Private Sharing of User Location over Online Social Networks
description
Transcript of Private Sharing of User Location over Online Social Networks
![Page 1: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/1.jpg)
Private Sharing of User Location over Online Social NetworksJulien Freudiger, Raoul Neu and Jean-Pierre Hubaux - EPFL, Switzerland HotPETs, Berlin, July 2010
![Page 2: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/2.jpg)
2
GPS
Lat: 46.65Lon: 6.561
3. SHARING
WiFi
1. LOCALIZATION 2. VISUALIZATION
Alice: 46.651,6.561Bob: 46.652,6.562Chris: 46.653,6.563
![Page 3: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/3.jpg)
Online Social Networks with Location Sharing Services (LSS)
3
LBS Coordinator
![Page 4: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/4.jpg)
Privacy Threats
Location Sharing Services and passive eavesdroppers can collect user locations
• Localization attack• Profiling attack• Retroactive attack
4
![Page 5: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/5.jpg)
Goal
5
CLIE
NT
SERV
ERS
Application PrivL– Client-side application– Works with existing location sharing
services– Privacy by design
Design application for private sharing of user Location
![Page 6: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/6.jpg)
PRIVL DESCRIPTION
6
privl.sourceforge.net
![Page 7: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/7.jpg)
Privacy-Preserving Mechanisms
LOCALIZATION & VISUALIZATIONCacheDummy Queries
SHARINGEncryptionEphemeral Storage
7
![Page 8: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/8.jpg)
Privacy-Preserving LocalizationCaching
8
MAC1
MAC3
MAC2
QUERY: (MAC1, -62dB; MAC2, -80dB; MAC3, -70dB)
RECEIVE: (Lat: 46.653, Lon: 6.561)
SIGNAL: -62 dB
SIGNAL:
-80 dB
SIGNAL: -70dB
dummy queries
QUERY: (MAC1, -62dB; MAC2, -80dB; MAC3, -70dB)
RECEIVE: (Lat: 46.653, Lon: 6.561) Cache from Wigle.net
Local
Internet
![Page 9: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/9.jpg)
14h10
14h12
14h15
Privacy-Preserving LocalizationQuery Obfuscation with Dummies
![Page 10: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/10.jpg)
Clever Dummy Queries
Constraints – Spatial– Temporal– Statistical
10
TH You, WC Peng, WC Lee. Protecting moving trajectories with dummies. In PALMS 2007MC González, CA Hidalgo, AL Barabási. Understanding individual human mobility patterns. Nature. 2008
Generate virtual identities
![Page 11: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/11.jpg)
Privacy-Preserving VisualizationAttribute Obfuscation
11
User: 46.52, 6.55A: 46.52,6.56B: 46.52,6.59C: 46.51,6.56
Center: 46.51, 6.57
LocalJavascript
![Page 12: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/12.jpg)
Privacy-Preserving VisualizationQuery Obfuscation & Caching
12
![Page 13: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/13.jpg)
Privacy-Preserving SharingSecurity Association
Side channel for secret sharing– Bluetooth– SMS (trust in cellular operator)– Phone Call
Obtain pairwise secret Ki
13
A B
![Page 14: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/14.jpg)
Privacy-Preserving SharingEphemeral Storage
14
username: (lat, lon)
username: (reference1, reference2) reference1_reference2 : AESKi (lat, lon)Ephemeral Private
Standard
username: AESKi(lat, lon)Private
R Geambasu, T Kohno, A Levy, HM Levy. Vanish: Increasing data privacy with self-destructing data. USENIX. 2009
Location Format(lat, lon) ([-90,90], [-180,180])
LSS
DHT
![Page 15: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/15.jpg)
Implementation
QT Framework: Cross platform (Symbian, MeeGo)
Generic Client: Works with any LSS operator
Privacy by Design: Build in privacy
Open Source: PrivL.sourceforge.net
15
![Page 16: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/16.jpg)
Demo
16
![Page 17: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/17.jpg)
APPLICATION PERFORMANCESPrivacy, ok, but at what cost?
17
![Page 18: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/18.jpg)
Localization Overhead
Cache WiFi WiFi + 1 Dummy
GPS0
1
2
3
4
5
6
Time to locate a user
Tim
e in
seco
nds
18
Localization method
0 1 2 3 4 5 6 7 8 9 100
1
2
3
4
5
6
Time to locate a user(WiFi + Dummy)
Tim
e in
seco
nds
# of dummies
![Page 19: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/19.jpg)
Sharing Overhead
Standard Private0123456
Upload user’s position
LSS DHTTi
me
in se
cond
s
Mode
Standard Private0123456
Download 4 friends’ position
LSS DHT
Tim
e in
seco
nds
19
Mode
![Page 20: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/20.jpg)
ConclusionLOCALIZATION, VISUALIZATION & SHARING
– Cache: Fast, not always scalable– Dummy Queries: Little computation overhead, hard to fake– Broadcast Encryption: Little overhead– Ephemeral Storage: 5x slower than standard storage
PrivL: First implementation of client-side PET for user location sharing
Future work– Privacy evaluation of clever dummy queries– Interface to other LSSs– Enhance GUI
20
![Page 21: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/21.jpg)
Private Sharing of User Location over Online Social NetworksJulien Freudiger, Raoul Neu and Jean-Pierre Hubaux – EPFL, SwitzerlandLca.epfl.ch/privacy - [email protected] - twitter.com/jfreudiger
![Page 22: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/22.jpg)
BACKUP SLIDESJust in case
22
![Page 23: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/23.jpg)
Memory Usage
PrivL Nokia Maps0
2
4
6
8
10
12
14
16
23
MBy
tes
![Page 24: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/24.jpg)
0 1 2 3 4 5 6 7 8 9 100
500
1000
1500
2000
2500
Localization (Up)Localization (Down)Visualization (Up)Visualization (Down) (*1024)
Communication OverheadBy
tes
# of dummies
![Page 25: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/25.jpg)
Scalability
0 1 2 3 40
1
2
3
4
5
6
Time to obtain friends’ position
Tim
e in
seco
nds
25
# of friends
![Page 26: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/26.jpg)
Details of Sharing Architecture
26
DHT (ephemeral storage)
UserA:UserA:Lat’:Lon’ AESkey0(Lat, Lon)
PrivL (client)
LSS (3rd party server)
UserA:Friend1:Lat’:Lon’ AESkey1(Lat, Lon)
Key Value
UserA:Friend2:Lat’:Lon’ AESkey2(Lat, Lon)
UserA:Friend3:Lat’:Lon’ AESkey3(Lat, Lon)
WiFi / GPSPosition of UserA : (Lat, Lon)
DHT Reference (Lat’ ,Lon’) = RNG([-90,90], [-90,90])
SAAES Session Key
encrypt
(Lat’, Lon’)
Friend1
Friend2
Friend3
4 13
2
56
Account of User A
My Friends
My Position:
![Page 27: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/27.jpg)
ScreenShots
PrivL.sourceforge.net27
![Page 28: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/28.jpg)
28
Related Work Information Sharing
Social NetworksNoyb (Firefox Plugin): “dictionaries” to convert ciphertext into proper format
Flybynight (Facebook App): Encrypt free-text data in Facebook
Access Control (Firefox Plug-in by Beato et al.): Access control in social networks
Location SharingLocaccino (Platform): User-defined rules to control location sharing
Tsai (Survey): Analysis of privacy policies in LBS
![Page 29: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/29.jpg)
29
Related Work Broadcast Encryption
n = number of Usersr = number of revoked Userss = ciphertext size
BWGNNL trivial
s = O(n-r)s = O(sqrt(n)) rr = 0s = O(r)
C. Delerablée, P. Pailler and D. Pointcheval. Fully collusion secure dynamic broadcast encryption with constant size ciphertexts or decryption keys. In Pairing, 2007
![Page 30: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/30.jpg)
Caching Wireless Access PointsCache access points in user-defined Area of Interest
1. Select a city (e.g. Lausanne)2. City name => GPS coordinates
Lausanne -> (46.5196168, 6.6322095)
3. Area is a square centered on this point– 46.5296168 , 46.5296168– 66.6422095, 6.6222095
4. Query WiGLE.net
30
![Page 31: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/31.jpg)
31
Wireless Triangulation API{ "version": "1.1.0", "host": "maps.google.com", "request_address": true,
"cell_towers": [ { "cell_id": 42"location_area_code": 415"mobile_country_code": 310"mobile_network_code": 410],
"wifi_towers": [ { "mac_address": "01-23-45-67-89-ab","signal_strength": 8]
}
![Page 32: Private Sharing of User Location over Online Social Networks](https://reader036.fdocuments.in/reader036/viewer/2022081511/56816468550346895dd653ef/html5/thumbnails/32.jpg)
32
Ipoki.com APIUsers should be authenticated using the Ipoki plugin. /signin.php?user=[username]&pass=[password]&ver=[optional plugin version] 'CODIGO$$$'.[session id].'$$$'.[server URL].'$$$'.[0=no update, 1=optional update, 2=must update].'$$$‘
Set the user's location./ear.php?iduser=[session id]&lat=[latitude]&lon=[logintude]&h=[altitude]&speed=[speed]&to=[to]&comment=[comment]&action=[action]&change=[status change]if ($alert) {echo 'ALERT$$$' . [alert text] . '$$$' . [URL] . '$$$' . [latitud] . '$$$' . [longitude] . '$$$' . [radio] . '$$$' . [username] . '$$$'; } else if ($comment) {echo 'COMMENT$$$' . [user] . '$$$' . [comment] . '$$$' . [action].'$$$';} else {echo 'OK'; }
Get the location of a user. /readposition.php?iduser=" + [session id] (-999.999999,-999.999999)
Get a list of friends for the calling user and their location. /myfriends.php?iduser=" + [session id]"$$$".[username]."$$$".[latitude]."$$$".[longitude]."$$$".[session key];