Preserving Privacy in Location-based Mobile Social Applications
Krishna P. N. Puttaswamy
Ben Y. Zhao
The Eleventh International Workshop on Mobile Computing Systems and Applications (HotMobile 2010)
[Full Text in PDF Format, 403KB]
[Full Text in Compressed
Postscript Format, 1191KB]
Paper Abstract
Location-based social applications (LBSAs) rely on the location
coordinates of the users to provide services. Today, smartphones using
these applications act as simple clients and send out user locations to
untrusted third-party servers. These servers have the application logic
to provide the service, and in the process collect large amounts of user
location information over time. This design, however, is shown to be
susceptible to large-scale user privacy compromises even if several
location cloaking techniques are employed. In this position paper, we
argue that the LBSAs should adapt an approach where the untrusted
third-party servers are treated simply as encrypted data stores, and the
application functionality be moved to the client devices. The location
coordinates are encrypted, when shared, and can be decrypted only by the
users that the data is intended for. This approach significantly
improves user location privacy. We argue that this approach not only
improves privacy, but it is also flexible enough to support a wide
variety of location-based applications used today. In this paper, we
identify the key building blocks necessary to construct the applications
in this approach, give examples of using the building blocks by
constructing several applications, and outline the privacy properties
provided by this approach. We believe our approach provides a practical
alternative design for LBSAs that is deployable today.