Protecting Location-Data Against Inference Attacks Using Pre-Defined Personas

Chini Foroushan, Amir Hossein

January 2011

Usage of locational data is getting more popular day by day. Location-aware application, context aware application and Ubiquities applications are some of the major categories of applications which are based on locational data. One of the most concerning issues regarding such applications is how to protect user’s privacy against malicious attackers. Failing in this task would result in a total failure for the project, considering how privacy concerns are getting more and more important for the end users. In this project, we will propose a theoretical solution for protecting user privacy in location-based application against inference attacks. Our solution is based on categorizing target users into pre-defined groups (a. k. a. Personas) and utilizing their common characteristics in order to synthesize access control rules for the collected data.

Location-based application

User Privacy

Inference Attacks

Access Control

Engineering and Technology

Teknik och teknologier

Side-Channel Attacks on Encrypted 5G/4G Voice Calls

Shaan Shekhar (18463575)

01 May 2024

<p dir="ltr">5G/4G voice calls are encrypted for the purpose of confidentiality, secrecy and privacy. Although protected by well-examined security measures we unveil several vulnerabilities previously unreported in the 5G/4G voice calls that unintentionally leak 5G/4G call state information despite encryption protection and device proof of concept attacks in this thesis. Unlike existing attacks, these new attacks are significantly more threatening because they are completely contactless without requiring any malware, access or compromise on the victim's phones, the 5G/4G network and the other call party. Instead, the attacker only needs to deploy a radio sniffer to eavesdrop on 5G/4G communication and infer confidential call information.</p><p dir="ltr">Interestingly, such confidentiality breaches are technically feasible due to recent 5G/4G call enhancement technologies standardized in the 3GPP specifications and adopted by mobile network operators. While effective in enhancing 5G/4G call quality and efficiency, they, unfortunately, expose extra call information, which can be exploited to infer call states and launch side-channel attacks precisely. Another major contributor to this attack is the IVR technology, which uses a computer-operated telephone system to help companies answer customer calls. In this thesis, we focus on snooping Pay-over-the-Phone transactions done over IVR calls and optionally inferring the company involved in the transaction. The attacks exploit technologies designed to enhance the call quality and efficiency and develop several attack modules to (1) detect voice calls over encrypted 5G/4G traffic, (2) infer the use of IVR over limited call information leaked in the air, and (3) spy on sensitive payment transactions in real-time. We have implemented this proof-of-concept attack using an SDR-based sniffer only. We have validated its effectiveness and assessed damages in various experiments with 5G operators in the US. Lastly, we have discussed the lessons learned from the attacks and the future work that can be done to improve the efficiency of the attacks and make them more threatening.</p>

System and network security

Voice Call Security

Phone Call Security

Side Channel Attacks

Inference Attacks

Evaluating the Approximate Location Feature in Android : An analysis of the built in Location Privacy Protection of Android 12 / Analys av ungefärlig platsdelning i Android : En analys av de inbyggda integritetsskydden vid platsdelning i Android 12

Loxdal, Joakim

January 2023

Smartphone users share their locations with location based services (navigation apps, dating apps, fitness trackers, etc.). These services can be useful, but introduce privacy concerns. Strategies have been suggested in academic literature to counter these location privacy issues while still maintaining some utility of the location based services. In practice, Google introduced a new location privacy protection mechanism in Android 12. Users are now able to share only their approximate location with any app that request their location. In this thesis, the Approximate Location feature in Android 12 is evaluated and tested in different scenarios (on device and simulated) to decide its potential benefits and drawbacks for a users location privacy. The source code analysis show that the Approximate Location feature uses a grid mapping (’snap-togrid’) technique to make locations less precise and adds a random offset to make it more difficult to reveal when a user crosses a grid border. Over longer time periods, an attacker can exploit the random offset to reveal a more precise location than intended. The random offset will change gradually, meaning a precise location can result in several approximate locations. By averaging the approximate locations that a stationary precise location generates over time, one could potentially create a new more precise location than the approximate ones. Simulations and some real world experiments on an Android 12 device show that this attack could be feasible, but that since the random offset only updates every hour the attack would be very time consuming. The simulations showed that when approximate locations were shared for one precise location 10,000 times (hours in practice), the mean approximate location was on average 478 meters away from the precise location, compared to 986 meters on average if the approximate location was only shared once. Analysis made on recorded and simulated locations show that even though the approximate locations use a grid with 2 km granularity, many public transport routes can be inferred. The success of unambiguously inferring a public transport trip using a users approximate locations depends on the length of the trip (the longer the easier) and on how many other public transport trips share the route or sub route of the trip (the more trips that share the route, the harder it is to infer the correct one). By combining historical approximate location data and public transport data, results indicate that 80.52% of the bus routes in the Region of Skåne in Sweden could be inferred if a user travels the full route. / Smartphoneanvändare delar sin platsdata med mobilapplikationer, s.k. ’location based services’ (LBS). Exempel på sådana applikationer är navigationsappar, dejtingappar och träningsappar. Dessa applikationer kan vara värdefulla för användaren, men leder även till ökade integritetsproblem. Teoretiska och praktiska metoder har föreslagits för att begränsa dessa problem utan att applikationernas funktionalitet drabbas i för hög grad. I praktiken så introducerades ett antal nya integritetsskyddande funktioner i Android 12 för att ge användaren mer kontroll över sin platsintegritet (location privacy). Nu kan användare välja att dela enbart sina ungefärliga platser till appar som efterfrågar deras platsdata. Denna funktion kallas ”Approximate Location” (ungefärlig plats). I denna masteruppsats undersöks denna funktion ur ett integritetsperspektiv, och testas i olika scenarion (både verkliga och simulerade). Detta görs för att avgöra funktionens fördelar och begränsningar när det kommer till användares platsintegritet. Källkodsanalysen visar att den den ungefärliga platsen genereras genom en ’snap-to-grid’ eller ’grid masking’-teknik som gör platsen som delas mindre exakt. Kortfattat kan det beskrivas som att världen delas upp i ett rutnät med horisontella och vertikala linjer där användarens plats avrundas till den närmaste brytpunkt mellan två linjer. Dessutom flyttas platsen slumpmässigt mellan varje delning vilket gör det svårare för en angripare att avgöra när användaren rör sig mellan olika rutor i rutnätet. Simulationer och experiment på Android-enheter visar att ju längre en smartphone delar sin ungefärliga plats, desto mer avslöjas om den exakta. När ungefärliga platser som korresponderade mot en stillastående exakt plats delades 10 000 gånger och avrundades så var den avrundade platsen i genomsnitt 478 meter ifrån den exakta platsen. Detta kan jämföras med 986 meter i genomsnitt om den ungefärliga platsen bara delades en gång. Analys som utfördes med simulerad platsdata visar att även om positionerna genereras på ett rutnät med 2 kilometers avstånd mellan linjerna så kan resor med kollektivtrafik exponeras, trots att enbart ungefärliga platser delas. Hur enkelt det är att exponera rutten beror på hur lång resan är (ju längre desto enklare), och hur många andra rutter som liknar resan (ju fler, desto svårare). Baserat på simulerade ungefärliga platser längs kollektivtrafikrutter kombinerat med kollektivtrafikdata, indikerar resultaten att 80.53% av alla bussrutter i region Skåne kan exponeras om en person delar sin ungefärliga plats längs hela rutten.

Location sharing

Location Privacy

Android

Smartphone

Privacy

GTFS

Location obfuscation

LPPMs

Location privacy attacks

Anonymity

Location Inference Attacks

Platsdelning

Android

Smarta telefoner

Dataintegritet

Smartphone

Obfuskering

Anonymitet

Computer Sciences

Datavetenskap (datalogi)