InnerCircle: A parallelizable decentralized privacy-preserving location proximity protocol

Location Based Services (LBS) are becoming increasingly popular. Users enjoy a wide range of services from tracking a lost phone to querying for nearby restaurants or nearby tweets. However, many users are concerned about sharing their location. A major challenge is achieving the privacy of LBS without hampering the utility. This paper focuses on the problem of location proximity, where principals are willing to reveal whether they are within a certain distance from each other. Yet the principals are privacy-sensitive, not willing to reveal any further information about their locations, nor the distance. We propose InnerCircle, a novel secure multi-party computation protocol for location privacy, based on partially homomorphic encryption. The protocol achieves precise fully privacy-preserving location proximity without a trusted third party in a single round trip. We prove that the protocol is secure in the semi-honest adversary model of Secure Multi-party Computation, and thus guarantees the desired privacy properties. We present the results of practical experiments of three instances of the protocol using different encryption schemes. We show that, thanks to its parallelizability, the protocol scales well to practical applications.

[1]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[2]  Sushil Jajodia,et al.  Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies , 2010, The VLDB Journal.

[3]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[4]  Martín Ochoa,et al.  Indistinguishable regions in geographic privacy , 2012, SAC '12.

[5]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[6]  Ian Goldberg,et al.  Louis, Lester and Pierre: Three Protocols for Location Privacy , 2007, Privacy Enhancing Technologies.

[7]  George Danezis,et al.  Verified Computational Differential Privacy with Applications to Smart Metering , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[8]  Mauro Barni,et al.  Encrypted signal processing for privacy protection: Conveying the utility of homomorphic encryption and multiparty computation , 2013, IEEE Signal Processing Magazine.

[9]  Paolo Santi,et al.  Investigating the Privacy versus Forwarding Accuracy Tradeoff in OpportunisticInterest-Casting , 2014, IEEE Transactions on Mobile Computing.

[10]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[11]  Stefan Katzenbeisser,et al.  Privacy-Preserving Face Recognition , 2009, Privacy Enhancing Technologies.

[12]  Viswanath Poosala,et al.  An economically viable solution to geofencing for mass-market applications , 2011, Bell Labs Technical Journal.

[13]  Ahmad-Reza Sadeghi,et al.  A systematic approach to practically efficient general two-party secure function evaluation protocols and their modular design , 2013, J. Comput. Secur..

[14]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[15]  Ove Andersen,et al.  A Location Privacy Aware Friend Locator , 2009, SSTD.

[16]  Paolo Gasti,et al.  Privacy-preserving distance computation and proximity testing on earth, done right , 2014, AsiaCCS.

[17]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[18]  Manolis Terrovitis,et al.  Privacy preservation in the dissemination of location data , 2011, SKDD.

[19]  Christian S. Jensen,et al.  Preserving location and absence privacy in geo-social networks , 2010, CIKM '10.

[20]  Partha Dasgupta,et al.  P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains , 2010, IEEE Transactions on Knowledge and Data Engineering.

[21]  Ahmad-Reza Sadeghi,et al.  Efficient Privacy-Preserving Face Recognition , 2009, ICISC.

[22]  Christoph Böhm,et al.  The Basic Applications , 2013 .

[23]  Constantinos Patsakis,et al.  Playing Hide and Seek with Mobile Dating Applications , 2014, SEC.

[24]  P Ping Chen,et al.  Secure multiparty computation for privacy preserving data mining , 2012 .

[25]  Man Lung Yiu,et al.  Private and Flexible Proximity Detection in Mobile Social Networks , 2010, 2010 Eleventh International Conference on Mobile Data Management.

[26]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[27]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[28]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[29]  S. Rajsbaum Foundations of Cryptography , 2014 .

[30]  Haojin Zhu,et al.  All your location are belong to us: breaking mobile social networks for automated user location tracking , 2013, MobiHoc '14.

[31]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.

[32]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[33]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[34]  Neal Leavitt,et al.  Internet Security under Attack: The Undermining of Digital Certificates , 2011, Computer.