More Web Proxy on the site http://driver.im/

research-article

Protecting location privacy from untrusted wireless service providers

Authors:

Mariya ZhelevaAuthors Info & Claims

WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 266 - 277

https://doi.org/10.1145/3395351.3399369

Published: 21 July 2020 Publication History

Abstract

Access to mobile wireless networks has become critical for day-to-day life. However, it also inherently requires that a user's geographic location is continuously tracked by the service provider. It is challenging to maintain location privacy, especially from the provider itself. To do so, a user can switch through a series of identifiers, and even go offline between each one, though it sacrifices utility. This strategy can make it difficult for an adversary to perform location profiling and trajectory linking attacks that match observed behavior to a known user.

In this paper, we model and quantify the trade-off between utility and location privacy. We quantify the privacy available to a community of users that are provided wireless service by an untrusted provider. We first formalize two important user traits that derive from their geographic behavior: predictability and mixing, which underpin the attainable privacy and utility against both profiling and trajectory linking attacks. Second, we study the prevalence of these traits in two real-world datasets with user mobility. Finally, we simulate and evaluate the efficacy of a model protocol, which we call Zipphone, in a real-world community of hundreds of users protecting themselves from their ISP. We demonstrate that users can improve their privacy by up to 45% by abstaining minimally (e.g., by sacrificing at most 5% of their uptime). We discuss how a privacy-preserving protocol similar to our model can be deployed in a modern cellular network.

References

[1]

2018. eSIM Whitepaper: The what and how of Remote SIM Provisioning. https://www.gsma.com/esim/wp-content/uploads/2018/12/esim-whitepaper.pdf.

[2]

2019. Find wireless carriers that offer eSIM service. https://support.apple.com/en-us/HT209096.

[3]

2020. Boost Mobile Prepaid Plans. https://www.boostmobile.com/plans.

[4]

2020. eSIM settings: Apple iPhone on iOS 12. https://support.t-mobile.com/docs/DOC-39253.

[5]

2020. eUICC Technical Releases. https://simalliance.org/euicc/euicc-technical-releases/.

[6]

2020. Silent Circle blackphone. http://silentcircle.com.

[7]

2020. T-Mobile SimplyPrepaid Plans. https://prepaid.t-mobile.com/prepaid-plans.

[8]

2020. Torfone. http://torfone.org.

[9]

Miguel E Andrés, Nicolás E Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2013. Geo-indistinguishability: Differential privacy for location-based systems. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 901--914.

Digital Library

[10]

Brooke Auxier, Lee Rainie, Monica Anderson, Andrew Perrin, Madhu Kumar, and Erica Turner. 2019. Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/

[11]

Alastair R. Beresford and Frank Stajano. 2003. Location Privacy in Pervasive Computing. IEEE Pervasive Computing 2, 1 (Jan. 2003), 46--55.

Digital Library

[12]

Alastair R. Beresford and Frank Stajano. 2004. Mix zones: user privacy in location-aware services. In Proc. Pervasive Computing and Communications Wrkshps. 127--131.

[13]

Lorenzo Bracciale, Marco Bonola, Pierpaolo Loreti, Giuseppe Bianchi, Raul Amici, and Antonello Rabuffi. 2014. CRAWDAD dataset roma/taxi (v. 2014-07-17). Downloaded from https://crawdad.org/roma/taxi/20140717.

[14]

Case No. 19-cv-4063. 2019. Scott, Jewel, And Pontis, et al. v. AT&T Inc.; AT&T Services, Inc.; AT&T Mobility, LLC; Technocom Corp.; and Zumigo, Inc. https://www.courthousenews.com/wp-content/uploads/2019/07/ATTlocationservices-COMPLAINT.pdf.

[15]

Eric Chan-Tin. 2015. AnonCall: Making Anonymous Cellular Phone Calls. In 2015 10th International Conference on Availability, Reliability and Security. IEEE, 626--631.

[16]

Mark D. Corner, Brian Neil Levine, Omar Ismail, and Angela Upreti. 2017. Advertising-based Measurement: A Platform of 7 Billion Mobile Devices. In ACM International Conference on Mobile Computing and Networking (MobiCom).

Digital Library

[17]

Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. 2014. IMSI-Catch Me If You Can: IMSI-Catcher-Catchers. In Proc. ACM ACSAC.

Digital Library

[18]

Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, and Filippo Valsorda. 2018. Privacy Pass: Bypassing Internet Challenges Anonymously. Proceedings on Privacy Enhancing Technologies 3 (2018), 164--180.

[19]

Yves-Alexandre De Montjoye, César A Hidalgo, Michel Verleysen, and Vincent D Blondel. 2013. Unique in the crowd: The privacy bounds of human mobility. Scientific reports 3 (2013), 1376.

[20]

Shouyun Deng, Zhitao Huang, Xiang Wang, and Guangquan Huang. 2017. Radio frequency fingerprint extraction based on multidimension permutation entropy. International Journal of Antennas and Propagation 2017 (2017).

[21]

Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-generation Onion Router. In USENIX Security. https://www.usenix.org/conference/13th-usenix-security-symposium/tor-second-generation-onion-router

[22]

Cynthia Dwork. 2011. Differential privacy. Encyclopedia of Cryptography and Security (2011), 338--340.

[23]

Nathan Eagle and Alex Sandy Pentland. 2006. Reality Mining: Sensing Complex Social Systems. Personal and Ubiquitous Computing 10, 4 (2006), 255--268.

Digital Library

[24]

Ehab ElSalamouny and Sebastien Gambs. 2016. Differential Privacy Models for Location-Based Services. Trans. Data Privacy 9, 1 (April 2016), 15--48.

[25]

Karim Emara, Wolfgang Woerndl, and Johann Schlichter. 2015. CAPS: Context-aware privacy scheme for VANET safety applications. In Proceedings of the 8th ACM conference on security & privacy in wireless and mobile networks. ACM, 21.

Digital Library

[26]

Giulia Fanti, Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Bradley Denby, Shruti Bhargava, Andrew Miller, and Pramod Viswanath. 2018. Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees. Proc. ACM Meas. Anal. Comput. Syst. 2, 2 (June 2018), 29:1--29:35.

Digital Library

[27]

Mitra Fatemi, Somayeh Salimi, and Ahmad Salahi. 2010. Anonymous roaming in universal mobile telecommunication system mobile networks. IET Information Security Journal 4, 2 (2010), 93--103.

[28]

Hannes Federrath, Anja Jerichow, Dogan Kesdogan, and Andreas Pfitzmann. 1995. Security in Public Mobile Communication Networks. In Proc. IFIP/TC6 Personal Wireless Communications. 105--116.

[29]

Hannes Federrath, Anja Jerichow, and Andreas Pfitzmann. 1996. MIXes in Mobile Communication Systems: Location Management with Privacy. In Proc. Intl. Wrkshp on Information Hiding. 121--135.

[30]

Julien Freudiger, Reza Shokri, and Jean-Pierre Hubaux. 2009. On the Optimal Placement of Mix Zones. In Proc. PETS. 216--234.

Digital Library

[31]

Philippe Golle and Kurt Partridge. 2009. On the Anonymity of Home/Work Location Pairs. In Proc. Intl. Conf. on Pervasive Computing. 390--397.

Digital Library

[32]

Maria Gorlatova, Roberto Aiello, and Stefan Mangold. 2011. Managing base station location privacy. In Proc. MILCOM. 1201--1206.

[33]

Maria Gorlatova, Roberto Aiello, and Stefan Mangold. 2011. Managing location privacy in cellular networks with femtocell deployments. In Proc. WiOpt Symposium. 418--422.

[34]

Marco Gramaglia, Marco Fiore, Alberto Tarable, and Albert Banchs. 2017. Preserving mobile subscriber privacy in open datasets of spatiotemporal trajectories. In IEEE INFOCOM 2017--IEEE Conference on Computer Communications. IEEE, 1--9.

[35]

Nan Guo, Linya Ma, and Tianhan Gao. 2018. Independent mix zone for location privacy in vehicular networks. IEEE Access 6 (2018), 16842--16850.

[36]

Byeongdo Hong, Sangwook Bae, and Yongdae Kim. 2018. GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier. In Proc. ISOC Network and Distributed Systems Security (NDSS) Symposium.

[37]

Daira Hopwood, Sean Bowe, Taylor Hornby, and Nathan Wilcox. 2019. Zcash Protocol Specification Version. https://github.com/zcash/zips/raw/master/protocol/protocol.pdf.

[38]

Haosheng Huang, Georg Gartner, Jukka M Krisp, Martin Raubal, and Nico Van de Weghe. 2018. Location based services: ongoing evolution and research agenda. Journal of Location Based Services 12, 2 (2018), 63--93.

[39]

Syed Rafiul Hussain, Mitziu Echeverria, Ankush Singla, Omar Chowdhury, and Elisa Bertino. 2019. Insecure connection bootstrapping in cellular networks: the root of all evil. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 1--11.

Digital Library

[40]

Sibren Isaacman, Richard Becker, Ramón Cáceres, Stephen Kobourov, Margaret Martonosi, James Rowland, and Alexander Varshavsky. 2011. Identifying Important Places in People's Lives from Cellular Network Data. In Proc. Intl. Conf. on Pervasive Computing. 133--151.

[41]

Yixin Jiang, Chuang Lin, Xuemin Shen, and Minghui Shi. 2006. Mutual Authentication and Key Exchange Protocols for Roaming Services in Wireless Mobile Networks. IEEE Trans. on Wireless Communications 5, 9 (2006), 2569--2577.

[42]

Dogan Kesdogan, Hannes Federrath, Anja Jerichow, and Andreas Pfitzmann. 1996. Location Management Strategies Increasing Privacy in Mobile Communication. In Information Systems Security. 39--48.

[43]

Mohsin Khan, Philip Ginzboorg, Kimmo Järvinen, and Valtteri Niemi. 2018. Defeating the downgrade attack on identity privacy in 5G. In International Conference on Research in Security Standardisation. Springer, 95--119.

[44]

Hidetoshi Kido, Yutaka Yanagisawa, and Tetsuji Satoh. 2005. An anonymous communication technique using dummies for location-based services. In Proc. Intl. Conf. on Pervasive Services. 88--97.

[45]

John Krumm. 2007. Inference Attacks on Location Tracks. In Proc. Intl. Conf. on Pervasive Computing. 127--143.

[46]

Denis Foo Kune, John Koelndorfer, Nicholas Hopper, and Yongdae Kim. 2012. Location leaks on the GSM Air Interface. In Proc. ISOC Network and Distributed Systems Security (NDSS) Symposium.

[47]

Marc Liberatore, Bikas Gurung, Brian Neil Levine, and Matthew Wright. 2011. Empirical Tests of Anonymous Voice Over IP. Elsevier Journal of Network and Computer Applications 34, 1 (January 2011), 341--350.

[48]

Rongxing Lu, Xiaodong Lin, Tom H Luan, Xiaohui Liang, and Xuemin Shen. 2011. Pseudonym changing at social spots: An effective strategy for location privacy in vanets. IEEE transactions on vehicular technology 61, 1 (2011), 86--96.

[49]

Chris Y.T. Ma, David K.Y. Yau, Nung Kwan Yip, and Nageswara S.V. Rao. 2010. Privacy Vulnerability of Published Anonymous Mobility Traces. In Proc. MobiCom. 185--196.

[50]

Darakhshan J Mir, Sibren Isaacman, Ramón Cáceres, Margaret Martonosi, and Rebecca N Wright. 2013. Dp-where: Differentially private modeling of human mobility. In 2013 IEEE International Conference on Big Data. 580--588.

[51]

Yoni De Mulder, George Danezis, Lejla Batina, and Bart Preneel. 2008. Identification via Location-profiling in GSM Networks. In Proc. ACM Wrkshp on Privacy in the Electronic Society. 23--32.

Digital Library

[52]

Anandatirtha Nandugudi, Anudipa Maiti, Taeyeon Ki, Fatih Bulut, Murat Demirbas, Tevfik Kosar, Chunming Qiao, Steven Y Ko, and Geoffrey Challen. 2013. Phonelab: A large programmable smartphone testbed. In Proceedings of First International Workshop on Sensing and Big Data Mining. ACM, 1--6.

Digital Library

[53]

Ben Niu, Qinghua Li, Xiaoyan Zhu, Guohong Cao, and Hui Li. 2015. Enhancing privacy through caching in location-based services. In 2015 IEEE conference on computer communications (INFOCOM). IEEE, 1017--1025.

[54]

Jaegwan Park, Jaeseung Go, and Kwangjo Kim. 2001. Wireless authentication protocol preserving user anonymity. In Proc. International Symposium on Wireless Personal Multimedia Communications. 159--164.

[55]

Feng Qian, Zhaoguang Wang, Alexandre Gerber, Zhuoqing Morley Mao, Subhabrata Sen, and Oliver Spatscheck. 2010. Characterizing radio resource allocation for 3G networks. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. 137--150.

Digital Library

[56]

Michael G. Reed, Paul F. Syverson, and David M. Goldschlag. 1998. Protocols using anonymous connections: Mobile applications. In Security Protocols. LNCS, Vol. 1361. 13--23.

[57]

Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized Anonymous Payments from Bitcoin. In 2014 IEEE Symposium on Security and Privacy. 459--474.

Digital Library

[58]

Reza Shokri, George Theodorakopoulos, George Danezis, Jean-Pierre Hubaux, and Jean-Yves Boudec. 2011. Quantifying Location Privacy: The Case of Sporadic Location Exposure. In Proc. PETS. 57--76.

[59]

Keen Sung, Brian Neil Levine, and Marc Liberatore. 2014. Location Privacy without Carrier Cooperation. In Proc. IEEE Workshop on Mobile System Technologies (MoST). http://forensics.umass.edu/pubs/Sung-MoST-2014.pdf.

[60]

Zhen Tu, Fengli Xu, Yong Li, Pengyu Zhang, and Depeng Jin. 2018. A New Privacy Breach: User Trajectory Recovery From Aggregated Mobility Data. IEEE/ACM Transactions on Networking 26, 3 (2018), 1446--1459.

Digital Library

[61]

Daniel T Wagner, Andrew Rice, and Alastair R Beresford. 2013. Device analyzer: Understanding smartphone usage. In International Conference on Mobile and Ubiquitous Systems: Computing, Networking, and Services. Springer, 195--208.

[62]

Jinbao Wang, Zhipeng Cai, Yingshu Li, Donghua Yang, Ji Li, and Hong Gao. 2018. Protecting query privacy with differentially private k-anonymity in location-based services. Personal and Ubiquitous Computing 22, 3 (2018), 453--469.

Digital Library

[63]

Shengling Wang, Qin Hu, Yunchuan Sun, and Jianhui Huang. 2018. Privacy preservation in location-based services. IEEE Communications Magazine 56, 3 (2018), 134--140.

Digital Library

[64]

Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields. 2004. The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC) 4, 7 (November 2004), 489--522.

[65]

Yonghui Xiao and Li Xiong. 2015. Protecting locations with differential privacy under temporal correlations. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1298--1309.

Digital Library

[66]

Yonghui Xiao, Li Xiong, Si Zhang, and Yang Cao. 2017. Loclok: Location cloaking with differential privacy via hidden markov model. Proceedings of the VLDB Endowment 10, 12 (2017), 1901--1904.

Digital Library

[67]

Guomin Yang, DuncanS. Wong, and Xiaotie Deng. 2005. Efficient Anonymous Roaming and Its Security Analysis. In Applied Cryptography and Network Security. LNCS, Vol. 3531. 334--349.

Digital Library

[68]

Ling Yin, Qian Wang, Shih-Lung Shaw, Zhixiang Fang, Jinxing Hu, Ye Tao, and Wei Wang. 2015. Re-identification risk versus data utility for aggregated mobility research using mobile phone location data. PloS one 10, 10 (2015), e0140589.

[69]

Hui Zang and Jean Bolot. 2011. Anonymization of Location Data Does Not Work: A Large-scale Measurement Study. In Proc. ACM MobiCom. 145--156.

Digital Library

[70]

Jianming Zhu and Jianfeng Ma. 2004. A new authentication scheme with anonymity for wireless environments. IEEE Trans. on Consumer Electronics 50, 1 (2004), 231--235.

Digital Library

Cited By

Daramas AKumar VBarcellos M(2024)Quantifying Privacy in Cooperative Awareness Services Through Trajectory Reconstruction2024 21st Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST62714.2024.10788069(1-10)Online publication date: 28-Aug-2024
https://doi.org/10.1109/PST62714.2024.10788069
Intoci FSturm JFraunholz DPyrgelis ABarschel C(2023)P3LI5: Practical and confidEntial Lawful Interception on the 5G core2023 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS59707.2023.10288872(1-9)Online publication date: 2-Oct-2023
https://doi.org/10.1109/CNS59707.2023.10288872
Du CYu HXiao YLou WWang CGazda RHou Y(2022)Mobile Tracking in 5G and Beyond Networks: Problems, Challenges, and New Directions2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS)10.1109/MASS56207.2022.00067(426-434)Online publication date: Oct-2022
https://doi.org/10.1109/MASS56207.2022.00067
Show More Cited By

Index Terms

Protecting location privacy from untrusted wireless service providers
1. Security and privacy

Recommendations

Protecting location privacy using location semantics
KDD '11: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining

As the use of mobile devices increases, a location-based service (LBS) becomes increasingly popular because it provides more convenient context-aware services. However, LBS introduces problematic issues for location privacy due to the nature of the ...
Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms

Continued advances in mobile networks and positioning technologies have created a strong market push for location-based applications. Examples include location-aware emergency response, location-based advertisement, and location-based entertainment. An ...
PGLP: Customizable and Rigorous Location Privacy Through Policy Graph
Computer Security – ESORICS 2020
Abstract
Location privacy has been extensively studied in the literature. However, existing location privacy models are either not rigorous or not customizable, which limits the trade-off between privacy and utility in many real-world applications. To ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

July 2020

366 pages

ISBN:9781450380065

DOI:10.1145/3395351

General Chairs:
René Mayrhofer
Johannes Kepler University Linz, Linz, AT
,
Michael Roland
Johannes Kepler University Linz, Linz, AT

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 July 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

WiSec '20

Sponsor:

SIGSAC

WiSec '20: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

July 8 - 10, 2020

Linz, Austria

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
216
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)3

Reflects downloads up to 07 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Daramas AKumar VBarcellos M(2024)Quantifying Privacy in Cooperative Awareness Services Through Trajectory Reconstruction2024 21st Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST62714.2024.10788069(1-10)Online publication date: 28-Aug-2024
https://doi.org/10.1109/PST62714.2024.10788069
Intoci FSturm JFraunholz DPyrgelis ABarschel C(2023)P3LI5: Practical and confidEntial Lawful Interception on the 5G core2023 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS59707.2023.10288872(1-9)Online publication date: 2-Oct-2023
https://doi.org/10.1109/CNS59707.2023.10288872
Du CYu HXiao YLou WWang CGazda RHou Y(2022)Mobile Tracking in 5G and Beyond Networks: Problems, Challenges, and New Directions2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS)10.1109/MASS56207.2022.00067(426-434)Online publication date: Oct-2022
https://doi.org/10.1109/MASS56207.2022.00067
Tomasin SCentenaro MSeco-Granados GRoth SSezgin A(2021)Location-Privacy Leakage and Integrated Solutions for 5G Cellular Networks and BeyondSensors10.3390/s2115517621:15(5176)Online publication date: 30-Jul-2021
https://doi.org/10.3390/s21155176
Wen RZhang RPeng KWang C(2021)Protecting Locations with Differential Privacy against Location-Dependent Attacks in Continuous LBS Queries2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom53373.2021.00065(379-386)Online publication date: Oct-2021
https://doi.org/10.1109/TrustCom53373.2021.00065
Qiu YLiu YLi XChen J(2020)A Novel Location Privacy-Preserving Approach Based on BlockchainSensors10.3390/s2012351920:12(3519)Online publication date: 21-Jun-2020
https://doi.org/10.3390/s20123519
Bradbury MTaylor PAtmaca UMaple CGriffiths N(2020)Privacy Challenges With Protecting Live Vehicular Location ContextIEEE Access10.1109/ACCESS.2020.30385338(207465-207484)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3038533

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents