DOCSLIB.ORG

Privacy in Geo-Social Networks: Proximity Notification with Untrusted

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Privacy in Geo-Social Networks: Proximity Notification with Untrusted Noname manuscript No. (will be inserted by the editor) Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies Sergio Mascetti · Dario Freni · Claudio Bettini · X. Sean Wang · Sushil Jajodia Received: date / Accepted: date Abstract A major feature of the emerging geo-social 1 Introduction networks is the ability to notify a user when any of his friends (also called buddies) happens to be geographi- A geo-social network is an extension of a social network cally in proximity. This proximity service is usually of- in which the geographical positions of participants and fered by the network itself or by a third party service of relevant resources are used to enable new information provider (SP) using location data acquired from the services. These networks are mostly motivated by the users. This paper provides a rigorous theoretical and increased availability of GPS-enabled mobile devices experimental analysis of the existing solutions for the that support both Location-Based Services (LBSs), and location privacy problem in proximity services. This is easy access to the current social networks. a serious problem for users who do not trust the SP to handle their location data, and would only like to As in most social networks, each user has a contact release their location information in a generalized form list of friends, also called buddies. A basic service in geo- to participating buddies. The paper presents two new social networks is the proximity service that alerts the protocols providing complete privacy with respect to user when any of her buddies is in the vicinity, possibly the SP, and controllable privacy with respect to the enacting other activities like visualizing the buddy's po- buddies. The analytical and experimental analysis of sition on a map, or activating a communication session the protocols takes into account privacy, service preci- with the buddy. Such proximity services, often called sion, and computation and communication costs, show- friend finder, are already available as part of geo-social ing the superiority of the new protocols compared to networks (e.g., Brightkite1), as part of a suite of map those appeared in the literature to date. The proposed and navigation services (e.g., Google Latitude2), or as protocols have also been tested in a full system imple- an independent service that can be integrated with so- mentation of the proximity service. cial networks (e.g., Loopt 3). From a data management point of view, a proxim- arXiv:1007.0408v2 [cs.DB] 6 Nov 2010 Keywords Proximity services, geo-social networks, ity service involves the computation of a range query location-based services, location privacy over a set of moving entities issued by a moving user, where the range is a distance threshold value decided by the user. All existing services are based on a central- S. Mascetti, D. Freni, and C. Bettini ized architecture in which location updates, issued from DICo, Universit`adegli Studi di Milano mobile devices, are acquired by the SP, and proximity E-mail: fmascetti,freni,[email protected] is computed based on the acquired locations. X.S. Wang Department of CS, University of Vermont E-mail: [email protected] S. Jajodia 1 http://brightkite.com CSIS, George Mason University 2 http://www.google.com/latitude E-mail: [email protected] 3 http://www.loopt.com 2 Privacy threats in LBS The location privacy problem in proximity services While proximity services are very attractive for many In this paper we consider geo-social networks proximity social network users, the repeated release of informa- services in which a user usually knows the identity of tion about where the user is at a given time raises se- her buddies, or may easily discover it. In this context, vere privacy concerns. This is an issue that has been identity privacy is not an issue, since the anonymity of deeply investigated in the last years for general LBSs, the buddies is not assumed. For this reason, the prob- even if no general consensus has been reached about lem we address is a location privacy preservation, i.e., how the privacy problem should be defined, measured the first notion accordingly to the above discussion. We and, consequently, alleviated. For this reason we briefly assume that both SP and buddies are considered as po- illustrate the general problem before describing our ap- tential adversaries, that is, a) the users do not trust the proach. service provider that will handle their (sensitive) loca- The lack of agreement observed in the literature is tion data, and b) the users would like to control the mainly due to the dual role that location information precision of the location data released to their buddies. plays in LBS privacy. On one side, location is considered The above assumption of limited trust is formalized the private data that a user does not want to disclose, in terms of privacy preferences. Regarding a), we make because it may be itself sensitive information, or be- the strong requirement that SP should not acquire any cause it may lead to disclosure of sensitive information. location information about the users; regarding b), each For example, by knowing that a user is in a synagogue user can specify the finest precision of the location infor- during an important religious ceremony, an adversary mation that can be disclosed to her buddies, where the may infer, with a certain probability, the user's religious precision is in terms of a spatial region of uncertainty belief, which may be considered a privacy violation by containing the current location. For example, user Al- this user. On the other side, location information may ice allows her buddy Bob to be notified when she is act as a quasi-identifier, i.e., when this information is in proximity, but she wants a) to hide completely her joined with external data it may compromise the user's location to the SP, and b) to ensure that whatever prox- anonymity, and hence allow an adversary to associate imity threshold (i.e., the radius of the proximity query) the user's identity with the sensitive information related Bob is using, he cannot understand where exactly Alice to the service. For example, suppose a user subscribes is located within a region decided by herself (e.g., the to a location-based dating service using a pseudonym; whole university campus). even if the locations released to the service are not Existing proximity services do not offer any protec- considered sensitive by her, her identity can be recov- tion regarding point a) above other than legal privacy ered by first deriving, from her trace of movements, her policy statements, and they offer a very limited control home and workplace addresses and then joining these regarding point b); for example, some solutions allow addresses with public data, like a telephone directory. the user to limit the location released to the buddies In this way, the adversary can deduce the identity of to the precision level of city. Preliminary studies of this the dating service user, a privacy violation. problem have appeared in the academic literature [30, 18,26,16,25], and are analysed in detail in Section 2, Since the specific position of a user at a given time but the solutions provided in these studies have limita- can play either roles illustrated above, two different pri- tions either in terms of safety, system costs, or in terms vacy notions have appeared in the LBS literature: a) of flexibility in the specification of user preferences and location privacy which assumes that untrusted parties adversary model. may know the user's identity but not the user's loca- tion, or at least not the user's precise location, which is considered sensitive and has to be protected [15,28, Contribution 18,11], and b) identity privacy in which the anonymity of the user must be preserved by avoiding the (pre- The main contributions of this paper are the following. cise or imprecise) location information being used as i) This is the first comprehensive rigorous study of lo- a quasi-identifier [10,12,17,7]. Techniques adopted for cation privacy in proximity services, explicitly taking the second notion (e.g., spatial cloaking to include at into account privacy control with respect to buddies. least k users in the released location) do not neces- ii) Two new location privacy preserving protocols are sarily provide privacy guarantees for the first notion, designed, formally analyzed, and empirically tested, show- and vice versa. In Section 2 we shortly review the main ing their superiority with respect to existing solutions. techniques applicable to proximity services, including approaches trying to address both privacy notions. We formally model the privacy preferences that each 3 user can specify as well as the properties that a set of models. In Section 4 we illustrate the two proposed pro- messages, exchanged between a user and the SP, should tocols, and in Section 5 we study their formal proper- have in order to satisfy the privacy preferences. To the ties, including the satisfaction of privacy requirements, best of our knowledge, the formal model proposed in the computational and communication costs, and the this paper is the first one to consider adversaries hav- service precision. In Section 6 we describe the system ing a-priori probabilistic knowledge of users' location. implementation, and in Section 7 we report experimen- For example, it is possible to model the presence of com- tal results. Section 8 concludes the paper with a discus- mon knowledge, like the fact that a user is more likely sion of possible extensions. to be located in the country where she lives rather than in a foreign one.
Load more

Recommended publications
  • Reasons, Rewards, Regrets: Privacy Considerations in Location Sharing As an Interactive Practice
    Reasons, Rewards, Regrets: Privacy Considerations in Location Sharing as an Interactive Practice Sameer Patil, Greg Norcie, Apu Kapadia Adam J. Lee School of Informatics and Computing Department of Computer Science Indiana University University of Pittsburgh 901 E 10th St 210 S Bouquet St Bloomington, IN 47408 USA Pittsburgh, PA 15260 USA {patil, gnorcie, kapadia}@indiana.edu [email protected] ABSTRACT systems focused on enabling collaborators to locate each Rapid growth in the usage of location-aware mobile phones other (e.g., [25, 36]). Such systems typically required orga- has enabled mainstream adoption of location-sharing ser- nizations to install their own location-mapping infrastruc- vices (LSS). Integration with social-networking services ture, either developed in-house by the organization or pur- (SNS) has further accelerated this trend. To uncover how chased from companies such as Ubisense, which offers a 3D localization infrastructure. To scale globally without such these developments have shaped the evolution of LSS usage, 1 we conducted an online study (N = 362) aimed at under- custom infrastructure, services such as Dodgeball allowed standing the preferences and practices of LSS users in the users to send their current locations as text messages to US. We found that the main motivations for location sharing the service, which then alerted friends if they opportunis- were to connect and coordinate with one's social and pro- tically happened to be near each other. Eventually WiFi fessional circles, to project an interesting image of oneself, and GPS-based localization built into smartphones led to and to receive rewards offered for `checking in.' Respon- the development of various stand-alone location-sharing ser- dents overwhelmingly preferred sharing location only upon vices (LSS) such as Foursquare (https://www.foursquare.
    [Show full text]
  • Location-Based Services: Industrial and Business Analysis Group 6 Table of Contents
    Location-based Services Industrial and Business Analysis Group 6 Huanhuan WANG Bo WANG Xinwei YANG Han LIU Location-based Services: Industrial and Business Analysis Group 6 Table of Contents I. Executive Summary ................................................................................................................................................. 2 II. Introduction ............................................................................................................................................................ 3 III. Analysis ................................................................................................................................................................ 3 IV. Evaluation Model .................................................................................................................................................. 4 V. Model Implementation ........................................................................................................................................... 6 VI. Evaluation & Impact ........................................................................................................................................... 12 VII. Conclusion ........................................................................................................................................................ 16 1 Location-based Services: Industrial and Business Analysis Group 6 I. Executive Summary The objective of the report is to analyze location-based services (LBS) from the industrial
    [Show full text]
  • Wireless Evolution •..••••.•.•...•....•.•..•.•••••••...••••••.•••.••••••.••.•.••.••••••• 4
    Department of Justice ,"'''''''''<11 Bureau of Investigation ,Operational Technology Division WIRELESS EVDLUTIDN IN THIS Iselil-it:: .. WIRELESS EVOLUTIDN I!I TECH BYTES • LONG TERM EVOLUTIQN ill CLDUD SERVICES • 4G TECHNOLOGY ill GESTURE-RECOGNITION • FCC ON BROADBAND • ACTIVITY-BASED NAVIGATION 'aw PUIi! I' -. q f. 8tH'-.1 Waa 8RI,. (!.EIi/RiW81 R.d-nl)) - 11 - I! .el " Ij MESSAGE FROM MANAGEMENT b7E he bou~~aries of technology are constantly expanding. develop technical tools to combat threats along the Southwest Recognizing the pathway of emerging technology is Border. a key element to maintaining relevance in a rapidly changing technological environment. While this The customer-centric approach calls for a high degree of T collaboration among engineers, subject matter experts (SMEs), proficiency is fundamentally important in developing strategies that preserve long-term capabilities in the face of emerging and the investigator to determine needs and requirements. technologies, equally important is delivering technical solutions To encourage innovation, the technologists gain a better to meet the operational needs of the law enforcement understanding of the operational and investigative needs customer in a dynamic 'threat' environment. How can technical and tailor the technology to fit the end user's challenges. law enforcement organizations maintain the steady-state Rather than developing solutions from scratch, the customer­ production of tools and expertise for technical collection, while centric approach leverages and modifies the technoloe:v to infusing ideas and agility into our organizations to improve our fit the customer's nFlFlrt~.1 ability to deliver timely, relevant, and cutting edge tools to law enforcement customers? Balancing these two fundamentals through an effective business strategy is both a challenge and an opportunity for the Federal Bureau of Investigation (FBI) and other Federal, state, and local law enforcement agencies.
    [Show full text]
  • Verizon DROID RAZR M User Guide
    DROID RAZR M BY MOTOROLA pick a topic, get what you need At a glance Start Home screen & apps Control & customize Calls Contacts 123456 www. PLAYLISTS qwe r t y Messages Type Socialize Browse Photos & videos Music 44 West Street Books Locate & NAVIGATE Work Connect & transfer Protect Want More? #1 Troubleshoot Safety - - Top topics Search topics At a glance a quick look At a glance Your smartphone Tips & tricks Your smartphone •Start: Insert the SIM and optional memory card, Top topics DROID RAZR M BY MOTOROLA gives you the best of all charge the battery, and register your smartphone. See worlds—a compact smartphone with a large vivid display, “Start”. that’s intuitive and helpful at every step. • Top topics: Just want a quick hit of what your •Speed: 4G LTE speeds and Chrome™ browser. smartphone can do? See “Top topics”. •Design: Premium protective materials—DuPont™ •More: All the topics in this guide and so much more, Kevlar® fiber, Corning® Gorilla® Glass, and a water right on your smartphone. Tap Apps > Help repellent nano-coating. > TUTORIALS or HELP TOPICS. Want more? See “Get • Best of Google™: Google Maps™ Navigation Beta, more!”. Gmail™, Google Play™, Google+, and more. Note: Certain apps and features may not be available in all countries. 3.5mm Headset Notification This product meets the applicable limit for Light 4:00 Front Camera exposure to radio waves (known as SAR) of 1.6 W/kg (FCC & IC). The limits and guidelines Power Key include a substantial safety margin designed to assure micro SIM Mon, Nov 26 100% Card Slot Press = Screen On/Off the safety of all persons, regardless of age and health.
    [Show full text]
  • Google Map Directions Philippines
    Google Map Directions Philippines Sting wings his babassus desolate prosperously or after after Neale criminating and ripen furthermore, viny and honeyed. Uriel impetrate her bridgings unaccountably, ebullient and discarnate. Hilar and relivable Dabney melodramatizes, but Duane blushingly account her otalgia. Being able to philippines google map, invite the world map on the exact location you will read When you input your destination into Google Maps your original estimate is made based upon posted speed limits, Pampango, either for categories like Food or Coffee or custom search strings. By clicking OK or by using this Website, take a bus, and Photos before. On the other hand, and other places of interest, traveling by train in the metro is now made easier with Google Maps. It should be possible to use a VPN to download offline maps. In order to differentiate itself, Lonely Planet uses its own maps to plot your GPS position. At its foundation Apple Maps is a navigation service that will present you with a user friendly map that only shows what data it needs to at the moment. General Construction, geographic feature, from affordable family hotels to the most luxurious ones. Challenge students to redraw a map of their state, they provide a vast number of benefits. The Google Maps application seen displayed on a Android Sony smartphone. Read on to see live radar and maps of the storms, because I was having connection problems at that time. News and analysis from Hong Kong, between Google Maps and a GPS, which you can download for free. It reveals how nicely you understand this subject.
    [Show full text]
  • A First Look at Energy Bugs in Mobile Devices
    Bootstrapping Energy Debugging on Smartphones: A First Look at Energy Bugs in Mobile Devices Abhinav Pathak Y. Charlie Hu Ming Zhang Purdue University Purdue University Microsoft Research [email protected] [email protected] [email protected] ABSTRACT tem, either application, OS, hardware, firmware or exter- This paper argues that a new class of bugs faced by mil- nal that causes an unexpected amount of high energy con- 1 lions of smartphones, energy bugs or ebugs, have become sumption by the system as a whole. Unlike traditional soft- increasingly prominent that already they have led to signif- ware bugs, such errors could happen in any of the wide vari- icant user frustrations. We take a first look at this emerg- ety of entities in a phone (e.g., hardware components, app ing important technical challenge faced by the smartphones, processes, or the OS), and due to a wide variety of root ebugs, broadly defined as an error in the system (applica- causes such as programming errors, inappropriate API us- tion, OS, hardware, firmware, external conditions or com- age, flaws in the design of applications or the OS (device bination) that causes an unexpected amount of high energy drivers), complicated interactions between hardware com- consumption by the system as a whole. We first present a ponents of smartphones, changing external conditions (e.g., taxonomy of the kinds of ebugs based on mining over 39K remote server crash, or weakened wireless signal strength), posts (1.2M before filtering) from 4 online mobile user fo- and faulty hardware itself from daily “wear and tear” due rum and mobile OS bug repositories.
    [Show full text]
  • Getting Started Guide for Motorola Plus
    Welcome Your phone Let’s go Touch tips Home screen AppS Welcome Your phone Let’s go Touchscreen & keys Home screen Apps & updates You work. You have a life. MILESTONE PLUS helps you Most of what you need is in the touchscreen and keys on Let’s get you up and running. Create or log into a MOTOBLUR™ account. Use an It’s all in the touch: The home screen gives you all your latest information in You can find all of your apps in one place. From the home existing email account and a memorable password—these handle it all, hassle free. the front: • Touch: Choose an icon or option. one place. It’s what you see when you turn on the phone or screen, just touch or press Home to open and Caution: Before assembling, charging or using your will become your MOTOBLUR account ID and password. press Home from a menu. close the app menu. • Manage your hectic calendar, then sync with your • Home: Go to the home screen. • Touch & Hold: Open options. phone for the first time, please read the important Registration is secure and should only take a few minutes. computer and favorite websites for anytime access to Use the widgets, shortcuts, and panels to see what’s Want more? No problem: To download more apps, • Menu: Open menu options. legal and safety information packaged with your • Drag: Scroll or move slowly. important meetings and appointments. Note: This phone supports data-intensive apps and important to you—whether it’s home, work or play. touch > .
    [Show full text]
  • On Geo Location Services for Telecom Operators
    On Geo Location Services for Telecom Operators DMITRY NAMIOT 1, MANFRED SNEPS-SNEPPE 2 1Lomonsow Moscow State University, Moscow, Russia [email protected] 2Ventspils University College, Ventspils, Latvia [email protected] Abstract: - This paper presents location based service for telecom providers. Most of the location-based services in the mobile networks are introduced and deployed by Internet companies. It leaves for telecom just the role of the data channel. Telecom providers should use their competitive advantages and offer own solutions. In this paper, we discuss the sharing location information via geo messages. Geo messages let mobile users share location information as signatures to the standard messages (e.g., email, SMS). Rather than let some service constantly monitor (poll) the user’s location (as the most standalone services do) or share location info within any social circle (social network check-in, etc.) The Geo Messages approach lets users share location data on the peer to peer basis. Users can share own location info with any existing messaging systems. And messaging (e.g., SMS) is the traditional service for telecom. Key-Words: - geocoding, LBS, location, messaging, telecom, OMA SUPL 1 Introduction privacy is probably the biggest issue with this It is obvious, that the question “where are you” is approach. All potential users should be aware that one of the most often asked during the some third party tool is constantly monitoring their communications. 600 billion text messages per year location and saves it on the some external server. in the US ask "where are you?" – as per Location And, of course, the shortened life of the handset’s Business Summit 2010 data.
    [Show full text]
  • Location-Based Services
    school bookstore hotel home courthouse doctor favorite bar Location-Based Services: A Publication of the ACLU of Northern California Time for a Privacy Check-In NOVEMBER 2010 A publication of the ACLU of Northern California www.dotrights.org www.aclunc.org/tech Available online at www.DotRights.org eed to get directions when you are lost? Looking for a restaurant nearby? Want to know if your friends are in the neighborhood? Location-based services—applications and websites that Nprovide services or information based on your current location—can put this information and more in the palm of your hand. But while it may be easy to find people or places, finding the privacy protections for all of the sensitive data collected by these location-based services can be far more difficult. Can location-based services protect your privacy? Do they? And what can we do to improve the situation? Location-Based Services: Time for a Privacy Check-In is the third in a series of issue papers by the ACLU of Northern California that discuss new technology trends and their consequences. This paper examines the current state of legal and technical privacy protections for users of location-based services and explores opportunities for consumers, businesses, and policymakers to work together to update and enhance these protections. Part I of this paper provides background information on location-based services. Part II examines the privacy concerns that arise from the use of location-based services and Part III surveys the current state of privacy protections for consumers of these services. Finally, Part IV identifies opportunities for consumers, businesses, and policymakers to reinforce privacy protections for location information so that individuals are not forced to pay for location-based services with control over their personal information.
    [Show full text]
  • HTC Hero User Manual
    User Manual www.htc.com Please Read Before Proceeding THE BATTERY IS NOT CHARGED WHEN YOU TAKE IT OUT OF THE BOX. DO NOT REMOVE THE BATTERY PACK WHEN THE DEVICE IS CHARGING. YOUR WARRANTY IS INVALIDATED IF YOU DISASSEMBLE OR ATTEMPT TO DISASSEMBLE THE DEVICE. PRIVACY RESTRICTIONS Some countries require full disclosure of recorded telephone conversations, and stipulate that you must inform the person with whom you are speaking that the conversation is being recorded. Always obey the relevant laws and regulations of your country when using the recording feature of your phone. INTELLECTUAL PROPERTY RIGHT INFORMATION Copyright © 009 HTC Corporation. All Rights Reserved. HTC, the HTC logo, HTC Innovation, ExtUSB, HTC Hero, HTC Sense, HTC Peep, Footprints, HTC Sync, and HTC Care are trademarks and/or service marks of HTC Corporation. Copyright © 009 Google Inc. Used with permission. Google, the Google logo, Android, Google Search, Google Maps, Gmail, YouTube, Android Market, and Google Talk are trademarks of Google Inc. Google, the Google logo and Google Maps are trademarks of Google, Inc. TeleAtlas® Map Data ©009. Street View Images ©009 Google. Microsoft, Windows, Windows XP, Windows Vista, Word, Excel, PowerPoint, and Outlook are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Bluetooth and the Bluetooth logo are trademarks owned by Bluetooth SIG, Inc. Wi-Fi is a registered trademark of the Wireless Fidelity Alliance, Inc. microSD is a trademark of SD Card Association. Copyright © 009, Esmertec AG. All Rights Reserved. Java, JME and all other Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc.
    [Show full text]
  • Your HTC One User Guide 2 Contents Contents
    Your HTC One User guide 2 Contents Contents Unboxing HTC One 7 SIM card 8 Charging the battery 10 Switching the power on or off 10 Want some quick guidance on your phone? 11 Setting up your phone Setting up your new phone for the first time 12 Transferring content from an Android phone 13 Transferring content from an iPhone 14 Transferring content from your old phone through Bluetooth 15 Getting contacts and other content into HTC One 15 Transferring photos, videos, and music between your phone and computer 16 Home screen 16 Getting to know your settings 17 Updating the HTC One software 17 Your first week with your new phone About your phone 19 Basics 21 Home screen feeds 29 Notifications 30 Working with text 33 Battery 37 Camera and Gallery Camera 41 Gallery 46 Personalizing Making HTC One truly yours 56 Changing your wallpaper 56 Adding a widget to your Home screen 56 Adding apps and other shortcuts on your Home screen 58 Rearranging or removing widgets and icons on your Home screen 58 Personalizing the launch bar 59 Grouping apps into a folder 60 Adding a Home screen panel 61 Changing your ringtone, notifications, and sounds 61 3 Contents Rearranging application tabs 61 Customizing the lock screen style 61 Hiding missed calls and messages on the lock screen 62 Securing HTC One with a personal touch 62 Phone calls Making a call with Smart dial 63 Returning a missed call 64 Using Speed dial 64 Calling a phone number in a text message 64 Calling a phone number in an email 65 Calling a phone number in a Calendar event 65 Making an emergency
    [Show full text]
  • Google Latitude Adds Location History, Alerts You When Friends Are Nearby 11 November 2009, by Adam Pash
    Google Latitude adds location history, alerts you when friends are nearby 11 November 2009, By Adam Pash and not create alerts when you're at places like home or work. Alerts will only be sent to you and any nearby friends when you're either at an unusual place or at a routine place at an unusual time." Neat. Of course, the features are only as useful as their adoption, and considering iPhone users are stuck with a kind of lame web app because Apple worried that Latitude would confuse users, so it probably hasn't been adopted as widely as might be necessary. Then again, if you've got an Android, BlackBerry, Symbian S60, or Windows Mobile phone, you can grab the proper app. Google Latitude to find your nearby friends, you're Google Latitude, now with Location History & in luck: Google updated Latitude with location Alerts: google.com/latitude/apps history and alerts for when your friends are nearby. ___ If you don't love your every step tracked -- well, it's kind of creepy. (c) 2009, Gawker Media Distributed by McClatchy-Tribune Information Clearly if you're someone concerned about your Services. privacy, a service like Latitude (and its recent updates) may feel a bit strange. Just keep in mind that the extent to which Latitude tracks you is always in your hands. Moving onto the new features: Location history is pretty straight forward. Enable it in Latitude and the app starts keeping track of where you've been as well as where you are. Location alerts, on the other hand, are a little more interesting.
    [Show full text]