City Research Online

Preserving Privacy in Mobile Environments

Arunkumar, S. (2016). Preserving Privacy in Mobile Environments. (Unpublished Doctoral thesis, City, University of London)

Abstract

Technology is improving day-by-day and so is the usage of mobile devices. Every activity that would involve manual and paper transactions can now be completed in seconds using your ngertips. On one hand, life has become fairly convenient with the help of mobile devices, whereas on the other hand privacy of the data and the transactions occurring in the process have been under continuous threat. Mobile devices connect to a number of service providers for various reasons. These could include downloading data, online purchasing or could be just used to browse information which may be irrelevant at a later point. Access to critical and sensitive information may be available at a number of places. In case of a mobile device, the information may be available with the service provider. Service Provider could be in the form of any web portal. In all such scenarios, passing the information or data from the service provider into the mobile device is a major challenge, as the data/information cannot be sent in plain text format. The con dentiality and integrity of the data needs to be protected and hence, the service provider must convert the data into an encrypted format before passing it onto the mobile device, to prevent risks from sniffing and unauthorized disclosure of data. Preserving the location of the individual user of any mobile device has also been the concern for a number of researchers.

Mobile devices have become an important tool in modern communication. Mobile and other handheld devices such as ipads and tablets have over taken laptops and desktops and hence there has been an increasing research interest in this area in recent years. This includes improving the quality of communication and the overall end-to-end data security in day-to-day transactions. Mobile devices continuously connect to di erent service providers for day-to-day needs such as online purchases, online banking and endless sur ng for information. In addition to this devices could be connecting to the service providers to receive or send sensitive information. At the Service Provider end, the data would be stored with the provider and Service Provider would only hand over the data if it con rms that the person requested it is authorized to receive the information. The exchange of data from one end of the network to the other is a major challenge due to malicious intruder mishandling of the data. Hence the con dentiality and integrity of the data needs to be protected either by transforming the sensitive information into a non-readable format or by converting into a cipher text.

Privacy has been an open problem for research as more and more information is getting leaked on a day-to-day basis. Through this thesis, I have tried to address a number of areas within the privacy realm where information and data access and sharing is a key concern along side the key aspect of location privacy. I have also tried to address the problems in the space of access control wherein I have proposed policy based languages and extensions for ensuring appropriate access control methodologies. The main goal and focus in this work has been to enforce the importance of location privacy in mobile environments and to propose solutions that resolve the problems of where and when to enforce location security. Another key goal of this work has been to create new access control and trust based solutions to ensure the right level of access to the right receiver of information. Through my research, I have explored the various privacy related attacks and suggested appropriate countermeasures for the same. In addition to proposing and showcasing solutions using policy languages for access control, I have also introduced geospatial access control solutions to ensure that the right user is accessing or requesting for the right information from the right location. This helps the appropriate and the right use of the information by the right resource. Through my thesis I have also given equal importance to the trust aspects of sharing information. I have created new trust assessment models to show how fused information can be handled and how can trust be imposed on the information provider and the information itself.

The main contribution of this thesis is to address the problems around protecting the data and individual's privacy and to propose solutions to mitigate these issues using new and novel techniques. They can be detailed as the following:

In privacy, there is always a privacy versus utility tradeo and in order to make use of utility, trust in the location is essential. Through this research I have developed i) novel attestation models and access control methodologies including Privacy Preferences Platform (P3P) extensions, ii) Extensible Access Control Markup Language (XACML) extensions and iii) Geospatial access control through GeoXACML. iv)I have created new methodologies to enforce location privacy and shown where best to enforce privacy. v)I have also shown that global attestation is very crucial for privacy and needs accurate methods in place to attest user's location information for access. vi) Fusing of location information is very crucial as there could be a number of similar or con icting information produced about a common source and it is very important to assess and evaluate the trust level in the information. I have proposed, developed and implemented a new trust assessment framework. This framework looks at the incoming information and passes it on to the rule engine in the framework to make some inferences and then the trust assessment module computes the trust score based on forward chaining or background chaining scheme. The framework is used to evaluate the trust on the fused information in a streaming setup. vii) I have created new solutions to look at the similarity pro les and create identity enforcement through pro ling. I have shown methods of anonymisation for location privacy and identity privacy.

Publication Type: Thesis (Doctoral)
Subjects: T Technology
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Departments: Doctoral Theses
School of Science & Technology > Engineering
School of Science & Technology > School of Science & Technology Doctoral Theses
[thumbnail of Arunkumar, Saritha.pdf]
Preview
Text - Accepted Version
Download (8MB) | Preview

Export

Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login