Location Assurance and Privacy in Location-based Services

Due to the development of global navigation satellite systems (GNSS), people are able to obtain their precise locations in real time. This in turn leads to a wide range of location-based services (LBS), through which a user can acquire information customised to locations. However, the vulnerabilities of GNSS systems and the exposure of information such as locations and queries in LBS requests impose a strong need from users on security. In this thesis, we study two security requirements in LBSs: location assurance and privacy. Location assurance expresses users’ requirement for trustworthy locations in terms of correctness and precision while privacy addresses users’ concern about personal information leakage in LBSs.

First, we present a trust framework to detect spoofing by evaluating the integrity of GNSS signals. The framework combines existing spoofing detection methods to generate an overall quantitative evaluation of the integrity of received signals. Based on this evaluation, users can determine the extent to which they can trust their locations. We implement a prototype based on our framework and develop a public service called location assurance certification. In this service, a trusted agent is introduced to issue certificates for users’ locations according to the integrity of their received signals.

Second, we propose a general approach to protect users’ query privacy when the adversary has access to various contextual information. We present a probabilistic framework, in which we formally define the attacks to infer the issuers of LBS queries by exploring various contextual information. With this framework, we propose a series of query privacy metrics. These metrics not only measure query privacy from different perspectives but also enable users to express their requirements for query privacy flexibly and precisely. Our framework finally allows us to develop new mechanisms which provide protection for users’ query privacy satisfying their requirements.

Third, we address location privacy. Many location privacy preserving methods (LPPM) have been proposed to protect users’ location privacy. A user will make use of them to break the link between his identity and his locations when requesting LBSs. We propose a new attack on location privacy based on the adversary’s observation on users’ locations protected by LPPMs. Compared to existing attacks which target at where users went, our attack provides the adversary with sufficient information to infer what users did, i.e., their activities. Specifically, through our attack, the adversary learns the places where users performed activities and their beginning and ending time of each activity. To achieve this goal, we explore the patterns of users with respect to movements and requesting LBSs, i.e., user profiles.