Spelling suggestions: "subject:"cocation privacy."" "subject:"borocation privacy.""
21 |
Parasitic Tracking Mobile Wireless Networks / Parasitisk spårning av mobila trådlösa nätverkXu, Bowen January 2021 (has links)
Along with the growth and popularity of mobile networks, users enjoy more convenient connection and communication. However, exposure of user presence in mobile networks is becoming a major concern and motivated a plethora of LPPM Location Privacy Protection Mechanisms (LPPMs) have been proposed and analysed, notably considering powerful adversaries with rich data at their disposal, e.g., mobile network service providers or Location Based Services (LBS). In this thesis, we consider a complementary challenge: exposure of users to their peers or other nearby devices. In other words, we are concerned with devices in the vicinity that happen to eavesdrop (or learn in the context of a peer-to-peer protocol execution) MAC/IP addresses or Bluetooth device names, to link user activities over a large area (e.g., a city), and especially when a small subset of the mobile network devices parasitically logged such encounters, even scattered in space and time, and collaboratively breach user privacy. The eavesdroppers can be honest-but-curious network infrastructures such as wireless routers, base stations, or adversaries equipped with Bluetooth or WiFi sniffers. The goal of this thesis is to simulate location privacy attacks for mobile network and measure the location privacy exposure under these attacks. We consider adversaries with varying capabilities, e.g., number of deployable eavesdroppers in the network and coverage of eavesdropper, and evaluate the effect of such adversarial capabilities on privacy exposure of mobile users. We evaluate privacy exposure with two different metrics, i.e., Exposure Degree and Average Displacement Error (ADE).We use Exposure Degree as a preliminary metric to measure the general coverage of deployed eavesdroppers in the considered area. ADE is used to measure the average distance between user’s actual trace points and user’s trajectory predictions. We simulate three attack cases in our scheme. In the first case, we assume the attacker only acquires the collected data from users. We vary the number of receivers to test attack capacity. Exposure Degree is used to evaluate location privacy in this case. For the second and third cases, we assume the attacker also has some knowledge about users’ history traces. Thus, the attacker can utilize machine learning models to make prediction about user’s trace. We leverage Long Short-Term Memory (LSTM) neural network and Hidden Markov Model (HMM) to conduct real-time prediction and Heuristic LSTM to reconstruct more precise user trajectories. ADE is used to evaluate the degree of location privacy exposure in this cases. The experiment results show that LSTM performs better than HMM on trace prediction in our scheme. Higher number of eavesdroppers would decrease the ADE of LSTM model (increase user location privacy exposure). The increase of communication range of receiver can decrease ADE but will incur ADE increase if communication range successively increases. The Heuristic LSTM model performs better than LSTM to abuse user location privacy under the situation that the attacker reconstructs more precise users trajectories based on the in-complete observed trace sequence. / Tillsammans med mobilnätens tillväxt och popularitet, njuter användarna av bekvämare anslutning och kommunikation. Exponering av användarnas närvaro i mobilnät blir emellertid ett stort bekymmer och motiverade en uppsjö av Location Privacy Protection Mechanisms (LPPM) har föreslagits och analyserats, särskilt med tanke på kraftfulla motståndare med rik data till sitt förfogande, t.ex. mobila nätverksleverantörer eller Platsbaserade tjänster (LBS). I denna avhandling betraktar vi en kompletterande utmaning: exponering av användare för sina kamrater eller andra närliggande enheter. Med andra ord, vi är bekymrade över enheter i närheten som råkar avlyssna (eller lära sig i samband med exekvering av peer-to-peer-protokoll) MAC/IP-adresser eller Bluetooth-enhetsnamn, för att länka användaraktiviteter över ett stort område ( t.ex. en stad), och särskilt när en liten delmängd av mobilnätverksenheterna parasitiskt loggar sådana möten, till och med spridda i rymden och tiden, och tillsammans kränker användarnas integritet. Avlyssningarna kan vara ärliga men nyfikna nätverksinfrastrukturer som trådlösa routrar, basstationer eller motståndare utrustade med Bluetooth eller WiFi-sniffare. Målet med denna avhandling är att simulera platssekretessattacker för mobilnät och mäta platsens integritetsexponering under dessa attacker. Vi betraktar motståndare med varierande kapacitet, t.ex. antalet utplacerbara avlyssnare i nätverket och täckning av avlyssning, och utvärderar effekten av sådana motståndaregenskaper på mobilanvändares integritetsexponering. Vi utvärderar integritetsexponering med två olika mått, dvs. exponeringsgrad och genomsnittligt förskjutningsfel (ADE). Vi använder exponeringsgrad som ett preliminärt mått för att mäta den allmänna täckningen av utplacerade avlyssnare i det aktuella området. ADE används för att mäta det genomsnittliga avståndet mellan användarens faktiska spårpunkter och användarens banprognoser. Vi simulerar tre attackfall i vårt schema. I det första fallet antar vi att angriparen bara hämtar insamlad data från användare. Vi varierar antalet mottagare för att testa attackkapacitet. Exponeringsgrad används i detta fall för att utvärdera sekretess på plats. För det andra och tredje fallet antar vi att angriparen också har viss kunskap om användares historikspår. Således kan angriparen använda maskininlärningsmodeller för att förutsäga användarens spår. Vi utnyttjar Long Short-Term Memory (LSTM) neuralt nätverk och Hidden Markov Model (HMM) för att genomföra förutsägelser i realtid och Heuristic LSTM för att rekonstruera mer exakta användarbanor. ADE används för att utvärdera graden av platsexponering i detta fall. Experimentresultaten visar att LSTM presterar bättre än HMM på spårprognoser i vårt schema. Ett högre antal avlyssnare skulle minska ADE för LSTM -modellen (öka användarplatsens integritetsexponering). Ökningen av mottagarens kommunikationsområde kan minska ADE men kommer att medföra ADE -ökning om kommunikationsområdet successivt ökar. Den heuristiska LSTM-modellen fungerar bättre än LSTM för att missbruka användarplatsens integritet under situationen att angriparen rekonstruerar mer exakta användarbanor baserat på den fullständigt observerade spårningssekvensen.
|
22 |
Wireless Network Physical Layer Security with Smart AntennaWang, Ting 17 June 2013 (has links)
Smart antenna technique has emerged as one of the leading technologies for enhancing the quality of service in wireless networks. Because of its ability to concentrate transmit power in desired directions, it has been widely adopted by academia and industry to achieve better coverage, improved capacity and spectrum efficiency of wireless communication systems. In spite of its popularity in applications of performance enhancement, the smart antenna's capability of improving wireless network security is relatively less explored. This dissertation focuses on exploiting the smart antenna technology to develop physical layer solutions to anti-eavesdropping and location security problems.
We first investigate the problem of enhancing wireless communication privacy. A novel scheme named "artificial fading" is proposed, which leverages the beam switching capability of smart antennas to prevent eavesdropping attacks. We introduce the optimization strategy to design a pair of switched beam patterns that both have high directional gain to the intended receiver. Meanwhile, in all the other directions, the overlap between these two patterns is minimized. The transmitter switches between the two patterns at a high frequency. In this way, the signal to unintended directions experiences severe fading and the eavesdropper cannot decode it. We use simulation experiments to show that the artificial fading outperforms single pattern beamforming in reducing the unnecessary coverage area of the wireless transmitter.
We then study the impact of beamforming technique on wireless localization systems from the perspectives of both location privacy protection and location spoofing attack.
For the location privacy preservation scheme, we assume that the adversary uses received signal strength (RSS) based localization systems to localize network users in Wireless LAN (WLAN). The purpose of the scheme is to make the adversary unable to uniquely localize the user when possible, and otherwise, maximize error of the adversary's localization results. To this end, we design a two-step scheme to optimize the beamforming pattern of the wireless user's smart antenna. First, the user moves around to estimate the locations of surrounding access points (APs). Then based on the locations of the APs, pattern synthesis is optimized to minimize the number of APs in the coverage area and degenerate the localization precision. Simulation results show that our scheme can significantly lower the chance of being localized by adversaries and also degrade the location estimation precision to as low as the coverage range of the AP that the wireless user is connected to.
As personal privacy preservation and security assurance at the system level are always conflictive to some extent, the capability of smart antenna to intentionally bias the RSS measurements of the localization system also potentially enables location spoofing attacks. From this aspect, we present theoretical analysis on the feasibility of beamforming-based perfect location spoofing (PLS) attacks, where the attacker spoofs to a target fake location by carefully choosing the beamforming pattern to fool the location system. The PLS problem is formulated as a nonlinear feasibility problem, and due to its intractable nature, we solve it using semidefinite relaxation (SDR) in conjunction with a heuristic local search algorithm. Simulation results show the effectiveness of our analytical approach and indicate the correlation between the geometry of anchor deployment and the feasibility of PLS attacks. Based on the simulation results, guidelines for guard against PLS attacks are provided. / Ph. D.
|
23 |
Spectrum Management Issues in Centralized and Distributed Dynamic Spectrum AccessLin, Yousi 22 July 2021 (has links)
Dynamic spectrum access (DSA) is a powerful approach to mitigate the spectrum scarcity problem caused by rapid increase in wireless communication demands. Based on architecture design, DSA systems can be categorized as centralized and distributed. To successfully enable DSA, both centralized and distributed systems have to deal with spectrum management issues including spectrum sensing, spectrum decision, spectrum sharing and spectrum mobility. Our work starts by investigating the challenges of efficient spectrum monitoring in centralized spectrum sensing. Since central controllers usually require the presence information of incumbent users/primary users (IUs) for decision making, which is obtained during spectrum sensing, privacy issues of IUs become big concerns in some DSA systems where IUs have strong operation security needs. To aid in this, we design novel location privacy protection schemes for IUs. Considering the general drawbacks of centralized systems including high computational overhead for central controllers, single point failure and IU privacy issues, in many scenarios, a distributed DSA system is required. In this dissertation, we also cope with the spectrum sharing issues in distributed spectrum management, specifically the secondary user (SU) power control problem, by developing distributed and secure transmit power control algorithms for SUs.
In centralized spectrum management, the common approach for spectrum monitoring is to build infrastructures (e.g. spectrum observatories), which cost much money and manpower yet have relatively low coverage. To aid in this, we propose a crowdsourcing based spectrum monitoring system to capture the accurate spectrum utilization at a large geographical area, which leverages the power of masses of portable mobile devices. The central controller can accurately predict future spectrum utilization and intelligently schedule the spectrum monitoring tasks among mobile SUs accordingly, so that the energy of mobile devices can be saved and more spectrum activities can be monitored. We also demonstrate our system's ability to capture not only the existing spectrum access patterns but also the unknown patterns where no historical spectrum information exists. The experiment shows that our spectrum monitoring system can obtain a high spectrum monitoring coverage with low energy consumption.
Environmental Sensing Capability (ESC) systems are utilized in DSA in 3.5 GHz to sense the IU activities for protecting them from SUs' interference. However, IU location information is often highly sensitive in this band and hence it is preferable to hide its true location under the detection of ESCs. As a remedy, we design novel schemes to preserve both static and moving IU's location information by adjusting IU's radiation pattern and transmit power. We first formulate IU privacy protection problems for static IU. Due to the intractable nature of this problem, we propose a heuristic approach based on sampling. We also formulate the privacy protection problem for moving IUs, in which two cases are analyzed: (1) protect IU's moving traces; (2) protect its real-time current location information. Our analysis provides insightful advice for IU to preserve its location privacy against ESCs. Simulation results show that our approach provides great protection for IU's location privacy.
Centralized DSA spectrum management systems has to bear several fundamental issues, such as the heavy computational overhead for central controllers, single point failure and privacy concerns of IU caused by large amounts of information exchange between users and controllers and often untrusted operators of the central controllers. In this dissertation, we propose an alternative distributed and privacy-preserving spectrum sharing design for DSA, which relies on distributed SU power control and security mechanisms to overcome the limitations of centralized DSA spectrum management. / Doctor of Philosophy / Due to the rapid growth in wireless communication demands, the frequency spectrum is becoming increasingly crowded. Traditional spectrum allocation policy gives the unshared access of fixed bands to the licensed users, and there is little unlicensed spectrum left now to allocate to newly emerged communication demands. However, studies on spectrum occupancy show that many licensed users who own the license of certain bands are only active for a small percentage of time, which results in plenty of underutilized spectrum. Hence, a new spectrum sharing paradigm, called dynamic spectrum access (DSA), is proposed to mitigate this problem. DSA enables the spectrum sharing between different classes of users, generally, the unlicensed users in the DSA system can access the licensed spectrum opportunistically without interfering with the licensed users. Based on architecture design, DSA systems can be categorized as centralized and distributed. In centralized systems, a central controller will make decisions on spectrum usage for all unlicensed users. Whereas in distributed systems, unlicensed users can make decisions for themselves independently. To successfully enable DSA, both centralized and distributed DSA systems need to deal with spectrum management issues, such as resource allocation problems and user privacy issues, etc. The resource allocation problems include, for example, the problems to discover and allocate idle bands and the problems to control users' transmit power for successful coexistence. Privacy issues may also arise during the spectrum management process since certain information exchange is inevitable for global decision making. However, due to the Federal Communications Commission's (FCC) regulation, licensed users' privacy such as their location information must be protected in any case. As a result, dynamic and efficient spectrum management techniques are necessary for DSA users.
In this dissertation, we investigate the above-mentioned spectrum management issues in both types of DSA systems, specifically, the spectrum sensing challenges with licensed user location privacy issues in centralized DSA, and the spectrum sharing problems in distributed DSA systems. In doing so, we propose novel schemes for solving each related spectrum management problem and demonstrate their efficacy through the results from extensive evaluations and simulations. We believe that this dissertation provides insightful advice for DSA users to solve different spectrum management issues for enabling DSA implementation, and hence helps in a wider adoption of dynamic spectrum sharing.
|
24 |
Study of Sensing Issues in Dynamic Spectrum AccessYe, Yuxian 14 June 2019 (has links)
Dynamic Spectrum Access (DSA) is now a commonly used spectrum sharing paradigm to mitigate the spectrum shortage problem. DSA technology allows unlicensed secondary users to access the unused frequency bands without interfering with the incumbent users. The key technical challenges in DSA systems lie in spectrum allocation problems and spectrum user's security issues. This thesis mainly focuses on spectrum monitoring technology in spectrum allocation and incumbent users' (IU) privacy issue.
Spectrum monitoring is a powerful tool in DSA to help commercial users to access the unused bands. We proposed a crowdsourcing-based unknown IU pattern monitoring scheme that leverages the power of masses of portable mobile devices to reduce the cost of the spectrum monitoring and demonstrate the ability of our system to capture not only the existing spectrum access patterns but also the unknown patterns where no historical spectrum information exist. Due to the energy limit of the battery-based system, we then leverage solar energy harvesting and develop an energy management scheme to support our spectrum monitoring system. We also provide best privacy-protection strategies for both static and mobile IUs in terms of hiding their true location under the detection of Environmental Sensing Capabilities system. In this thesis, the heuristic approach for our mathematical formulations and simulation results are described in detail. The simulation results show our spectrum monitoring system can obtain a high spectrum monitoring coverage and low energy consumption. Our IU privacy scheme provides great protection for IU's location privacy. / Master of Science / Spectrum relates to the radio frequencies allocated to the federal users and commercial users for communication over the airwaves. It is a sovereign asset that is overseen by the government in each country to manage the radio spectrum and issue spectrum licenses. In addition, spectrum bands are utilized for various purposes because different bands have different characteristics. However, the overly crowded US frequency allocation chart shows the scarcity of usable radio frequencies. The actual spectrum usage measurements reflect that multiple prized spectrum bands lay idle at most time and location, which indicates that the spectrum shortage is caused by the spectrum management policies rather than the physical scarcity of available frequencies. Dynamic spectrum access (DSA) was proposed as a new paradigm of spectrum sharing that allows commercial users to access the abundant white spaces in the licensed spectrum bands to mitigate the spectrum shortage problem and increase spectrum utilization. In DSA, two of the key technical challenges lie in how to dynamically allocate the spectrum and how to protect spectrum users’ security. This thesis focuses on the development of two types of mechanisms for addressing the above two challenges: (1) developing efficient spectrum monitoring schemes to help secondary users (SU) to accurately and dynamically access the white space in spectrum allocation and (2) developing privacy preservation schemes for incumbent users (IU) to protect their location privacy. Specifically, we proposed an unknown IU pattern monitoring scheme that leverages the power of masses of portable mobile devices to reduce the cost of common spectrum monitoring systems. We demonstrate that our system can track not only the existing IU spectrum access patterns but also the unknown patterns where no historical spectrum information exists. We then leverage the solar energy harvesting and design energy management scheme to support our spectrum monitoring system. Finally, we provide a strategy for both static and mobile IUs to hide their true location under the monitoring of Environmental Sensing Capabilities systems.
|
25 |
Evaluating the Approximate Location Feature in Android : An analysis of the built in Location Privacy Protection of Android 12 / Analys av ungefärlig platsdelning i Android : En analys av de inbyggda integritetsskydden vid platsdelning i Android 12Loxdal, Joakim January 2023 (has links)
Smartphone users share their locations with location based services (navigation apps, dating apps, fitness trackers, etc.). These services can be useful, but introduce privacy concerns. Strategies have been suggested in academic literature to counter these location privacy issues while still maintaining some utility of the location based services. In practice, Google introduced a new location privacy protection mechanism in Android 12. Users are now able to share only their approximate location with any app that request their location. In this thesis, the Approximate Location feature in Android 12 is evaluated and tested in different scenarios (on device and simulated) to decide its potential benefits and drawbacks for a users location privacy. The source code analysis show that the Approximate Location feature uses a grid mapping (’snap-togrid’) technique to make locations less precise and adds a random offset to make it more difficult to reveal when a user crosses a grid border. Over longer time periods, an attacker can exploit the random offset to reveal a more precise location than intended. The random offset will change gradually, meaning a precise location can result in several approximate locations. By averaging the approximate locations that a stationary precise location generates over time, one could potentially create a new more precise location than the approximate ones. Simulations and some real world experiments on an Android 12 device show that this attack could be feasible, but that since the random offset only updates every hour the attack would be very time consuming. The simulations showed that when approximate locations were shared for one precise location 10,000 times (hours in practice), the mean approximate location was on average 478 meters away from the precise location, compared to 986 meters on average if the approximate location was only shared once. Analysis made on recorded and simulated locations show that even though the approximate locations use a grid with 2 km granularity, many public transport routes can be inferred. The success of unambiguously inferring a public transport trip using a users approximate locations depends on the length of the trip (the longer the easier) and on how many other public transport trips share the route or sub route of the trip (the more trips that share the route, the harder it is to infer the correct one). By combining historical approximate location data and public transport data, results indicate that 80.52% of the bus routes in the Region of Skåne in Sweden could be inferred if a user travels the full route. / Smartphoneanvändare delar sin platsdata med mobilapplikationer, s.k. ’location based services’ (LBS). Exempel på sådana applikationer är navigationsappar, dejtingappar och träningsappar. Dessa applikationer kan vara värdefulla för användaren, men leder även till ökade integritetsproblem. Teoretiska och praktiska metoder har föreslagits för att begränsa dessa problem utan att applikationernas funktionalitet drabbas i för hög grad. I praktiken så introducerades ett antal nya integritetsskyddande funktioner i Android 12 för att ge användaren mer kontroll över sin platsintegritet (location privacy). Nu kan användare välja att dela enbart sina ungefärliga platser till appar som efterfrågar deras platsdata. Denna funktion kallas ”Approximate Location” (ungefärlig plats). I denna masteruppsats undersöks denna funktion ur ett integritetsperspektiv, och testas i olika scenarion (både verkliga och simulerade). Detta görs för att avgöra funktionens fördelar och begränsningar när det kommer till användares platsintegritet. Källkodsanalysen visar att den den ungefärliga platsen genereras genom en ’snap-to-grid’ eller ’grid masking’-teknik som gör platsen som delas mindre exakt. Kortfattat kan det beskrivas som att världen delas upp i ett rutnät med horisontella och vertikala linjer där användarens plats avrundas till den närmaste brytpunkt mellan två linjer. Dessutom flyttas platsen slumpmässigt mellan varje delning vilket gör det svårare för en angripare att avgöra när användaren rör sig mellan olika rutor i rutnätet. Simulationer och experiment på Android-enheter visar att ju längre en smartphone delar sin ungefärliga plats, desto mer avslöjas om den exakta. När ungefärliga platser som korresponderade mot en stillastående exakt plats delades 10 000 gånger och avrundades så var den avrundade platsen i genomsnitt 478 meter ifrån den exakta platsen. Detta kan jämföras med 986 meter i genomsnitt om den ungefärliga platsen bara delades en gång. Analys som utfördes med simulerad platsdata visar att även om positionerna genereras på ett rutnät med 2 kilometers avstånd mellan linjerna så kan resor med kollektivtrafik exponeras, trots att enbart ungefärliga platser delas. Hur enkelt det är att exponera rutten beror på hur lång resan är (ju längre desto enklare), och hur många andra rutter som liknar resan (ju fler, desto svårare). Baserat på simulerade ungefärliga platser längs kollektivtrafikrutter kombinerat med kollektivtrafikdata, indikerar resultaten att 80.53% av alla bussrutter i region Skåne kan exponeras om en person delar sin ungefärliga plats längs hela rutten.
|
26 |
Practical Private Information RetrievalOlumofin, Femi George January 2011 (has links)
In recent years, the subject of online privacy has been attracting much interest, especially as more Internet users than ever are beginning to care about the privacy of their online activities. Privacy concerns are even prompting legislators in some countries to demand from service providers a more privacy-friendly Internet experience for their citizens. These are welcomed developments and in stark contrast to the practice of Internet censorship and surveillance that legislators in some nations have been known to promote. The development of Internet systems that are able to protect user privacy requires private information retrieval (PIR) schemes that are practical, because no other efficient techniques exist for preserving the confidentiality of the retrieval requests and responses of a user from an Internet system holding unencrypted data. This thesis studies how PIR schemes can be made more relevant and practical for the development of systems that are protective of users' privacy.
Private information retrieval schemes are cryptographic constructions for retrieving data from a database, without the database (or database administrator) being able to learn any information about the content of the query. PIR can be applied to preserve the confidentiality of queries to online data sources in many domains, such as online patents, real-time stock quotes, Internet domain names, location-based services, online behavioural profiling and advertising, search engines, and so on.
In this thesis, we study private information retrieval and obtain results that seek to make PIR more relevant in practice than all previous treatments of the subject in the literature, which have been mostly theoretical. We also show that PIR is the most computationally efficient known technique for providing access privacy under realistic computation powers and network bandwidths. Our result covers all currently known varieties of PIR schemes. We provide a more detailed summary of our contributions below:
Our first result addresses an existing question regarding the computational practicality of private information retrieval schemes. We show that, unlike previously argued, recent lattice-based computational PIR schemes and multi-server information-theoretic PIR schemes are much more computationally efficient than a trivial transfer of the entire PIR database from the server to the client (i.e., trivial download). Our result shows the end-to-end response times of these schemes are one to three orders of magnitude (10--1000 times) smaller than the trivial download of the database for realistic computation powers and network bandwidths. This result extends and clarifies the well-known result of Sion and Carbunar on the computational practicality of PIR.
Our second result is a novel approach for preserving the privacy of sensitive constants in an SQL query, which improves substantially upon the earlier work. Specifically, we provide an expressive data access model of SQL atop of the existing rudimentary index- and keyword-based data access models of PIR. The expressive SQL-based model developed results in between 7 and 480 times improvement in query throughput than previous work.
We then provide a PIR-based approach for preserving access privacy over large databases. Unlike previously published access privacy approaches, we explore new ideas about privacy-preserving constraint-based query transformations, offline data classification, and privacy-preserving queries to index structures much smaller than the databases. This work addresses an important open problem about how real systems can systematically apply existing PIR schemes for querying large databases.
In terms of applications, we apply PIR to solve user privacy problem in the domains of patent database query and location-based services, user and database privacy problems in the domain of the online sales of digital goods, and a scalability problem for the Tor anonymous communication network.
We develop practical tools for most of our techniques, which can be useful for adding PIR support to existing and new Internet system designs.
|
27 |
Practical Private Information RetrievalOlumofin, Femi George January 2011 (has links)
In recent years, the subject of online privacy has been attracting much interest, especially as more Internet users than ever are beginning to care about the privacy of their online activities. Privacy concerns are even prompting legislators in some countries to demand from service providers a more privacy-friendly Internet experience for their citizens. These are welcomed developments and in stark contrast to the practice of Internet censorship and surveillance that legislators in some nations have been known to promote. The development of Internet systems that are able to protect user privacy requires private information retrieval (PIR) schemes that are practical, because no other efficient techniques exist for preserving the confidentiality of the retrieval requests and responses of a user from an Internet system holding unencrypted data. This thesis studies how PIR schemes can be made more relevant and practical for the development of systems that are protective of users' privacy.
Private information retrieval schemes are cryptographic constructions for retrieving data from a database, without the database (or database administrator) being able to learn any information about the content of the query. PIR can be applied to preserve the confidentiality of queries to online data sources in many domains, such as online patents, real-time stock quotes, Internet domain names, location-based services, online behavioural profiling and advertising, search engines, and so on.
In this thesis, we study private information retrieval and obtain results that seek to make PIR more relevant in practice than all previous treatments of the subject in the literature, which have been mostly theoretical. We also show that PIR is the most computationally efficient known technique for providing access privacy under realistic computation powers and network bandwidths. Our result covers all currently known varieties of PIR schemes. We provide a more detailed summary of our contributions below:
Our first result addresses an existing question regarding the computational practicality of private information retrieval schemes. We show that, unlike previously argued, recent lattice-based computational PIR schemes and multi-server information-theoretic PIR schemes are much more computationally efficient than a trivial transfer of the entire PIR database from the server to the client (i.e., trivial download). Our result shows the end-to-end response times of these schemes are one to three orders of magnitude (10--1000 times) smaller than the trivial download of the database for realistic computation powers and network bandwidths. This result extends and clarifies the well-known result of Sion and Carbunar on the computational practicality of PIR.
Our second result is a novel approach for preserving the privacy of sensitive constants in an SQL query, which improves substantially upon the earlier work. Specifically, we provide an expressive data access model of SQL atop of the existing rudimentary index- and keyword-based data access models of PIR. The expressive SQL-based model developed results in between 7 and 480 times improvement in query throughput than previous work.
We then provide a PIR-based approach for preserving access privacy over large databases. Unlike previously published access privacy approaches, we explore new ideas about privacy-preserving constraint-based query transformations, offline data classification, and privacy-preserving queries to index structures much smaller than the databases. This work addresses an important open problem about how real systems can systematically apply existing PIR schemes for querying large databases.
In terms of applications, we apply PIR to solve user privacy problem in the domains of patent database query and location-based services, user and database privacy problems in the domain of the online sales of digital goods, and a scalability problem for the Tor anonymous communication network.
We develop practical tools for most of our techniques, which can be useful for adding PIR support to existing and new Internet system designs.
|
28 |
Providing Location Privacy to Base Station in Wireless Sensor NetworksGottumukkala, Venkata Praneeth Varma January 2012 (has links)
No description available.
|
29 |
Spatial Replay Protection for Proximity Services : Security and privacy aspectsLindblom, Fredrik January 2016 (has links)
Proximity Services is a new feature in the 3rd Generation Partnership Project (3GPP) standard for mobile communication. This features gives the opportunity to provide services locally if the targets are sufficiently close. However, in the current version of the proposed specification, there is no protection against a malicious user tunneling messages to a remote location to give the impression of proximity. This thesis proposes solutions to protect against such a spatial replay attack and evaluates these solutions based on how the user’s integrity is preserved, their complexity, and the added overhead. It is not obvious today what the consequences of a spatial replay attack are and how serious such an attack could be. However, once the feature is deployed and people start using it, it could prove to be a major vulnerability. The methods presented in this thesis could be used to prevent spatial replay in 3GPP or similar standards proximity services. The chosen method is a geographical packet leash based on a poly-cylindrical grid for which only a certain amount of Least Significant Bits of the grid cell identifier is included in the initial Discovery Message and the rest could be used in the calculation of the Message Authentication Code. / Proximity Services är en ny funktion inom 3rd Generation Partnership Project (3GPP) standard för mobil kommunikation. Den möjliggör att erbjuda tjänster lokalt om de tänkta användarna är tillräckligt nära. I den nuvarande versionen av specifikationen så finns det dock inget som hindrar en tredje part med onda avsikter från att tunnla meddelanden från den ursprungliga platsen till en annan som inte är i närheten för att ge intrycket till mottagaren att sändaren finns nära. Det här examensarbetet föreslår lösningar för att begränsa nämnda attack och utvärderar dem efter hur de påverkar användarnas platssekretess, lösningens komplexitet och den overhead de innebär. Det är idag inte uppenbart på vilket sätt den nämnda attacken skulle kunna påverka användarna och hur allvarliga konsekvenserna kan bli, men när standarden är implementerad och eventuella användare tillkommer så skulle det kunna visa sig innebära en stor risk. Lösningarna som presenteras i det här examensarbetet skulle kunna användas för att begränsa den här typen av attacker inom 3GPPs standard eller liknande baserade på närhet. Den metoden som har valts är ett ’geographical packet leash’ baserat på ett polycylindriskt rutnät för vilket endast en bestämd mängd minst signifikanta bitar är inkluderade i ett inledande Discovery Message medans resten kan användas i beräkningen av Message Authentication Code.
|
30 |
control theory for computing systems : application to big-data cloud services & location privacy protection / Contrôle des systèmes informatiques : application aux services clouds et à la protection de vie privéeCerf, Sophie 16 May 2019 (has links)
Cette thèse présente une application de la théorie du contrôle pour les systèmes informatiques. Un algorithme de contrôle peut gérer des systèmes plus grands et plus complexes, même lorsqu'ils sont particulièrement sensibles aux variations de leur environnement. Cependant, l'application du contrôle aux systèmes informatiques soulève plusieurs défis, par exemple dû au fait qu'aucune physique ne les régisse. D'une part, le cadre mathématique fourni par la théorie du contrôle peut être utilisé pour améliorer l'automatisation, la robustesse et la fiabilité des systèmes informatiques. D'autre part, les défis spécifiques de ces cas d'étude permettent d'élargir la théorie du contrôle elle-même. L'approche adoptée dans ce travail consiste à utiliser deux systèmes informatiques d'application: la protection de vie privée liée à la mobilité et les performances des services clouds. Ces deux cas d'utilisation sont complémentaires par la nature de leurs technologies, par leur échelle et par leurs utilisateurs finaux.La popularité des appareils mobiles a favorisé la diffusion et la collecte des données de localisation, que ce soit pour que l'utilisateur bénéficie d'un service personnalisé (e.g. une planification d'itinéraire) ou pour que le prestataire de services tire des informations utiles des bases de données de mobilité (e.g. la popularité de lieux). En effet, de nombreuses informations peuvent être extraites de données de localisation, y compris des données personnelles très sensibles. Pour remédier à cette atteinte à la vie privée, des mécanismes de protection spécifiques aux données de mobilité (LPPM) ont été élaborés. Ce sont des algorithmes qui modifient les données de localisation de l'utilisateur, dans le but de cacher des informations sensibles. Cependant, ces outils ne sont pas facilement configurables par des non experts et sont des processus statiques qui ne s'adaptent pas à la mobilité de l'utilisateur. Dans cette thèse, nous développons deux outils, l'un pour les bases de données déjà collectées et l'autre pour l'utilisation en ligne, qui garantissent aux utilisateurs des niveaux de protection de la vie privée et de préservation de la qualité des services en configurant les LPPMs. Nous présentons la première formulation du problème en termes de théorie du contrôle (système et contrôleur, signaux d’entrée et de sortie), et un contrôleur PI pour servir de démonstration d’applicabilité. Dans les deux cas, la conception, la mise en œuvre et la validation ont été effectuées par le biais d'expériences utilisant des données d'utilisateurs réels recueillies sur le terrain.L'essor récent des bigdata a conduit au développement de programmes capables de les analyser, tel que MapReduce. Les progrès des pratiques informatiques ont également permis d'établir le modèle du cloud (où il est possible de louer des ressources de bas niveau pour permettre le développement d'applications de niveau supérieur sans se préoccuper d'investissement ou de maintenance) comme une solution incontournable pour tous types d'utilisateurs. Garantir les performances des tâches MapReduce exécutées sur les clouds est donc une préoccupation majeure pour les grandes entreprises informatiques et leurs clients. Dans ce travail, nous développons des techniques avancées de contrôle du temps d'exécution des tâches et de la disponibilité de la plate-forme en ajustant la taille du cluster de ressources et en réalisant un contrôle d'admission, fonctionnant quelle que soit la charge des clients. Afin de traiter les non linéarités de MapReduce, un contrôleur adaptatif a été conçu. Pour réduire l'utilisation du cluster (qui entraîne des coûts financiers et énergétiques considérables), nous présentons une nouvelle formulation du mécanisme de déclenchement du contrôle événementiel, combiné à un contrôleur prédictif optimal. L'évaluation est effectuée sur un benchmark s'exécutant en temps réel sur un cluster, et en utilisant des charges de travail industrielles. / This thesis presents an application of Control Theory for Computing Systems. It aims at investigating techniques to build and control efficient, dependable and privacy-preserving computing systems. Ad-hoc service configuration require a high level of expertise which could benefit from automation in many ways. A control algorithm can handle bigger and more complex systems, even when they are extremely sensitive to variations in their environment. However, applying control to computing systems raises several challenges, e.g. no physics governs the applications. On one hand, the mathematical framework provided by control theory can be used to improve automation and robustness of computing systems. Moreover, the control theory provides by definition mathematical guarantees that its objectives will be fulfilled. On the other hand, the specific challenges of such use cases enable to expand the control theory itself. The approach taken in this work is to use two application computing systems: location privacy and cloud control. Those two use-cases are complementary in the nature of their technologies and softwares, their scale and in their end-users.The widespread of mobile devices has fostered the broadcasting and collection of users’ location data. It could be for the user to benefit from a personalized service (e.g. weather forecast or route planning) or for the service provider or any other third party to derive useful information from the mobility databases (e.g. road usage frequency or popularity of places). Indeed, many information can be retrieved from location data, including highly sensitive personal data. To overcome this privacy breach, Location Privacy Protection Mechanisms (LPPMs) have been developed. They are algorithm that modify the user’s mobility data, hopefully to hide some sensitive information. However, those tools are not easily configurable by non experts and are static processes that do not adapt to the user’s mobility. We develop two tools, one for already collected databases and one for online usage, that, by tuning the LPPMs, guarantee to the users objective-driven levels of privacy protection and of service utility preservation. First, we present an automated tool able to choose and configure LPPMs to protect already collected databases while ensuring a trade-off between privacy protection and database processing quality. Second, we present the first formulation of the location privacy challenge in control theory terms (plant and control, disturbance and performance signals), and a feedback controller to serve as a proof of concept. In both cases, design, implementation and validation has been done through experiments using data of real users collected on the field.The surge in data generation of the last decades, the so-called bigdata, has lead to the development of frameworks able to analyze them, such as the well known MapReduce. Advances in computing practices has also settled the cloud paradigms (where low-level resources can be rented to allow the development of higher level application without dealing with consideration such as investment in hardware or maintenance) as premium solution for all kind of users. Ensuring the performances of MapReduce jobs running on clouds is thus a major concern for the big IT companies and their clients. In this work, we develop advanced monitoring techniques of the jobs execution time and the platform availability by tuning the resource cluster size and realizing admission control, in spite of the unpredictable client workload. In order to deal with the non linearities of the MapReduce system, a robust adaptive feedback controller has been designed. To reduce the cluster utilization (leading to massive financial and energetic costs), we present a new event-based triggering mechanism formulation combined with an optimal predictive controller. Evaluation is done on a MapReduce benchmark suite running on a large-scale cluster, and using real jobs workloads.
|
Page generated in 0.1014 seconds