1 / 23

Preserving Location Privacy in Wireless LANs

Preserving Location Privacy in Wireless LANs. Jiang, Wang and Hu MobiSys 2007 Presenter: Bibudh Lahiri. Organization. Problem Definition Existing Solutions and Their Shortcomings Preliminaries Proposed Solutions Results Limitations of the Proposed Solutions. Problem Definition.

moke
Download Presentation

Preserving Location Privacy in Wireless LANs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preserving Location Privacy in Wireless LANs Jiang, Wang and Hu MobiSys 2007 Presenter: Bibudh Lahiri

  2. Organization • Problem Definition • Existing Solutions and Their Shortcomings • Preliminaries • Proposed Solutions • Results • Limitations of the Proposed Solutions

  3. Problem Definition • To preserve the location information of a mobile wireless station • Location data in wrong hands can be seriously abused • RF-based localization systems

  4. Existing Solutions and Their Shortcomings • Privacy of location data is at risk when transmitted for location-based services • Gruteser, Grunwald (Mobisys ‘03) • Reduce spatial and temporal precision of location data • Works for application-provided location data • This paper addresses location tracked from any wireless transmission

  5. Existing Solutions… • Gruteser, Grunwald (WMASH ‘03) • Adversary can be outsmarted with frequently-changing pseudonyms • Does not work if adversary has enough knowledge of user’s mobility pattern • Can correlate the packets coming from the same mobile user

  6. Existing Solutions… • Silent Periods • User stops transmission for some time • Outwits an adversary that can correlate different pseudonyms • Optimal length of the silent period was not known

  7. Existing Solutions… • Mix Zones • Spatial version of silent period • Nodes should know their own locations precisely

  8. Preliminaries • Attacker model • Silent: Does not emit any signals • Exposed: Provides wireless services • Active: Adjusts base station’s transmission power • Passive: No change in base station’s behavior • Privacy Entropy • Uncertainty or randomness in the location inference drawn by attacker • Goal is to increase privacy entropy

  9. Proposed Solutions: Use of Pseudonyms • MAC and IP addresses must be protected with pseudonyms • Association with AP • Unique MAC address reveals identity • Random MAC may collide • Solution: Use join address • AP distinguishes requests by an 128-bit nonce

  10. Proposed Solutions: Use of Pseudonyms • Attacker cannot trivially identify a user at a particular location • Different pseudonyms of same user can be correlated • With knowledge of mobility pattern • If location data for all packets in network is gathered • Correletion can be reduced with silent periods

  11. Proposed Solutions: Opportunistic Silent Period • Goal: To find the optimal duration of the silent period • Maximizes privacy entropy for a given mobility pattern • Length of silent periods must be randomized • Pseudonyms used after same duration can belong to the same user w.h.p. • Make length = Td + Tr • Td is deterministic • Tr is chosen from uniformly at random

  12. Proposed Solutions: Opportunistic Silent Period • When Td is small, increasing Td increases the entropy • Entropy is periodic • Increasing silent period increases fraction of mobile users in silent period • Fewer mobile users transit from communicating to silence • Privacy entropy monotonically increases with increasing Tr • Increasing Tr increases total length of silent period • Includes more candidate users

  13. Proposed Solutions: Opportunistic Silent Period • For Tr = 4 mins, entropy maximizes for Td = 19 mins 20 secs • For Td = 19 mins 20 secs, entropy maximizes for Trmax = 12 mins

  14. Proposed Solutions: Reducing Location Precision by TPC • Precision of localization depends on number of APs within range of mobile user • Transmission Power Control • Reduce transmission power of a user • Decrease the number of APs within its reach

  15. Proposed Solutions: Reducing Location Precision by TPC • User concerned with location privacy should do TPC silently • Signal emitted from a mobile station exposes its location • Silent TPC is difficult • Unpredictability in temporal variation of RSS • Asymmetry

  16. Proposed Solutions: Reducing Location Precision by TPC • Goal • To determine relationship between two directions of a channel • Use the path loss in one direction (AP-station) to estimate the loss in the other direction (station-AP) • Use the relationship to do TPC to reduce number of APs in range

  17. Proposed Solutions: Reducing Location Precision by TPC • Observations • RSSI readings for both directions are strongly correlateddespite path asymmetry • Results • AP1, AP2, …, APi-1 can be kept within reach • APi+1,…, APn can be kept out of reach

  18. Results • Transmission radius r is about 10 m at the minimum transmit power • A silent attacker needs attacker density of 1 sniffer/100 m2 • Five times as high as a regular AP deployment

  19. Results • Mix Area: Maximum area covered by an AP • Larger mix area makes attacks more difficult • Silent TPC enlarges the mix area 12 times compared to the typical • Number of candidates for a new pseudonym is 12 times greater when using TPC

  20. Limitations of the Proposed Solutions • Use of pseudonyms: Man-in-the-middle attack • Attacker positioned between mobile user and AP • Captures request from user for new MAC address • Assigns a MAC address from its own pool • Mobile user starts operating with a MAC address known to the attacker

  21. Limitations… • Opportunistic Silent Period: Lack of Generality • No rigorous mathematical formulation of the problem • Values of Td and Trmax that maximize entropy are results of particular experimental set-up • Optimal length of silent period should be a function of some relevant parameters • Results are not useful under different scenarios

  22. Limitations… • TPC - Inadequate Probabilistic Analysis • Probability distributions of channel asymmetry and RSS are based on experimental findings • No discussion of how experimental parameters influence the pdf • Does not explain how the probabilities are calculated • What is the estimator used • Whether estimator is unbiased and low-variance

  23. Thank You

More Related