De-centralized Location Management

Transcription

De-centralized Location Management:
Minimizing Privacy Concerns for Location Based
Services
Maximilian Zündt, Girija Deo, Mirko Naumann, Dr. Markus Ludwig
ITRE 2005, Hsinchu, Taiwan
Technische Universität München
Lehrstuhl für Kommunikationsnetze
Prof. Dr.-Ing. J. Eberspächer
PDF created with pdfFactory trial version www.pdffactory.com
Agenda
•
Motivation: The Challenge of Location Privacy Protection
•
Location-Based Services classifications
•
Location-Based Services provisioning in mobile operator
networks
•
Centralized vs. de-centralized location information provisioning
•
Means for Location-Privacy Protection
•
Prototype Peer-to-peer LBS using the IP Multimedia Subsystem
– Two level privacy, client and server component
•
Outlook on future work
Maximilian Zündt
[email protected]
2
• User identification needed for legitimate users to
access and use web services
• Users don’t want to have private information
(including their whereabouts) to be made available to
“trusted” providers, any 3rd party application provides
or other users
• Users want to have complete control over their
location privacy (e.g. standalone GPS)
Maximilian Zündt
[email protected]
3
• Current Location-Based Services rely on a
centralized location information provisioning i.e.
control at the mobile operator side
–
–
–
–
Performance
Usability
Trust
Security
• Opportunities (and Threats):
– Location-Based Advertisements à Location-Based Spam
– GPS-Based Speeding Tickets
– Employee Performance Measurements, Malicious Intend
Maximilian Zündt
[email protected]
4
Location-Based Services classifications
“Service provided either by network operator or a 3rd
party service provider that utilizes the available location
Information of the mobile terminal” [3GPP]
LBS Classifications:
Server-to-user LBS
Peer-to-peer LBS
Maximilian Zündt
[email protected]
5
Current Location-Based Services provisioning in mobile
operator networks
• Centralized LBS
provisioning approach
• Supported Positioning
Technologies:
– COO (Basic)
– A-GPS and enhanced
Cell ID (with SUPL
implementation)
• Location Enabling Server
(LES):
– ASP interface
– Provides access to GTB
– Privacy and Access
Control, temporary user
data storage
– LBS Roaming, interworking, billing records
• Geo-Toolbox (GTB):
– Holds geo-data
– Hosts basic location
services (find POI, route)
Maximilian Zündt
[email protected]
6
Centralized vs. de-centralized location
information provisioning
Centralized Location
Information Management
• Associated Positioning
Technologies
– Cell ID, EOTD/OTDOA, TOA,
AOA, (A – GPS)
à Limited accuracy or high
implementation cost
• Operator control on location
information
à transparency? - who will use
the information
• Access Control: User Query
interrupt
à Usability?
• Location signaling cost in
network
à Best suited frequent location
updates e.g. tracking and online
navigation services
De-Centralized Location
Information Management
• Associated Positioning
Technologies
– GPS, WLAN, Bluetooth, UWB
à Higher accuracy (“client knows
best about its current
position”), readily available,
lower costs
• Operator Independent
à User has control over location
information at his device
à Improved usability? (!)
• Location signaling cost for
user (location data
transmission costs)
à Negligible/acceptable for
services with low locationupdate intervals e.g. findnearest, push-services etc.
Maximilian Zündt
[email protected]
7
Means for Location-Privacy Protection
•
The strategy so far: Simple but annoying
– Query user every time he is positioned
– Who gets position information? à Operator?
– Lack of usability on device and service performance
•
Selective positioning degradation
– Provided an accurate positioning in the first place, user can change
resolution depending on requesting entity
– Higher system complexity à location information filter (e.g. trusted locationproxy)
– Additional user input required
•
Intermittent connectivity
– Avoid revealing precise location information to network services
– Mobile Device receives geographically coded records one set at a time (Get
pos. à only query area code à select and display appropriate entry
returned)
•
Cryptographic Methods e.g. Public Key Infrastructure, Trusted
Certificates
Maximilian Zündt
[email protected]
8
IP Multimedia Subsystem extension in mobile networks
• IP Multimedia Subsystem extension to current 2.5G
and 3G mobile networks
– A 3GPP standard using SIP/ SIMPLE-based messaging
– Provides an open IP based service infrastructure
– Enables easy deployment of multimedia services such as VoIP,
push-to-talk, instant messaging services
– Supported and provided by companies such as Alcatel, Nokia,
Lucent, Motorola etc.
Maximilian Zündt
[email protected]
9
Privacy Level 1: Privacy Control at the End Device
•
•
Instant Messenger-based
Extended Buddy-List
Functionality
– Ask Me!
– Always Deny/Accept
– Cache Location
Maximilian Zündt
[email protected]
10
Privacy Level 2: Server Side Black and White Lists
•
Analogous to email service
provider spam-filter services
•
White and black lists stored
in profile database on SIP
presence server
•
Level 2 can be overridden by
Level 1 privacy setting
– by additional user request
– by server side priority level
1 or 2 setting
Maximilian Zündt
[email protected]
11
Prototype Signaling Scenario:
Getting a peers location information
MESSAGE
sip:[email protected]
User Privacy Profile:
[ ‘ask me’ ]
2. Accept/Deny?
IMS
>
e>
d
eq
1.
u
4.
R
c
git
IM
o
n
I
M
o
<L
L
<L
,
<L
.IM
de
1
oc
u
t
a
GPS Positioning
tit
ati
L
R
ud
<
(Hot-State)
eq
M
I
e,
>
4.
Lo
3. Read Data
ng
itu
NMEA <Latitude, Longitude>
de
q>
>
e
R
a
t
e
User B
Da
p
ns
a
BT-GPS Mouse
o
p
<M
(ID: Ws001)
es
P
R
T
ta
HT
a
.
D
5
p
User A
Instant Message
Ma
.
6
Bluetooth
HTTP
(Map24.de)
Server
Application
Service Provider
Maximilian Zündt
[email protected]
12
Further Application Examples
•
Basic Location-Based IM applications:
– Show my / buddy location and buddy
distance
– Show Point of interest
•
Extended Location-Based IM
applications
– Dating Service (using a thrid trusted
peer as ASP)
Trigger IM_B
Trigger IM_B
Location B
IMS
Location B
Location A
User B
Location A
User A
Trigger IM_A
Trigger IM_A
Application
Server
Maximilian Zündt
[email protected]
13
Ongoing work
§
Include WLAN, GSM positioning support and other clients (PDA, Notebook)
§
Investigate and implement location update strategies for different kinds of LBS:
user speed, polling etc.
§
Investigate further user privacy mechanisms
§ Location “blurring”: different levels of location accuracy
§ Certification schemes for “trusted” LBS providers
§
Further research on “context-aware” services extending on presence server
functionality in IMS
§
Investigate on scalability and performance of peer-to-peer-based LBS
§
Analyze effects on existing mobile operator business models concerning LBS
à alternative revenue models?
Maximilian Zündt
[email protected]
14
Conclusion
• Proposed IMS peer-to-peer LBS system can coexist
with existing centralized LBS systems in mobile
networks
• Location-information provisioning is of distributed
nature and should be used that way for effective LBS
support
• Peer-to-peer LBS have a much better user
awareness on location information and privacy (e.g.
instant messenger case)
• Peer-to-peer LBS have a potential for enriching
current LBS offerings
Maximilian Zündt
[email protected]
15
Thank you!
Email: [email protected]
http://www.lkn.ei.tum.de/~max
Backup
Development of LBS architectures in mobile operator
networks
Lif (now part of Open
Mobile Alliance)
n
Advanced location enabling n SUPL (Secure User
platforms (e.g. Siemens LES Plane) Platforms by
v2.0)
Nokia, Siemens
n
n
Using COO from HLR
Limited service capability:
no map based routing,
points-of interests etc.)
n
Privacy issues, access to
location information to 3rd
party providers difficult.
n
Extending core network
with location provisioning
functionalities too costly
(control plane)
n
Multiple Standards
(Parlay, Lif)
n
Location Platform via Le
interface extending GMLC
à low impact (user plane)
(iGMLC)
n
COO (basic), EOTD, TOA
(specified but not
implemented due to cost)
n
GIS Server holding geodata and basic services
(map, find nearest POI etc.)
n
Access Control, User
Privacy Profiles for LBS
subscriber, access rights
quotas for ASPs,
n
Enhanced network
support for both
WCDMA (UMTS) and
GSM networks
n
Enhanced positioning
(A-GPS, Enhanced
Cell ID)
n
…
Better enforcement of
user location
information, privacy
and security
n
LBS roaming, LES interworking, CDR generation
n
pre-2000
2001
2005
Maximilian Zündt
[email protected]
18
Peer-to-peer LBS using the IP Multimedia Subsystem
• Gm interface uses Proxy Call State Control Function (P-CSCF) handles callsetup, signaling and termination (SIP functionality)
• Gt interface enables configuring of user and privacy profiles on provided
Application Servers (e.g. Presence Server)
• Location signaling via specially encoded instant messages
Maximilian Zündt
[email protected]
19
Mobile terminal architecture and Test-bed
Implemented prototype uses:
• Client side: prototype SIP stack for Symbian platforms
• Server side: Open Source Java-based SIP Server (NIST Project)
• Instant messaging application extended to inter-work with LCS-client on mobile phone
Maximilian Zündt
[email protected]
20
IP Multimedia Subsystem
CSCF: Call State Control Function
P-CSCF = Proxy-CSCF
I-CSCF = Interrogating-CSCF
S-CSCF = Serving-CSCF
MRF: Multimedia Resource Function
MRFC = MRF Controller
MRFP = MRF Processor
Maximilian Zündt
[email protected]
21

De-centralized Location Management

Transcription

Similar documents

SUPL - Technology