Security and Performance Issues in Spectrum Sharing between Disparate Wireless Networks

Vaka, Pradeep Reddy

08 June 2017

The United States Federal Communications Commission (FCC) in its recent report and order has prescribed the creation of Citizens Broadband Radio Service (CRBS) in the 3.5 GHz band to enable sharing between wireless broadband devices and incumbent radar systems. This sharing will be enabled by use of geolocation database with supporting infrastructure termed as Spectrum Access System (SAS). Although using SAS for spectrum sharing has many pragmatic advantages, it also raises potentially serious operational security (OPSEC) issues. In this thesis, we explore OPSEC, location privacy in particular, of incumbent radars in the 3.5 GHz band. First, we show that adversarial secondary users can easily infer the locations of incumbent radars by making seemingly innocuous queries to the database. Then, we propose several obfuscation techniques that can be implemented by the SAS for countering such inference attacks. We also investigate obfuscation techniques' efficacy in minimizing spectral efficiency loss while preserving incumbent privacy. Recently, the 3GPP Rel.13 has specified a new standard to provide wide-area connectivity for IoT, termed as Narrowband IoT (NB-IoT). NB-IoT achieves excellent coexistence with legacy mobile standards, and can be deployed in any of the 2G/3G/4G spectrum (450 MHz to 3.5 GHz). Recent industry efforts show deployment of IoT networks in unlicensed spectrum, including shared bands (e.g., 3.5 GHz band). However, operating NB-IoT systems in the 3.5 GHz band can result in significant BLER and coverage loss. In this thesis, we analyse results from extensive experimental studies on the coexistence of NB-IoT and radar systems, and demonstrate the coverage loss of NB-IoT in shared spectrum. / Master of Science

Location Privacy

Coexistence

Spectrum Sharing

NB-IoT

Radar Systems

Achieving Perfect Location Privacy in Wireless Devices Using Anonymization

Montazeri, Zarrin

24 March 2017

The popularity of mobile devices and location-based services (LBS) have created great concerns regarding the location privacy of the users of such devices and services. Anonymization is a common technique that is often being used to protect the location privacy of LBS users. This technique assigns a random pseudonym to each user and these pseudonyms can change over time. Here, we provide a general information theoretic definition for perfect location privacy and prove that perfect location privacy is achievable for mobile devices when using the anonymization technique appropriately. First, we assume that the user’s current location is independent from her past locations. Using this i.i.d model, we show that if the pseudonym of the user is changed before O(n2/(r−1)) number of anonymized observations is made by the adversary for that user, then she has perfect location privacy, where n is the number of users in the network and r is the number of all possible locations that the user might occupy. Then, we model each user’s movement by a Markov chain so that a user’s current location depends on his previous locations, which is a more realistic model when approximating real world data. We show that perfect location privacy is achievable in this model if the pseudonym of the user is changed before O(n2/(|E|−r)) anonymized observations is collected by the adversary for that user where |E| is the number of edges in the user’s Markov model.

Location Privacy

Perfect Location Privacy

Location Based Services

Mutual Information

Markov Chain

Wireless device

Computer Engineering

Computer Sciences

Engineering

Information Security

Multidimensional epidemiological transformations : addressing location-privacy in public health practice

Abdel Malik, Philip

January 2011

The ability to control one’s own personally identifiable information is a worthwhile human right that is becoming increasingly vulnerable. However just as significant, if not more so, is the right to health. With increasing globalisation and threats of natural disasters and acts of terrorism, this right is also becoming increasingly vulnerable. Public health practice – which is charged with the protection, promotion and mitigation of the health of society and its individuals – has been at odds with the right to privacy. This is particularly significant when location privacy is under consideration. Spatial information is an important aspect of public health, yet the increasing availability of spatial imagery and location-sensitive applications and technologies has brought location-privacy to the forefront, threatening to negatively impact the practice of public health by inhibiting or severely limiting data-sharing. This study begins by reviewing the current relevant legislation as it pertains to public health and investigates the public health community’s perceptions on location privacy barriers to the practice. Bureaucracy and legislation are identified by survey participants as the two greatest privacy-related barriers to public health. In response to this clash, a number of solutions and workarounds are proposed in the literature to compensate for location privacy. However, as their weaknesses are outlined, a novel approach - the multidimensional point transform - that works synergistically on multiple dimensions, including location, to anonymise data is developed and demonstrated. Finally, a framework for guiding decisions on data-sharing and identifying requirements is proposed and a sample implementation is demonstrated through a fictitious scenario. For each aspect of the study, a tool prototype and/or design for implementation is proposed and explained, and the need for further development of these is highlighted. In summary, this study provides a multi-disciplinary and multidimensional solution to the clash between privacy and data-sharing in public health practice.

361

One-Round Mutual Authentication Mechanism Based on Symmetric-Key Cryptosystems with Forward Secrecy and Location Privacy for Wireless Networks

Cheng, Yen-hung

12 August 2009

In recent years, the development of mobile networks is thriving or flourishing from 2G GSM, 2.5G GPRS, 3G UMTS to All-IP 4G, which integrates all heterogeneous networks and becomes mature and popular nowadays. Using mobile devices for voice transferring and multimedia sharing is also a part of our life. Mobile networks provide us an efficient way to exchange messages easily. However, these messages often contain critical personal data or private information. Transferring these messages freely in mobile network is dangerous since they can be eavesdropped easily by malicious mobile users for some illegal purposes, such as committing a crime. Hence, to avoid the exposure of the transmitted messages, robust security mechanisms are required. In this thesis, we will propose a one-round mutual authentication protocol which is computation and communication efficient and secure such that the privacy of mobile users¡¦ identities and the confidentiality of their transmitted data are guaranteed. In computation complexity, the protocol only employs symmetric encryption and hash-mac functions. Due to the possession of forward secrecy, the past encrypted messages are secure, even under the exposure of long-term keys. Furthermore, our scheme achieves the goal of user privacy and location privacy by changing TMSI in every session. Therefore, the third party cannot link two different sessions by eavesdropping the communication. Finally, our scheme also can prevent false base attacks which make use of a powerful base station to redirect mobile users¡¦ messages to a fake base station to obtain certain advantages.

Forward Secrecy

UMTS

False Base Attacks

Mobile Networks

Location Privacy

Mutual Authentication

Scaling location-based services with location privacy constraints: architecture and algorithms

Bamba, Bhuvan

06 July 2010

Advances in sensing and positioning technology, fueled by wide deployment of wireless networks, have made many devices location-aware. These emerging technologies have enabled a new class of applications, known as Location-Based Services (LBS), offering both new business opportunities and a wide array of new quality of life enhancing services. One example of such services is spatial alarms, an enabling technology for location-based advertisement, location-based alerts or reminders and a host of other applications. On the other hand, the ability to locate mobile users accurately also opens door for new threats - the intrusion of location privacy. The time series of location data can be linked to personal identity, which leads to unauthorized information exposure about the individual's medical conditions, alternative lifestyles, unpopular political views or location-based spam and stalking. Thus, there are two important challenges for location-based service provisioning. How do we scale LBSs in the presence of client mobility and location dependent constraints for the multitude of new, upcoming location-based applications under a common framework? How do we provide anonymous location- based services with acceptable performance and quantifiable privacy protection in the next generation of mobile networks, systems and applications? This dissertation delivers technical solutions to address these important challenges. First, we introduce spatial alarms as the basic primitive to represent a class of locationbased services that require location-based trigger capability. Similar to time-based alarms, spatial alarms serve as spatial event reminders that enable us to express different location-based information needs supported by a variety of applications ranging from location-based advertisements, location-based personal assistants, to friend locator services like Google Latitude. We develop a generalized framework and a suite of optimization techniques for server-centric scalable processing of spatial alarms. Our architecture and algorithm development provide significant performance enhancement in terms of system scalability compared to naive spatial alarm processing techniques, while maintaining high accuracy for spatial alarm processing on the server side and reduced communication costs and energy consumption on the client side. Concretely, we develop safe period optimizations for alarm processing and introduce spatial alarm grouping techniques to further reduce the unnecessary safe period computation costs. In addition, we introduce a distributed alarm processing architecture that advocates the partitioning of the alarm processing load among the server and the relevant mobile clients to reduce the server load and minimize the client-to-server communication cost through intelligent distribution and parallelization. We also explore a variety of optimization opportunities such as incorporating non-spatial constraints into the location-based information monitoring problem and utilizing efficient indexing methods such as bitmap indexing to further enhance the performance and scalability of spatial alarm processing in the presence of mobility hotspots and skewed spatial alarm distributions. Second, we develop the PrivacyGrid framework for privacy-enhanced location service provisioning, focusing on providing customizable and personalized location privacy solutions while scaling the mobile systems and services to a large number of mobile users and a large number of service requests. The PrivacyGrid approach has three unique characteristics. First, we develop a three-tier architecture for scaling anonymous information delivery in a mobile environment while preserving customizable location privacy. Second, we develop a suite of fast, dynamic location cloaking algorithms. It is known that incorporation of privacy protection measures may lead to an inherent conflict between the level of privacy and the quality of services (QoS) provided by the location-based services. Our location cloaking algorithms can scale to higher levels of location anonymity while achieving a good balance between location privacy and QoS. Last but not the least; we develop two types of location anonymization models under the PrivacyGrid architecture, one provides the random way point mobility model based location cloaking solution, and the other provides a road network-based location privacy model powered by both location k-anonymity and segment s-anonymity. A set of graph-based location cloaking algorithms are developed, under the MobiCloak approach, to provide desired levels of privacy protection for users traveling on a road network through scalable processing of anonymous location services. This dissertation, to the best of our knowledge, is the first one that presents a systematic approach to the design and development of the spatial alarm processing framework and various optimization techniques. The concept of spatial alarms and the scaling techniques developed in this dissertation can serve as building blocks for many existing and emerging location-based and presence based information and computing services and applications. The second unique contribution made in this dissertation is its development of the PrivacyGrid architecture for scaling anonymous location based services under the random waypoint mobility model and its extension of the PrivacyGrid architecture through introducing the MobiCloak road-network based location cloaking algorithms with reciprocity support for spatially constrained network mobility model. Another unique feature of the PrivacyGrid and MobiCloak development is its ability to protect location privacy of mobile users while maintaining the end-to-end QoS for location-based service provisioning in the presence of dynamic and personalized privacy constraints.

Location-based services

Location privacy

Spatial alarms

Mobile system framework

Information services

Global Positioning System

Cost-effective and privacy-conscious cloud service provisioning: architectures and algorithms

Palanisamy, Balaji

27 August 2014

Cloud Computing represents a recent paradigm shift that enables users to share and remotely access high-powered computing resources (both infrastructure and software/services) contained in off-site data centers thereby allowing a more efficient use of hardware and software infrastructures. This growing trend in cloud computing, combined with the demands for Big Data and Big Data analytics, is driving the rapid evolution of datacenter technologies towards more cost-effective, consumer-driven, more privacy conscious and technology agnostic solutions. This dissertation is dedicated to taking a systematic approach to develop system-level techniques and algorithms to tackle the challenges of large-scale data processing in the Cloud and scaling and delivering privacy-aware services with anytime-anywhere availability. We analyze the key challenges in effective provisioning of Cloud services in the context of MapReduce-based parallel data processing considering the concerns of cost-effectiveness, performance guarantees and user-privacy and we develop a suite of solution techniques, architectures and models to support cost-optimized and privacy-preserving service provisioning in the Cloud. At the cloud resource provisioning tier, we develop a utility-driven MapReduce Cloud resource planning and management system called Cura for cost-optimally allocating resources to jobs. While existing services require users to select a number of complex cluster and job parameters and use those potentially sub-optimal per-job configurations, the Cura resource management achieves global resource optimization in the cloud by minimizing cost and maximizing resource utilization. We also address the challenges of resource management and job scheduling for large-scale parallel data processing in the Cloud in the presence of networking and storage bottlenecks commonly experienced in Cloud data centers. We develop Purlieus, a self-configurable locality-based data and virtual machine management framework that enables MapReduce jobs to access their data either locally or from close-by nodes including all input, output and intermediate data achieving significant improvements in job response time. We then extend our cloud resource management framework to support privacy-preserving data access and efficient privacy-conscious query processing. Concretely, we propose and implement VNCache: an efficient solution for MapReduce analysis of cloud-archived log data for privacy-conscious enterprises. Through a seamless data streaming and prefetching model in VNCache, Hadoop jobs begin execution as soon as they are launched without requiring any apriori downloading. At the cloud consumer tier, we develop mix-zone based techniques for delivering anonymous cloud services to mobile users on the move through Mobimix, a novel road-network mix-zone based framework that enables real time, location based service delivery without disclosing content or location privacy of the consumers.

Cloud computing

MapReduce

Big data

Cost-optimization

Locality-awareness

Caching

System privacy

Location privacy

Secure and Privacy-Aware Data Collection in Wireless Sensor Networks

Rodhe, Ioana

January 2012

A wireless sensor network is a collection of numerous sensors distributed on an area of interest to collect and process data from the environment. One particular threat in wireless sensor networks is node compromise attacks, that is, attacks where the adversary gets physical access to a node and to the programs and keying material stored on it. Only authorized queries should be allowed in the network and the integrity and confidentiality of the data that is being collected should be protected. We propose a layered key distribution scheme together with two protocols for query authentication and confidential data aggregation. The layered key distribution is more robust to node and communication failures than a predefined tree structure. The protocols are secure under the assumption that less than n sensor nodes are compromised. n is a design parameter that allows us to trade off security for overhead. When more than n sensor nodes are compromised, our simulations show that the attacker can only introduce unauthorized queries into a limited part of the network and can only get access to a small part of the data that is aggregated in the network. Considering the data collection protocol we also contribute with strategies to reduce the energy consumption of an integrity preserving in-network aggregation scheme to a level below the energy consumption of a non-aggregation scheme. Our improvements reduce node congestion by a factor of three and the total communication load by 30%. Location privacy of the users carrying mobile devices is another aspect considered in this thesis. Considering a mobile sink that collects data from the network, we propose a strategy for data collection that requires no information about the location and movement pattern of the sink. We show that it is possible to provide data collection services, while protecting the location privacy of the sink. When mobile phones with built-in sensors are used as sensor nodes, location information about where the data has been sensed can be used to trace users and infer other personal information about them, like state of health or personal preferences. Therefore, location privacy preserving mechanisms have been proposed to provide location privacy to the users. We investigate how a location privacy preserving mechanism influences the quality of the collected data and consider strategies to reconstruct the data distribution without compromising location privacy. / WISENET

Secure Data Collection

Key Distribution

Location Privacy

Quality of Information

Wireless Sensor Networks

Location privacy in automotive telematics

Iqbal, Muhammad Usman, Surveying & Spatial Information Systems, Faculty of Engineering, UNSW

January 2009

The convergence of transport, communication, computing and positioning technologies has enabled a smart car revolution. As a result, pricing of roads based on telematics technologies has gained significant attention. While there are promised benefits, systematic disclosure of precise location has the ability to impinge on privacy of a special kind, known as location privacy. The aim of this thesis is to provide technical designs that enhance the location privacy of motorists without compromising the benefits of accurate pricing. However, this research looks beyond a solely technology-based solution. For example, the ethical implications of the use of GPS data in pricing models have not been fully understood. Likewise, minimal research exists to evaluate the technical vulnerabilities that could be exploited to avoid criminal or financial penalties. To design a privacy-aware system, it is important to understand the needs of the stakeholders, most importantly the motorists. Knowledge about the anticipated privacy preferences of motorists is important in order to make reasonable predictions about their future willingness to adopt these systems. There is limited research so far on user perceptions regarding specific payment options in the uptake of privacy-aware systems. This thesis provides a critical privacy assessment of two mobility pricing systems, namely electronic tolls and mobility-priced insurance. As a result of this assessment, policy recommendations are developed which could support a common approach in facilitating privacy-aware mobility-pricing strategies. This thesis also evaluates the existing and potential inferential threats and vulnerabilities to develop security and privacy recommendations for privacy-aware pricing designs for tolls and insurance. Utilising these policy recommendations and analysing user-perception with regards to the feasibility of sustaining privacy , and willingness to pay for privacy, two privacy-aware mobility pricing designs have been presented which bridge the entire array of privacy interests and bring them together into a unified approach capable of sustaining legal protection as well as satisfying privacy requirements of motorists. It is maintained that it is only by social and technical analysis working in tandem that critical privacy issues in relation to location can be addressed.

GPS

Spatial privacy

Location privacy

Ethics

Telematics

Pay as you drive insurance

Privacy

Electronic Toll Collection

Security and Privacy in Dynamic Spectrum Access: Challenges and Solutions

January 2017

abstract: Dynamic spectrum access (DSA) has great potential to address worldwide spectrum shortage by enhancing spectrum efficiency. It allows unlicensed secondary users to access the under-utilized spectrum when the primary users are not transmitting. On the other hand, the open wireless medium subjects DSA systems to various security and privacy issues, which might hinder the practical deployment. This dissertation consists of two parts to discuss the potential challenges and solutions. The first part consists of three chapters, with a focus on secondary-user authentication. Chapter One gives an overview of the challenges and existing solutions in spectrum-misuse detection. Chapter Two presents SpecGuard, the first crowdsourced spectrum-misuse detection framework for DSA systems. In SpecGuard, three novel schemes are proposed for embedding and detecting a spectrum permit at the physical layer. Chapter Three proposes SafeDSA, a novel PHY-based scheme utilizing temporal features for authenticating secondary users. In SafeDSA, the secondary user embeds his spectrum authorization into the cyclic prefix of each physical-layer symbol, which can be detected and authenticated by a verifier. The second part also consists of three chapters, with a focus on crowdsourced spectrum sensing (CSS) with privacy consideration. CSS allows a spectrum sensing provider (SSP) to outsource the spectrum sensing to distributed mobile users. Without strong incentives and location-privacy protection in place, however, mobile users are reluctant to act as crowdsourcing workers for spectrum-sensing tasks. Chapter Four gives an overview of the challenges and existing solutions. Chapter Five presents PriCSS, where the SSP selects participants based on the exponential mechanism such that the participants' sensing cost, associated with their locations, are privacy-preserved. Chapter Six further proposes DPSense, a framework that allows the honest-but-curious SSP to select mobile users for executing spatiotemporal spectrum-sensing tasks without violating the location privacy of mobile users. By collecting perturbed location traces with differential privacy guarantee from participants, the SSP assigns spectrum-sensing tasks to participants with the consideration of both spatial and temporal factors. Through theoretical analysis and simulations, the efficacy and effectiveness of the proposed schemes are validated. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2017

Electrical engineering

Computer science

crowdsourced spectrum sensing

dynamic spectrum access

location privacy

spectrum misuse

Parasitic Tracking Mobile Wireless Networks / Parasitisk spårning av mobila trådlösa nätverk

Xu, Bowen

January 2021

Along with the growth and popularity of mobile networks, users enjoy more convenient connection and communication. However, exposure of user presence in mobile networks is becoming a major concern and motivated a plethora of LPPM Location Privacy Protection Mechanisms (LPPMs) have been proposed and analysed, notably considering powerful adversaries with rich data at their disposal, e.g., mobile network service providers or Location Based Services (LBS). In this thesis, we consider a complementary challenge: exposure of users to their peers or other nearby devices. In other words, we are concerned with devices in the vicinity that happen to eavesdrop (or learn in the context of a peer-to-peer protocol execution) MAC/IP addresses or Bluetooth device names, to link user activities over a large area (e.g., a city), and especially when a small subset of the mobile network devices parasitically logged such encounters, even scattered in space and time, and collaboratively breach user privacy. The eavesdroppers can be honest-but-curious network infrastructures such as wireless routers, base stations, or adversaries equipped with Bluetooth or WiFi sniffers. The goal of this thesis is to simulate location privacy attacks for mobile network and measure the location privacy exposure under these attacks. We consider adversaries with varying capabilities, e.g., number of deployable eavesdroppers in the network and coverage of eavesdropper, and evaluate the effect of such adversarial capabilities on privacy exposure of mobile users. We evaluate privacy exposure with two different metrics, i.e., Exposure Degree and Average Displacement Error (ADE).We use Exposure Degree as a preliminary metric to measure the general coverage of deployed eavesdroppers in the considered area. ADE is used to measure the average distance between user’s actual trace points and user’s trajectory predictions. We simulate three attack cases in our scheme. In the first case, we assume the attacker only acquires the collected data from users. We vary the number of receivers to test attack capacity. Exposure Degree is used to evaluate location privacy in this case. For the second and third cases, we assume the attacker also has some knowledge about users’ history traces. Thus, the attacker can utilize machine learning models to make prediction about user’s trace. We leverage Long Short-Term Memory (LSTM) neural network and Hidden Markov Model (HMM) to conduct real-time prediction and Heuristic LSTM to reconstruct more precise user trajectories. ADE is used to evaluate the degree of location privacy exposure in this cases. The experiment results show that LSTM performs better than HMM on trace prediction in our scheme. Higher number of eavesdroppers would decrease the ADE of LSTM model (increase user location privacy exposure). The increase of communication range of receiver can decrease ADE but will incur ADE increase if communication range successively increases. The Heuristic LSTM model performs better than LSTM to abuse user location privacy under the situation that the attacker reconstructs more precise users trajectories based on the in-complete observed trace sequence. / Tillsammans med mobilnätens tillväxt och popularitet, njuter användarna av bekvämare anslutning och kommunikation. Exponering av användarnas närvaro i mobilnät blir emellertid ett stort bekymmer och motiverade en uppsjö av Location Privacy Protection Mechanisms (LPPM) har föreslagits och analyserats, särskilt med tanke på kraftfulla motståndare med rik data till sitt förfogande, t.ex. mobila nätverksleverantörer eller Platsbaserade tjänster (LBS). I denna avhandling betraktar vi en kompletterande utmaning: exponering av användare för sina kamrater eller andra närliggande enheter. Med andra ord, vi är bekymrade över enheter i närheten som råkar avlyssna (eller lära sig i samband med exekvering av peer-to-peer-protokoll) MAC/IP-adresser eller Bluetooth-enhetsnamn, för att länka användaraktiviteter över ett stort område ( t.ex. en stad), och särskilt när en liten delmängd av mobilnätverksenheterna parasitiskt loggar sådana möten, till och med spridda i rymden och tiden, och tillsammans kränker användarnas integritet. Avlyssningarna kan vara ärliga men nyfikna nätverksinfrastrukturer som trådlösa routrar, basstationer eller motståndare utrustade med Bluetooth eller WiFi-sniffare. Målet med denna avhandling är att simulera platssekretessattacker för mobilnät och mäta platsens integritetsexponering under dessa attacker. Vi betraktar motståndare med varierande kapacitet, t.ex. antalet utplacerbara avlyssnare i nätverket och täckning av avlyssning, och utvärderar effekten av sådana motståndaregenskaper på mobilanvändares integritetsexponering. Vi utvärderar integritetsexponering med två olika mått, dvs. exponeringsgrad och genomsnittligt förskjutningsfel (ADE). Vi använder exponeringsgrad som ett preliminärt mått för att mäta den allmänna täckningen av utplacerade avlyssnare i det aktuella området. ADE används för att mäta det genomsnittliga avståndet mellan användarens faktiska spårpunkter och användarens banprognoser. Vi simulerar tre attackfall i vårt schema. I det första fallet antar vi att angriparen bara hämtar insamlad data från användare. Vi varierar antalet mottagare för att testa attackkapacitet. Exponeringsgrad används i detta fall för att utvärdera sekretess på plats. För det andra och tredje fallet antar vi att angriparen också har viss kunskap om användares historikspår. Således kan angriparen använda maskininlärningsmodeller för att förutsäga användarens spår. Vi utnyttjar Long Short-Term Memory (LSTM) neuralt nätverk och Hidden Markov Model (HMM) för att genomföra förutsägelser i realtid och Heuristic LSTM för att rekonstruera mer exakta användarbanor. ADE används för att utvärdera graden av platsexponering i detta fall. Experimentresultaten visar att LSTM presterar bättre än HMM på spårprognoser i vårt schema. Ett högre antal avlyssnare skulle minska ADE för LSTM -modellen (öka användarplatsens integritetsexponering). Ökningen av mottagarens kommunikationsområde kan minska ADE men kommer att medföra ADE -ökning om kommunikationsområdet successivt ökar. Den heuristiska LSTM-modellen fungerar bättre än LSTM för att missbruka användarplatsens integritet under situationen att angriparen rekonstruerar mer exakta användarbanor baserat på den fullständigt observerade spårningssekvensen.

Location privacy attack and evaluation

mobile network simulation

parasitic attacker

Heuristic LSTM

Computer Sciences

Datavetenskap (datalogi)