Social aspects of (location) privacy

Summary:

In this talk, I will present two contributions and an ongoing project on the social aspects of privacy. More specifically, (1) I will present the results of a comparative study on the inference of social ties in pervasive networks (from the stand points of two different adversaries) and (2) I will present a case where users’ actions compromise the location privacy of other users.

The first contribution is motivated by the wide deployment of WiFi base stations in both public spaces and private companies, which poses a significant threat to the privacy of connected users. Although prior studies have provided evidence that it is possible to infer the social ties of users from their location and co-location traces, they lack one important component: the comparison of the inference accuracy between an internal attacker (e.g., a curious application running on a mobile device) and a realistic external eavesdropper in the same field trial. In this work, we experimentally show that such an eavesdropper is able to infer the type of social relationships between mobile users better than an internal attacker. Moreover, our results indicate that by exploiting the underlying social community structure of mobile users, the accuracy of the inference attacks doubles.

The second contribution is a study of a concrete and widespread example of a situation in which users compromise each other’s privacy, specifically the location-privacy threat created by access points (e.g., public hotspots) using Network Address Translation (NAT). Indeed, because users connected to the same hotspot share a unique public IP address, a single user making a location-based request is enough to enable a service provider to map the IP address of the hotspot to its geographic coordinates, thus compromising the location privacy of all the other connected users. When successful, the service provider can locate users within a few hundreds of meters, thus improving over existing IP-location databases.

Bio:
Kévin Huguenin is a Post-Doctoral Researcher at Ecole Polytechnique Fédérale de Lausanne (EPFL), Switzerland, in the Laboratory for Communications and Applications. He received his B.Sc. in computer science from Ecole Normale Supérieure (ENS) de Cachan — Antenne de Bretagne and the Université de Rennes I in 2005 and his M.Sc. from the Université de Nice — Sophia Antipolis in 2007. He obtained a Ph.D. from the Université of Rennes I in 2010 for his research on misbehavior detection in large-scale distributed systems (mainly P2P) conducted in the ASAP Team at IRISA/INRIA Rennes, under the supervision of Anne-Marie Kemarrec. He has been working at the Vrije Universiteit Amsterdam and Telefonica Research Barcelona as an intern in 2008 and 2009 respectively, and at McGill University as a post-doctoral researcher in 2011. His research interests include security and privacy in distributed systems and (mobile) networks.