Security and Performance Issues in Spectrum Sharing between Disparate Wireless Networks

Vaka, Pradeep Reddy

08 June 2017

The United States Federal Communications Commission (FCC) in its recent report and order has prescribed the creation of Citizens Broadband Radio Service (CRBS) in the 3.5 GHz band to enable sharing between wireless broadband devices and incumbent radar systems. This sharing will be enabled by use of geolocation database with supporting infrastructure termed as Spectrum Access System (SAS). Although using SAS for spectrum sharing has many pragmatic advantages, it also raises potentially serious operational security (OPSEC) issues. In this thesis, we explore OPSEC, location privacy in particular, of incumbent radars in the 3.5 GHz band. First, we show that adversarial secondary users can easily infer the locations of incumbent radars by making seemingly innocuous queries to the database. Then, we propose several obfuscation techniques that can be implemented by the SAS for countering such inference attacks. We also investigate obfuscation techniques' efficacy in minimizing spectral efficiency loss while preserving incumbent privacy. Recently, the 3GPP Rel.13 has specified a new standard to provide wide-area connectivity for IoT, termed as Narrowband IoT (NB-IoT). NB-IoT achieves excellent coexistence with legacy mobile standards, and can be deployed in any of the 2G/3G/4G spectrum (450 MHz to 3.5 GHz). Recent industry efforts show deployment of IoT networks in unlicensed spectrum, including shared bands (e.g., 3.5 GHz band). However, operating NB-IoT systems in the 3.5 GHz band can result in significant BLER and coverage loss. In this thesis, we analyse results from extensive experimental studies on the coexistence of NB-IoT and radar systems, and demonstrate the coverage loss of NB-IoT in shared spectrum. / Master of Science / Spectrum sharing has been viewed by spectrum regulators and industry stakeholders as the most viable solution to overcome the spectrum congestion and to enable next generation wireless networks. Towards this end, the Federal Communications Commission in the United States has prescribed rules to enable sharing between incumbent radars and broadband wireless networks in the 3.5 GHz band. This sharing however will be enabled geolocation databases and supporting infrastructure known as Spectrum Access System, which are prone to privacy attacks by malicious secondary users. Preserving privacy of incumbent systems is vital as they are mostly military radars. In this thesis, we demonstrate such attacks and later propose efficient techniques to preserve the privacy of the incumbent systems while enabling better spectrum utilization. The phenomenal growth in smarter end-user devices and machine-to-machine (M2M) connections is a clear indicator of the growth of Internet of Things (IoT), and growing importance of wide area IoT networks. Recently, the telecommunications standard development body, 3GPP, has defined Narrowband IoT (NB-IoT) optimized for IoT. Also, NB-IoT has many features common to LTE, and it is likely that NB-IoT will also be deployed in bands where LTE will be deployed, including shared bands (e.g., 3.5 GHz band). However, NB-IoT systems that operate in the 3.5 can be prone to harmful radar interference and directly impact coverage of the NB-IoT basestation. In this thesis, we analyse results from extensive experimental studies on the coexistence of NB-IoT and radar systems. We believe this study can be leveraged by future studies to mititage the impact of radar on IoT networks.

Location Privacy

Coexistence

Spectrum Sharing

NB-IoT

Radar Systems

Enhancing Data Utilization through Advanced Differential Privacy Mechanisms / 有用性を向上させる高度な差分プライバシ機構

Takagi, Shun

25 March 2024

京都大学 / 新制・課程博士 / 博士(情報学) / 甲第25428号 / 情博第866号 / 京都大学大学院情報学研究科社会情報学専攻 / (主査)教授 伊藤 孝行, 教授 鹿島 久嗣, 教授 岡部 寿男, 吉川 正俊(京都大学 名誉教授) / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DFAM

privacy

differential privacy

machine learning

location privacy

007

Achieving Perfect Location Privacy in Wireless Devices Using Anonymization

Montazeri, Zarrin

24 March 2017

The popularity of mobile devices and location-based services (LBS) have created great concerns regarding the location privacy of the users of such devices and services. Anonymization is a common technique that is often being used to protect the location privacy of LBS users. This technique assigns a random pseudonym to each user and these pseudonyms can change over time. Here, we provide a general information theoretic definition for perfect location privacy and prove that perfect location privacy is achievable for mobile devices when using the anonymization technique appropriately. First, we assume that the user’s current location is independent from her past locations. Using this i.i.d model, we show that if the pseudonym of the user is changed before O(n2/(r−1)) number of anonymized observations is made by the adversary for that user, then she has perfect location privacy, where n is the number of users in the network and r is the number of all possible locations that the user might occupy. Then, we model each user’s movement by a Markov chain so that a user’s current location depends on his previous locations, which is a more realistic model when approximating real world data. We show that perfect location privacy is achievable in this model if the pseudonym of the user is changed before O(n2/(|E|−r)) anonymized observations is collected by the adversary for that user where |E| is the number of edges in the user’s Markov model.

Location Privacy

Perfect Location Privacy

Location Based Services

Mutual Information

Markov Chain

Wireless device

Computer Engineering

Computer Sciences

Engineering

Information Security

Multidimensional epidemiological transformations : addressing location-privacy in public health practice

Abdel Malik, Philip

January 2011

The ability to control one’s own personally identifiable information is a worthwhile human right that is becoming increasingly vulnerable. However just as significant, if not more so, is the right to health. With increasing globalisation and threats of natural disasters and acts of terrorism, this right is also becoming increasingly vulnerable. Public health practice – which is charged with the protection, promotion and mitigation of the health of society and its individuals – has been at odds with the right to privacy. This is particularly significant when location privacy is under consideration. Spatial information is an important aspect of public health, yet the increasing availability of spatial imagery and location-sensitive applications and technologies has brought location-privacy to the forefront, threatening to negatively impact the practice of public health by inhibiting or severely limiting data-sharing. This study begins by reviewing the current relevant legislation as it pertains to public health and investigates the public health community’s perceptions on location privacy barriers to the practice. Bureaucracy and legislation are identified by survey participants as the two greatest privacy-related barriers to public health. In response to this clash, a number of solutions and workarounds are proposed in the literature to compensate for location privacy. However, as their weaknesses are outlined, a novel approach - the multidimensional point transform - that works synergistically on multiple dimensions, including location, to anonymise data is developed and demonstrated. Finally, a framework for guiding decisions on data-sharing and identifying requirements is proposed and a sample implementation is demonstrated through a fictitious scenario. For each aspect of the study, a tool prototype and/or design for implementation is proposed and explained, and the need for further development of these is highlighted. In summary, this study provides a multi-disciplinary and multidimensional solution to the clash between privacy and data-sharing in public health practice.

361

One-Round Mutual Authentication Mechanism Based on Symmetric-Key Cryptosystems with Forward Secrecy and Location Privacy for Wireless Networks

Cheng, Yen-hung

12 August 2009

In recent years, the development of mobile networks is thriving or flourishing from 2G GSM, 2.5G GPRS, 3G UMTS to All-IP 4G, which integrates all heterogeneous networks and becomes mature and popular nowadays. Using mobile devices for voice transferring and multimedia sharing is also a part of our life. Mobile networks provide us an efficient way to exchange messages easily. However, these messages often contain critical personal data or private information. Transferring these messages freely in mobile network is dangerous since they can be eavesdropped easily by malicious mobile users for some illegal purposes, such as committing a crime. Hence, to avoid the exposure of the transmitted messages, robust security mechanisms are required. In this thesis, we will propose a one-round mutual authentication protocol which is computation and communication efficient and secure such that the privacy of mobile users¡¦ identities and the confidentiality of their transmitted data are guaranteed. In computation complexity, the protocol only employs symmetric encryption and hash-mac functions. Due to the possession of forward secrecy, the past encrypted messages are secure, even under the exposure of long-term keys. Furthermore, our scheme achieves the goal of user privacy and location privacy by changing TMSI in every session. Therefore, the third party cannot link two different sessions by eavesdropping the communication. Finally, our scheme also can prevent false base attacks which make use of a powerful base station to redirect mobile users¡¦ messages to a fake base station to obtain certain advantages.

Forward Secrecy

UMTS

False Base Attacks

Mobile Networks

Location Privacy

Mutual Authentication

Scaling location-based services with location privacy constraints: architecture and algorithms

Bamba, Bhuvan

06 July 2010

Advances in sensing and positioning technology, fueled by wide deployment of wireless networks, have made many devices location-aware. These emerging technologies have enabled a new class of applications, known as Location-Based Services (LBS), offering both new business opportunities and a wide array of new quality of life enhancing services. One example of such services is spatial alarms, an enabling technology for location-based advertisement, location-based alerts or reminders and a host of other applications. On the other hand, the ability to locate mobile users accurately also opens door for new threats - the intrusion of location privacy. The time series of location data can be linked to personal identity, which leads to unauthorized information exposure about the individual's medical conditions, alternative lifestyles, unpopular political views or location-based spam and stalking. Thus, there are two important challenges for location-based service provisioning. How do we scale LBSs in the presence of client mobility and location dependent constraints for the multitude of new, upcoming location-based applications under a common framework? How do we provide anonymous location- based services with acceptable performance and quantifiable privacy protection in the next generation of mobile networks, systems and applications? This dissertation delivers technical solutions to address these important challenges. First, we introduce spatial alarms as the basic primitive to represent a class of locationbased services that require location-based trigger capability. Similar to time-based alarms, spatial alarms serve as spatial event reminders that enable us to express different location-based information needs supported by a variety of applications ranging from location-based advertisements, location-based personal assistants, to friend locator services like Google Latitude. We develop a generalized framework and a suite of optimization techniques for server-centric scalable processing of spatial alarms. Our architecture and algorithm development provide significant performance enhancement in terms of system scalability compared to naive spatial alarm processing techniques, while maintaining high accuracy for spatial alarm processing on the server side and reduced communication costs and energy consumption on the client side. Concretely, we develop safe period optimizations for alarm processing and introduce spatial alarm grouping techniques to further reduce the unnecessary safe period computation costs. In addition, we introduce a distributed alarm processing architecture that advocates the partitioning of the alarm processing load among the server and the relevant mobile clients to reduce the server load and minimize the client-to-server communication cost through intelligent distribution and parallelization. We also explore a variety of optimization opportunities such as incorporating non-spatial constraints into the location-based information monitoring problem and utilizing efficient indexing methods such as bitmap indexing to further enhance the performance and scalability of spatial alarm processing in the presence of mobility hotspots and skewed spatial alarm distributions. Second, we develop the PrivacyGrid framework for privacy-enhanced location service provisioning, focusing on providing customizable and personalized location privacy solutions while scaling the mobile systems and services to a large number of mobile users and a large number of service requests. The PrivacyGrid approach has three unique characteristics. First, we develop a three-tier architecture for scaling anonymous information delivery in a mobile environment while preserving customizable location privacy. Second, we develop a suite of fast, dynamic location cloaking algorithms. It is known that incorporation of privacy protection measures may lead to an inherent conflict between the level of privacy and the quality of services (QoS) provided by the location-based services. Our location cloaking algorithms can scale to higher levels of location anonymity while achieving a good balance between location privacy and QoS. Last but not the least; we develop two types of location anonymization models under the PrivacyGrid architecture, one provides the random way point mobility model based location cloaking solution, and the other provides a road network-based location privacy model powered by both location k-anonymity and segment s-anonymity. A set of graph-based location cloaking algorithms are developed, under the MobiCloak approach, to provide desired levels of privacy protection for users traveling on a road network through scalable processing of anonymous location services. This dissertation, to the best of our knowledge, is the first one that presents a systematic approach to the design and development of the spatial alarm processing framework and various optimization techniques. The concept of spatial alarms and the scaling techniques developed in this dissertation can serve as building blocks for many existing and emerging location-based and presence based information and computing services and applications. The second unique contribution made in this dissertation is its development of the PrivacyGrid architecture for scaling anonymous location based services under the random waypoint mobility model and its extension of the PrivacyGrid architecture through introducing the MobiCloak road-network based location cloaking algorithms with reciprocity support for spatially constrained network mobility model. Another unique feature of the PrivacyGrid and MobiCloak development is its ability to protect location privacy of mobile users while maintaining the end-to-end QoS for location-based service provisioning in the presence of dynamic and personalized privacy constraints.

Location-based services

Location privacy

Spatial alarms

Mobile system framework

Information services

Global Positioning System

Cost-effective and privacy-conscious cloud service provisioning: architectures and algorithms

Palanisamy, Balaji

27 August 2014

Cloud Computing represents a recent paradigm shift that enables users to share and remotely access high-powered computing resources (both infrastructure and software/services) contained in off-site data centers thereby allowing a more efficient use of hardware and software infrastructures. This growing trend in cloud computing, combined with the demands for Big Data and Big Data analytics, is driving the rapid evolution of datacenter technologies towards more cost-effective, consumer-driven, more privacy conscious and technology agnostic solutions. This dissertation is dedicated to taking a systematic approach to develop system-level techniques and algorithms to tackle the challenges of large-scale data processing in the Cloud and scaling and delivering privacy-aware services with anytime-anywhere availability. We analyze the key challenges in effective provisioning of Cloud services in the context of MapReduce-based parallel data processing considering the concerns of cost-effectiveness, performance guarantees and user-privacy and we develop a suite of solution techniques, architectures and models to support cost-optimized and privacy-preserving service provisioning in the Cloud. At the cloud resource provisioning tier, we develop a utility-driven MapReduce Cloud resource planning and management system called Cura for cost-optimally allocating resources to jobs. While existing services require users to select a number of complex cluster and job parameters and use those potentially sub-optimal per-job configurations, the Cura resource management achieves global resource optimization in the cloud by minimizing cost and maximizing resource utilization. We also address the challenges of resource management and job scheduling for large-scale parallel data processing in the Cloud in the presence of networking and storage bottlenecks commonly experienced in Cloud data centers. We develop Purlieus, a self-configurable locality-based data and virtual machine management framework that enables MapReduce jobs to access their data either locally or from close-by nodes including all input, output and intermediate data achieving significant improvements in job response time. We then extend our cloud resource management framework to support privacy-preserving data access and efficient privacy-conscious query processing. Concretely, we propose and implement VNCache: an efficient solution for MapReduce analysis of cloud-archived log data for privacy-conscious enterprises. Through a seamless data streaming and prefetching model in VNCache, Hadoop jobs begin execution as soon as they are launched without requiring any apriori downloading. At the cloud consumer tier, we develop mix-zone based techniques for delivering anonymous cloud services to mobile users on the move through Mobimix, a novel road-network mix-zone based framework that enables real time, location based service delivery without disclosing content or location privacy of the consumers.

Cloud computing

MapReduce

Big data

Cost-optimization

Locality-awareness

Caching

System privacy

Location privacy

Secure and Privacy-Aware Data Collection in Wireless Sensor Networks

Rodhe, Ioana

January 2012

A wireless sensor network is a collection of numerous sensors distributed on an area of interest to collect and process data from the environment. One particular threat in wireless sensor networks is node compromise attacks, that is, attacks where the adversary gets physical access to a node and to the programs and keying material stored on it. Only authorized queries should be allowed in the network and the integrity and confidentiality of the data that is being collected should be protected. We propose a layered key distribution scheme together with two protocols for query authentication and confidential data aggregation. The layered key distribution is more robust to node and communication failures than a predefined tree structure. The protocols are secure under the assumption that less than n sensor nodes are compromised. n is a design parameter that allows us to trade off security for overhead. When more than n sensor nodes are compromised, our simulations show that the attacker can only introduce unauthorized queries into a limited part of the network and can only get access to a small part of the data that is aggregated in the network. Considering the data collection protocol we also contribute with strategies to reduce the energy consumption of an integrity preserving in-network aggregation scheme to a level below the energy consumption of a non-aggregation scheme. Our improvements reduce node congestion by a factor of three and the total communication load by 30%. Location privacy of the users carrying mobile devices is another aspect considered in this thesis. Considering a mobile sink that collects data from the network, we propose a strategy for data collection that requires no information about the location and movement pattern of the sink. We show that it is possible to provide data collection services, while protecting the location privacy of the sink. When mobile phones with built-in sensors are used as sensor nodes, location information about where the data has been sensed can be used to trace users and infer other personal information about them, like state of health or personal preferences. Therefore, location privacy preserving mechanisms have been proposed to provide location privacy to the users. We investigate how a location privacy preserving mechanism influences the quality of the collected data and consider strategies to reconstruct the data distribution without compromising location privacy. / WISENET

Secure Data Collection

Key Distribution

Location Privacy

Quality of Information

Wireless Sensor Networks

Location privacy in automotive telematics

Iqbal, Muhammad Usman, Surveying & Spatial Information Systems, Faculty of Engineering, UNSW

January 2009

The convergence of transport, communication, computing and positioning technologies has enabled a smart car revolution. As a result, pricing of roads based on telematics technologies has gained significant attention. While there are promised benefits, systematic disclosure of precise location has the ability to impinge on privacy of a special kind, known as location privacy. The aim of this thesis is to provide technical designs that enhance the location privacy of motorists without compromising the benefits of accurate pricing. However, this research looks beyond a solely technology-based solution. For example, the ethical implications of the use of GPS data in pricing models have not been fully understood. Likewise, minimal research exists to evaluate the technical vulnerabilities that could be exploited to avoid criminal or financial penalties. To design a privacy-aware system, it is important to understand the needs of the stakeholders, most importantly the motorists. Knowledge about the anticipated privacy preferences of motorists is important in order to make reasonable predictions about their future willingness to adopt these systems. There is limited research so far on user perceptions regarding specific payment options in the uptake of privacy-aware systems. This thesis provides a critical privacy assessment of two mobility pricing systems, namely electronic tolls and mobility-priced insurance. As a result of this assessment, policy recommendations are developed which could support a common approach in facilitating privacy-aware mobility-pricing strategies. This thesis also evaluates the existing and potential inferential threats and vulnerabilities to develop security and privacy recommendations for privacy-aware pricing designs for tolls and insurance. Utilising these policy recommendations and analysing user-perception with regards to the feasibility of sustaining privacy , and willingness to pay for privacy, two privacy-aware mobility pricing designs have been presented which bridge the entire array of privacy interests and bring them together into a unified approach capable of sustaining legal protection as well as satisfying privacy requirements of motorists. It is maintained that it is only by social and technical analysis working in tandem that critical privacy issues in relation to location can be addressed.

GPS

Spatial privacy

Location privacy

Ethics

Telematics

Pay as you drive insurance

Privacy

Electronic Toll Collection

Security and Privacy in Dynamic Spectrum Access: Challenges and Solutions

January 2017

abstract: Dynamic spectrum access (DSA) has great potential to address worldwide spectrum shortage by enhancing spectrum efficiency. It allows unlicensed secondary users to access the under-utilized spectrum when the primary users are not transmitting. On the other hand, the open wireless medium subjects DSA systems to various security and privacy issues, which might hinder the practical deployment. This dissertation consists of two parts to discuss the potential challenges and solutions. The first part consists of three chapters, with a focus on secondary-user authentication. Chapter One gives an overview of the challenges and existing solutions in spectrum-misuse detection. Chapter Two presents SpecGuard, the first crowdsourced spectrum-misuse detection framework for DSA systems. In SpecGuard, three novel schemes are proposed for embedding and detecting a spectrum permit at the physical layer. Chapter Three proposes SafeDSA, a novel PHY-based scheme utilizing temporal features for authenticating secondary users. In SafeDSA, the secondary user embeds his spectrum authorization into the cyclic prefix of each physical-layer symbol, which can be detected and authenticated by a verifier. The second part also consists of three chapters, with a focus on crowdsourced spectrum sensing (CSS) with privacy consideration. CSS allows a spectrum sensing provider (SSP) to outsource the spectrum sensing to distributed mobile users. Without strong incentives and location-privacy protection in place, however, mobile users are reluctant to act as crowdsourcing workers for spectrum-sensing tasks. Chapter Four gives an overview of the challenges and existing solutions. Chapter Five presents PriCSS, where the SSP selects participants based on the exponential mechanism such that the participants' sensing cost, associated with their locations, are privacy-preserved. Chapter Six further proposes DPSense, a framework that allows the honest-but-curious SSP to select mobile users for executing spatiotemporal spectrum-sensing tasks without violating the location privacy of mobile users. By collecting perturbed location traces with differential privacy guarantee from participants, the SSP assigns spectrum-sensing tasks to participants with the consideration of both spatial and temporal factors. Through theoretical analysis and simulations, the efficacy and effectiveness of the proposed schemes are validated. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2017

Electrical engineering

Computer science

crowdsourced spectrum sensing

dynamic spectrum access

location privacy

spectrum misuse