Download - Location Services with Built-In Privacy
![Page 1: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/1.jpg)
Location Services with Built-In Privacy
Arvind NarayananStanford University
Joint work with Narendran Thiagarajan, Mugdha Lakhani, Mike Hamburg, Dan Boneh
![Page 2: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/2.jpg)
Location-based social networking
Hype
Reality Used by 4% of Americans(and 6% of social networking users)
Hypothesis: privacy-preserving location services have value
![Page 3: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/3.jpg)
What can we do privately
Proximity testing: detect when friends are nearby
When not nearby, friends don’t see your location
Server never sees location
Building block for more complex functionality
![Page 4: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/4.jpg)
Proximity testing: some applications
Granularity must be user-configurable
![Page 5: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/5.jpg)
Client-server vs. peer-to-peer
All-pairs Friends-only
Client-server
Peer-to-peer
Only client-server model supports configurable granularity
Poor/nonexistent infrastructure for complex peer-to-peer protocols
![Page 6: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/6.jpg)
Mathematical formulation: not obvious
“Pairs of friends get notified whenever they arewithin 100ft of each other”
Triangulation attack
![Page 7: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/7.jpg)
Reducing proximity testing to equality testing
![Page 8: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/8.jpg)
Reducing proximity testing to equality testing
![Page 9: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/9.jpg)
Reducing proximity testing to equality testing
![Page 10: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/10.jpg)
Reducing proximity testing to equality testing
Approximation ratio = 4/√3 (optimal for 3 grid system)
![Page 11: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/11.jpg)
Equality testing
Space of possible locations is small!
ElGamal-like cryptographic protocol based onDecisional Diffie Hellman (DDH) problem (Lipmaa)
Improved constant factor
x y=?
![Page 12: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/12.jpg)
Server participation
Server can pretty much learn everyone’s location
x y
ax+b ay+b
![Page 13: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/13.jpg)
Server participation done right
Server can cause users to compute wrong answerbut cannot cause privacy breach
Avoids need for big integer arithmeticInformation-theoretic security
x yss(x-y) s(x-y)
![Page 14: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/14.jpg)
Problem: online brute-force attack
If only there were a way to verify that a user really is where they claim to be…
![Page 15: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/15.jpg)
Location tags
![Page 16: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/16.jpg)
Properties of location tags
Location tag = vector + matching functioni.e., space-time fingerprint
Unpredictability cannot produce matching tag unless nearby
Reproducibility two devices at same place & time produce
matching tags (not necessarily identical)
![Page 17: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/17.jpg)
Location tags using WiFi packets
Discard packets like TCP that may originate outside local network– DHCP, ARP, Samba etc. are local
15 packets/sec on CS/EE VLAN
Two different devices see about 90% of packets in common
![Page 18: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/18.jpg)
Location features
Each packet is a “location feature”
At least around 10 bits of entropy
Timing, source/destination and other packet contents
Tag with 15 location features gives > 80-bit security level
![Page 19: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/19.jpg)
Comparing location tags
Need to compare two vectors that match approximately: fuzzy set intersection
Basic concept: Alice encodes vector as polynomialSends random points on polynomial to Bob
Intersection size is large few enough “errors” Bob can decode using Berlekamp-Massey algorithm
![Page 20: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/20.jpg)
Other location privacy questions
Advertising Search
Statistics
![Page 21: Location Services with Built-In Privacy](https://reader035.vdocuments.mx/reader035/viewer/2022062723/56813d71550346895da75382/html5/thumbnails/21.jpg)
Thank you