Inside GNSS Media & Research

NOV-DEC 2017

Issue link:

Contents of this Issue


Page 59 of 67

60 Inside GNSS N O V E M B E R / D E C E M B E R 2 0 1 7 signalling or other information relevant to its positioning, similar to a pure GNSS device. us, the network does not have any knowledge about the user's position. e user is the only one responsible for calculating his/her position in a fully mobile-centric mode and the only one who will have that information (see L. Chen et alia and V. Sark et alia). 2. "Passive" in the sense of "uninvolved" or non-participative user, also referred to as "device-free" localization: the user has no idea it is tracked or positioned and the network locates and tracks the user without his/her express autho- rization, typically in a radar-like approach, by using signal reflections on the users' devices or body or passive tags. e user terminal can also be seen as "passive" in the sense that the user does not take an active part in the localization pro- cess (see N. Pirzada et alia and Z. Zhang et alia). In this article, we adopt the first definition, as it is the one strictly associated with a privacy-preserving positioning. We also make the distinction here between the LSP, which is typi- cally the network operator or the provider of the actual posi- tioning information, and the LBSP, which is the provider of a certain service that needs the location information. Many times, they are one and the same, but sometimes they can be disjoint, e.g., an LBSP in a shopping mall which advertises the best-value in that shopping mall can take the position infor- mation from a separate LSP entity, which might have installed a positioning-specific infrastructure in that particular mall. Location Privacy in Hybrid- and Non-GNSS-Based Positioning In contrast to GNSS, the majority of modern communication systems use bidirectional communication and rely on unique identification of their nodes. us, the network operator is, in general, able to obtain knowledge of its user's whereabouts just based upon the proximity to the AN or the transmitter the user is connected to. It already becomes clear that revelation of location information is almost inevitable when using a com- munication system for positioning purposes. However, to what extent this becomes critical depends primarily on the accuracy of the location information and the context it might be linked to. e following two sections assess the location privacy vul- nerabilities of range-free and range-based positioning systems, which translate to hybrid GNSS positioning systems as part of a loosely or tightly coupled, user-centric or network-centric system. RSS-Based Techniques Any communication system can also be used deliberately as a positioning system. WLANs are among the most prominent SoO, providing location information as accurate as a con- sumer-grade GNSS, but are much less protective of privacy. Fingerprinting relies on the concept that signatures of Radio Frequency (RF) signals – typically RSS signatures (i.e., RSSs and corresponding MAC addresses) – are unique at different locations, and that once enough of these signatures are known at sufficient locations, a user's location can be recognized at a later stage solely by the signature associated with that location. e set of RSS signatures obtained at known locations is known as a radio map or fingerprint database. e vulnerabilities in terms of privacy of a fingerprinting- based positioning system depend on the type of positioning system/infrastructure. Two typologies are prevalent: a) infra- structure based, or network-centric, and b) terminal based, or mobile-centric. In a network-centric positioning system, the user observes the signal signatures of the network's ANs and sends them back through the network to the location provider, where the location is retrieved as the position that is associated with the pre-recorded signatures of the radio map that best match the observed signatures. In a mobile-centric system, a copy of the radio map is available on the user's device and the position is estimated by the device. Both, network- and mobile-centric positioning systems are prone to breaches of the user's location privacy due to a com- munication link that identifies the user device. Let's consider the scenario of an adversary controlling an untrusted network. e adversary might use the known AN positions to which a user device connects and infer its location roughly based on proximity. e location disclosure type of attack basically depends on the user's need and perception of his/her location privacy (J. H. Lee et alia) and by the granularity level of the position information disclosure, as discussed in our previous article. We extend that scenario and assume that the attacker evaluates packets sent by the user at several ANs in range and that the attacker predicts a radio map with a basic path- loss model and knowledge of the AN positions. Now the adversary can use fingerprinting based on the MAC address- es of the ANs that received packets from the user device (MAC addresses are easily obtained by an eavesdropper, as they are transmitted in the clear by most existing WLAN chipsets.). A rank-based fingerprinting (FP) algorithm can be used to match the MAC addresses of the ANs in the range of the user with that of the radio map. e adversary might as well use fingerprinting with RSS signatures to deduce the user's position even more accurately. In addition to the previous case he would need to evaluate the RSS from the user's packets at the different AN positions. e symmetry WORKING PAPERS FIGURE 2 WLAN-based user position estimation via RSSs+MACs and radio map knowledge (FP), via MACs and radio map knowledge (rank based FP), or via MACs knowledge only (PL, rank based FP) Accuracy [m] 1 0.8 0.6 0.4 0.2 0 FP rank-based FP PL, rank-based FP RMSE FP: 8.4m RMSE rank-based FP: 16.64m RMSE PL, rank-based FP: 27.24m 0 10 20 30 40 50 60 70 8 0 9 0 Commulative distribution function

Articles in this issue

Links on this page

view archives of Inside GNSS Media & Research - NOV-DEC 2017