220 likes | 429 Vues
Koi : A Location-Privacy Platform for Smartphone Apps. Presented by : Ahmed Qaid. Saikat Guha Mudit Jain Venkata N. Padmanabham. Outline. Koi Motivations Koi Goals and Assumptions How Koi works ? Design ,protocol components Implementation - LB applications Experiments Results
E N D
Koi: A Location-Privacy Platform for Smartphone Apps Presented by : Ahmed Qaid • SaikatGuhaMudit Jain Venkata N. Padmanabham
Outline • Koi Motivations • Koi Goals and Assumptions • How Koi works ? Design ,protocol components • Implementation - LB applications • Experiments Results • Conclusion
Location Based Services (LBS) GPS location-based applications LBS Search for nearest Gas Station Third party LBS Application Lookup lat-long OS • Problems / Koi Motivation • Information leak to Third parties • Hard job to App developer (low- level) lat-long GPS Smart Phone
Koi Key Idea What about Matching instead of lookup Search for nearest Gas Station Third party LBS Application Event of interest Notify OS • Benefits • No Information leak to Third parties • Easy job to App developer lat-long GPS Smart Phone
Koi Goal Provide location functionality to applications that need it while ensuring that no third party can link between a user’s identity and their location. Assumptions • Location or other attribute are not sensitive. • linkagebetween the user identity and the attribute are sensitive • The matcher and the combiner are assumed to be non-colluding with each other. • Honest-but-curious attacker model for each of the matcher and the combiner. • Non Goals • Prevent a malicious application from leaking a user’s location information.
Koi design overview Koiplatform consist of 2 components • Phone agent /mobile component ( Platform API) • Apps register and update items and triggers ( both have attributes ) • Cloud component (Privacy-Preserving Matching Service) - Matcher & Combiner Application Kio Cloud component Matcher and Combiner OS \ koi agent lat-long Item example : business name Quick Trip Item attribute : Gas , Gas Station ..etc GPS Trigger example : looking for Gas Station ( Query) Trigger attribute : Gas Station Call Back ( content ) -- item such as Name Platform API
How Does Koiwork ? Koi protocol consist of 3 parts: • Registration – App Agent Matcher • Matching – in the Combiner • Combining – Matcher Agent notify App
Koi agent Gas Station advertise Quick Trip Kio Cloud component Matcher and Combiner Application Register Item OS \ koi agent • I = CreateItem(“Quick Trip” , TTL) • I.AddAttr(“Gas Station”) • I.addLocAttr(“l 3933 West 13th St N, Wichita, KS”) lat-long GPS
Koi Cloud component ( Registration item ) R2A R2U A2R T2A Combiner Matcher A2T M’’ = Enc [Enc ( atr1 , Master pk)], Combiner pk ] M’’ = Enc [Enc ( atr2 , Master pk)], Combiner pk ] Gas Station
Koi mobile component Location is a special attribution (OS) Search for nearest Gas Station Kio Cloud component Matcher and Combiner Application Register trigger (call back) OS \ koi agent • T = CreateTrigger( callback , TTL) • T.AddAttr(“Gas Station”) • T.addLocAttr(“loc:self ” ,True) lat-long GPS Smart Phone
Cloud component ( Registration trigger ) Combiner Matcher M’’ = Enc [Enc ( atr1 , Master pk)], Combiner pk ] M’’ = Enc [Enc ( atr2 , Master pk)], Combiner pk ] Alice
Cloud component ( Matching /Combining ) R2A R2U T2A A2T Combiner Matcher Notify Nearest Gas station is Callback.Notify (Alice)
Implementation - KoiApplications • Private Mobile Social Network Application. (friends near by) • Users pick random key ( profile data) • OS update location , trigger is set up for each friend • Turn-by-turn Directions Application • - Problem with a route ! Form A to B • Fix : • User allow OS update location • Register Triggers for all possible directions • Matcher decide which direction to take
KoiExperiment Setup • One core of a 3 GHz dual-core machine with 4 GB RAM • The Matcher and Combiner share one core • Second core is used by the benchmarking process. • ( Macro and Micro ) benchmarks for evaluating Kio. • Macro : 1 core can handle mobile advertisement application easily. • Micro : ( stress Kio implementation to its limits) • Registration • Matching • Combining
Koiexperiment Results - Matching Number of matching queries processed successfully per second (qps) • Total attribute match = [ items x attributes] • 1000 item with 1 attribute = 100 items with 10 attributes ( x –axis) • The mean query throughput processing 100K request (Y –axis) • Results on 100k requests • 12k matchesper second , bottleneck is connection throughput of HTTP. • End-to-end performance reaches its peak as long as the average number of matching attributes (per request) is below 100. • Same results with Combining
Koiexperiment Results - Registration Number of registration requests processed per second (qps) Results on100k registration requests End-to-end performance reaches its peak as long as the average number of matching attributes (per request) is below 50. bottleneck here is double HTTP is required for registration.
Model Koi • Used ProVerif • Honest-but-curious Results of ProVerif: • Honest-but-curious Matcher or Combiner • Can not link a user with an attribute. ( Attr are encrypted). • Attribute can not be linked to find a user ( AttrID for ach attribute). • If Matcher and Combiner collude , then privacy is compromised.
KoiPrivacy Concerns • Malicious applications Weak :Limit the number of trigger registration from an application • Collusion between Matcher & Combiner Depend on public trust
Conclusion • Koiprovides a new locating-based Platform that provides privacy (linkage) with a simple idea. • Moreover , it helps location based application developers.
References • Kio : A Location-privacy Platform for Smartphone Apps, SaikatGuha, Mudit Jain, VenkataPadmanabhan, NSDI, 2012. • http://research.microsoft.com/en-us/um/people/saikat/pub/nsdi12-koi-talk.pdf