29-04-2014, 11:05 AM
Toward Privacy Preserving and Collusion Resistance in a Location Proof Updating System
Toward Privacy Preserving and Collusion.PDF (Size: 795.87 KB / Downloads: 46)
Abstract
Today’s location-sensitive service relies on user’s mobile device to determine the current location. This allows malicious
users to access a restricted resource or provide bogus alibis by cheating on their locations. To address this issue, we propose A
Privacy-Preserving LocAtion proof Updating System (APPLAUS) in which colocated Bluetooth enabled mobile devices mutually
generate location proofs and send updates to a location proof server. Periodically changed pseudonyms are used by the mobile devices
to protect source location privacy from each other, and from the untrusted location proof server. We also develop user-centric location
privacy model in which individual users evaluate their location privacy levels and decide whether and when to accept the location proof
requests. In order to defend against colluding attacks, we also present betweenness ranking-based and correlation clustering-based
approaches for outlier detection. APPLAUS can be implemented with existing network infrastructure, and can be easily deployed in
Bluetooth enabled mobile devices with little computation or power cost. Extensive experimental results show that APPLAUS can
effectively provide location proofs, significantly preserve the source location privacy, and effectively detect colluding attacks.
INTRODUCTION
LOCATION-BASED services take advantage of user location
information and provide mobile users with various
resources and services. Nowadays, more and more location-
based applications and services require users to provide
location proofs at a particular time. For example, “Google
Latitude” and “Loopt” are two services that enable users to
track their friends’ locations in real time. These applications
are location-sensitive since location proof plays a critical
role in enabling these applications.
There are many kinds of location-sensitive applications.
One category is location-based access control. For example,
a hospital may allow patient information access only when
doctors or nurses can prove that they are in a particular
room of the hospital [19]. Another class of location-sensitive
applications require users to provide past location proofs
[26], such as auto insurance quote in which auto insurance
companies offer discounts to drivers who can prove that
they take safe routes during their daily commutes, police
investigations in which detectives are interested in finding
out if a person was at a murder scene at some time, and
location-based social networking in which a user can ask for a
location proof from the service requester and accepts the
request only if the sender is able to present a valid location
proof.
PRELIMINARIES
In this paper, we focus on mobile networks where mobile
devices such as cellular phones communicate with each
other through Bluetooth. In our implementation, mobile
devices periodically initiate location proof requests to all
neighboring devices through Bluetooth. After receiving a
request, a mobile node decides whether to exchange
location proof, based on its own location proof updating
requirement and its own privacy consideration. Given its
appropriate range (about 10 m) and low power consump-
tion, Bluetooth is a natural choice for mutual encounters
and location proof exchange.
Pseudonym
As commonly used in many networks, we consider an online
Certification Authority (CA) run by independent trusted
third party which can preestablish credentials for the mobile
devices. Similar to many pseudonym approaches, to protect
location privacy Due to the broadcast nature of wireless communication,
probes are used for mobile nodes to discover their
neighbors. When a node i receives a probe from another
node, it checks the certificate of the public key of the sender
and the physical identity, e.g., Bluetooth MAC address.
After that, i verifies the signature of the probe message.
Subsequently, if confidentiality is required, a security
association is established (e.g., with Diffie-Hellman).
SOURCE LOCATION PRIVACY ANALYSIS
In this section, we discuss the location privacy threat in our
system, as well as our countermeasures.
We first look at how an adversary may reveal location
information by analyzing the location proof history.
Suppose the attacker has sufficient resources (e.g., in
storage, computation and communication). First, the attack-
er may simply monitor and examine the content of a record
that contain the user’s identity and location. Second, even
if the user’s ID is encrypted or pseudonymized, it is easy for
the adversary to trace back all the location activities related
to the same ID once its pseudonym is discovered. Third,
even though the user’s pseudonyms change periodically, it
is still possible for the adversary to infer this user’s other
pseudonyms from one pseudonym if these pseudonyms
change at similar time or locations. Moreover, the attacker
may perform more advanced traffic analysis including rate
monitoring and location correlation. In a rate monitoring
attack, the attacker tries to monitor and correlate location
proof updating rates from different pseudonyms. In a
location correlation attack, the attacker may observe the
correlation in the updated location between a node and its
neighbors, attempting to deduce a relationship.
CONCLUSIONS
In this paper, we proposed a privacy-preserving location
proof updating system called APPLAUS, where colocated
Bluetooth enabled mobile devices mutually generate loca-
tion proofs and upload to the location proof server. We use
statistically changed pseudonyms for each device to protect
source location privacy from each other, and from the
untrusted location proof server. We also develop a user-
centric location privacy model in which individual users
evaluate their location privacy levels in real time and decide
whether and when to accept a location proof exchange
request based on their location privacy levels. To the best of
our knowledge, this is the first work to address the joint
problem of location proof and location privacy. To deal
with colluding attacks, we proposed betweenness ranking
based and correlation clustering-based approaches for
outlier detection. Extensive experimental and simulation
results show that APPLAUS can provide real-time location
proofs effectively. Moreover, it preserves source location
privacy and it is collusion resistant.