Imran Memon,Ibrar Hussain,Rizwan Akhtar,Gencai Chen

DOI: https://doi.org/10.1007/s11277-015-2699-1

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Past few years, the mobile technology and location based services have experienced a great increment in number of its users. The privacy issues related to these services are becoming main concerns because of the leakage of users' private information and contents. To prevent revelation of private information, many researchers have proposed several secure and authentication schemes which apply various technologies to provide integral security properties, such as symmetric encryption, digital signature, timestamp, etc. Unfortunately, some of these schemes still exhibit security and efficiency issues. In this research paper, we proposed an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme over the wireless system was attempted missing some system detail. We also proposed the prevent user private information and secure communication by asymmetric cryptography scheme. We solved the wireless communication problem in A3 algorithm such as eavesdropping and this problem solved by asymmetric cryptography scheme because of its robustness against this type of attack by providing mutual authentication make the system more secure. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited wireless system and thus availability for real implementation. According to our security analysis and performance, we can prove that our proposed asymmetric cryptography scheme is able to improve wireless communication system security and enhance efficiency in comparison to previous schemes.

Tao Zhang,Sherman S. M. Chow,Zhe Zhou,Ming Li

DOI: https://doi.org/10.1007/978-3-319-44524-3_13

2016-01-01

Abstract:A diversity of indoor localization techniques have become accurate and ready to use. A client first measures its location characteristics, and then calculates its location with the information provided by the localization server. However, this process may reveal the location information of the client or leak the area information stored on the server. This hinders the growth of indoor localization, but there are only a few solutions available in the literature. In this paper, we formulate an adversary model for fingerprint-based indoor localization techniques, and propose a cryptographic scheme to protect the privacy of both parties in a localization process. Our scheme utilizes the current Wi-Fi fingerprint based positioning techniques, including Gaussian radial basis functions and sigmoid kernels.

Yanzhe Che,Qinming He,Xiaoyan Hong,Kevin Chiew

DOI: https://doi.org/10.1002/dac.2650

2013-01-01

International Journal of Communication Systems

Abstract:While enjoying various LBS location-based services, users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer-to-peer P2P networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x-region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x-region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x-region, together with three algorithms for generating an x-region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.

Jan Henrik Ziegeldorf,Nicolai Viol,Martin Henze,Klaus Wehrle

DOI: https://doi.org/10.13140/2.1.2847.4886

2014-10-13

Abstract:Upcoming WiFi-based localization systems for indoor environments face a conflict of privacy interests: Server-side localization violates location privacy of the users, while localization on the user's device forces the localization provider to disclose the details of the system, e.g., sophisticated classification models. We show how Secure Two-Party Computation can be used to reconcile privacy interests in a state-of-the-art localization system. Our approach provides strong privacy guarantees for all involved parties, while achieving room-level localization accuracy at reasonable overheads.

Cryptography and Security

Zhiheng Wang,Yanyan Xu,Yuejing Yan,Xue Ouyang,Bo Zhang

DOI: https://doi.org/10.1109/jiot.2024.3358349

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Cloud-based indoor positioning services have advantages over non-cloud methods but also confront serious privacy concerns. Existing privacy-preserving schemes are designed for conventional two-entity localization models thus not applicable to the cloud-based indoor positioning services involving three entities. In addition, these methods incur high computational and communication overhead. To tackle these issues, we proposed a privacy-preserving indoor positioning scheme for WiFi localization based on Inner Product Encryption in a cloud environment. A bloom filter constructed with Locality Sensitive Hashing was designed to map WiFi fingerprints from Euclidean to inner product space with the distance relationships maintained for converting the location estimation to inner product calculations. Inner Product Encryption protects the user’s fingerprint and database information held by the positioning service provider. Fingerprint similarity as determined by the inner product is decrypted on the cloud to retrieve the closest encrypted location coordinates for users. In addition, a retrieval structure based on Hierarchical Navigable Small World graph was designed to improve efficiency. Theoretical analysis and experimental results demonstrate that the scheme has low computational and communication overhead while ensuring security and not significantly degrading the localization accuracy. Moreover, the overhead does not increase significantly with database size thus this approach is highly scalable.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ping Zhao,Wuwu Liu,Guanglin Zhang,Zongpeng Li,Lin Wang

DOI: https://doi.org/10.1109/tvt.2020.3006363

IF: 6.8

2020-10-01

IEEE Transactions on Vehicular Technology

Abstract:Benefiting from the development of wireless communication, WiFi localization plays a vital role in various mobile applications. However, users' locations are breached by untrusted localization servers, thus disclosing users' location privacy and other sensitive personal information. Existing works on WiFi localization preservation employed homomorphic encryption, which incurs extremely high overheads. On the other hand, lightweight methods like $k$-anonymity and dummy-based approaches are hardly used for privacy preservation in WiFi localization scenarios due to their inherent drawbacks, i.e., $k$-anonymity approaches rely on trusted third parties while dummy-based approaches are susceptible to spatio-temporal correlation attacks. To design an effective yet lightweight WiFi localization privacy algorithm, this paper proposes to reinforce dummy techniques with plausible dummy location to resist the attacks. This study presents a novel algorithm, referred to as Location Preservation Algorithm with Plausible Dummies (LPPD), which is the first attempt towards WiFi localization privacy preservation using dummy techniques. The benefits of the algorithm are three-fold: First, it is lightweight. Second, it does not rely on trusted third parties. Third, it can resist spatio-temporal correlation attacks. Moreover, this study implements a WiFi localization system that integrates the proposed privacy-preserving algorithm with a WiFi fingerprint based indoor localization algorithm. Experiments results are presented to demonstrate the effectiveness and efficiency of our approach when compared with existing algorithms.

telecommunications,engineering, electrical & electronic,transportation science & technology

Sheng Zhong,Yanbin Grace Liu,Yang Richard Yang

2004-01-01

Abstract:Mobility is key to personal freedom. With the increasing availability of mobile devices, many providers begin to offer location-based services. Although these services greatly enrich our mobility experiences, with them also comes the privacy concerns, as a location-based service provider now can continuously track the location of a user. This tracking may allow unauthorized access and cause serious consequences. Although a few solutions have been proposed to address the privacy concerns in various aspects, there has not been any comprehensive study of the problem; furthermore, most of the existing solutions require that a user trust a third party such as a location server. In this paper, we investigate privacy-preserving location- based services for the three components involved in pro- viding location-based services: the location-based service component, the localization component, and the commu- nications component. The focus of our study is on the location-based service component, but we also take the other two components into consideration. We identify two major types of location-based services and present novel designs to implement them without using a trusted server. Specifically, we first identify the general location- notification service, whose goal is to transfer location information of users to authorized entities. We design a security protocol to implement the service without trusting the location server. Thus our design uses the efficiency of a location server but does not suffer from associated privacy issues. Next, we investigate the design of an even more challenging location-based service: a location service whose goal is not transfering user location information but computing an outcome that is a function of user locations. We use dating service as an example and illustrate that an efficient protocol can be built such that no extra information about user locations is revealed during the service. For the localization component, we present an impossibility result and propose a privacy preserving localization technique based on directed signals. For the communications component, we propose an anonymous communication protocol. Our extensive evaluations show that our protocols have low overheads and are suitable for

Hong Li,Limin Sun,Haojin Zhu,Xiang Lu,Xiuzhen Cheng

DOI: https://doi.org/10.1109/INFOCOM.2014.6848178

2014-01-01

Abstract:WiFi fingerprint-based localization is regarded as one of the most promising techniques for indoor localization. The location of a to-be-localized client is estimated by mapping the measured fingerprint (WiFi signal strengths) against a database owned by the localization service provider. A common concern of this approach that has never been addressed in literature is that it may leak the client's location information or disclose the service provider's data privacy. In this paper, we first analyze the privacy issues of WiFi fingerprint-based localization and then propose a Privacy-Preserving WiFi Fingerprint Localization scheme (PriWFL) that can protect both the client's location privacy and the service provider's data privacy. To reduce the computational overhead at the client side, we also present a performance enhancement algorithm by exploiting the indoor mobility prediction. Theoretical performance analysis and experimental study are carried out to validate the effectiveness of PriWFL. Our implementation of PriWFL in a typical Android smartphone and experimental results demonstrate the practicality and efficiency of PriWFL in real-world environments.

Guanghui Wang,Jianping Pan,Jianping He,Subin Shen

DOI: https://doi.org/10.1109/icccn.2017.8038376

2017-01-01

Abstract:Protecting location privacy of mobile systems is important for various location-based services in pervasive computing scenarios. How to quickly compute the target user's location without knowing each anchor user's location has drawn much attention. Under the classical nonadjacent subtraction based localization model, existing solutions based on homomophic encryption introduce much computation and communication overheads to achieve privacy-preserving localization. In this paper, an adjacent subtraction based localization model is proposed, which is suitable to efficiently protect users' privacy. Then, under such a model, an efficient privacy-preserving localization algorithm is developed without using homomophic encryption. A closed-form expression of the relationship between the localization error and the measurement noise is derived. Furthermore, a comprehensive analysis, including correctness analysis, privacy analysis, and efficiency analysis, is presented. Some simulations are conducted to show that the proposed model has equivalent accuracy and efficiency with the classical model. Some numerical results are presented to show the efficiency of the proposed privacy-preserving localization algorithm.

Andrew Quijano,Kemal Akkaya

DOI: https://doi.org/10.1109/MASSW.2019.00017

2020-08-26

Abstract:GPS signals, the main origin of navigation, are not functional in indoor environments. Therefore, Wi-Fi access points have started to be increasingly used for localization and tracking inside the buildings by relying on a fingerprint-based approach. However, with these types of approaches, several concerns regarding the privacy of the users have arisen. Malicious individuals can determine a client's daily habits and activities by simply analyzing their wireless signals. While there are already efforts to incorporate privacy into the existing fingerprint-based approaches, they are limited to the characteristics of the homomorphic cryptographic schemes they employed. In this paper, we propose to enhance the performance of these approaches by exploiting another homomorphic algorithm, namely DGK, with its unique encrypted sorting capability and thus pushing most of the computations to the server side. We developed an Android app and tested our system within a Columbia University dormitory. Compared to existing systems, the results indicated that more power savings can be achieved at the client side and DGK can be a viable option with more powerful server computation capabilities.

Cryptography and Security

Shengchao Liu,Jessie Hui Wang,Jilong Wang,Qianli Zhang

DOI: https://doi.org/10.1109/access.2020.2978488

IF: 3.9

2020-01-01

IEEE Access

Abstract:As location-based services become widely used in daily life, there is growing concern in preserving location privacy of users to avoid that attackers infer information about users by collecting and analyzing requests initiated by users. We argue that a good location privacy preservation scheme should have these properties. First, a user should never expose its precise location to any other entity. Second, a user should be able to specify its own requirement on the strength of privacy preservation, since a stricter preservation requirement may increase its overhead. Third, the scheme should be able to preserve as many as possible aspects of users' privacy under various attacks. With these desired properties in mind, we carefully design an encoding scheme of users' identifiers and a fully distributed architecture for our purpose and propose a privacy preservation scheme based on them. With the help of the encoding scheme and the distributed architecture, we develop a distributed negotiation algorithm to help users conduct negotiations among themselves to find their cloaked regions that satisfy their self-defined requirements without exposing their precise locations. The negotiations are completed without coordination from any central servers, and a random proxy is selected for each individual request, therefore the potential risks caused by any central server (location-based service servers or trusted-third-party servers) are mitigated as much as possible. Experiments show that our scheme can satisfy different strengths of privacy preservation required by each user even under the most severe scenarios.

Zhao ZHANG,Jingyu HUA

DOI: https://doi.org/10.13878/j.cnki.jnuist.2017.05.014

2017-01-01

Abstract:Fingerprinting-based localization is one of the most popular indoor localization approaches.In the offline phase,the service provider measures the fingerprint,i.e.,receives signal strength (RSS) samples from various access points (APs) at a number of knownlocations in the target space and stores them in a database.In the online phase,a user sends his location query with his current fingerprint measurement to the server,which will search for the closest fingerprintin the database.Although this approach has been studied for a long time,no existing work considers the privacy requirements for the two sides:the provider wants to protect thecollected fingerprints against the users;while the users want to protect their fingerprint measurements against the service provider to avoid locationleaking.In this paper,we aim to protect the privacy of the users and the service provider at the same time.We propose a privacy-preserving fingerprint matching scheme which uses a cryptographic technique to compute the distance between the fingerprint measured by the user and the fingerprints in the database within the ciphertext space.We show that it well guarantees the privacy requirement of both the two sides in a single localization.To reduce its time overhead,we then present an improved scheme based on the grid division as well as three extensions at the cost of limited privacy loss.To enhance its security,we finally present an effective countermeasure against a special attack leveraging which malicious users could revealfingerprints on the server through repeated localizations.The extensive experiments with a public RSS-fingerprint dataset show that our proposal is fast enough for realtime localization and preserve the localization precision at the same time.

Mohamed Mohsen,Hamada Rizk,Moustafa Youssef

2023-06-04

Abstract:Indoor localization systems have become increasingly important in a wide range of applications, including industry, security, logistics, and emergency services. However, the growing demand for accurate localization has heightened concerns over privacy, as many localization systems rely on active signals that can be misused by an adversary to track users' movements or manipulate their measurements. This paper presents PassiFi, a novel passive Wi-Fi time-based indoor localization system that effectively balances accuracy and privacy. PassiFi uses a passive WiFi Time Difference of Arrival (TDoA) approach that ensures users' privacy and safeguards the integrity of their measurement data while still achieving high accuracy. The system adopts a fingerprinting approach to address multi-path and non-line-of-sight problems and utilizes deep neural networks to learn the complex relationship between TDoA and location. Evaluation in a real-world testbed demonstrates PassiFi's exceptional performance, surpassing traditional multilateration by 128%, achieving sub-meter accuracy on par with state-of-the-art active measurement systems, all while preserving privacy.

Artificial Intelligence

Aditya Arun,Vaibhav Anand,Wei Sun,Roshan Ayyalasomayajula,Dinesh Bharadia

2024-07-23

Abstract:Wi-Fi-based indoor localization has been extensively studied for context-aware services. As a result, the accurate Wi-Fi-based indoor localization introduces a great location privacy threat. However, the existing solutions for location privacy protection are hard to implement on current devices. They require extra hardware deployment in the environment or hardware modifications at the transmitter or receiver side. To this end, we propose DOLOS, a system that can protect the location privacy of the Wi-Fi user with a novel signal obfuscation approach. DOLOSis a software-only solution that can be deployed on existing protocol-compliant Wi-Fi user devices. We provide this obfuscation by invalidating a simple assumption made by most localization systems -- "direct path signal arrives earlier than all the reflections to distinguish this direct path prior to estimating the location". However, DOLOS creates a novel software fix that allows the user to transmit the signal wherein this direct path arrives later, creating ambiguity in the location estimates. Our experimental results demonstrate DOLOS can degrade the localization accuracy of state-of-art systems by 6x for a single AP and 2.5x for multiple AP scenarios, thereby protecting the Wi-Fi user's location privacy without compromising the Wi-Fi communication performance.

Networking and Internet Architecture,Signal Processing

Meng Han,Lei Li,Ying Xie,Jinbao Wang,Zhuojun Duan,Ji Li,Mingyuan Yan

DOI: https://doi.org/10.1109/access.2018.2805464

IF: 3.9

2018-01-01

IEEE Access

Abstract:While enjoying the convenience of location-based services (LBSs) in everyday life, wireless device users could also put their location privacy at risk. An untrusted LBS provider can store mobile users' data on its server, track users in various ways or share users location data to the third parties. To protect LBS users' privacy, many position confusion algorithms were proposed, but those algorithms often have difficulty balancing the utility-privacy tradeoffs. In this paper, we propose a new cognitive approach that enables nearcomplete privacy protection for LBS users by leveraging existing social network resources. We introduce a heterogeneous multi-server architecture that cuts off the direct connection between the LBS queries and the query issuers, and an auction-based incentive mechanism guaranteed user participation, which is critical for the success of the proposed architecture. A simulation system and a smartphone application were developed, and our evaluation results show that the proposed method can not only achieve the near-total privacy protection for LBS users, but also significantly improve the quality of the services.

Rongxing Lu,Xiaodong Lin,Haojin Zhu,Pin-Han Ho,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/tvt.2008.925304

IF: 6.8

2009-01-01

IEEE Transactions on Vehicular Technology

Abstract:Location privacy of mobile users (MUs) in wireless communication networks is very important. Ensuring location privacy for an MU is an effort to prevent any other party from learning the MU's current and past locations. In this paper, we propose a novel anonymous mutual authentication protocol with provable link-layer location privacy preservation. We first formulate the security model on the link-layer, forward-secure location privacy, which is characterized by the fact that even when an attacker corrupts an MU's current location privacy, the attacker should be kept from knowing how long the MU has stayed at the current location. Then, based on the newly devised keys with location and time awareness, a novel anonymous mutual authentication protocol between the MUs and the access point (AP) is proposed. To the best of our knowledge, this is the first developed anonymous mutual authentication scheme that can achieve provable link-layer, forward-secure location privacy. To improve efficiency, a Preset in Idle technique is exercised in the proposed scheme, which is further compared with a number of previously reported counterparts through extensive performance analysis.

Hojjat Navidan,Vahideh Moghtadaiee,Niki Nazaran,Mina Alishahi

DOI: https://doi.org/10.1109/EuroSPW55150.2022.00061

2022-07-02

Abstract:The advent of numerous indoor location-based services (LBSs) and the widespread use of many types of mobile devices in indoor environments have resulted in generating a massive amount of people's location data. While geo-spatial data contains sensitive information about personal activities, collecting it in its raw form may lead to the leak of personal information relating to the people, violating their privacy. This paper proposes a novel privacy-aware framework for aggregating the indoor location data employing the Local Differential Privacy (LDP) technique, in which the user location data is changed locally in the user's device and is sent to the aggregator afterward. Therefore, the users' locations are kept hidden from a server or any attackers. The practical feasibility of applying the proposed framework is verified by two real-world datasets. The impact of dataset properties, the privacy mechanisms, and the privacy level on our framework are also investigated. The experimental results indicate that the presented framework can protect the location information of users, and the accuracy of the population frequency of different zones in the indoor area is close to that of the original population frequency with no knowledge about the location of people indoors.

Cryptography and Security

Yanzhe Che,Qiang Yang,Xiaoyan Hong

DOI: https://doi.org/10.1109/wcnc.2012.6214137

2012-01-01

Abstract:Very often, network users expect to access services relevant to their locations, whilst preserve their privacy without disclose their exact locations. The well-known privacy preserving method is the spatial cloaking technique where exact user locations are blurred into a cloaked region to meet the privacy requirement, e. g. k-anonymity. Most of current solutions are designed with a centralized architecture in mind and rely on a third trustworthy party, i.e. a location anonymizing server (LAS). Unfortunately, these solutions cannot be directly applied to the mobile peer-to-peer (P2P) networks where no centralized servers are possible. In this paper, we present a dual-active spatial cloaking algorithm for mobile P2P networks. The key difference between the suggested algorithm and two existing algorithms, on-demand and proactive, is that: our algorithm allows peers not only actively collect but also actively disseminate location information to others. The three approaches are assessed through extensive simulation experiments for a range of P2P network scenarios. The experimental result shows that the dual-active approach uses the least anonymizing time and has the best anonymization success rate at the price of acceptable communicating cost.

Huijuan Lian,Weidong Qiu,Di Yan,Zheng Huang,Peng Tang

DOI: https://doi.org/10.1109/dsc.2019.00021

2019-01-01

Abstract:The location-based services in the outsourced environment has become a research hotspot with the rise of cloud computing. Meanwhile, various privacy issues have been increasingly prominent. We propose an efficient spatial query protocol and another novel secure spatial query protocol using fully homomorphic encryption to accomplish privacy-preserving query processing on outsourced data. We adopt the Moore curve to transform the spatial data into one-dimensional sequence and utilize the random permutation to protect the location privacy. Furthermore, the proposed efficient scheme provides the considerable performance with data privacy preservation. Meanwhile, the secure spatial query protocol is robust against various attacks. Experiments show that the proposed schemes achieve high accuracy while improving the security when compared with the existing related approaches.

Shushu Liu,An Liu,Lei Zhao,Guanfeng Liu,Zhixu Li,Pengpeng Zhao,Kai Zheng,Lu Qin

DOI: https://doi.org/10.1007/978-3-319-32049-6_19

2016-01-01

Abstract:Data privacy in location-based services involves two aspects. The location of a user is a kind of private data as many sensitive information can be inferred from it given some background knowledge. On the other hand, the POI database is a great asset to the LBS provider as its construction requires many resources and efforts. In this paper, we propose a method of protecting mutual privacy i.e., the location of the user issuing a query and the POI database of the LBS provider for location-based query processing. Our approach consists of two steps: data preparation and query processing. Data preparation is conducted by LBS itself and is totally an offline computation, while query processing involves some online computation and multiple rounds of communication between LBS and the user. We implement the query processing by two rounds of oblivious transfer extension OT-Extension on two small key sets, resulting an immediate response even on some big POI databases. We also theoretically prove the security and analyze the complexity of our approach. Compared with two state-of-the-art methods, our approach has several orders of magnitude improvement in response time, at the expense of little and acceptable communication cost.