A Privacy-By-Design Architecture for Indoor Localization Systems

The availability of mobile devices has led to an arising development of indoor location services collecting a large amount of sensitive information. However, without accurate and verified management, such information could become severe back-doors for security and privacy issues. We propose in this paper a novel Location-Based Service (LBS) architecture in line with the GDPR’s provisions. For feasibility purposes and considering a representative use-case, a reference implementation, based on the popular Telegram app, is also presented.

[1]  Antonello Calabrò,et al.  Boosting a Low-Cost Smart Home Environment with Usage and Access Control Rules , 2018, Sensors.

[2]  Paolo Barsocchi,et al.  Localising crowds through Wi-Fi probes , 2018, Ad Hoc Networks.

[3]  Jiang Haofeng,et al.  Wi-Fi Secure Access Control System Based on Geo-fence , 2019, 2019 IEEE Symposium on Computers and Communications (ISCC).

[4]  Søren Debois,et al.  On Purpose and by Necessity: Compliance Under the GDPR , 2018, Financial Cryptography.

[5]  Antonello Calabrò,et al.  A dynamic and scalable solution for improving daily life safety , 2019, APPIS '19.

[6]  Brian Greaves,et al.  A Comparison of Indoor Positioning Systems for Access Control Using Virtual Perimeters , 2019, ICICT.

[7]  Eda Marchetti,et al.  GDPR-Based User Stories in the Access Control Perspective , 2019, QUATIC.

[8]  Paolo Barsocchi,et al.  What is next for Indoor Localisation? Taxonomy, protocols, and patterns for advanced Location Based Services , 2019, 2019 International Conference on Indoor Positioning and Indoor Navigation (IPIN).

[9]  Silvio Ranise,et al.  Automated Legal Compliance Checking by Security Policy Analysis , 2017, SAFECOMP Workshops.

[10]  Nikos Pelekis,et al.  Privacy-Preserving Indoor Localization on Smartphones , 2015 .

[11]  Brian Greaves,et al.  Access Control Requirements for Physical Spaces Protected by Virtual Perimeters , 2018, TrustBus.

[12]  Jan Jürjens,et al.  From Secure Business Process Modeling to Design-Level Security Verification , 2017, 2017 ACM/IEEE 20th International Conference on Model Driven Engineering Languages and Systems (MODELS).

[13]  Eda Marchetti,et al.  A Life Cycle for Authorization Systems Development in the GDPR Perspective , 2020, ITASEC.

[14]  Eda Marchetti,et al.  Towards a Lawful Authorized Access: A Preliminary GDPR-based Authorized Access , 2019, ICSOFT.

[15]  Demetrios Zeinalipour-Yazti,et al.  Anyplace: A Crowdsourced Indoor Information Service , 2015, 2015 16th IEEE International Conference on Mobile Data Management.