Master Thesis MSTR-2016-69

BibliographyReddy, Marthala Vishnu Vardhan: Design and Implementation of Privacy-aware Cloud-based Search Algorithms for Tracking Mobile Devices.
University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Master Thesis No. 69 (2016).
97 pages, english.

Bluetooth Low Energy (BLE) has quickly become a major standard for connecting devices to the so called Internet of Things (IoT). Nearly all mobile devices such as smartphones and tablets sold today feature BLE connectivity. Driven by the pervasive availability of BLE devices like beacons, new use cases become feasible. In thesis we have focused on specific user case: mobile target tracking where the users can track their daily objects like keys, vehicles, wallets etc. by equipping them with the beacons. The positions of these beacons can be tracked by the crowd of users carrying smartphones, which report the positions of sighted objects to a background cloud service managing mobile object position. As the object positions are reported to a central cloud service, this raises privacy concerns if the cloud service is not trusted by the user whose object is tracked. Several approaches like K-anonymity (Kalnis P, 2007), location obfuscation (Ardagna, 2007) and position dummies (Kido, 2005) have been proposed in the literature to protect the user privacy. Nonetheless, most of these approaches are suited to system that involve trusted third parties. In our scenario however, the user is depending on a non-trusted cloud service to track his object. That means the non-trusted cloud should not be able to track the user objects. With respect to location privacy of the tracking objects, some approaches (M Grusten, 2005) pointed out a problem that trajectories can be formed and revealed because of frequent position reporting’s to the cloud using techniques like Multi target tracking algorithms. We have developed a mechanism to determine a safe way of reporting to the cloud such that the cloud cannot not track the user objects and ensure that only authorized user (object owners) can actually understand the collected data belonging to their objects. To this end, we require changing pseudonyms instead of static ones for the beacon. For the population of 150 in the typical two city scenario we have evaluated and found that 8 sec reporting interval (?) was safe to avoid mean tracking length (µTL) greater than 10% of total length of the track. In addition to the above problem (frequently reporting’s), we also have threat when the user queries for his object trace. For instance, the frequent queries from the user for the object trace could lead to an attack like multiple query attack (Talukder N, 2010). We have developed a secure query algorithm which queries the cloud in a privacy preserving manner such that the cloud cannot track the user objects with the help of queries. To this end, our approach has constructed k possible query corridors such that for the attacker the real trajectory, which is part of one corridor, gets confused with the fake trajectories, which are part of k-1 corridors. Thus we have protected the identity and location privacy of the user object. Moreover, when querying for the object trace, we have optimized the communication overhead by performing special way of queries i.e. Id based queries and range queries.

Department(s)University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems
Superviser(s)Rothermel, Prof. Kurt; Dürr, Dr. Frank
Entry dateJune 5, 2019
   Publ. Computer Science