research-article

Public Access

Techu: Open and Privacy-Preserving Crowdsourced GPS for the Masses

Authors:

Ioannis Agadakos,

Georgios PortokalidisAuthors Info & Claims

MobiSys '17: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services

Pages 475 - 487

https://doi.org/10.1145/3081333.3081345

Published: 16 June 2017 Publication History

Abstract

The proliferation of mobile devices, equipped with numerous sensors and Internet connectivity, has laid the foundation for the emergence of a diverse set of crowdsourcing services. By leveraging the multitude, geographical dispersion, and technical abilities of smartphones, these services tackle challenging tasks by harnessing the power of the crowd. One such service, Crowd GPS, has gained traction in the industry and research community alike, materializing as a class of systems that track lost objects or individuals (e.g., children or elders). While these systems can have significant impact, they suffer from major privacy threats.

In this paper, we highlight the inherent risks to users from the centralized designs adopted by such services and demonstrate how adversaries can trivially misuse one of the most popular crowd GPS services to track their users. As an alternative, we present Techu, a privacy-preserving crowd GPS service for tracking Bluetooth tags. Our architecture follows a hybrid decentralized approach, where an untrusted server acts as a bulletin board that collects reports of tags observed by the crowd, while observers store the location information locally and only disclose it upon proof of ownership of the tag. Techu does not require user authentication, allowing users to remain anonymous. As no user authentication is required and cloud messaging queues are leveraged for communication between users, users remain anonymous. Our security analysis highlights the privacy offered by Techu, and details how our design prevents adversaries from tracking or identifying users. Finally, our experimental evaluation demonstrates that Techu has negligible impact on power consumption, and achieves superior effectiveness to previously proposed systems while offering stronger privacy guarantees.

References

[1]

Cryptographic key length recommendation. https://www.keylength.com/en/.

[2]

Daily mail - samsonite set to install tracking beacons. http://www.dailymail.co.uk/sciencetech/article-3540967/Now-lost-luggage-tell-Samsonite-set-install/tracking-beacons-new-cases-using-smartphone-app.html.

[3]

Daily news - lost items cost americans $5,591: survey. http://www.nydailynews.com/news/national/lost-items-cost- americans-5--591-survey-article-1.2237244.

[4]

Forbes - if you're not paying for it, you become the product. http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/.

[5]

Identity theft resource center - 2015 data breaches. http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html.

[6]

Network world - biggest data breaches of 2015. http://www.networkworld.com/article/3011103/security/biggest-data-breaches-of-2015.html.

[7]

Reuters - amazon bolsters voice based-platform alexa with investment in trackr. http://www.reuters.com/article/us-amazon-com-alexa-trackr-idUSKCN0XT1GB.

[8]

Trackr -- pets. http://support.thetrackr.com/hc/en-us/articles/210902166-Can-I-Use-TrackR-On-My-Pet-.

[9]

https://www.indiegogo.com/projects/trackr-bravo-the-thinnest-tracking-device-ever-2#/.

[10]

Washington post - nsa tracking cellphone locations worldwide, snowden documents show. https://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html.

[11]

M. Allahbakhsh, B. Benatallah, A. Ignjatovic, H. R. Motahari-Nezhad, E. Bertino, and S. Dustdar. Quality control in crowdsourcing systems: Issues and directions. IEEE Internet Computing, 17(2), 2013.

Digital Library

[12]

M. E. Andrés, N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. Geo-indistinguishability: Differential privacy for location-based systems. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 901--914. ACM, 2013.

Digital Library

[13]

Associated Press. NYC transit hubs handle flood of lost items. Crain's New York Business, Dec 2013. http://www.crainsnewyork.com/article/20131227/ TRANSPORTATION/131229942/nyc-transit-hubs-handle-flood-of-lost-items.

[14]

M. Balakrishnan, I. Mohomed, and V. Ramasubramanian. Where's that phone?: Geolocating ip addresses on 3g networks. In Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, pages 293--300. ACM, 2009.

Digital Library

[15]

A. Bessani, M. Correia, B. Quaresma, F. André, and P. Sousa. Depsky: Dependable and secure storage in a cloud-of-clouds. ACM Transactions on Storage (TOS), 9(4):12, 2013.

Digital Library

[16]

K. Bishop. Growth business: GPS tracking the elderly. CNBC. http://www.cnbc.com/2014/03/11/growth-business-gps-tracking-the-elderly.html.

[17]

Bluetooth SIG. Specification of the Bluetooth system, 2010. https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737.

[18]

Bluetooth Special Interest Group. Bluetooth Specification, 4.2 edition, 2014.

[19]

N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 251--262. ACM, 2014.

Digital Library

[20]

V. Cheval, S. Delaune, and M. Ryan. Tests for establishing security properties. In International Symposium on Trustworthy Global Computing, pages 82--96. Springer, 2014.

[21]

S. Cohen. Locus pocus can track all your bluetooth devices -- and other people's, too. VentureBeat, 2015. http://venturebeat.com/2015/06/06/locus-pocus-can-track-all-your-bluetooth-devices-and-other-peoples-too/.

[22]

C. Cornelius, A. Kapadia, D. Kotz, D. Peebles, M. Shin, and N. Triandopoulos. Anonysense: Privacy-aware people-centric sensing. In Proceedings of the 6th international conference on Mobile systems, applications, and services, pages 211--224. ACM, 2008.

Digital Library

[23]

A. K. Das, P. H. Pathak, C.-N. Chuah, and P. Mohapatra. Uncovering privacy leakage in ble network traffic of wearable fitness trackers. In Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications, pages 99--104. ACM, 2016.

Digital Library

[24]

Y.-A. de Montjoye, C. A. Hidalgo, M. Verleysen, and V. D. Blondel. Unique in the crowd: The privacy bounds of human mobility. Nature Scientific Reports, 3, 2013.

[25]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. Technical report, DTIC Document, 2004.

[26]

M. Faulkner, M. Olson, R. Chandy, J. Krause, K. M. Chandy, and A. Krause. The next big one: Detecting earthquakes and other rare events from community-based sensors. In Information Processing in Sensor Networks (IPSN), 2011.

[27]

K. Fawaz and K. G. Shin. Location privacy protection for smartphone users. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 239--250. ACM, 2014.

Digital Library

[28]

C. Frank, P. Bolliger, C. Roduner, and W. Kellerer. Objects calling home: Locating objects using mobile phones. Pervasive computing, pages 351--368, 2007.

Digital Library

[29]

G. Ghinita. Privacy for location-based services. Synthesis Lectures on Information Security, Privacy, and Trust, 4(1), 2013.

Digital Library

[30]

P. Golle and K. Partridge. On the anonymity of home/work location pairs. Pervasive Computing, Springer, pages 390--397, 2009.

Digital Library

[31]

C. Gomez, J. Oller, and J. Paradells. Overview and evaluation of bluetooth low energy: An emerging low-power wireless technology. Sensors, 12(9):11734--11753, 2012.

[32]

M. C. Gonzalez, C. A. Hidalgo, and A.-L. Barabasi. Understanding individual human mobility patterns. Nature, 453(7196), 2008.

[33]

Google. Google cloud messaging. https://developers.google.com/cloud-messaging/.

[34]

Google. Growing Eddystone with ephemeral identifiers: A privacy aware & secure open beacon format, 2016. https://developers.googleblog.com/2016/04/growing-eddystone-with-ephemeral-identifiers.html.

[35]

M. Green. A riddle wrapped in a curve. https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/.

[36]

M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In Proceedings of the 1st international conference on Mobile systems, applications and services, pages 31--42. ACM, 2003.

Digital Library

[37]

B. Gueye, A. Ziviani, M. Crovella, and S. Fdida. Constraint-based geolocation of internet hosts. IEEE/ACM Transactions on Networking, 14(6):1219--1232, 2006.

Digital Library

[38]

B. Guo, Z. Wang, Z. Yu, Y. Wang, N. Y. Yen, R. Huang, and X. Zhou. Mobile crowd sensing and computing: The review of an emerging human-powered sensing paradigm. ACM Comput. Surv., 48(1), 2015.

Digital Library

[39]

M. Haase, M. Handy, et al. Bluetrack-imperceptible tracking of bluetooth devices. In Ubicomp Poster Proceedings. Citeseer, 2004.

[40]

K. Han, E. A. Graham, D. Vassallo, and D. Estrin. Enhancing motivation in a mobile participatory sensing project through gaming. In Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on, pages 1443--1448. IEEE, 2011.

[41]

https://www.thetileapp.com/. Tilebeacon.

[42]

https://www.thetrackr.com/. Trackr.

[43]

Z. Hu, J. Heidemann, and Y. Pradkin. Towards geolocation of millions of ip addresses. In Proceedings of the 2012 ACM conference on Internet measurement conference, pages 123--130. ACM, 2012.

Digital Library

[44]

N. Husted and S. Myers. Mobile location tracking in metro areas: Malnets and others. In Proceedings of the 17th ACM conference on Computer and communications security, pages 85--96. ACM, 2010.

Digital Library

[45]

M. Jakobsson and S. Wetzel. Security weaknesses in bluetooth. In Cryptographers' Track at the RSA Conference, pages 176--191. Springer, 2001.

Digital Library

[46]

C. Jones. 10 wearable safety and GPS devices for kids. The SafeWise Report, 2015. http://www.safewise.com/blog/10-wearable-safety-gps-devices-kids/.

[47]

P. Kindt, D. Yunge, R. Diemer, and S. Chakraborty. Precise energy modeling for the bluetooth low energy protocol.arXiv preprint arXiv:1403.2919, 2014.

[48]

N. Koblitz, Alfred, and J. Menezes. A riddle wrapped in an enigma. Security and Privacy, 2015.

Digital Library

[49]

J. Krumm. Inference attacks on location tracks. Pervasive computing, pages 127--143, 2007.

Digital Library

[50]

J. Krumm. A survey of computational location privacy. Personal Ubiquitous Comput., 13(6), 2009.

Digital Library

[51]

N. D. Lane, S. B. Eisenman, M. Musolesi, E. Miluzzo, and A. T. Campbell. Urban sensing systems: opportunistic or participatory? In Proceedings of the 9th workshop on Mobile computing systems and applications, pages 11--16. ACM, 2008.

Digital Library

[52]

R. Lawler. Land Rover puts Tile's stuff-finding Bluetooth tech in an SUV. engadget, 2016. https://www.engadget.com/2016/04/26/land-rover-puts-tiles-stuff-finding-bluetooth-tech-in-an-suv/.

[53]

Maxell. Cr1616 battery datasheet. http://www.maxell.com.tw/images/uploads/2014/10/CR1616_DataSheet_e.pdf.

[54]

K. Minami and N. Borisov. Protecting location privacy against inference attacks. In Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, pages 123--126. ACM, 2010.

Digital Library

[55]

P. Mohan, V. Padmanabhan, and R. Ramjee. Nericell: Rich monitoring of road and traffic conditions using mobile smartphones. In ACM Sensys '08, 2008.

Digital Library

[56]

B. Pan, Y. Zheng, D. Wilkie, and C. Shahabi. Crowd sensing of traffic anomalies based on human mobility and social media. In Proceedings of the 21st ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems, pages 344--353. ACM, 2013.

Digital Library

[57]

S. Papadopoulos, S. Bakiras, and D. Papadias. Nearest neighbor search with strong location privacy. Proc. VLDB Endow., 3(1--2), 2010.

Digital Library

[58]

I. Polakis, G. Argyros, T. Petsios, S. Sivakorn, and A. D. Keromytis. Where's Wally? Precise user discovery attacks in location proximity services. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 817--828. ACM, 2015.

Digital Library

[59]

I. Polakis, S. Volanis, E. Athanasopoulos, and E. P. Markatos. The man who was there: validating check-ins in location-based services. In Proceedings of the 29th Annual Computer Security Applications Conference, pages 19--28. ACM, 2013.

Digital Library

[60]

S. C. Rhea. Opendht: A Public Dht Service. PhD thesis, 2005.

Digital Library

[61]

T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno. Privacy-preserving location tracking of lost or stolen devices: Cryptographic techniques and replacing trusted third parties with dhts. In Usenix Security Symposium, pages 275--290, 2008.

Digital Library

[62]

J. L. Sandeep Kamath. Measuring bluetooth® low energy power consumption, application note an092.

[63]

T. S. Saponas, J. Lester, C. Hartung, S. Agarwal, T. Kohno, et al. Devices that tell on you: Privacy trends in consumer ubiquitous computing. In Usenix Security, volume 3, 2007.

Digital Library

[64]

C. E. Shannon. A mathematical theory of communication. The Bell System Technical Journal, 27:379--423, 623--656, 1948.

[65]

R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec. Protecting location privacy: Optimal strategy against localization attacks. In Proceedings of the ACM Conference on Computer and Communications Security, pages 617--627. ACM, 2012.

Digital Library

[66]

B. S. I. G. (SIG). Bluetooth®5 quadruples range, doubles speed, increases data broadcasting capacity by 800%. PRESS RELEASE, 2016. https://www.bluetooth.com/news/pressreleases/2016/06/16/-bluetooth5-quadruples-rangedoubles-speedincreases-data- broadcasting-capacity-by-800.

[67]

S. W. Smith. Gagged, sealed & delivered: Reforming ecpa's secret docket. Harvard Law & Policy Review, 6, 2012.

[68]

M. W. Storer, K. Greenan, and E. L. Miller. Long-term threats to secure archives. In Proceedings of the Second ACM Workshop on Storage Security and Survivability, StorageSS '06.

Digital Library

[69]

M. W. Storer, K. M. Greenan, E. L. Miller, and K. Voruganti. Potshards--a secure, recoverable, long-term archival storage system. ACM Transactions on Storage, 5(2), 2009.

Digital Library

[70]

J. Sun, R. Zhang, X. Jin, and Y. Zhang. Securefind: Secure and privacy-preserving object finding via mobile crowdsourcing. IEEE Transactions on Wireless Communications, 15(3):1716--1728, 2016.

Digital Library

[71]

H. To, G. Ghinita, and C. Shahabi. A framework for protecting worker location privacy in spatial crowdsourcing. Proc. VLDB Endow., 7, 2014.

Digital Library

[72]

S. Triukose, S. Ardon, A. Mahanti, and A. Seth. Geolocating ip addresses in cellular data networks. In International Conference on Passive and Active Network Measurement, pages 158--167. Springer, 2012.

Digital Library

[73]

Unacast. Beacons on track to hit 400M deployed by 2020 reports Unacast. BusinessWire. http://www.businesswire.com/news/home/20160126005779/ en/Beacons-Track-Hit-400M-Deployed-2020-Reports.

[74]

G. Wang, B. Wang, T. Wang, A. Nika, H. Zheng, and B. Y. Zhao. Defending against sybil devices in crowdsourced mapping services. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, pages 179--191. ACM, 2016.

Digital Library

Cited By

Torre DChennamaneni ARodriguez A(2023)Privacy-Preservation Techniques for IoT Devices: A Systematic Mapping StudyIEEE Access10.1109/ACCESS.2023.324552411(16323-16345)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3245524
Wang YTian YZhang XHe XLi SZhu J(2022)Deep Reinforcement Learning Based Iterative Participant Selection Method for Industrial IoT Big Data Mobile CrowdsourcingAdvanced Data Mining and Applications10.1007/978-3-030-95405-5_19(258-272)Online publication date: 31-Jan-2022
https://doi.org/10.1007/978-3-030-95405-5_19
Garg CMachiry AContinella AKruegel CVigna GPöpper CVanhoef MBatina LMayrhofer R(2021)Toward a secure crowdsourced location tracking systemProceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3448300.3467821(311-322)Online publication date: 28-Jun-2021
https://dl.acm.org/doi/10.1145/3448300.3467821
Show More Cited By

Index Terms

Techu: Open and Privacy-Preserving Crowdsourced GPS for the Masses
1. Networks
  1. Network services
    1. Location based services
2. Security and privacy

Recommendations

Preserving location privacy without exact locations in mobile services

Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking ...
H-LPS: a hybrid approach for user's location privacy in location-based services

Applications providing location-based services (LBS) have gained much attention and importance with the notion of the internet of things (IoT). Users are utilising LBS by providing their location information to third-party service providers. However, ...
Feeling-based location privacy protection for location-based services
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Anonymous location information may be correlated with restricted spaces such as home and office for subject re-identification. This makes it a great challenge to provide location privacy protection for users of location-based services. Existing work ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '17: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services

June 2017

520 pages

ISBN:9781450349284

DOI:10.1145/3081333

General Chairs:
Tanzeem Choudhury
Cornell University, USA
,
Steve Ko
University at Buffalo, USA
,
Program Chairs:
Andrew Campbell
Dartmouth College, USA
,
Deepak Ganesan
University of Massachusetts, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Office of Naval Research

Conference

MobiSys'17

Sponsor:

SIGMOBILE

MobiSys'17: The 15th Annual International Conference on Mobile Systems, Applications, and Services

June 19 - 23, 2017

New York, Niagara Falls, USA

Acceptance Rates

MobiSys '17 Paper Acceptance Rate 34 of 188 submissions, 18%;

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
627
Total Downloads

Downloads (Last 12 months)205
Downloads (Last 6 weeks)31

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Torre DChennamaneni ARodriguez A(2023)Privacy-Preservation Techniques for IoT Devices: A Systematic Mapping StudyIEEE Access10.1109/ACCESS.2023.324552411(16323-16345)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3245524
Wang YTian YZhang XHe XLi SZhu J(2022)Deep Reinforcement Learning Based Iterative Participant Selection Method for Industrial IoT Big Data Mobile CrowdsourcingAdvanced Data Mining and Applications10.1007/978-3-030-95405-5_19(258-272)Online publication date: 31-Jan-2022
https://doi.org/10.1007/978-3-030-95405-5_19
Garg CMachiry AContinella AKruegel CVigna GPöpper CVanhoef MBatina LMayrhofer R(2021)Toward a secure crowdsourced location tracking systemProceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3448300.3467821(311-322)Online publication date: 28-Jun-2021
https://dl.acm.org/doi/10.1145/3448300.3467821
Sun YLiu MHuang LXie NZhao LTan W(2021)An Embedding-based Deterministic Policy Gradient Model for Spatial Crowdsourcing Applications2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD49262.2021.9437770(1268-1274)Online publication date: 5-May-2021
https://doi.org/10.1109/CSCWD49262.2021.9437770
Shen WHe XZhang CNi QDou WWang Yd'Aquin MDietze SHauff CCurry ECudre Mauroux P(2020)Auxiliary-task Based Deep Reinforcement Learning for Participant Selection Problem in Mobile CrowdsourcingProceedings of the 29th ACM International Conference on Information & Knowledge Management10.1145/3340531.3411913(1355-1364)Online publication date: 19-Oct-2020
https://dl.acm.org/doi/10.1145/3340531.3411913
Tsubouchi KTeraoka TGomi HShimosaka M(2020)Parasitic Location Logging: Estimating Users’ Location from Context of Passersby2020 IEEE International Conference on Pervasive Computing and Communications (PerCom)10.1109/PerCom45495.2020.9127381(1-10)Online publication date: Mar-2020
https://doi.org/10.1109/PerCom45495.2020.9127381
Li YXiao HQin ZMiao CSu LGao JRen KDing B(2020)Towards Differentially Private Truth Discovery for Crowd Sensing Systems2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS47774.2020.00037(1156-1166)Online publication date: Nov-2020
https://doi.org/10.1109/ICDCS47774.2020.00037
Jo HChoi W(2019)BPRF: Blockchain-based privacy-preserving reputation framework for participatory sensing systemsPLOS ONE10.1371/journal.pone.022568814:12(e0225688)Online publication date: 5-Dec-2019
https://doi.org/10.1371/journal.pone.0225688
Chen KTan G(2019)BikeGPSACM Transactions on Sensor Networks10.1145/334385715:4(1-28)Online publication date: 17-Oct-2019
https://dl.acm.org/doi/10.1145/3343857
Haus MDing AOtt J(2019)LocalVLC: Augmenting Smart IoT Services with Practical Visible Light Communication2019 IEEE 20th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM)10.1109/WoWMoM.2019.8793022(1-9)Online publication date: Jun-2019
https://doi.org/10.1109/WoWMoM.2019.8793022
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents