Resilient Collaborative Privacy for Location-Based Services

Jin, Hongyu; Papadimitratos, Panagiotis

doi:10.1007/978-3-319-26502-5_4

Cited by 4 publications

(9 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Decentralization of a system could be due to various reasons, among which privacy is one of the main concerns that motivates the decentralization. It has been considered in many works that the central servers in OSNs or LBSs are tend to collect sensitive information of users and even inferring extra information from the collected data [48], [24], [31]. Such central servers fall into honest-but-curious model.…”

Section: A Decentralizationmentioning

confidence: 99%

“…Pseudonymous can be integrated with different services (and their SPs) to provide secure and privacy preserving VSNs. For example, in [31], a secure and privacy-enhancing LBS is proposed leveraging information sharing and the pseudonymous authentication. Users authenticate their queries and responses under the pseudonyms obtained from the PCA.…”

Section: B Pseudonymous Authenticationmentioning

confidence: 99%

See 1 more Smart Citation

Security and Privacy in Vehicular Social Networks

Jin¹,

Khodaei²,

Papadimitratos³

2017

Vehicular Social Networks

Self Cite

View full text Add to dashboard Cite

Section: A Decentralizationmentioning

confidence: 99%

Section: B Pseudonymous Authenticationmentioning

confidence: 99%

Security and Privacy in Vehicular Social Networks

Jin¹,

Khodaei²,

Papadimitratos³

2017

Vehicular Social Networks

Self Cite

View full text Add to dashboard Cite

“…An alternative collaborative privacy protection approach is to pass/share LBS-obtained information among users, to decrease exposure to the LBS server [31,55]. The sharing approach requires 1 arXiv:2001.07583v2 [cs.CR] 22 Jan 2020 nodes to cache information received from the LBS and pass it to neighbors when requested.…”

Section: Introductionmentioning

confidence: 99%

“…However, if such k users are too close, e.g., in a church, a shopping mall, or a cinema, such symbolic "addresses" can still be disclosed. Thus, it is hard to define how large k should be to ensure an appropriate level of protection.An alternative collaborative privacy protection approach is to pass/share LBS-obtained information among users, to decrease exposure to the LBS server [31,55]. The sharing approach requires 1 arXiv:2001.07583v2 [cs.CR] 22 Jan 2020 nodes to cache information received from the LBS and pass it to neighbors when requested.…”

mentioning

confidence: 99%

“…Responses signed by the LBS server [55] can be self-verifiable allowing detection of manipulation by a node. However, a misbehaving node passing on tampered responses would remain "invisible" and continue attacking the system, wasting computational power [31]. Moreover, decentralizing functionality could provide an easy way for passive adversaries to learn information from neighbors.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Resilient privacy protection for location-based services through decentralization

Jin

Papadimitratos

2017

Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Self Cite

View full text Add to dashboard Cite

and RISE SICS, SwedenLocation-based Services (LBSs) provide valuable services, with convenient features for mobile users. However, the location and other information disclosed through each query to the LBS erodes user privacy. This is a concern especially because LBS providers can be honest-but-curious, collecting queries and tracking users' whereabouts and infer sensitive user data. This motivated both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome disadvantages of centralized schemes, eliminating anonymizers, and enhancing users' control over sensitive information. However, an insecure decentralized system could create serious risks beyond private information leakage. More so, attacking an improperly designed decentralized LBS privacy protection scheme could be an effective and low-cost step to breach user privacy. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. We show our scheme can be deployed with off-the-shelf devices based on an experimental evaluation of an implementation in a static automotive testbed.Additional Key Words and Phrases: Location privacy, honest-but-curious, pseudonymous authentication INTRODUCTIONA Location-based Service (LBS) query targets a location/region and expresses one or more specific user interests; the LBS server responds with the most up-to-date relevant information, e.g., the latest menu of a restaurant, movies at a cinema, remaining parking slots at a shopping mall, or traffic conditions in the area. During this process, users' current or future whereabouts and interests are disclosed to the LBS server through their queries. All submitted information is deemed necessary to best serve users, and the LBS server is entrusted with rich data. However, many studies [5,15,62] reveal that service providers can be honest-but-curious, aggressively collecting information to profile users, e.g., identifying home or working places or inferring interests for commercial purposes.LBS privacy is studied extensively. Location k-anonymity [16] ensures that at least k − 1 other users are involved in an obfuscated region, R, used as the querier's location. Therefore, even in the presence of a local observer in R, the query cannot be linked to a certain user; the LBS server only learns the querier is one among k users in R. Protection can be achieved by centralized schemes [16,45,46] that introduce an anonymizer, a proxy between users and the LBS server, which anonymizes user queries before sending them to the LBS server. However, the assumed anonymizer trustworthiness merely "shifts" the trust from the LBS server to the anonymizer, holding rich information the same way that the LBS server would. Simply put, an anonymizer could be it...

show abstract

k-Trustee: Location injection attack-resilient anonymization for location privacy

Jin

Palanisamy

Joshi

2018

Computers & Security

View full text Add to dashboard Cite

Cloaking-based location privacy preserving mechanisms have been widely adopted to protect users' location privacy when using location-based services. A fundamental limitation of such mechanisms is that users and their location information in the system are inherently trusted by the Anonymization Server without any verification. In this paper, we show that such an issue could lead to a new class of attacks called location injection attacks which can successfully violate users' in-distinguishability (guaranteed by k-Anonymity) among a set of users. We propose and characterize location injection attacks by presenting a set of attack models and quantify the costs associated with them. We then propose and evaluate k-Trustee, a trust-aware location cloaking mechanism that is resilient to location injection attacks and guarantees a lower bound on the user's in-distinguishability. k-Trustee guarantees that each user in a given cloaked region can achieve the required privacy level of k-Anonymity by including at least k-1 other trusted users in the cloaked region. We demonstrate the effectiveness of k-Trustee through extensive experiments in a real-world geographic map and our experimental results show that the proposed cloaking algorithm guaranteeing k-Trustee is effective against various location injection attacks.

show abstract

Resilient Collaborative Privacy for Location-Based Services

Cited by 4 publications

References 21 publications

Security and Privacy in Vehicular Social Networks

Security and Privacy in Vehicular Social Networks

Resilient privacy protection for location-based services through decentralization

k-Trustee: Location injection attack-resilient anonymization for location privacy

Contact Info

Product

Resources

About