Abstract
We present a novel hybrid communication protocol that guarantees mobile users’ anonymity against a wide-range of adversaries by exploiting the capability of handheld devices to connect to both WiFi and cellular networks. Unlike existing anonymity schemes, we consider all parties that can intercept communications between a mobile user and a server as potential privacy threats. We formally quantify the privacy exposure and the protection of our system in the presence of malicious neighboring peers, global WiFi eavesdroppers, and omniscient mobile network operators, which possibly collude to breach user’s anonymity or disrupt the communication. We also describe how a micropayment scheme that suits our mobile scenario can provide incentives for peers to collaborate in the protocol. Finally, we evaluate the network overhead and attack resiliency of our protocol using a prototype implementation deployed in Emulab and Orbit, and our probabilistic model.
- Aiache, H., Haettel, F., Lebrun, L., and Tavernier, C. 2008. Improving security and performance of an ad hoc network through a multipath routing strategy. J. Comput. Virol. 4, 4, 267--278.Google ScholarCross Ref
- Allan, A. and Warden, P. 2011. Got an iPhone or 3G iPad? Apple is recording your moves. http://radar.oreilly.com/2011/04/apple-location-tracking.html (accessed 2/13).Google Scholar
- Androulaki, E., Raykova, M., Srivatsan, S., Stavrou, A., and Bellovin, S. M. 2008. PAR: Payment for anonymous routing. In Proceedings of the 8th Privacy Enhancing Technologies Symposium (PET’08). Google ScholarDigital Library
- Anisetti, M., Ardagna, C. A., Bellandi, V., Damiani, E., and Reale, S. 2011. Map-based location and tracking in multipath outdoor mobile networks. IEEE Trans. Wirel. Comm. 10, 3, 814--824. Google ScholarDigital Library
- Ardagna, C. A., Stavrou, A., Jajodia, S., Samarati, P., and Martin, R. 2008. A multi-path approach for k-anonymity in mobile hybrid networks. In Proceedings of the International Workshop on Privacy in Location-Based Applications (PILBA’08).Google Scholar
- Ardagna, C. A., Jajodia, S., Samarati, P., and Stavrou, A. 2009. Privacy preservation over untrusted mobile networks. In Privacy in Location-Based Applications: Research Issues and Emerging Trends, C. Bettini, S. Jajodia, P. Samarati, and S. Wang Eds., Lecture Notes of Computer Science, Springer. Google ScholarDigital Library
- Ardagna, C. A., Jajodia, S., Samarati, P., and Stavrou, A. 2010. Providing mobile users’ anonymity in hybrid networks. In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS’10). Google ScholarDigital Library
- Ardagna, C. A., Cremonini, M., De Capitani di Vimercati, S., and Samarati, P. 2011a. An obfuscation-based approach for protecting location privacy. IEEE Trans. Depend. Secure Comput. 8, 1, 13--27. Google ScholarDigital Library
- Ardagna, C. A., De Capitani di Vimercati, S., and Samarati, P. 2011b. Personal privacy in mobile networks. In Mobile Technologies for Conflict Management: Online Dispute Resolution, Governance, Participation, M. Poblet Ed., Springer Science+Business Media B.V.Google Scholar
- Bettini, C., Jajodia, S., Samarati, P., and Wang S., Eds. 2009. Privacy in Location-Based Applications: Research Issues and Emerging Trends, Lecture Notes of Computer Science, vol. 5599, Springer. Google ScholarDigital Library
- Bianchi, G. 2000. Performance analysis of the IEEE 802.11 distributed coordination function. IEEE J. Select. Areas Comm. 18, 3, 535--547. Google ScholarDigital Library
- Black, J., Halevi, S., Krawczyk, H., Krovetz, T., and Rogaway, P. 1999. UMAC: Fast and secure message authentication. In Proceedings of the 19th Annual International Cryptology Conference (CRYPTO’99). Google ScholarDigital Library
- Capkun, S., Hubaux, J.-P., and Jakobsson, M. 2004. Secure and privacy-preserving communication in hybrid Ad Hoc networks. Tech. rep. IC/2004/10, EPFL-IC, Lausanne, Switzerland.Google Scholar
- Chaum, D. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Comm. ACM 24, 2, 84--88. Google ScholarDigital Library
- Chen, S. and Wu, M. 2010. Anonymous multipath routing protocol based on secret sharing in mobile Ad Hoc networks. In Proceedings of the International Conference on Measuring Technology and Mechatronics Automation (ICMTMA’10). Google ScholarDigital Library
- Cheng, J. 2011. Pandora sends user GPS, sex, birthdate, other data to ad servers. http://arstechnica.com /gadgets/news/2011/04/pandora-transmits-gps-gender-birthdate-other-data-to-ad-servers.ars (accessed 2/13).Google Scholar
- Choia, H., McDaniel, P., and La Porta, T. F. 2007. Privacy preserving communication in MANETs. In Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON’07).Google ScholarCross Ref
- Chow, C.-Y., Mokbel, M. F., and Liu, X. 2011. Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments. Geoinformatica 15, 351--380. Google ScholarDigital Library
- Ciriani, V., De Capitani di Vimercati, S., Foresti, S., and Samarati, P. 2007. k-Anonymity. In Secure Data Management in Decentralized Systems, T. Yu and S. Jajodia Eds., Springer-Verlag.Google Scholar
- Ciriani, V., De Capitani di Vimercati, S., Foresti, S., and Samarati, P. 2009. Theory of privacy and anonymity. In Algorithms and Theory of Computation Handbook 2nd Ed., M. Atallah and M. Blanton Eds., CRC Press.Google Scholar
- Dingledine, R., Mathewson, N., and Syverson, P. 2004. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium. Google ScholarDigital Library
- Dong, Y., Chim, T. W., Li, V. O. K., Yiu, S. M., and Hui, C. K. 2009. ARMR: Anonymous routing protocol with multiple routes for communications in mobile ad hoc networks. Ad Hoc Netw. 7, 8, 1536--1550. Google ScholarDigital Library
- Douceur, J. R. 2002. The Sybil attack. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS’02). Google ScholarDigital Library
- Emulab. Network emulation testbed home. http://www.emulab.net/.Google Scholar
- Gedik, B. and Liu, L. 2008. Protecting location privacy with personalized k-anonymity: Architecture and algorithms. IEEE Trans. Mobile Comput. 7, 1, 1--18. Google ScholarDigital Library
- Gruteser, M. and Grunwald, D. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In Proceedings of the 1st International Conference on Mobile Systems, Applications, and Services (MobiSys’03). Google ScholarDigital Library
- Gustafsson, F. and Gunnarsson, F. 2005. Mobile positioning using wireless networks: Possibilities and fundamental limitations based on available wireless network measurements. IEEE Signal Process. Magazine. 41--53.Google ScholarCross Ref
- Hong, X., Kwon, T. J., Gerla, M., Gu, D. L., and Pei, G. 2001. A mobility framework for ad hoc wireless networks. In Proceedings of the 2nd International Conference on Mobile Data Management (MDM’01). Google ScholarDigital Library
- Jakobsson, M., Hubaux, J.-P., and Buttyán, L. 2003. A micro-payment scheme encouraging collaboration in multi-hop cellular networks. In Proceedings of the 7th International Financial Cryptography Conference (FC’03).Google Scholar
- Kong, J. and Hong, X. 2003. ANODR: Anonymous on demand routing with untraceable routes for mobile ad-hoc networks. In Proceedings of the 4th ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc’03). Google ScholarDigital Library
- Krovetz, T. 2006. UMAC: Message authentication code using universal hashing. RFC 4418 (Informational). http://www.ietf.org/rfc/rfc4418.txt.Google Scholar
- Levine, B. N., Reiter, M. K., Wang, C., and Wright, M. 2004. Timing attacks in low-latency mix systems (Extended Abstract). In Proceedings of the 8th International Financial Cryptography Conference (FC’04).Google Scholar
- Li, X., Wang, X., Zheng, N., Wan, Z., and Gu, M. 2009. Enhanced location privacy protection of base station in wireless sensor networks. In Proceedings of the 5th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN’09). Google ScholarDigital Library
- Lin, X., Sun, X., Ho, P.-H., and Shen, X. 2007. GSIS: A secure and privacy preserving protocol for vehicular communications. IEEE Trans. Vehic. Tech. 56, 6, 3442--3456.Google ScholarCross Ref
- Magkos, E., Kotzanilolaou, P., Sioutas, S., and Oikonomou, K. 2010. A distributed privacy-preserving scheme for location-based queries. In Proceedings of the 4th IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications (AOC’10). Google ScholarDigital Library
- Micali, S. and Rivest, R. L. 2002. Micropayments revisited. In Proceedings of the Cryptographer’s Track at the RSA Conference on Topics in Cryptology (CT-RSA’02). Google ScholarDigital Library
- NetStumbler.com. http://www.netstumbler.com/.Google Scholar
- I2P Anonymous Network. http://www.i2p2.de/.Google Scholar
- IEEE 802.11TM Wireless Local Area Networks. http://www.ieee802.org/11/.Google Scholar
- Wireless Orbit. http://www.wirelessorbit.com/.Google Scholar
- Rahmati, A., Shepard, C., Nicoara, A., Zhong, L., and Singh, P. J. 2010. Mobile TCP usage characteristics and the feasibility of network migration without infrastructure support. In Proceedings of the 16th Annual International Conference on Mobile Computing and Networking (MobiCom’10). Google ScholarDigital Library
- Reiter, M. K. and Rubin, A. D. 1998. Crowds: Anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1, 1, 66--92. Google ScholarDigital Library
- Ren, K. and Lou, W. 2008. A sophisticated privacy-enhanced yet accountable security framework for metropolitan wireless mesh networks. In Proceedings of the 28th IEEE International Conference on Distributed Computing Systems (ICDCS’08). Google ScholarDigital Library
- Rennhard, M. and Plattner, B. 2002. Introducing MorphMix: Peer-to-peer based anonymous Internet usage with collusion detection. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES’02). Google ScholarDigital Library
- Rios, R. and Lopez, J. 2011. Exploiting context-awareness to enhance source-location privacy in wireless sensor networks. Comput. J. 54, 11, 1603--1615. Google ScholarDigital Library
- Saha, A. K. and Johnson, D. B. 2004. Modeling mobility for vehicular ad-hoc networks. In Proceedings of the 1st ACM Workshop on Vehicular Ad Hoc Networks (VANET’04). Google ScholarDigital Library
- Samarati, P. 2001. Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13, 6, 1010--1027. Google ScholarDigital Library
- Sampigethaya, K., Li, M., Huang, L., and Poovendran, R. 2007. AMOEBA: Robust location privacy scheme for VANET. IEEE J. Sel. Areas Comm. 25, 8, 1569--1589. Google ScholarDigital Library
- Shin, M., Cornelius, C., Peebles, D., Kapadia, A., Kotz, D., and Triandopoulos, N. 2011. AnonySense: A system for anonymous opportunistic sensing. Perv. Mobile Comput. 7, 1, 16--30. Google ScholarDigital Library
- Sun, G., Chen, J., Guo, W., and Ray Liu, K. J. 2005. Signal processing techniques in network-aided positioning: A survey of state-of-the-art positioning designs. IEEE Signal Process. Mag. 12--23.Google Scholar
- Takahashi, D., Hong, X., and Xiao, Y. 2010. On-demand anonymous routing with distance vector protecting traffic privacy in wireless multi-hop networks. In Proceedings of the 4th International Conference on Mobile Ad-hoc and Sensor Networks (MSN’08). Google ScholarDigital Library
- Wireshark. http://www.wireshark.org/.Google Scholar
- Wright, M., Adler, M., Neil Levine, B., and Shields, C. 2004. The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Sec. 7, 4, 489--522. Google ScholarDigital Library
- Zhang, Y., Liu, W., Lou, W., and Fang, Y. 2006. MASK: Anonymous on-demand routing in mobile ad hoc networks. IEEE Trans. Wirel. Comm. 5, 9, 2376--2385. Google ScholarDigital Library
Index Terms
- Providing Users’ Anonymity in Mobile Hybrid Networks
Recommendations
Providing mobile users' anonymity in hybrid networks
ESORICS'10: Proceedings of the 15th European conference on Research in computer securityWe present a novel hybrid communication protocol that guarantees mobile users' k-anonymity against a wide-range of adversaries by exploiting the capability of handheld devices to connect to both WiFi and cellular networks. Unlike existing anonymity ...
How to Find Hidden Users: A Survey of Attacks on Anonymity Networks
Communication privacy has been a growing concern, particularly with the Internet becoming a major hub of our daily interactions. Revelations of government tracking and corporate profiling have resulted in increasing interest in anonymous communication ...
Improved yoking proof protocols for preserving anonymity
In emerging RFID applications, the yoking proof provides a method not only to ensure the physical proximity of multiple objects but also to verify that a pair of RFID tags has been scanned simultaneously by a reader. Previous studies have focused on ...
Comments