Towards Modeling Privacy in WiFi Fingerprinting Indoor Localization and its Application

In this paper, we study privacy models for privacy-preserving WiFi fingerprint based indoor local- ization (PPIL) schemes. We show that many existing models are insufficient and make unrealistic assumptions regarding adversaries’ power. To cover the state-of-the-art practical attacks, we propose the first formal security model which formulates the security goals of both client-side and server-side privacy beyond the curious-but-honest setting. In particular, our model considers various malicious behaviors such as exposing secrets of principles, choosing malicious WiFi fingerprints in location queries, and specifying the location area of a target client. Furthermore, we formulate the client-side privacy in an indistinguishability manner where an adversary is required to distinguish a client’s real location from a random one. The server-side privacy requires that adversaries cannot generate a fab- ricate database which provides a similar function to the real database of the server. In particular, we formally define the similarity between databases with a ball approach that has not been formalized before. We show the validity and applicability of our model by applying it to analyze the security of an existing PPIL protocol. We also design experiments to test the server-privacy in the presence of database leakage, based on a candidate server-privacy attack.Peer reviewe

Privacy in Indoor Positioning Systems: A Systematic Review

Ponència presentada a 10th International Conference on Localization and GNSS (ICL-GNSS), celebrada a Tampere (Finland) del 2 al 4 de juny de 2020This article presents a systematic review of privacy in indoor positioning systems. The selected 41 articles on location privacy preserving mechanisms employ non-inherently private methods such as encryption, k-anonymity, and differential privacy. The 15 identified mechanisms are categorized and summarized by where they are processed: on device, during transmission, or at a server. Trade-offs such as calculation speed, granularity, or complexity in set-up are identified for each mechanism. In 40% of the papers, some trade-offs are minimized by combining several methods into a hybrid solution. The combinations of mechanisms and their levels of offered privacy are suggested based on a series of user mobility cases

Practical Privacy-Preserving Indoor Localization based on Secure Two-Party Computation

We present a privacy-preserving indoor localization scheme based on received signal strength measurements, e.g., from WiFi access points. Our scheme preserves the privacy of both the client's location and the service provider's database by using secure two-party computation instantiated with known cryptographic primitives, namely, Paillier encryption and garbled circuits. We describe a number of optimizations that reduce the computation and communication overheads of the scheme and provide theoretical evaluations of these overheads. We also demonstrate the feasibility of the scheme by developing a proof-of-concept implementation for Android smartphones and commodity servers. This implementation allows us to validate the practical performance of our scheme and to show that it is feasible for practical use in certain types of indoor localization applications.Peer reviewe

Received Signal Strength Quantization for Secure Indoor Positioning via Fingerprinting

Peer reviewe

PILOT : Practical Privacy-Preserving Indoor Localization Using OuTsourcing

In the last decade, we observed a constantly growing number of Location-Based Services (LBSs) used in indoor environments, such as for targeted advertising in shopping malls or finding nearby friends. Although privacy-preserving LBSs were addressed in the literature, there was a lack of attention to the problem of enhancing privacy of indoor localization, i.e., the process of obtaining the users' locations indoors and, thus, a prerequisite for any indoor LBS. In this work we present PILOT, the first practically efficient solution for Privacy-Preserving Indoor Localization (PPIL) that was obtained by a synergy of the research areas indoor localization and applied cryptography. We design, implement, and evaluate protocols for Wi-Fi fingerprint-based PPIL that rely on 4 different distance metrics. To save energy and network bandwidth for the mobile end devices in PPIL, we securely outsource the computations to two non-colluding semi-honest parties. Our solution mixes different secure two-party computation protocols and we design size-and depth-optimized circuits for PPIL. We construct efficient circuit building blocks that are of independent interest: Single Instruction Multiple Data (SIMD) capable oblivious access to an array with low circuit depth and selection of the k-Nearest Neighbors with small circuit size. Additionally, we reduce Received Signal Strength (RSS) values from 8 bits to 4 bits without any significant accuracy reduction. Our most efficient PPIL protocol is 553x faster than that of Li et al. (INFOCOM'14) and 500× faster than that of Ziegeldorf et al. (WiSec'14). Our implementation on commodity hardware has practical run-times of less than 1 second even for the most accurate distance metrics that we consider, and it can process more than half a million PPIL queries per day.Peer reviewe

A privacy-preserving protocol for indoor Wi-Fi localization

Location-aware applications have witnessed massive worldwide growth in recent years due to the introduction and advancement of smartphones. Most of these applications rely on the Global Positioning System (GPS) which is not available in indoor environments. As a result, Wi-Fi fingerprinting is becoming increasingly popular as an alternative as it allows localizing users in indoor environments, has lower power consumption, and is also more economical as it does not require a dedicated sensor other than a Wi-Fi card. The technique allows a service provider (SP) to construct a Wi-Fi database (called radio map) that can be used as a reference point to localize a user. However, this process does not preserve the user privacy, as the location can only be computed interactively with the SP. The service provider may also reveal sensitive information on the indoor space (e.g. the building map) to the user. Thus, we need an indoor localization protocol that addresses the privacy of both parties. In this paper, we present a privacy-preserving cryptographic protocol for indoor Wi-Fi localization, that prevents the SP from learning the exact location of the user outside of certain pre-defined sensitive areas, while keeping the SP's database secure. Thus, both parties cannot learn anything about each other's input beyond the implicit output revealed

A Programmable SoC-Based Accelerator for Privacy-Enhancing Technologies and Functional Encryption

A multitude of privacy-enhancing technologies (PETs) has been presented recently to solve the privacy problems of contemporary services utilizing cloud computing. Many of them are based on additively homomorphic encryption (AHE) that allows the computation of additions on encrypted data. The main technical obstacles for adaptation of PETs in practical systems are related to performance overheads compared with current privacy-violating alternatives. In this article, we present a hardware/software (HW/SW) codesign for programmable systems-on-chip (SoCs) that is designed for accelerating applications based on the Paillier encryption. Our implementation is a microcode-based multicore architecture that is suitable for accelerating various PETs using AHE with large integer modular arithmetic. We instantiate the implementation in a Xilinx Zynq-7000 programmable SoC and provide performance evaluations in real hardware. We also investigate its efficiency in a high-end Xilinx UltraScale+ programmable SoC. We evaluate the implementation with two target use cases that have relevance in PETs: privacy-preserving computation of squared Euclidean distances over encrypted data and multi-input functional encryption (FE) for inner products. Both of them represent the first hardware acceleration results for such operations, and in particular, the latter one is among the very first published implementation results of FE on any platform.Peer reviewe

FAPRIL: Towards Faster Privacy-Preserving Fingerprint-Based Localization

Fingerprinting is a commonly used technique to provide accurate localization for indoor areas, where global navigation satellite systems, such as GPS and Galileo, cannot function or are not precise enough. Although fingerprint-based indoor localization has gained wide popularity, existing solutions that preserve privacy either rely on non-colluding servers or have high communication which hinder deployment. In this work we present FAPRIL, a privacy-preserving indoor localization scheme, which takes advantage of the latest secure two-party computation protocol improvements. We can split our scheme into two parts: an input independent setup phase and an online phase. We concentrate on optimizing the online phase for mobile clients who run on a mobile data plan and observe that recurring operands allow to optimize the total communication overhead even further. Our observation can be generalized, e.g., to improve multiplication of Arithmetic secret shared matrices. We implement FAPRIL on mobile devices and our benchmarks over a simulated LTE network show that the online phase of a private localization takes under 0.15 seconds with less than 0.20 megabytes of communication even for large buildings. The setup phase, which can be pre-computed, depends heavily on the setting but stays in the range 0.28 - 4.14 seconds and 0.69 - 16.00 megabytes per localization query. The round complexity of FAPRIL is constant for both phases

High-Precision Multipath-Based Indoor Localization Scheme With User Privacy Protection for Dynamic NLoS Environments

High-precision indoor localization systems (ILSs) are critical for applications such as human smartphone navigation, autonomous robotics and automated warehouse and factory design. This paper presents a novel fingerprinting-based ILS, which features a decimeter-level localization accuracy, the ability to function in a constantly changing non line-of-sight (NLoS) environment, and user privacy protection without the need for heavy computations. The proposed ILS is able to maintain its localization accuracy in a constantly changing environment and to camouflage the user’s location by leveraging multipath propagation. The method was successfully tested both by experimental verification using the ultra-wideband communication standard and a ray-tracing simulation. An average localization error of 6 cm is demonstrated for a stationary or slow-moving receiver. An average error of 30 cm is demonstrated for a receiver that is moving at a fast walking pace. The obtained localization accuracy is comparable to the accuracy of the state-of-the-art localization algorithms. At the same time, the proposed approach solves two practical challenges faced by ILSs: robustness to changing environments with moving objects and the high computation requirements of user privacy protection. The high degree of user privacy was evaluated using a set of corresponding metrics

MIMOCrypt: Multi-User Privacy-Preserving Wi-Fi Sensing via MIMO Encryption

Wi-Fi signals may help realize low-cost and non-invasive human sensing, yet it can also be exploited by eavesdroppers to capture private information. Very few studies rise to handle this privacy concern so far; they either jam all sensing attempts or rely on sophisticated technologies to support only a single sensing user, rendering them impractical for multi-user scenarios. Moreover, these proposals all fail to exploit Wi-Fi's multiple-in multiple-out (MIMO) capability. To this end, we propose MIMOCrypt, a privacy-preserving Wi-Fi sensing framework to support realistic multi-user scenarios. To thwart unauthorized eavesdropping while retaining the sensing and communication capabilities for legitimate users, MIMOCrypt innovates in exploiting MIMO to physically encrypt Wi-Fi channels, treating the sensed human activities as physical plaintexts. The encryption scheme is further enhanced via an optimization framework, aiming to strike a balance among i) risk of eavesdropping, ii) sensing accuracy, and iii) communication quality, upon securely conveying decryption keys to legitimate users. We implement a prototype of MIMOCrypt on an SDR platform and perform extensive experiments to evaluate its effectiveness in common application scenarios, especially privacy-sensitive human gesture recognition.Comment: IEEE S&P 2024, 19 pages, 22 figures, including meta reviews and response