Faculty Recruiting Support CICS

The Bounds of Mobile Location Privacy

07 Oct
Monday, 10/07/2019 2:00pm to 5:00pm
PhD Thesis Defense
Speaker: Keen Sung

Mobile phones are widely adopted by users across the world today. However, the privacy implications of persistent connectivity is not well understood. This dissertation focuses on one important concern of mobile phone users: location privacy.

I approach this problem from the perspective of three adversaries that users are exposed to via smartphone apps: the mobile advertiser, the app developer, and the cellular service provider. First, I quantify the proportion of mobile users who use location permissive apps and are trackable through their advertising identifier, and demonstrate a mark and recapture attack that allows continued tracking of users who hide these identifiers. Next, I evaluate an attack wherein a remote server discovers a user's traveled path without permission, simply by analyzing the throughput of the connection to the user over time. In these experiments, a remote attacker can distinguish a user's route among four paths within a University campus with 77% accuracy. I then propose a protocol for anonymous cell phone usage, which obviates the need for users to trust telecoms with their location, and I evaluate its efficacy against a passive identity inference attack. According to these simulations, users should change these identifiers every ten minutes and remain offline for 30 seconds, to reduce their identifiability by up to 45%. I conclude by summarizing the key issues in mobile location privacy today, immediate steps that can be taken to improve them, and the inherent privacy costs of remaining constantly connected.

Advisor: Brian Levine