A uniformity-based approach to location privacy

As location-based services emerge, many people feel exposed to high privacy threats. Privacy protection is a major challenge for such services and related applications. A simple approach is perturbation, which adds an artificial noise to positions and returns an obfuscated measurement to the requester. Our main finding is that, unless the noise is chosen properly, these methods do not withstand attacks based on statistical analysis. In this paper, we propose UniLO, an obfuscation operator which offers high assurances on obfuscation uniformity, even in case of imprecise location measurement. We also deal with service differentiation by proposing three UniLO-based obfuscation algorithms that offer multiple contemporaneous levels of privacy. Finally, we experimentally prove the superiority of the proposed algorithms compared to the state-of-the-art solutions, both in terms of utility and resistance against inference attacks

On Designing Resilient Location-Privacy Obfuscators

The success of location-based services is growing together with the diffusion of GPS-equipped smart devices. As a consequence, privacy concerns are raising year by year. Location privacy is becoming a major interest in research and industry world, and many solutions have been proposed for it. One of the simplest and most flexible approaches is obfuscation, in which the precision of location data is artificially degraded before disclosing it. In this paper, we present an obfuscation approach capable of dealing with measurement imprecision, multiple levels of privacy, untrusted servers and adversarial knowledge of the map. We estimate its resistance against statistical-based deobfuscation attacks, and we improve it by means of three techniques, namely extreme vectors, enlarge-and-scale and hybrid vectors

ABE-Cities: An attribute-based encryption system for smart cities

In the near future, a technological revolution will involve our cities, where a variety of smart services based on the Internet of Things will be developed to facilitate the needs of the citizens. Sensing devices are already being deployed in urban environments, and they will generate huge amounts of data. Such data are typically outsourced to some cloud storage because this lowers capital and operating expenses and guarantees high availability. However, cloud storage may have incentives to release stored data to unauthorized entities. In this work we present ABE-Cities, an encryption scheme for urban sensing which solves the above problems while ensuring fine-grained access control on data by means of Attribute-Based Encryption (ABE). Basically, ABE-Cities encrypts data before storing it in the cloud and provides users with keys able to decrypt only those portions of data the user is authorized to access. In ABE-Cities, the sensing devices perform only lightweight symmetric cryptography operations, thus they can also be resource-constrained. ABE-Cities provides planned expiration of keys, as well as their unplanned revocation. We propose methods to make the key revocation efficient, and we show by simulations the overall efficiency of ABE-Cities

SEA-BREW: A scalable Attribute-Based Encryption revocable scheme for low-bitrate IoT wireless networks

Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Industrial IoT (IIoT) applications. In contrast to state-of-the-art ABE schemes, ours is capable of securely performing key revocations with a single short broadcast message, instead of a number of unicast messages that is linear with the number of nodes. This is desirable for low-bitrate Wireless Sensor and Actuator Networks (WSANs) which often are the heart of (I)IoT systems. In SEA-BREW, sensors, actuators, and users can exchange encrypted data via a cloud server, or directly via wireless if they belong to the same WSAN. We formally prove that our scheme is secure also in case of an untrusted cloud server that colludes with a set of users, under the generic bilinear group model. We show by simulations that our scheme requires a constant computational overhead on the cloud server with respect to the complexity of the access control policies. This is in contrast to state-of-the-art solutions, which require instead a linear computational overhead

On the Feasibility of Overshadow Enlargement Attack on IEEE 802.15.4a Distance Bounding

Distance-bounding protocols are able to measure a secure upper bound to the distance between two devices. They are designed to resist to reduction attacks, whose objective is reducing the measured distance. In this paper we focus on the opposite problem, the enlargement attack, which is aimed at enlarging the measured distance. We analyze the feasibility of enlargement attacks through overshadow strategies on 802.15.4a UWB distance-bounding protocols. We show that the overshadow strategies, generally considered feasible by the existing literature, are actually difficult to carry out. Depending on the delay introduced by the adversary, there are cases in which they have no effect or their effect is not controllable

Attribute-Based Encryption and Sticky Policies for Data Access Control in a Smart Home Scenario: a Comparison on Networked Smart Object Middleware

Regulating the access to the Internet of Things (IoT) network's resources is a complex-prone task, which requires to pay a great attention on how policies are defined, shared, and enforced. The present paper considers the specific context of a smart home, which represents one of the main IoT application domains, and it focuses on two solutions proposed in the literature to cope with the aforementioned issues. On the one side, approaches based on Attribute-Based Encryption (ABE) allow one to encrypt data for multiple recipients, in such a way that only those recipients whose attributes satisfy a given access policy can decrypt afterwards. ABE guarantees a high level of customization due to the variety of attributes which can be defined, and it is also flexible enough to be adapted to different kinds of scenarios. On the other side, approaches based on sticky policies allow to attach an access policy directly to the data itself, and to employ a trusted authority to evaluate and enforce the policy itself. Sticky policies also guarantee a highly distributed and customizable enforcement of access control rules. In this paper, we compare the advantages and the drawbacks in terms of performance and robustness of such two techniques by means of their integration within the prototype of an IoT middleware, named NetwOrked Smart object (NOS). Hence, the effectiveness of the presented solutions is validated by means of a real test-bed in the smart home scenario, in terms of storage occupancy, CPU load, and data retrieval delay. The final goal is to reveal the best approach to be used depending on the application's requirements

Progettazione e sviluppo di una infrastruttura software per soluzioni ZigBee Home Automation

Application fields involving domotic or industrial automation, have been seeing an increasing interest from both the industry and the academia, with digital wireless protocols as preferred communication technologies. ZigBee is a standard communication technology which provides wireless connectivity and functional interoperability between low-cost and low-power devices of different vendors, focusing on battery life improvement. Some noteworthy employments of ZigBee technology are Home, Building and Industrial Automation as well as E-Health. This thesis work aims to the development of a software framework which provides abstraction mechanisms for communication and control operations; an example of application, called Home Manager; and, finally, some testing tools, called Virtual Devices, which emulates real household appliances. The ZigBee network is accessed by means of a gateway server (GAL) provided by Telecom Italia SpA, which implements remotization and abstraction features. In particular, the Home Manager application provides centralized home control features, power saving and power overload protection procedures, and consumption reports, turning out to be both effective and user-friendly. Finally, the framework and the application have been tested in network scenarios with up to six devices, both real and emulated

Secure and Private Localization in Wireless Networks

Nell'era del mobile computing, la posizione di persone o cose è un'informazione importante per una vasta gamma di applicazioni. Questo tipo di dato è peculiare sotto molti aspetti, e pone nuove sfide dal punto di vista della sicurezza e della privacy. Riguardo alla sicurezza, la diffusa tecnologia GPS si è rivelata piuttosto fragile. Gli attacchi di spoofing della posizione sono facili da mettere in pratica contro ricevitori di segnale GPS civile. Un attaccante relativamente sofisticato può ingannare un ricevitore e portarlo a misurare qualsiasi posizione desiderata. Questo può avere effetti devastanti su sistemi "dependable" basati su misure GPS. D'altra parte, una posizione è spesso riferita ad una persona. In questo caso, è un dato personale, e la sua divulgazione indiscriminata può costituire una violazione della privacy. Inoltre, la posizione di una persona può rivelare informazioni ancora più sensibili su di essa. L'enorme raccolta di posizioni di utenti da parte degli odierni fornitori di servizi sta diventando una seria preoccupazione. L'opinione pubblica si sta sensibilizzando sempre di più su questo problema. È facile immaginare che i fornitori di servizi del futuro dovranno essere fidati dal punto di vista della privacy. Le compagnie che non sono fidate dai loro stessi clienti incontreranno serie difficoltà sul mercato. In questa tesi di dottorato, consideriamo una serie di problemi di sicurezza e di privacy riguardanti ai dati di posizione, e proponiamo soluzioni innovative. Prima di tutto, affrontiamo il problema della misura sicura (non GPS) di posizioni. Studiamo le limitazioni delle attuali tecnologie range-based di posizionamento sicuro, che utilizzano protocolli distance-bounding eseguiti da nodi àncora terrestri. Un protocollo distance-bounding permette di misurare un limite superiore sicuro alla distanza tra due dispositivi. Ci concentriamo su un nuovo tipo di attacco, generalmente considerato fattibile in letteratura: l'attacco di enlargement. Gli attacchi di enlargement mirano a far misurare al protocollo distance-bounding una distanza maggiore di quella reale. Investighiamo la loro fattibilità ed il loro effetto contro protolli distance-bounding implementati su standard IEEE 802.15.4a UWB. Basandoci sui risultati di questa analisi, proponiamo EMCD-ML, un algoritmo per il posizionamento sicuro che riduce sensibilmente il numero di nodi àncora necessari rispetto ai metodi allo stato dell'arte. In secondo luogo, affrontiamo il problema della protezione della privacy nella disseminazione e nell'uso dei dati di posizione. Proponiamo *-UniLO, un insieme di operatori che offuscano delle posizioni per scopi di privacy. Gli operatori *-UniLO sono applicati dall'utente al dato di posizione prima di rilasciarlo al service provider. Essi impediscono al provider di inferire altre informazioni sensibili dal dato di posizione, e contemporaneamente mantengono la fruibilità del servizio. Affrontiamo anche i problemi correlati di: (i) gestire l'imprecisione nelle misure di posizione; (ii) offrire più livelli di privacy contemporanei; (iii) difendersi contro avversari conoscenti la mappa; e (iv) difendersi contro location server non fidati. Gli operatori *-UniLO offrono un livello di sicurezza più alto rispetto ai metodi di offuscamento allo stato dell'arte

Integration of privacy protection mechanisms in location-based services

In the next few years, we will see the upcoming of location-based services. Such LBSs will be extremely heterogeneous. Protecting the privacy of the users in such a situation requires flexible approaches. A single privacy protection mechanism is often insufficient. The contribution of this paper is two-fold. First we present LbSprint, a middleware architecture for location-based services which integrates different privacy mechanisms by means of the standard XACML language. The system administrator can configure and extend the set of such mechanisms. To the best of our knowledge, this is the first proposal of an architecture which integrates many privacy mechanisms in an extensible way. Secondly, we present practical optimizations which considerably improves the performance of the XACML policy evaluation process. © 2013 IEEE

Secure positioning with non-ideal distance bounding protocols

Distance bounding protocols are secure protocols to determine an upper bound to the distance between two devices. These protocols have shown to be useful for many tasks, from proximity verification to secure positioning. Unfortunately, real distance bounding protocols hardly fulfill the claimed property. Attacks at the PHY layer may cause significant reductions on the estimated upper bound. These attacks can be mitigated, not eliminated, by changing the receiver architecture and the PHY layer. Every distance bounding protocol is thus non-ideal. In this paper, we study the impact of non-ideal distance bounding on the reliability of secure positioning techniques. We show that a reduction of 10 meters, which is possible against a real PHY layer, allows the adversary to falsify a position of 21 meters. We also propose two countermeasures to mitigate the problem, and then estimate their efficacy by simulations