1 / 21

Location Services with Built-In Privacy

Location Services with Built-In Privacy. Arvind Narayanan Stanford University Joint work with Narendran Thiagarajan , Mugdha Lakhani , Mike Hamburg, Dan Boneh. Location-based social networking. Hype Reality. Used by 4% of Americans (and 6% of social networking users).

jarah
Download Presentation

Location Services with Built-In Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Location Services with Built-In Privacy Arvind Narayanan Stanford University Joint work with NarendranThiagarajan, MugdhaLakhani, Mike Hamburg, Dan Boneh

  2. Location-based social networking Hype Reality Used by 4% of Americans (and 6% of social networking users) Hypothesis: privacy-preserving location services have value

  3. What can we do privately Proximity testing: detect when friends are nearby When not nearby, friends don’t see your location Server never sees location Building block for more complex functionality

  4. Proximity testing: some applications Granularity must be user-configurable

  5. Client-server vs. peer-to-peer Only client-server model supports configurable granularity Poor/nonexistent infrastructure for complex peer-to-peer protocols

  6. Mathematical formulation: not obvious “Pairs of friends get notified whenever they are within 100ft of each other” Triangulation attack

  7. Reducing proximity testing to equality testing

  8. Reducing proximity testing to equality testing

  9. Reducing proximity testing to equality testing

  10. Reducing proximity testing to equality testing Approximation ratio = 4/√3 (optimal for 3 grid system)

  11. Equality testing Space of possible locations is small! ElGamal-like cryptographic protocol based on Decisional Diffie Hellman (DDH) problem (Lipmaa) Improved constant factor ? x = y

  12. Server participation Server can pretty much learn everyone’s location ax+b ay+b   x y

  13. Server participation done right Server can cause users to compute wrong answer but cannot cause privacy breach Avoids need for big integer arithmetic Information-theoretic security s x y s(x-y) s(x-y)

  14. Problem: online brute-force attack If only there were a way to verify that a user really is where they claim to be…

  15. Location tags

  16. Properties of location tags Location tag = vector + matching function i.e., space-time fingerprint Unpredictability cannot produce matching tag unless nearby Reproducibility two devices at same place & time produce matching tags (not necessarily identical)

  17. Location tags using WiFi packets Discard packets like TCP that may originate outside local network • DHCP, ARP, Samba etc. are local 15 packets/sec on CS/EE VLAN Two different devices see about 90% of packets in common

  18. Location features Each packet is a “location feature” At least around 10 bits of entropy Timing, source/destination and other packet contents Tag with 15 location features gives > 80-bit security level

  19. Comparing location tags Need to compare two vectors that match approximately: fuzzy set intersection Basic concept: Alice encodes vector as polynomial Sends random points on polynomial to Bob Intersection size is large  few enough “errors”  Bob can decode using Berlekamp-Massey algorithm

  20. Other location privacy questions Advertising Search Statistics

  21. Thank you

More Related