Heechang Shin

Efficient security policy enforcement in a location based service environment

Location based services, one of the promising markets of mobile commerce, aims at delivering point of need personalized information. Often, these services to be delivered are based on the prior knowledge of the profiles of mobile customers and security and privacy policies dictated by them. These policies may specify revealing the sensitive information of mobile customers (e.g., age, salary) selectively to specific merchants in return of receiving certain benefits (e.g., coupons, special discounts, etc.). As a result, the security policies in such an environment are characterized by spatial and temporal attributes of the mobile customers (location and time), as well as their profile attributes. The focus of this paper is to efficiently enforce such policies. In this regard, we propose a unified structure that is capable of indexing mobile customer (mobile object) locations and their profiles, and the authorizations stating their security and privacy policies.

Efficient enforcement of security policies based on tracking of mobile users

Recent advances to mobile communication, Global Positioning System (GPS) and Radio Frequency Identification (RFID) technologies have propelled the growth of a number of mobile services. These require maintaining mobile objects location information and efficiently serving access requests on the past, present and future status of the moving objects. Moreover, these services raise a number of security and privacy challenges. To address this, security policies are specified to ensure controlled access to the mobile users location and movement trajectories, their profile information, and stationary resources based on the mobile users spatiotemporal information. Considering the basic authorization specification 〈subject, object, privilege 〉, in a mobile environment, a moving object can be a subject, an object, or both. Serving an access request requires to search for the desired moving objects that satisfy the query, as well as enforce the security policies. Often, enforcing security incurs overhead, and as a result may degrade the performance of a system. To alleviate this problem, recently Atluri and Guo have proposed an unified index structure, STPR-tree, to organize both the moving objects and authorizations specified over them. However, the STPR-tree is not capable supporting security policies based on tracking of mobile users. In this paper, we present an index structure, called SPPF-tree, which maintains past, present and future positions of the moving objects along with authorizations by employing partial persistent storage. We demonstrate how the SPPF-tree can be constructed and maintained, and provide algorithms to process two types of access requests, including moving object requests by stationary subjects such as locate and track, and stationary object requests by moving subjects.

Ensuring Privacy and Security for LBS through Trajectory Partitioning

The concept of location k-anonymity has been proposed to address the privacy issue of location based services (LBS). Under this notion of anonymity, the adversary only has the knowledge that the LBS request originates from a region containing at least k people, and therefore cannot individually distinguish the requestor. However, new types of LBS services such as continuous nearest neighbor searches require the knowledge of the users trajectory, which can lead to a privacy breach. The longer the adversary can track the users trajectory, the stronger the possibility that the users sensitive information is revealed. To alleviate this problem, we propose algorithms to optimally partition a continuous request into multiple LBS requests with shorter trajectories. This results in increased privacy due to the unlinking of different requests over time and has the added benefit of improving the overall quality of service since the anonymized regions are now smaller. Our experimental results show that significant privacy and QoS benefits can be achieved with nominal computational overhead.

Spatiotemporal Access Control Enforcement under Uncertain Location Estimates

In a mobile environment, users physical location plays an important role in determining access to resources. However, because current moving object databases do not keep the exact location of the moving objects, but rather maintain their approximate location for reasons of minimizing the updates, the access request evaluation cannot always guarantee the intended access control policy requirements. This may be risky to the systems security, especially for the highly sensitive resources. In this paper, we introduce an authorization model that takes the uncertainty of location measures into consideration for specifying and evaluating access control policies. An access request is granted only if the confidence level of the location predicate exceeds the predefined uncertainty threshold level specified in the policy. However, this access request evaluation is computationally expensive as it requires to evaluate a location predicate condition and may also require evaluating the entire moving object database. For reducing the cost of evaluation, in this paper, we compute lower and upper bounds (R min and R max ) on the region that minimize the region to be evaluated thereby allowing unneeded moving objects to be discarded from evaluation. We show how R min and R max can be computed and maintained, and provide algorithms to process access requests.

Anonymization models for directional location based service environments

Location based services (LBS) aim to deliver information based on a mobile users location. However, knowledge of the location can be used by an adversary to physically locate the person, leading to the risk of physical harm, as well as possible leakage of certain personal information. This has serious consequences on privacy. The concept of location k-anonymity has been proposed to address this. Under this notion of anonymity, the adversary only has the knowledge that the LBS request is originating from a region containing at least k people, and therefore cannot individually distinguish the user. However, the existing anonymity models ignore the movement information of mobile users, assuming that it has no impact on privacy. Thus, existing work cannot ensure complete privacy while serving advanced type of LBS requests that require information about direction as well as speed of motion. We denote such LBS services as directional LBS. The key observation we make in this paper is that, in addition to the users location, the users movement direction should also be considered to ensure true anonymization. In this paper, we extend the notion of location k-anonymity by incorporating users moving direction into the anonymization process while serving directional LBS. Specifically, our anonymization methods generalize both location and direction to the extent specified by the user. Our experimental results demonstrate that such anonymization can be achieved with marginal increase in computational cost when compared to the traditional location k-anonymity, while providing increased anonymity.

Efficient security policy enforcement for the mobile environment

In the last decade, mobile communication has enjoyed unprecedented growth all over the world. The recent advances in mobile communication technologies including Global Positioning System (GPS) and Radio Frequency Identification (RFID) have propelled the growth of a number of mobile services. Typically, these require maintaining the mobile objects’ location and profile information and efficiently serving access requests on the past, present and future status of the moving objects. This creates inherent security and privacy challenges. One solution to this is to specify security policies to ensure controlled access. However, this significantly degrades system performance. To alleviate this, Atluri and Guo have proposed an unified index structure, S TPR-tree, to organize both the moving objects and authorizations specified over them. A significant limitation of this approach is that it is unable to store past location information of objects and is therefore not capable of supporting security policies based on tracking of mobile users. In this paper, we propose a new unified index structure, called the S PPF -tree, which maintains past, present and future positions of the moving objects along with authorizations by employing partial persistent storage. Besides demonstrating how the S PPF -tree can be constructed and maintained, we provide algorithms to process queries where either the subject or the object or both are mobile. We provide a comprehensive experimental evaluation to establish the scalability and performance of our approach.

Efficiently Enforcing the Security and Privacy Policies in a Mobile Environment

Effective delivery of location-based services (LBS) requires efficient processing of access requests to find the past, present and future location of the mobile customers (or moving objects) that match a certain profile. However, this gives rise to a number of security and privacy concerns because LBS may need to locate and track a mobile customer, and gain access to his/her profile. Location information has the potential to allow an adversary to physically locate a person, and user profile information may include sensitive attributes such as name, address, linguistic preference, age group, income level, marital status, education level, etc. As such, mobile customers have legitimate concerns about their personal safety, if such information should fall into the wrong hands. One way to take these concerns into account is by establishing security policies and enforcing them for every access. A comprehensive security policy can encode spatiotemporal restrictions on access to location and profile. To incorporate security, an appropriate access control mechanism must be in place to enforce the authorization specifications reflecting the above security and privacy policies. Serving an access request requires to search for the desired moving objects that satisfy the query, as well as identify and enforce the relevant security policies.

Efficiently enforcing spatiotemporal access control under uncertain location information

In a mobile environment, users physical location plays an important role in determining access to resources. However, because current moving object databases do not keep the exact location of the moving objects, but rather maintain their approximate location for reasons of minimizing the updates, the access request evaluation cannot always guarantee the intended access control policy requirements. This may be risky to the systems security, especially for highly sensitive resources. In this paper, we introduce an authorization model that takes the uncertainty of location measures into consideration for specifying and evaluating access control policies. An access request is granted only if the confidence level of the location predicate exceeds the predefined uncertainty threshold level specified in the policy. However, this access request evaluation is computationally expensive as it requires to evaluate a location predicate condition and may also require evaluating the entire moving object database. For reducing the cost of evaluation, in this paper, we compute lower and upper bounds (R min and R max) on the region that minimize the region to be evaluated, thereby allowing unneeded moving objects to be discarded from evaluation. To further minimize the region of evaluation, we propose to compute R′ min and R′ max that have smaller filter size so that filtering more objects out for evaluation. In addition, we extend our approach such that it does not require assumptions on the probability distribution functions. We show how these filters R min, R max, R′ min, and R′ max can be computed and maintained, and provide algorithms to process access requests.

A unified index structure for efficient enforcement of spatiotemporal authorisations

Uncontrolled dissemination of geospatial data may have grave implications on national security and personal privacy. Geospatial data can be considered sensitive based on attributes such as the location, resolution and the time of capture, etc. As such, authorisations associated with this data also possess spatial and temporal attributes. The main contribution of this paper is to improve the response time of access requests, by proposing a unified index structure called *-tree that is capable of indexing both spatiotemporal objects and authorisations in a single index structure. *-tree is an extension of R-tree that indexes objects based on their resolutions as well as on their spatial and temporal attributes and overlays spatiotemporal authorisations on the nodes of the tree. We show how the *-tree can be constructed and maintained, provide algorithms to process access requests and present performance evaluation results that demonstrate a significant improvement in performance.