapidly adopting and relying on blockchain technology. It has also been suggested for application in the internet of vehicles (IoV) ecosystem as a way to improve service availability and reliability. Blockchain offers decentralized, distributed and tamper-proof solutions that bring innovation to data sharing and management, but do not themselves protect privacy and data confidentiality. Therefore, solutions using blockchain technology must take user privacy concerns into account. This article reviews the proposed solutions that use blockchain technology to provide different vehicle services while overcoming the privacy leakage problem which inherently exists in blockchain and vehicle services. We analyze the key features and attributes of prior schemes and identify their contributions to provide a comprehensive and critical overview. In addition, we highlight prospective future research topics and present research problems