Resilient privacy protection for location-based services through decentralization
2019 (English)In: ACM Transactions on Privacy and Security, ISSN 2471-2566, Vol. 22, no 4, article id 21Article in journal (Refereed) Published
Abstract [en]
Location-Based Services (LBSs) provide valuable services, with convenient features for mobile users. However, the location and other information disclosed through each query to the LBS erodes user privacy. This is a concern especially because LBS providers can be honest-but-curious, collecting queries and tracking users' whereabouts and infer sensitive user data. This motivated both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome disadvantages of centralized schemes, eliminating anonymizers, and enhancing users' control over sensitive information. However, an insecure decentralized system could create serious risks beyond private information leakage. More so, attacking an improperly designed decentralized LBS privacy protection scheme could be an effective and low-cost step to breach user privacy. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. We show our scheme can be deployed with off-the-shelf devices based on an experimental evaluation of an implementation in a static automotive testbed.
Place, publisher, year, edition, pages
Association for Computing Machinery , 2019. Vol. 22, no 4, article id 21
Keywords [en]
Honest-but-curious, Location privacy, Pseudonymous authentication, Authentication, Location, Telecommunication services, Decentralized system, Experimental evaluation, Location privacy protection, Off-the-shelf devices, Security enhancements, Sensitive informations, Location based services
National Category
Natural Sciences
Identifiers
URN: urn:nbn:se:ri:diva-40912DOI: 10.1145/3319401Scopus ID: 2-s2.0-85073114023OAI: oai:DiVA.org:ri-40912DiVA, id: diva2:1376781
Note
Funding details: Stiftelsen för Strategisk Forskning, SSF; Funding text 1: This work has been supported by the Swedish Foundation for Strategic Research (SSF) SURPRISE project and the KAW Academy Fellow Trustworthy IoT project. Authors’ addresses: H. Jin, Networked Systems Security Group, KTH Royal Institute of Technology, Kistagången 16, Stockholm, 16440, Sweden; email: hongyuj@kth.se; P. Papadimitratos, Networked Systems Security Group, KTH Royal Institute of Technology, and RISE SICS, Kistagången 16, Stockholm, 16440, Sweden; email: papadim@kth.se. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2019 Association for Computing Machinery. 2471-2566/2019/09-ART21 $15.00 https://doi.org/10.1145/3319401
2019-12-102019-12-102019-12-10Bibliographically approved