mobile security 2012
TRANSCRIPT
![Page 1: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/1.jpg)
©2013 Patrick Tague
Mobile Security14-829 – Fall 2013
Patrick Tague
Class #22 – Location Privacy
![Page 2: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/2.jpg)
©2013 Patrick Tague
ExamIn-class Nov 18
![Page 3: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/3.jpg)
©2013 Patrick Tague
• Q: What's on the exam?
• A: I don't know. I haven't made it yet.
![Page 4: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/4.jpg)
©2013 Patrick Tague
• Q: What will the exam be like?
• A: Conceptual questions that test your understanding of the main ideas covered in class
– Sample exam on Blackboard– Coverage may include anything through Nov 13 other
than project presentations
![Page 5: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/5.jpg)
©2013 Patrick Tague
• Q: What resources can I use during the exam?
• A: Open notes, open book. No electronics.
• Q: Will notes and books help me?
• A: Probably not.
![Page 6: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/6.jpg)
©2013 Patrick Tague
Questions about the exam?
![Page 7: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/7.jpg)
©2013 Patrick Tague
We previously discussed location and privacy practices, but now let's talk about location privacy specifically
![Page 8: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/8.jpg)
©2013 Patrick Tague
Location Privacy• Outline of location privacy topics covered:
– Values of location disclosure (location-based services)
– Risks of location disclosure
– Location inference
![Page 9: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/9.jpg)
©2013 Patrick Tague
Location-Based Services• Delivery of a service (or information) at the
point of need based on requester's location
• Provide personalized services based on customer requirements or requests
• Significantly increase quality of service
![Page 10: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/10.jpg)
©2013 Patrick Tague
Example LBS• Location-based traffic reports:– What are the traffic conditions on the highway?– What is the estimated travel time to reach home?
• Location-based retail locator:– What restaurants are within five miles of me?– Where is the nearest pizza place?
• Location-based advertisement:– Send e-coupons to my customers within a mile
![Page 11: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/11.jpg)
©2013 Patrick Tague
Location-Based Social Nets• Social recommendations using location– Several location-based recommendation systems can
be built using your social circles
• Local businesses– Mobile devices can inform users of businesses within a
specified distance
• Location-based reminders– Leave reminders for friends of interesting locations
• Friend locator– Alert user when their friends are nearby or at a point
of interest
![Page 12: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/12.jpg)
©2013 Patrick Tague
What are the risks of LBS?
![Page 13: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/13.jpg)
©2013 Patrick Tague
![Page 14: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/14.jpg)
©2013 Patrick Tague
Privacy Concerns• Expose user locations– Trivial algorithms can expose sensitive location using
anonymized GPS traces collected by LBS– Identify visits to clubs, hospitals, or embarrassing
locations
• Re-identification– Device location often user identity→
• Reverse white page lookups + anonymized GPS traces
• Additional, often available information such as birthday, gender, or other traits further support identification
• Even sporadic location information is enough due to low entropy in human mobility
![Page 15: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/15.jpg)
©2013 Patrick Tague
Further Impacts• Lost / stolen / compromised phone:– Can leak location privacy of user and social contacts– Informing friends that your device is lost?
• Compromised storage server:– Data leakage – encrypted database?– Attacker can monitor incoming data / connections
![Page 16: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/16.jpg)
©2013 Patrick Tague
How to protect location data?
![Page 17: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/17.jpg)
©2013 Patrick Tague
Ways to Preserve Loc. Privacy• Many mobile applications available to protect
location information– AnonySense, SmokeScreen, MockDroid, etc.
• Decentralized social networks– Musubi: users own their content and and context info
choose who to share it with
• Stronger trust models, data secrecy, etc.
• Social sharing policies– Strict access control policies, data sharing,
visualization tools, etc.
![Page 18: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/18.jpg)
©2013 Patrick Tague
Leakage Protection/DetectionMethodology Advantage Disadvantage
Permissions / policies
Light-weight Fine-grained vs. scalable
Static analysis tools
Easy to scale up
Miss runtime behaviors
Dynamic analysis tools
Detection accuracy
Computational load and complexity
Privacy mode Flexible User dependence, often low usability
![Page 19: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/19.jpg)
©2013 Patrick Tague
Permission & Policy Mgmt.• Kirin– Allows definition of sensitive information permissions
and policies
• XManDroid– Tracks communication and information flow between
components in different applications– Can create and enforce policies like:
• “An application that can obtain location information must not communicate [directly or indirectly] with an application that has network access.”
![Page 20: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/20.jpg)
©2013 Patrick Tague
Static Analysis Tools• Static analysis can be used to (partially)
understand what an application is doing with collected information– ComDroid
– APKInspector
• How to understand if a leak is acceptable / reasonable vs. malicious / unacceptable?
![Page 21: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/21.jpg)
©2013 Patrick Tague
Dynamic Analysis Tools• Dynamic analysis can capture more of the
runtime behavior that static analysis misses– TaintDroid
– Appfence
• How to characterize the location privacy leak?
• How to generate test input and control behavior conditions?
![Page 22: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/22.jpg)
©2013 Patrick Tague
Privacy Mode• MockDroid / TISSA– Package manager modification to mock permissions
![Page 23: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/23.jpg)
©2013 Patrick Tague
Privacy Mode• Locaccino– Uses privacy controls and explicit location UIs to
provide locator services
![Page 24: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/24.jpg)
©2013 Patrick Tague
How to understand usability concerns?
![Page 25: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/25.jpg)
©2013 Patrick Tague
PeopleFinder Case Study• PeopleFinder: app to allow friends/colleagues to
figure out where you are, using phone/computer
• Goal of study:– Understand people's attitudes / behaviors around
location privacy– Develop a usable approach to managing privacy prefs.
• Methodology:– Built around observations from various user studies,
both for design and testing
![Page 26: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/26.jpg)
©2013 Patrick Tague
Challenges• People have diverse privacy preferences– Are there a small number of profiles that cover?
• Can we expect people to specify privacy prefs?
• Do people understand their privacy prefs?
• Can we learn people's preferences by observing their behavior?
![Page 27: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/27.jpg)
©2013 Patrick Tague
PeopleFinder
![Page 28: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/28.jpg)
©2013 Patrick Tague
Initial Study• Initial users tests with PeopleFinder found:– Users are not effective at articulating privacy prefs
– Auditing location disclosure events with the user increases awareness and assists in policy refining
– Users are initially conservative, then relax policies
– Machine learning could be used to help people evolve policies
![Page 29: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/29.jpg)
©2013 Patrick Tague
Improvement using ML
![Page 30: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/30.jpg)
©2013 Patrick Tague
Conclusions of the Study• PeopleFinder studies found:– People will only adopt location-based mobile apps if
they feel they have adequate control over their location privacy
– People have complex privacy preferences• They are not good at specifying their policies
• Their preferences / policies change over time
• Not easy to identify good default policy sets other than a default “deny all” policy
– Auditing is critical• Learning and explaining disclosure decisions are helpful in
guiding people to the policy that fits their preferences
![Page 31: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/31.jpg)
©2013 Patrick Tague
What if users just want to provide access to partial location information?
![Page 32: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/32.jpg)
©2013 Patrick Tague
Location Anonymity• Spatial cloaking
• Temporal cloaking
• Spatiotemporal cloaking
![Page 33: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/33.jpg)
©2013 Patrick Tague
Spatial Cloaking• Spatial cloaking is an attempt to reduce the
location granularity and mix users into indistinguishable groups– Similar to a form of K-anonymity
– Each user's location is indistinguishable from at least K-1 other users
– Larger K (less spatial resolution) higher anonymity → better location privacy→
[Tan, Lin, and Mouratidis, 2009]
![Page 34: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/34.jpg)
©2013 Patrick Tague
(Spatio)Temporal Cloaking• Temporal cloaking takes a similar approach,
only reducing the temporal resolution– Effectively replacing a time-stamp with an interval– Larger interval lower temporal resolution higher → →
location anonymity better location privacy→
• Spatiotemporal combines both: – <x,y,t> <[x1,x2],[y1,y2],[t1,t2]>→
![Page 35: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/35.jpg)
©2013 Patrick Tague
Location Anonymization
[Gedik and Liu,TMC 2008]
![Page 36: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/36.jpg)
©2013 Patrick Tague
Client-side Anonymization
[Liu,VLDB 2007]
![Page 37: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/37.jpg)
©2013 Patrick Tague
What about apps that learn location information without permission?
![Page 38: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/38.jpg)
©2013 Patrick Tague
Other Location Resources• Smartphones have a lot of resources available
that can expose information related to location– Timestamped WiFi SSIDs– Contact log– Phonebook– SMS history– Social network data– Calendar
![Page 39: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/39.jpg)
©2013 Patrick Tague
Timestamped SSIDs
![Page 40: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/40.jpg)
©2013 Patrick Tague
Question to consider:How to protect against unauthorized
location inference?
![Page 41: Mobile Security 2012](https://reader033.vdocuments.mx/reader033/viewer/2022042109/62572dbc5744a21dcd108f44/html5/thumbnails/41.jpg)
©2013 Patrick Tague
Nov 13:BYOD
Nov 18:Exam