On User Privacy for Location-based Services

This thesis investigates user privacy concerns associated with the use of location based services. We begin by introducing various privacy schemes relevant to the use of location based services. We introduce the notion of constraints, i.e. statements limiting the use and dis tribution of Location Information (LI), i.e. data providing information regarding a subject's location. Constraints can be securely bound to LI, and are designed to reduce threats to privacy by controlling its dissemination and use. The various types of constraint which may be required are also considered. The issues and risks with the possible use of constraints are discussed, as are possible solutions to these hazards. To address some of the problems that have been identified with the use of constraints, we introduce the notion of an LI Preference Authority (LIPA). A LIPA is a trusted party which can examine LI constraints and make decisions about LI distribution without revealing the constraints to the entity requesting the LI. This is achieved by encrypting both the LI and the constraints with a LIPA encryption key, ensuring that the LI is only revealed at the discretion of the LIPA. We further show how trusted computing can be used to enhance privacy for LI. We focus on how the mechanisms in the Trusted Computing Group specifications can be used to enable the holder of LI to verify the trustworthiness of a remote host before transferring the LI to that remote device. This provides greater assurance to end users that their expressed preferences for the handling of personal information will be respected. The model for the control of LI described in this thesis has close parallels to models controlling the dissemination and use of other personal information. In particular, Park and Sandhu have developed a general access control model intended to address issues such as Digital Rights Management, code authorisation, and the control of personal data. We show how our model for LI control fits into this general access control model. We present a generic service which allows a device to discover the location of other devices in ad hoc networks. The advantages of the service are discussed in several scenarios, where the reliance on an infrastructure such as GPS satellites or GSM cellular base stations is not needed. An outline of the technology which will be needed to realise the service is given, along with a look at the security issues which surround the use of this location discovery service. Finally, we provide conclusions and suggestions for future work