An Approach for Location privacy in
Pervasive Computing Environment
1
SUDHEER KUMAR SINGH, 2ALKA JINDAL
1
Master of engineering (student), 2 Assistant Professor
1,2
PEC University of technology, Dept of computer science and Engineering, Chandigarh, 160012, India. Abstract- This paper focus on location privacy in location based services, Location privacy is a particular type of information privacy that can be defined as the ability to prevent others from learning one’s current or past location. Many systems such as GPS implicitly and automatically give its users location privacy. Once user sends his or her current location to the application server, Application server stores current locations of users in application server database. User can not delete or modify his or her location data after sending once to application server. Addressing this problem, Here in this paper, we are giving theoretical concept for protecting location privacy in pervasive computing environment. This approach based on user anonymity based location privacy. Going through the basic user anonymity based a location privacy approach that uses trusted proxy. By analysis of this approach, we propose an improvement over it using dummy-locations of users and also dummies of requested services by users from the application server. In this paper, this approach reduces the user’s overheads to extracting necessary information from reply message coming from application server. In this approach, user send a message having (current location and ID+ requested service) to the trusted proxy and trusted proxy generates dummies location related to current location and also generates temporary pseudonym corresponding to real ID of users. After Analysis of this approach we have found on problem with requested service. Addressing this problem, we improve our method by using dummies of requested service generated by trusted proxy. Trusted proxy generated Dummies (false position) by dummies location algorithms.
Keywords- Location privacy, pseudonym, de-anonymize, dummy-Locations, location anonymity, trusted proxy, pervasive computing
I. INTRODUCTION
Many countries recognize privacy as a right and have attempted to codify it in law. The 1948 Universal Declaration of Human Rights [3] declares that everyone has a right to privacy at home, with family, and in correspondence. The Indian Constitution of 1950 does not expressly recognize the right to privacy. However, the Supreme Court first recognized it in 1964 that there is a right of privacy implicit in the Constitution under Article 21 of the Constitution, which states, "No person shall be deprived of his life or personal liberty except according to procedure established by law." This paper concentrates on location privacy, a particular type of information privacy that can define as the ability to prevent other parties from learning one’s current or past location [1]. Location privacy becomes more important in pervasive environment. You probably do not care if someone finds out where you were yesterday at 4:30 p.m., but if this someone could inspect the history of all your past movements, recorded every second with sub-meter accuracy, you might start to see things differently. Some goals are mutually exclusive and cannot be satisfied simultaneously: for example, wanting to keep our position secret and yet wanting colleagues to be able to locate us. Despite this, there is still a spectrum of useful combinations to be explored. One type of system may provide the user the complete control over her tractability. She has the power to switch from tractable to intractable mode. In a second kind of system the location privacy is not completely under control. The user can be in only one mode “tractable” or “intractable”.
II. SYSTEMS WHERE NO AUTHENTICATION IS NEEDED
GPS implicitly and automatically gives its users location privacy. Here the user can’t become tractable. So there can be two types of systems: one, where the user should authenticate to use the service: second, where no authentication is necessary i.e. GPS (global positioning system) discussed. It is very simple to have location privacy in the second type of the system. The user is anonymous here. Unlike GPS if there is a back channel and the system is aware that someone is accessing the service, even then anonymity saves the user from being traced.
III. SYSTEM THAT NEEDS AUTHENTICATION
In the system that needs authentication for using its services acquiring location privacy becomes complex. Here location privacy can be acquired indirectly using some kind of anonymity. In a simplest example take n users. Everyone is given a mobile device. All the devices have same identification number. No body can make a duplicate of the device. All the users with such a device are legitimate customers for using the services provided by the system. Hence all the authorized customers can use the system but being anonymous are intractable. Also, nobody can contact the intended person in such systems.
In the pervasive computing environment, location based applications track user’s movements so they can offer various useful services. Users who do not want such services can trivially maintain location privacy by refusing to be tracked—assuming they have the choice. The more challenging problem is to develop techniques that let users benefit from location-based applications while at the same time retaining their location privacy.
IV. LOCATION INDEPENDENT APPLICATIONS
Location independent applications don’t need location information so the user is safe. Only the user ID and the request are sent to the application. If we use a proxy (fig1) then the user accesses the application server through a trusted proxy server. The user is authorized to use the service by this trusted proxy. The proxy gets the user ID, and the requested service from user. The trusted proxy sends the request to the application server. Response from the application server reaches the user through proxy. There are many users requesting the service through proxy. Proxy has to maintain a table for the user ID and the corresponding request so that it can redirect the response from the application to appropriate user. Here application can’t even record that a user is using its services.
( ID+Req)
Res
Fig1. Privacy in Location Independent applications
V. LOCATION DEPENDENT (AWARE) APPLICATIONS
To protect the privacy of our location information while taking advantage of location-aware services, we wish to hide our true identity from the applications receiving our location; at a very high level, this can be taken as a statement of our security policy. Now we try to develop a more sophisticated system for location-based service (fig2). Here the user accesses the application server through a trusted proxy server. The user is authorized to use the service by this trusted proxy. The user gets the ID from the proxy server administrator on request The proxy gets the user ID, the location and the requested service from user. The trusted proxy sends location, temporary pseudonym and the request to the application server. Temporary pseudonyms are generated by trusted proxy corresponding to user ID. Response from the application server reaches the user through proxy. There are many users requesting the service through proxy. Proxy has to maintain a table for the user ID, temporary pseudonyms and the corresponding request so that it can redirect the response from the application to appropriate user. Here the application is aware of the location and the request from the user but doesn’t know her identity. So indirectly location privacy is gained.
User Application
Fig2: Simple location privacy using trusted proxy
Fig3: Location privacy using pseudonyms and a trusted proxy
In another approach we can develop a system for location-based service that uses pseudonyms (fig3). A pseudonym is an authorized anonymous ID generated by a cryptographic technique called blind signature [4], is used to replace the real ID of an authorized mobile device. Here too the user accesses the application server through a trusted proxy server. The user is authorized to use the service by this trusted proxy. The user location based system generate a pseudonym for the user. User communicates with the application as shown in the fig3.user has to maintain a table for the pseudonym and the corresponding user ID so that it can received the response from the application to appropriate service .. Here too the application is aware of the location and the request from the user but doesn’t know her identity. But using a long-term pseudonym for each user does not provide much privacy—even if the same user gives out different pseudonyms to different applications to avoid collusion. This is because certain regions of space, such as user desk locations in an office, act as “homes” and, as such, are strongly associated with certain identities. Applications could identify users by following the “footsteps” of a pseudonym to or from such a “home” area. We can correctly de-anonymize all users by correlating two simple checks: First, where does any given pseudonym spend most of its time? Second, who spends more time than anyone else at any given desk? Therefore, long- term pseudonyms cannot offer sufficient protection of location privacy.
One countermeasure is to have users change pseudonyms frequently, even while they are being tracked: users adopt a series of new, unused pseudonyms for each application with which they interact [1]. If the system’s spatial and temporal resolution were sufficiently high, applications could easily link the old and new pseudonyms, defeating the purpose of the change. On other hand , fig(4), user send his ID and dummies location (false position ) and
Temp. Pseudonym +
Loc + Req.
Res.
Temp. Pseudonym +
Loc + Req. Res.
User
Application Server
Trusted
Proxy Res.
ID + Loc. + Req.
User
Application Server
Trusted
Proxy
Temp. Pseudonym
requested service to trusted proxy and trusted proxy hide user true ID and generate temporary pseudonym and forward to the application server.
Application server gives back to response for requested services to the trusted proxy and trusted proxy send redirect response corresponding real ID of users. In previous methods, user has more overheads to extracting useful information from response message from application server.
Avoid this over heads we develop new methods in next section.
Fig4: Location privacy using temporary pseudonyms and a trusted proxy
VI. AN IMPROVEMENT OVER LOCATION PRIVACY USING PSEUDONYMS, A TRUSTED PROXY AND DUMMY-LOCATIONS
In this approach we can develop a system for location-based service that uses pseudonyms (fig5). Here too the user accesses the application server through a trusted proxy server. The proxy provides a pseudonym to the user after authenticating it. The user gets the ID from the proxy server administrator on request. User communicates with the application through the proxy server (fig5). The users change pseudonyms frequently, even while they are being tracked: users adopt a series of new, unused pseudonyms for each application with which they interact [1]. Proxy has to maintain a table for the pseudonym and the corresponding user ID so that it can redirect the response from the application to appropriate user. Here too the application is aware of the location and the request from the user but doesn’t know her identity. Users can change pseudonyms while applications track them; but then, if the system’s spatial and temporal resolution were sufficiently high, applications can easily link the old and new pseudonyms, nullifying the purpose of the change. Now one more factor is added to make the system more secure. This can be called location anonymity approach (fig5) [6]. Here the user sends a few dummy locations (nearby) with its actual location to the application and requests some service. And also trusted proxy generated the dummies services. User sends ID, Loc, service (request) to the proxy server, proxy server generate dummies location nearby its true locations and also dummies (false query) near by true query location and forward its query to application server. The application server responds with solutions (services) for all locations to trusted proxy. Trusted proxy extracts useful information from all solutions corresponding to user real ID and service request and sends to appropriate users. From this approach we prevent location privacy as well as avoid more overheads of users. The user can prevent himself for chooses the solution for actual location. Hence probability of loss of privacy will decrease. Fig6 shows how dummy locations are chosen for multiple locations requests (queries). AL is the actual location. L1 and L2 are chosen to make the application wonder that which one is the correct location of the user. As the user changes its position to AL’ the locations L1’ and L2’ are chosen. There can be different ways of choosing the dummy locations.
ID + (Loc1, loc2, loc3) + Req.
Res.
Temp pseudonym + (Loc1, loc2, loc3) + Req.
Res.
User
Application Server
Trusted
Such an approach improves over the previous one. First of all here the users original ID is not revealed with that its actual location can’t be judged with 100 percent accuracy. For two dummy locations in addition to original location the probability of guessing correct position is 1/3. Though it carries the burden of bandwidth overload, but where location privacy is of prime importance it can certainly make some difference. If no of dummies location increases then privacy will be increasing. if n dummies location will be generated then guessing of correct position is 1/n. and if n dummies query will be generated by generating dummies requested service then it is impossible to track or guess the user location
Fig5. An improvement over location privacy using pseudonyms and a trusted proxy: Dummy-Location approach
Fig 6: Choosing dummy locations while actual location (AL) changes
There is a scope of direct communication with the application too. We can take location dependent services from the application by directly communicating with it. We can reveal our identity to it but giving it dummy locations with our actual location, and hide our service request to generating dummies for it. The application will know that the user can be at any of the given locations but doesn’t guess the actual location.
AL
L1
L1’
AL’ X
Y LOC + ID + Req.
Res.
Temp. Pseudonym +
(Loc1, loc2, loc3) + Req. Res.
User
Application Server
Trusted
VII. CONCLUSION
Analysis of different approaches for achieving location privacy in a location-based application system, our proposed approach first hide the user ID form application server by changing it by corresponding temporary pseudonyms. Second has removed the need for authentication. Third has removed the overheads on users to extracting necessary information form reply message coming from application server by trusted proxy. This approach is to develop some mechanism for anonymity based user’s location privacy. We can achieve Location privacy using pseudonyms and a trusted proxy and dummies (false position). Location privacy becomes more robust using temporary pseudonyms and a trusted proxy and dummy location of users and requested service. In this method there is a scope of direct communication with the application without revealing our actual location. In future we will develop an extensive architecture of location anonymity based system that uses trusted proxy. Also we will look for possible vulnerabilities.
VIII. REFERENCES
[1] Alastair R. Beresford and Frank Stajano, “Location Privacy in Pervasive Computing”, PERVASIVE computing, January–March 2003, pp. 46-55.
[2] I. Getting, “The Global Positioning System,” IEEE Spectrum, vol. 30, no. 12, Dec. 1993, pp. 36–47.
[3] United Nations, Universal Declaration of Human Rights, General Assembly Resolution 217 A (III), 1948; www.un.org/Overview. [4] D. Chaum. "Blind Signatures for Untraceable Pay- ments." Proc. Crypt0 '82. 1982.
[5] Qi He, Dapeng Wu, Pradeep Khosla, “The Quest for Personal Control over Mobile Location Privacy” IEEE Communications Magazine May 2004, pp.130-136.
