Entropy-based privacy against profiling of user mobility

Location-based services (LBSs) flood mobile phones nowadays, but their use poses an evident privacy risk. The locations accompanying the LBS queries can be exploited by the LBS provider to build the user profile of visited locations, which might disclose sensitive data, such as work or home locations. The classic concept of entropy is widely used to evaluate privacy in these scenarios, where the information is represented as a sequence of independent samples of categorized data. However, since the LBS queries might be sent very frequently, location profiles can be improved by adding temporal dependencies, thus becoming mobility profiles, where location samples are not independent anymore and might disclose the user's mobility patterns. Since the time dimension is factored in, the classic entropy concept falls short of evaluating the real privacy level, which depends also on the time component. Therefore, we propose to extend the entropy-based privacy metric to the use of the entropy rate to evaluate mobility profiles. Then, two perturbative mechanisms are considered to preserve locations and mobility profiles under gradual utility constraints. We further use the proposed privacy metric and compare it to classic ones to evaluate both synthetic and real mobility profiles when the perturbative methods proposed are applied. The results prove the usefulness of the proposed metric for mobility profiles and the need for tailoring the perturbative methods to the features of mobility profiles in order to improve privacy without completely loosing utility.This work is partially supported by the Spanish Ministry of Science and Innovation through the CONSEQUENCE (TEC2010-20572-C02-01/02) and EMRISCO (TEC2013-47665-C4-4-R) projects.The work of Das was partially supported by NSF Grants IIS-1404673, CNS-1355505, CNS-1404677 and DGE-1433659. Part of the work by Rodriguez-Carrion was conducted while she was visiting the Computer Science Department at Missouri University of Science and Technology in 2013–2014

INRISCO: INcident monitoRing in Smart COmmunities

Major advances in information and communication technologies (ICTs) make citizens to be considered as sensors in motion. Carrying their mobile devices, moving in their connected vehicles or actively participating in social networks, citizens provide a wealth of information that, after properly processing, can support numerous applications for the benefit of the community. In the context of smart communities, the INRISCO [1] proposal intends for (i) the early detection of abnormal situations in cities (i.e., incidents), (ii) the analysis of whether, according to their impact, those incidents are really adverse for the community; and (iii) the automatic actuation by dissemination of appropriate information to citizens and authorities. Thus, INRISCO will identify and report on incidents in traffic (jam, accident) or public infrastructure (e.g., works, street cut), the occurrence of specific events that affect other citizens' life (e.g., demonstrations, concerts), or environmental problems (e.g., pollution, bad weather). It is of particular interest to this proposal the identification of incidents with a social and economic impact, which affects the quality of life of citizens.This work was supported in part by the Spanish Government through the projects INRISCO under Grant TEC2014-54335-C4-1-R, Grant TEC2014-54335-C4-2-R, Grant TEC2014-54335-C4-3-R, and Grant TEC2014-54335-C4-4-R, in part by the MAGOS under Grant TEC2017-84197-C4-1-R, Grant TEC2017-84197-C4-2-R, and Grant TEC2017-84197-C4-3-R, in part by the European Regional Development Fund (ERDF), and in part by the Galician Regional Government under agreement for funding the Atlantic Research Center for Information and Communication Technologies (AtlantTIC)

Reducción del coste computacional del proceso de autenticación en el protocolo SET

SET es un protocolo seguro de pago, con tarjeta de crédito, que proporciona un modelo robusto de seguridad para entregar información personal y financiera a través de Internet, basado en la integridad de los datos, su confidencialidad y la autenticación mutua. Sin embargo, las partes involucradas en una transacción deben llevar a cabo diversas operaciones criptográficas, lo que puede ser un problema cuando se usan dispositivos móviles con baja capacidad de almacenamiento y procesamiento. Este artículo muestra como se puede reducir el coste computacional de SET, mediante el uso de otro protocolo llamado TRUTHC en conjunto con una Infraestructura de Clave Pública (PKI). Los resultados muestran que, usando TRUTHC, el tiempo total de ejecución puede ser reducido un 3% desde el punto de vista del cliente. Esta reducción se mantiene aunque aumente la longitud del camino de certificaciónSET is a secure credit card payment protocol that provides a robust security model based on data integrity, data confidentiality and mutual authen-tication to deliver personal and financial information through Internet. However, the parties involved in the transaction must carry out a lot of cryptographic operations which can be a problem when these parties use mobile devices with low processing and storage capacities. This paper shows how the computational cost of the SET protocol can be reduced when another protocol called TRUTHC is used in conjunction with the Public Key Infrastructure (PKI). Results show that the total execution time can be reduced about 3% using TRUTHC from the customer point of view. This reduction is still the same in spite of the increase of path lengt