This thesis aims to propose new approaches to offer proximity-based services while guaranteeing the privacy and security of the users involved. Proximity-based services expose the user to serious privacy and security threats, because they could allow massive monitoring by an honest but curious provider. However, proximity can have different meanings and the thesis aims to address and analyze the different meanings of proximity and the different contexts. The first meaning is that of proximity between people for social reasons. The major social networks provide their users with proximity-based services, such as the Nearby Friends feature of Facebook. Another possible service regards proximity testing performed by users with respect to a given target (static or moving), as car-sharing, ride-sharing, crowd-shipping, and proximity marketing. In these services, a relevant issue from the side of privacy is that we do not have guarantees that the provider is fully trusted and enough immune to data breaches. In this thesis, we deal with this problem and propose a solution that allows implementing a proximity testing protocol protecting users’ privacy against the global adversary. This goal has not been reached previously in the literature. Social proximity has since ever been evaluated as positive. The pandemic emergency of recent years attributed a second meaning to the concept of proximity which is proximity detection for contact tracing. Digital contact tracing (DCT) represents one of the weapons that information technology can provide to fight the COVID-19 pandemic. In the European Union, the prevailing protocol is DP-3T/GAEN. However, it suffers from several vulnerabilities which can lead to breaking protocol integrity and users’ privacy. In this thesis, we address this research question with the aim of defining an alternative approach that overcomes the most drawbacks of DP-3T/GAEN. A third meaning that we deal with in this thesis is proximity in the domain of controlling people’s safety. Electronic monitoring is a valuable approach to the control of sex offenders. We design a privacy-preserving GPS-based solution that does not allow the victim’s location to be revealed unless the offender is nearby. In all these proximity cases, the way in which geolocation information is managed clearly plays an important role. It is also necessary to manage the territory in order to efficiently process this information. Therefore, we propose an efficient representation capable of supporting proximity detection at different ranges. Furthermore, often these data are in large quantities and there is a need to manage them in outsourcing. The proximity service provider outsources the map data to a third party (typically the cloud), which however may not be honest. We propose a lightweight message-authentication-code-based approach to guarantee query integrity over map data outsourced to a cloud

Questa tesi si propone di proporre nuovi approcci per offrire servizi di prossimità garantendo la privacy e la sicurezza degli utenti coinvolti. I servizi basati sulla prossimità espongono l’utente a gravi minacce alla privacy e alla sicurezza, perché potrebbero consentire un monitoraggio massiccio da parte di un fornitore onesto ma curioso. Tuttavia, la prossimità può avere diversi significati e la tesi si propone di affrontare e analizzare i diversi significati di prossimità e i diversi contesti. Il primo significato è quello della vicinanza tra le persone per ragioni sociali. I principali social network forniscono ai propri utenti servizi basati sulla prossimità, come la funzione Nearby Friends di Facebook. Un altro possibile servizio riguarda i test di prossimità effettuati dagli utenti rispetto ad un determinato target (fisso o in movimento), come il car-sharing, il ride-sharing, il crowd-shipping e il marketing di prossimità. In questi servizi, un problema rilevante dal punto di vista della privacy è che non abbiamo garanzie che il fornitore sia completamente affidabile e sufficientemente immune da violazioni dei dati. In questa tesi, affrontiamo questo problema e proponiamo una soluzione che consenta di implementare un protocollo di test di prossimità che protegga la privacy degli utenti dall’avversario globale. Questo obiettivo non è stato raggiunto in precedenza in letteratura. La vicinanza sociale è stata da sempre valutata positivamente. L’emergenza pandemica degli ultimi anni ha attribuito un secondo significato al concetto di prossimità che è la rilevazione di prossimità per il contact tracing. Il digital contact tracing (DCT) rappresenta una delle armi che la tecnologia dell’informazione può fornire per combattere la pandemia di COVID-19. Nell’Unione Europea, il protocollo prevalente è DP-3T/GAEN. Tuttavia, soffre di diverse vulnerabilità che possono portare alla violazione dell’integrità del protocollo e della privacy degli utenti. In questa tesi, affrontiamo questa domanda di ricerca con l’obiettivo di definire un approccio alternativo che superi la maggior parte degli svantaggi di DP-3T/GAEN. Un terzo significato di cui ci occupiamo in questa tesi è la prossimità nell’ambito del controllo della sicurezza delle persone. Il monitoraggio elettronico è un valido approccio al controllo dei molestatori. Progettiamo una soluzione basata su GPS per preservare la privacy che non consente di rivelare la posizione della vittima a meno che l’autore del reato non si trovi nelle vicinanze. In tutti questi casi di prossimità, il modo in cui vengono gestite le informazioni di geolocalizzazione gioca chiaramente un ruolo importante. È inoltre necessario gestire il territorio per elaborare in modo efficiente queste informazioni. Pertanto, proponiamo una rappresentazione efficiente in grado di supportare il rilevamento di prossimità a diverse distanze. Inoltre, spesso questi dati sono in grandi quantità e vi è la necessità di gestirli in outsourcing. Il fornitore del servizio di prossimità esternalizza i map data a una terza parte (in genere il cloud), che tuttavia potrebbe non essere onesta. Proponiamo un approccio leggero basato sul codice di autenticazione dei messaggi per garantire l’integrità delle query sui map data esternalizzati a un cloud

Proximity-based services: privacy and security issues / Labrini, Cecilia. - (2023 Apr 03).

Proximity-based services: privacy and security issues

Labrini, Cecilia
2023-04-03

Abstract

This thesis aims to propose new approaches to offer proximity-based services while guaranteeing the privacy and security of the users involved. Proximity-based services expose the user to serious privacy and security threats, because they could allow massive monitoring by an honest but curious provider. However, proximity can have different meanings and the thesis aims to address and analyze the different meanings of proximity and the different contexts. The first meaning is that of proximity between people for social reasons. The major social networks provide their users with proximity-based services, such as the Nearby Friends feature of Facebook. Another possible service regards proximity testing performed by users with respect to a given target (static or moving), as car-sharing, ride-sharing, crowd-shipping, and proximity marketing. In these services, a relevant issue from the side of privacy is that we do not have guarantees that the provider is fully trusted and enough immune to data breaches. In this thesis, we deal with this problem and propose a solution that allows implementing a proximity testing protocol protecting users’ privacy against the global adversary. This goal has not been reached previously in the literature. Social proximity has since ever been evaluated as positive. The pandemic emergency of recent years attributed a second meaning to the concept of proximity which is proximity detection for contact tracing. Digital contact tracing (DCT) represents one of the weapons that information technology can provide to fight the COVID-19 pandemic. In the European Union, the prevailing protocol is DP-3T/GAEN. However, it suffers from several vulnerabilities which can lead to breaking protocol integrity and users’ privacy. In this thesis, we address this research question with the aim of defining an alternative approach that overcomes the most drawbacks of DP-3T/GAEN. A third meaning that we deal with in this thesis is proximity in the domain of controlling people’s safety. Electronic monitoring is a valuable approach to the control of sex offenders. We design a privacy-preserving GPS-based solution that does not allow the victim’s location to be revealed unless the offender is nearby. In all these proximity cases, the way in which geolocation information is managed clearly plays an important role. It is also necessary to manage the territory in order to efficiently process this information. Therefore, we propose an efficient representation capable of supporting proximity detection at different ranges. Furthermore, often these data are in large quantities and there is a need to manage them in outsourcing. The proximity service provider outsources the map data to a third party (typically the cloud), which however may not be honest. We propose a lightweight message-authentication-code-based approach to guarantee query integrity over map data outsourced to a cloud
3-apr-2023
Settore ING-INF/05 - SISTEMI DI ELABORAZIONE DELLE INFORMAZIONI
BUCCAFURRI, Francesco
IERA, Antonio
Doctoral Thesis
File in questo prodotto:
File Dimensione Formato  
Labrini Cecilia.pdf

accesso aperto

Tipologia: Tesi di dottorato
Licenza: DRM non definito
Dimensione 1.8 MB
Formato Adobe PDF
1.8 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12318/136746
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact