1 / 31

MobiShare : Flexible Privacy-Preserving Location Sharing in Mobile Online Social Networks

MobiShare : Flexible Privacy-Preserving Location Sharing in Mobile Online Social Networks. Wei Wei, Fengyuan Xu, Qun Li The College of William and Mary in INFOCOM IEEE 2012. Introduction. Mobile Online Social Networks ( mOSNs ). Mobile Online Social Networks ( mOSNs ).

audi
Télécharger la présentation

MobiShare : Flexible Privacy-Preserving Location Sharing in Mobile Online Social Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MobiShare: Flexible Privacy-Preserving Location Sharing in Mobile Online Social Networks Wei Wei, Fengyuan Xu, Qun Li The College of William and Mary in INFOCOM IEEE 2012 A.C. Chen @ ADL

  2. Introduction Mobile Online Social Networks (mOSNs) A.C. Chen @ ADL

  3. Mobile Online Social Networks (mOSNs) • Many existing OSNs have created content and access mechanisms tailored to mobile users A.C. Chen @ ADL

  4. New mOSNs • Some mOSNs are designed specifically to be accessed by mobile devicessuch as Foursquareand Gowalla A.C. Chen @ ADL

  5. Privacy Concerns • While the location-based features make mOSNs more popular, they also raise significant privacy concerns • Because users’ physical locations are now being correlated with their profiles • All the current mOSNs are under centralized control • Users’ location privacy will be compromised if the location data collected by the mOSNs are abused, inadvertently leaked, or under the control of hackers A.C. Chen @ ADL

  6. Related Work • SmokeScreen[ACM MobiSys, 2007] • Flexibly share presence with both friends and strangers while preserving user privacy • In [HotMobile, 2010] and [Privacy Enhancing Technologies, 2007], locations are shared between established relations in a privacy-preserving way • limits a large class of mobile social applications A.C. Chen @ ADL

  7. The Main Idea of This Paper… • In a mOSN, users should be able to control how their own location information is accessed by others • The system should work in a way that an adversary controlling the mOSNcannot obtain users’ location information A.C. Chen @ ADL

  8. MobiShRE USER Cellular Tower Location Server Social Network Server A.C. Chen @ ADL

  9. MobiShare Architecture A.C. Chen @ ADL

  10. Trust and Threat Model • Assumption: • Either the social network server or the location server can be compromised, but the adversary cannot control both entities • Threat Model • Some users may also be malicious seeking to obtain the location information • The social network server or the location server may collude with these malicious users A.C. Chen @ ADL

  11. The Cellular Towers are Trusted • The cellular carrier generally knows theowner’s name and addressfor each subscribed cell phone • The FCC’s wireless Enhanced 9-1-1 rules[E9-1-1]require that the cellular carriers can locate the subscribed cell phones with an accuracy of 50 to 300 meters • We make no attempt toconceal the devices’ locations from the cellular networks A.C. Chen @ ADL

  12. Social Network Server and User • The social network server manages users’ identity-related information (profiles, friend lists…) • It can be a server of any existing OSN that wants to provide the location-sharing service • Each user has a unique identifier at the social network server, a public-private key pair, anda symmetric session key • the session key is sharing with all his social network friends. A.C. Chen @ ADL

  13. Location server and Cellular Tower • The location server is an untrusted 3rd-party server storing anonymizedlocation updates of the users • A company may implement the location server so as to profit from the OSNs or the users • Shares a symmetric secret key with the cellular towers • Each cellular tower has a unique identifier and generates by itself a symmetric secret key • It also shares its secret key with the location server A.C. Chen @ ADL

  14. system Design Service Registration Authentication Location updates Querying location A.C. Chen @ ADL

  15. MobiShare System • Registration • Before using the location-sharing service, each user needs to register for the service at the social network server • Authentication • Establish an authenticated and secure communication link between the user and the cellular tower • Location updates • Querying location • Friends’ case • Strangers’ case A.C. Chen @ ADL

  16. Service Registration • User A shares his public key PubKeyA with the social network server • User A defines access control setting of dfA and dsA • threshold distances of sharing with friends and strangers • After registration, the social network server stores an entry as <IDA,PubKeyA,dfA,dsA> in its subscriber table A.C. Chen @ ADL

  17. Authentication request(IDA, ts, SigA(IDA,ts)) forward (IDA, ts, SigA(IDA,ts)) Verification (IDA,dfA,dsA) forward (IDA,dfA,dsA) Verification OK On the reception of the OK message, the cellular tower stores an entry as <IDA,dfA,dsA> in its `user info` table A.C. Chen @ ADL

  18. Location Updates • The cellular tower perform anonymizationwhen a user upload his location updates to the location server • Pseudonyms + dummy location updates • Each cellular tower periodically generates fake IDs and saves them in a fake ID pool • the fake IDs can be efficiently generated using a cryptographic hash function e.g. fake IDi = SHA(fake IDi−1⊕salt) A.C. Chen @ ADL

  19. Location Updates – Anonymization sends(IDA,(x,y), SessA(x,y)) update `user info` pick k fake IDs and choose FIDA store FIDA in `user info` sends mapping (IDA, FIDA, FID1, ..., FIDk−1) update `fake ID` A.C. Chen @ ADL

  20. Location Updates – Anonymization (con.) update (FIDA,(x,y),SessA(x,y),dfA,dsA) 1 real update update `regionA` update (FIDi,(xi,yi),stri,dfi,dsi) update `regioni` k-1 dummy updates . . . The cellular tower sends k location updates to the location server in a random order with random time intervals following the exponential distribution A.C. Chen @ ADL

  21. Dummies Must Behave Like True Users • The cellular tower follows the method [Kido et al. 2005] to generates k−1 dummy locations within its coverage • Anonymous communication technique using false position data (dummies) mixed with true position data A.C. Chen @ ADL

  22. Table View - location A.C. Chen @ ADL

  23. Querying Friends’ Locations query (IDA,’f’,‘1mi’) forward (IDA,’f’,‘1mi’, SecKeyLoc(CIDC,seq)) create `FIDlist` by looking up `fake ID` query(FIDA,’f’,FIDlist,’1mi’,SecKeyLoc(CIDC,seq)) access control SecKeyc ((FIDi,Sessi(xi,yi))…,seq) (SecKeyc((FIDi,Sessi(xi,yi))…,seq),mapping entries) decrypt location entries ((IDi,Sessi(xi,yi)), (IDj,Sessj(xj,yj))…) Each mapping entry is of the form as (FIDj,IDj) of all of A’s friends consists of the fake IDs (real and dummies) of all A’s friends A.C. Chen @ ADL

  24. Querying Strangers’ Locations query (IDA,’s’,‘1mi’) forward (’s’,‘1mi’, SecKeyLoc(FIDA,CIDC,seq)) forward looks up `region` (SecKeyc((FIDi,(xi,yi)), (FIDj,(xj,yj))…,seq), FIDlist) (SecKeyc((FIDi,(xi,yi)), (FIDj,(xj,yj))…,seq), mapping entries) the n nearby fake IDs are mixed with the randomly picks (k−1)n fake IDs from the location update database decrypt location entries and double check ((IDi,(xi,yi)), (IDj,(xj,yj))…) FIDlist consists of the n nearby fake IDs mixed with the (k − 1)n randomly selected fake IDs Each mapping entry is of the form as (FIDj,IDj,dsj) A.C. Chen @ ADL

  25. Evaluation Experiment and Evaluation A.C. Chen @ ADL

  26. Experimental Setup • Cellular tower :emulated by a laptop • the smartphone communicates with the laptop through Verizon’s 3G data service • Social network server :deployed on a third-party cloud hosting services provided by JoyentCloud • Location server : deployed on a 3rd-party cloud hosting services provided Linode A.C. Chen @ ADL

  27. Experimental Setup (cont.) • Client : implemented in java on a MOTOROLA DROID 2 Global smartphone • the size of this executable is 252KB. • memory footprint of 12MB when running • Use a data set consisting of 48,014 users and the social network topology among them as a social network sample A.C. Chen @ ADL

  28. Client Interface A.C. Chen @ ADL

  29. Experiment • The anonymity level k is set to be 5 • Use 128-bit AES for symmetric key encryption and decryption • The client is set to update its location every 30 seconds, and query the locations of friends or nearby strangers every 1 minute A.C. Chen @ ADL

  30. Experiment Results • Low overhead of the client • a client only consumes 1.5% of the battery power, with average CPU utilization of 0.3% • Low overhead incurred by our scheme on the cellular towers • when there are 1000 connecting users, the cellular tower service only uses 4.1% of the CPU power and 91MB memory A.C. Chen @ ADL

  31. Conclusion • MobiShare supports the features of location sharing in real-world mOSNs : • querying locations within a certain range • user-defined access control • no change to the existing OSNs’ architectures, the adversary cannot link a precise location to an identified user A.C. Chen @ ADL

More Related