Shadow attacks on users' anonymity in pervasive computing environments

Privacy preserving technologies are likely to become an essential component of adaptive services in pervasive and mobile computing. Although privacy issues have been studied for a long time in computer science as well as in other fields, most studies are focused on the release of data from large repositories. Mobile and pervasive computing pose new challenges, requiring specific formal models for attacks and new privacy preserving techniques. This paper considers a specific pervasive computing scenario, and shows that the application of state-of-the-art techniques for the anonymization of service requests is insufficient to protect the privacy of users. A specific class of attacks, called shadow attacks, is formally defined and a defense technique is proposed. This defense is formally proved to be correct, and its effectiveness is validated by extensive experiments in a simulated environment.

[1]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[2]  Timo Ojala,et al.  Bluetooth and WAP push based location-aware mobile advertising system , 2004, MobiSys '04.

[3]  Abdelsalam Helal,et al.  Context attributes: an approach to enable context-awareness for service discovery , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[4]  Tetsuji Satoh,et al.  Protection of Location Privacy using Dummies for Location-based Services , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[5]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[6]  P. Nurmi,et al.  A Generic Large Scale Simulator for Ubiquitous Computing , 2006, 2006 3rd Annual International Conference on Mobile and Ubiquitous Systems - Workshops.

[7]  Sushil Jajodia,et al.  Anonymity in Location-Based Services: Towards a General Framework , 2007, 2007 International Conference on Mobile Data Management.

[8]  Masatoshi Arikawa,et al.  Navitime: Supporting Pedestrian Navigation in the Real World , 2007, IEEE Pervasive Computing.

[9]  Marco Gruteser,et al.  USENIX Association , 1992 .

[10]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[11]  Michael Samulowitz,et al.  CAPEUS: An Architecture for Context-Aware Selection and Execution of Services , 2001, DAIS.

[12]  Vijayalakshmi Atluri,et al.  Preserving mobile customer privacy: an access control system for moving objects and customer profiles , 2005, MDM '05.

[13]  Keith Cheverst,et al.  Experiences of developing and deploying a context-aware tourist guide: the GUIDE project , 2000, MobiCom '00.

[14]  Claudio Bettini,et al.  Privacy Protection through Anonymity in Location-based Services , 2008, Handbook of Database Security.

[15]  Roy H. Campbell,et al.  Towards Security and Privacy for Pervasive Computing , 2002, ISSS.

[16]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[17]  Michael Gertz,et al.  Handbook of Database Security - Applications and Trends , 2007, Handbook of Database Security.

[18]  Sushil Jajodia,et al.  Anonymity and Diversity in LBS: A Preliminary Investigation , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[19]  Daqing Zhang,et al.  Protection of privacy in pervasive computing environments , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[20]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[21]  Stanislav Kurkovsky,et al.  Using ubiquitous computing in interactive mobile marketing , 2006, Personal and Ubiquitous Computing.

[22]  Jadwiga Indulska,et al.  Context Obfuscation for Privacy via Ontological Descriptions , 2005, LoCA.