Longitude: A Privacy-Preserving Location Sharing Protocol for Mobile Applications

Location sharing services are becoming increasingly popular. Although many location sharing services allow users to set up privacy policies to control who can access their location, the use made by service providers remains a source of concern. Ideally, location sharing providers and middleware should not be able to access users’ location data without their consent. In this paper, we propose a new location sharing protocol called Longitude that eases privacy concerns by making it possible to share a user’s location data blindly and allowing the user to control who can access her location, when and to what degree of precision. The underlying cryptographic algorithms are designed for GPS-enabled mobile phones. We describe and evaluate our implementation for the Nexus One Android mobile phone.

[1]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[2]  Lorrie Faith Cranor,et al.  Location-Sharing Technologies: Privacy Risks and Controls , 2009 .

[3]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[4]  Julien Freudiger,et al.  Private Sharing of User Location over Online Social Networks , 2010 .

[5]  Marco Gruteser,et al.  USENIX Association , 1992 .

[6]  Tanzima Hashem,et al.  Safeguarding Location Privacy in Wireless Ad-Hoc Networks , 2007, UbiComp.

[7]  Man Lung Yiu,et al.  Private and Flexible Proximity Detection in Mobile Social Networks , 2010, 2010 Eleventh International Conference on Mobile Data Management.

[8]  Sushil Jajodia,et al.  Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies , 2010, The VLDB Journal.

[9]  Marine Minier,et al.  Survey and Benchmark of Stream Ciphers for Wireless Sensor Networks , 2007, WISTP.

[10]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[11]  Urs Hengartner,et al.  A distributed k-anonymity protocol for location privacy , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[12]  Michael Scott,et al.  Computing the Tate Pairing , 2005, CT-RSA.

[13]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[14]  Axel Küpper,et al.  Anonymous User Tracking for Location-Based Community Services , 2006, LoCA.

[15]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[16]  Gregory D. Abowd,et al.  Ubicomp 2007: Ubiquitous Computing , 2008 .

[17]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[18]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008 .

[19]  Ian Goldberg,et al.  Louis, Lester and Pierre: Three Protocols for Location Privacy , 2007, Privacy Enhancing Technologies.

[20]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[21]  Choonsik Park,et al.  Information Security and Cryptology - ICISC 2004, 7th International Conference, Seoul, Korea, December 2-3, 2004, Revised Selected Papers , 2005, ICISC.

[22]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[23]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[24]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[25]  Hari Balakrishnan,et al.  CryptDB: A Practical Encrypted Relational DBMS , 2011 .

[26]  Fuchun Guo,et al.  Identity-Based Online/Offline Encryption , 2008, Financial Cryptography.

[27]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[28]  Bernt Schiele,et al.  Location- and Context-Awareness, Third International Symposium, LoCA 2007, Oberpfaffenhofen, Germany, September 20-21, 2007, Proceedings , 2007, LoCA.

[29]  Silvio Micali,et al.  On-Line/Off-Line Digital Schemes , 1989, CRYPTO.

[30]  Lars Erik Holmquist,et al.  UbiComp 2002: Ubiquitous Computing , 2002 .

[31]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[32]  Norman M. Sadeh,et al.  Rethinking location sharing: exploring the implications of social-driven vs. purpose-driven location sharing , 2010, UbiComp.

[33]  Paulo S. L. M. Barreto,et al.  Compressed Pairings , 2004, CRYPTO.

[34]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[35]  Sanjit Chatterjee,et al.  Efficient Computation of Tate Pairing in Projective Coordinate over General Characteristic Fields , 2004, ICISC.

[36]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[37]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[38]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.