Reference : Location Assurance and Privacy in Location-based Services |
Dissertations and theses : Doctoral thesis | |||
Engineering, computing & technology : Computer science | |||
http://hdl.handle.net/10993/17668 | |||
Location Assurance and Privacy in Location-based Services | |
English | |
Chen, Xihui ![]() | |
20-Jun-2014 | |
University of Luxembourg, Luxembourg, Luxembourg | |
Docteur en Informatique | |
Mauw, Sjouke ![]() | |
Pang, Jun ![]() | |
Lenzini, Gabriele ![]() | |
[en] location assurance ; privacy ; location-based service | |
[en] Due to the development of global navigation satellite systems (GNSS), people are able to obtain their precise locations in real time. This in turn leads to a wide range of location-based services (LBS), through which a user can acquire information customised to locations. However, the vulnerabilities of GNSS systems and the exposure of information such as locations and queries in LBS requests impose a strong need from users on security. In this thesis, we study two security requirements in LBSs: location assurance and privacy. Location assurance expresses users’ requirement for trustworthy locations in terms of correctness and precision while privacy addresses users’ concern about personal information leakage in LBSs.
First, we present a trust framework to detect spoofing by evaluating the integrity of GNSS signals. The framework combines existing spoofing detection methods to generate an overall quantitative evaluation of the integrity of received signals. Based on this evaluation, users can determine the extent to which they can trust their locations. We implement a prototype based on our framework and develop a public service called location assurance certification. In this service, a trusted agent is introduced to issue certificates for users’ locations according to the integrity of their received signals. Second, we propose a general approach to protect users’ query privacy when the adversary has access to various contextual information. We present a probabilistic framework, in which we formally define the attacks to infer the issuers of LBS queries by exploring various contextual information. With this framework, we propose a series of query privacy metrics. These metrics not only measure query privacy from different perspectives but also enable users to express their requirements for query privacy flexibly and precisely. Our framework finally allows us to develop new mechanisms which provide protection for users’ query privacy satisfying their requirements. Third, we address location privacy. Many location privacy preserving methods (LPPM) have been proposed to protect users’ location privacy. A user will make use of them to break the link between his identity and his locations when requesting LBSs. We propose a new attack on location privacy based on the adversary’s observation on users’ locations protected by LPPMs. Compared to existing attacks which target at where users went, our attack provides the adversary with sufficient information to infer what users did, i.e., their activities. Specifically, through our attack, the adversary learns the places where users performed activities and their beginning and ending time of each activity. To achieve this goal, we explore the patterns of users with respect to movements and requesting LBSs, i.e., user profiles. | |
Interdisciplinary Centre for Security, Reliability and Trust | |
Fonds National de la Recherche - FnR | |
Secure and Private Location Proofs: Architecture and Design for Location Based Services | |
Researchers ; Professionals ; Students ; General public | |
http://hdl.handle.net/10993/17668 |
File(s) associated to this reference | ||||||||||||||
Fulltext file(s):
| ||||||||||||||
All documents in ORBilu are protected by a user license.