	Tutorials

The ACM SIGMOBILE will host one day of tutorials (Sep 09) co-located with MobiCom and MobiHoc 2007 on technical areas related to mobile and wireless networking. Proposals for tutorials are solicited. Evaluation of tutorial proposals will be based on the expertise and experience of the instructors, and on the relevance of the subject matter. Potential instructors are requested to submit a tutorial proposal of at most 5 pages, including a biographical sketch, to the Tutorial Chair Thomas Kunz, tkunzsce.carleton.ca by Feb 23 2007.

Tutorial 1: Security and Cooperation in Wireless Networks (morning)
Presenters: Jean-Pierre Hubaux and Panos Papadimitratos, EPFL, Switzerland

Tutorial 2: Cognitive Networks (morning)
Presenter: Luiz A. DaSilva and Allen B. MacKenzie, Virginia Tech, USA

Tutorial 3: Vehicular Ad Hoc Networks (afternoon)
Presenters: Hannes Hartenstein, University of Karlsruhe, Germany and Ken Laberteaux, Toyota Technical Center Ann Arbor, USA

Tutorial 4: Protecting Location Privacy in Mobile Computing Systems: Architecture and Algorithms (afternoon)
Presenters: Ling Liu, Georgia Tech, USA

Tutorial 1: Sunday, September 9 (morning)

Security and Cooperation in Wireless Networks

Jean-Pierre Hubaux and Panos Papadimitratos, EPFL, Switzerland

Introduction

Enter the era of wireless networks. The number of wireless phones surpasses the number of wired ones; millions of nomadic users connect routinely to wireless Local Area Networks (LANs); wireless devices are commonplace in private houses, factories and hospitals; ubiquitous computing is envisioned, with myriads of sensing and actuating devices which communicate wirelessly and enable applications that change our living and working environment.

At the same time, a new networking paradigm emerges. Wireless networks, such as cellular networks, interconnected devices of no or limited programmability in a highly centralized manner. Nowadays, wireless networks comprise powerful and versatile devices with an increasingly active role in the network operation. Often, such user devices become the wireless network, as is the case for self-organizing multi-hop ad hoc networks and, for example, mesh or vehicular networks.

Unfortunately, this evolution creates new vulnerabilities. Meanwhile, security weaknesses are discovred even in existing wireless networks, e.g., wireless LANs, with some of them painstakingly adressed a posteriori. As solutions devised for wired networks cannot be used as such to protect wireless networks, we believe their protection requires additional attention and a more systematic approach. In this tutorial, we explain how to redesign security and safeguard wireless networks against malicious attacks, and then how to thwart selfish user behavior and stimulate cooperation in wireless networks. Hoping that this will contribute towards averting a future in which pervasive connectivity becomes a constant peril.

Tutorial Content

1. New Wireless Networks and New Challenges (30min)

In the first part, we explain what is changing in wireless networks and why security must be redesigned accordingly. The evolution from centralized to self-organized operation and the programmability of end user devices open the door to sophisticated and hard-to-prevent attacks, and render greedy behavior a serious threat. Communication across multiple wireless links (hops) requires cooperative route discovery and packet forwarding. Embedded systems (e.g., sensors or cars) imply that human beings are not necessarily involved in communication anymore, while miniaturization leads to limited resources (computing power, energy, and bandwidth) that are too valuable to expend on sophisticated security mechanisms. Finally, the proliferation of wireless-enabled devices and the pervasiveness of these emerging technologies raise major privacy concerns. We motivate the material presented in Parts 2 and 3 by discussing all these challenges and the crucial role of trustworthiness for the deployment of such systems; we present mesh, vehicular, and sensor networks, as well Radio Frequency Identification (RFID) tags as examples.

2. Thwarting Malicious Behavior (2h)

In the second part, we focus on mechanisms thwarting malicious attacks. We present basic concepts and illustrate them with examples taken from concrete proposals in the literature. In particular, we concentrate on fundamental security issues, such as the establishment of secure associations among nodes, the secure discovery of communication paths in the network, including the security of neighbor and route discovery, the security of data communication, and the protection of the end-user privacy.

2.1 Security Association Establishment

The establishment of a security association between two nodes results in their mutual authentication and the setup of cryptographic keys to protect the networking protocols and the nodes’ communication. We explain how associations can be established in the ad hoc networking environment, by taking advantage of its salient features such as node mobility and temporary physical proximity. We also consider key pre-distribution schemes for the establishment of security associations in sensor networks.

2.2 Secure Neighbor Discovery

Discovering neighboring nodes, i.e., other nodes that can be directly reached over a wireless link, is a crucial building block for access control, data dissemination, and routing. Simple neighbor discovery mechanisms can be subverted by attackers that seamlessly introduce inexistent wireless links or “wormholes” in the network. We explain how such attacks can be mounted, what their impact on the network operation (e.g., routing) can be, and discuss defense mechanisms.

2.3 Secure Route Discovery

Subverting the discovery of multi-hop communication paths can be particularly easy-to-mount, and highly effective in controlling and potentially denying communication; advertising inexistent routes, creating loops, and disconnecting large parts of the network. We present secure routing protocols for ad hoc networks. We investigate how security requirements for routing protocols can be specified and how routing protocols can be formally proven secure.

2.4 Secure Data Communication

Intelligent attackers could favorably place themselves on the utilized routes but only disrupt the data communication. Worse even, they can lie undetected, without any deviation from the implemented protocols, and hit only when it counts most, for example, dropping valuable messages. We discuss secure communication protocols for ad hoc networks, and their interoperation with the underlying secure neighbor and route discovery.

2.5 Privacy

Finally, we talk briefly about privacy concerns generated by emerging wireless networks and applications, such as vehicular networks. We present schemes proposed to protect privacy in those systems.

3. Thwarting Selfish Behavior (1h30min)

In this last part, we focus on the danger of greedy user behavior. We provide the appropriate theoretical background to model this problem, and we illustrate this topic by two examples: the first at the network layer, and the second at the MAC layer.

3.1 Brief Tutorial on Game Theory

We introduce the (small) subset of game theory concepts required to perform appropriate modeling in wireless networks: player, payoff, strategy, Pareto efficiency, Nash equilibrium.

3.2 Selfishness in Packet Forwarding

We address the problem of cooperation in fully self-organized wireless networks; we show how packet forwarding can be modeled in a game-theoretic setting, and we prove that, in practice, some sort of incentive is required to stimulate the cooperation between the nodes.

3.3 Selfish Behavior at the MAC Layer of CSMA/CA

We show how easy it is for a mobile station attached to an access point to capture most of the available bandwidth, at the expense of the other users. We explain appropriate techniques to identify this kind of misbehavior and to thwart it.

Tutorial Handouts

Participants will be provided with copies of the slides, as well as excerpts of the upcoming, in 2007 by Cambridge University Press, "Security and Cooperation in Wireless Networks" textbook, written by L. Buttyan and J-P. Hubaux.

Audience and Prerequisite Knowledge

The potential audience includes researchers in wireless networks from academia and corporate research centers. In order to fully benefit from this tutorial, a participant should have some background in wireless networking and at least a basic knowledge of security principles. No knowledge in game theory is required.

Biographies of Presenters

Jean-Pierre Hubaux joined the faculty of EPFL in 1990 and he was promoted to full professor in 1996. He is a member of the Institute of Communication Systems, and leads the LCA-1 unit. His research activity is focused on wireless networks, with a special interest in security and cooperation issues. He has been strongly involved in the National Competence Center in Research named "Mobile Information and Communication Systems" (NCCR/MICS), since its genesis in 1999; this center is often nicknamed "the Terminodes project". In this framework, he has notably defined, in close collaboration with his students, novel schemes for the security and cooperation in multi-hop wireless networks, vehicular networks, and sensor networks; in particular, he has devised new techniques for key management, secure positioning, and incentives for cooperation in such networks. He has also made several contributions in the areas of power management in sensor networks and of group communication in ad hoc networks. He has recently written, with Levente Buttyan, a graduate textbook entitled "Security and Cooperation in Wireless Networks."

He is a member of the steering committee of IEEE Transactions on Mobile Computing and an associate editor of Foundations and Trends in Networking. He is the chairman of the steering committee of ACM MobiHoc. He has been serving on the program committees of numerous conferences and workshops, including SIGCOMM, Infocom, MobiCom, MobiHoc, SenSys, WiSe, and VANET. He has held visiting positions at the IBM T.J. Watson Research Center and at the University of California at Berkeley. He was born in Belgium, but spent most of his childhood and youth in Northern Italy. After completing his studies in electrical engineering at Politecnico di Milano, he worked 10 years in France with Alcatel, where he was involved in R&D activities, primarily in the area of switching systems architecture and software.

Panos Papadimitratos is a senior researcher at the EPFL Institute of Communication Systems and the LCA-1 unit. Prior to joining EPFL, he spent a year as a postdoctoral fellow at Virginia Tech. In January 2005, Panos received his PhD from Cornell University, Ithaca, NY, where he worked with Prof. Haas since 2000. His research has been concerned with networking protocols and network security, focusing on mobile and wireless systems. More specifically, his work has defined a novel protocol suite for secure and fault-tolerant communication in mobile ad hoc networks, as well as schemes for securing vehicular communication systems. He has participated in projects, related to network and system security and mobile and wireless systems, funded by the European Commission, the Swiss National Foundation, and in the USA, the National Security Agency, the National Science Foundation, and the Department of Defense Multidisciplinary University Research Initiatives administered by Office of Naval Research and the Air Force Office of Scientific Research. He has served in several technical program committees of conferences and workshops, and as a referee for numerous journals.

Tutorial 2: Sunday, September 9 (morning)

Cognitive Networks

Luiz A. DaSilva and Allen B. MacKenzie, Virginia Tech, USA

Introduction

This tutorial will provide attendees with a critical understanding of the current research on cognitive networks, networks capable of perceiving current network conditions and then planning, learning and acting according to end-to-end goals. Cognitive networks are motivated by the complexity, heterogeneity, and reliability requirements of tomorrow’s networks, which are increasingly expected to self-organize to meet user and application objectives. We explore the links between cognitive networks and related research on cognitive radios and cross-layer design. By defining cognitive networks, examining their relationship to other technologies, discussing critical design issues, and providing a framework for implementation, we aim to establish a foundation for further research and
discussion.

Tutorial Content

1. Motivation for Cognitive Radios and Cognitive Networks

We discuss the main drivers for cognitive radios and the issues that emerge when these radios are expected to interact in a network.

2. Architectures for a Cognitive Network

We review competing proposals for an architecture for a cognitive network and identify common traits.

3. Cognition = Learning + Reasoning + Planning

We explore the underlying mechanisms for the cognitive process and the tradeoffs involved in selecting and implementing these mechanisms.

4. Critical Design Decisions

We explore the tradeoffs regarding selfish versus altruistic behavior of cognitive nodes, how much control over the network each node should have, and how much information the cognitive engine needs to make sound decisions that benefit both the individual node and the network as a whole.

5. Case study: Distributed, Dynamic Spectrum Access

We present a case study for the application of the cognitive network concept to the problem of distributed and dynamic spectrum access

6. Future Directions

We discuss the limitations and challenges of current developments in cognitive networks and outline some future directions of research.

7. Summary and Conclusions

Audience and Prerequisite Knowledge

Our potential audience includes academic, industrial, and government researchers in the wireless communications and networking fields who have an interest in cognitive radios and networks. The pre-requisites for the tutorial are a working knowledge of concepts from wireless communications and networking and basic understanding of the cognitive radio concept.

Biographies of Presenters

Luiz A. DaSilva joined Virginia Tech’s Bradley Department of Electrical and Computer Engineering in 1998, where he is now an Associate Professor. He received his Ph.D. in Electrical Engineering at the University of Kansas and previously worked for IBM for six years. Dr. DaSilva's research focuses on performance and resource management in wireless and mobile ad hoc networks. He is currently researching the application of game theory to model mobile ad hoc networks (MANETs), topology control, cooperation and reputation management in heterogeneous ad hoc networks, energy-aware multicast route discovery, and cognitive networks. Dr. DaSilva has published over sixty refereed papers in journals and major conferences in the communications and computer areas. Current and recent research sponsors include the National Science Foundation, the Office of Naval Research, Booz Allen Hamilton, the U.S. Customs Services, Intel, and Microsoft Research, among others. He is a member of the Wireless @ Virginia Tech research group. Dr. DaSilva is a Senior Member of IEEE, a member of the ASEE and of ACM, and a past recipient of the ASEE/IEEE Frontiers in Education New Faculty Fellow award. In 2006, he was named a College of Engineering Faculty Fellow at Virginia Tech. He frequently teaches distance and distributed learning courses on network architecture and protocols and on mobile and wireless networking.

Allen B.MacKenzie is an Assistant Professor of Electrical and Computer Engineering at Virginia Tech. He received his Ph.D. in Electrical and Computer Engineering in May 2003 from Cornell University with a dissertation entitled “Game Theoretic Analysis of Power Control and Medium Access Control.” Dr. MacKenzie’s research focuses on applications of game theory to wireless communications and networking, cognitive radio, and cognitive networks. Current research sponsors include the National Science Foundation and the National Institute of Justice. Dr. MacKenzie is a member of the IEEE, ACM, and ASEE. While at Cornell, MacKenzie was an NSF Graduate Research Fellow. In 2006, he received the Virginia Tech College of Engineering Dean’s Award for
Outstanding New Assistant Professor.

Tutorial 3: Sunday, September 9 (afternoon)

Vehicular Ad Hoc Networks

Hannes Hartenstein, University of Karlsruhe, Germany

Ken Laberteaux, Toyota Technical Center Ann Arbor, USA

Introduction

Vehicular ad hoc networks (VANETs) can help to increase safety and comfort ‘on the road’. As an element for active, i.e., preventive safety, these VANETs can efficiently warn and inform drivers via direct wireless intervehicle communications. Thereby, the range of awareness of a driver is extended from current line-of-sight to the radio range of a wireless transceiver. With multi-hop communication, each vehicle can benefit from the locally sensed data of surrounding vehicles or from multi-hop access opportunities. Clearly, sensing, disseminating and retrieving information on the current surrounding shows a potential for improving transport efficiency and comfort. Recently, the promises of wireless communications to support vehicular safety applications have led to several national/international projects around the world: DSRC, VSC, VII in USA, C2CCC in Europe, AVS in Japan or Network on Wheels in Germany, to name a few. All these efforts have as a main goal to improve safety in vehicular environments by the use of wireless communications, but also consider transport efficiency, comfort and environment. In comparison to other communication networks VANETs have unique requirements with respect to applications, types of communication, self-organization and security. In the context just described, the proposed tutorial has two main goals:

To present a detailed description of the state of the art of VANETs pointing to research, projects and standardization efforts that have been done.
To outline the challenges of the current technologies and to discuss open issues and directions of further research in this field.

Tutorial Content

1. Motivation: Applications and Recent projects (0.5 hours)

First, we motivate the need for wireless communications in vehicular environments. We describe the different types of applications that are being considered for VANETs. The spectrum ranges from active safety or safety of life applications to traffic information, music/maps download and multi-hop internet connection. We address different requirements associated to specific applications, e.g., robustness with respect to false alarms, sensor accuracy, the impact on driving behavior or required penetration rates. Second, an overview on recent project and standardization activities in the field of VANETs is provided including VII, VSC, CAMP, C2CCC, COMeSafety, NoW and others.

2. Mobility and Radio Channel incl. Modeling and Simulations (0.5 hours)

Network topology: vehicular traffic characteristics. This section covers measurements from vehicular traffic on highways and in cities and associated models (like Wiedemann as well as Schreckenberg-Nagel models) and simulation tools that couple/combine vehicular traffic and network simulation.
Radio propagation in vehicular environments. This section covers measurements and discusses various models including the standard two-ray ground model and more realistic models for fast fading like the m-distribution of Nakagami. We point out the relevance of using the probability of reception as the figure of merit.

3. Communication Technology and Strategies incl. Modeling and Simulations (1.0 hours)

IEEE 802.11p standard. Starting from IEEE 802.11a, the ‘p-standard’ will provide the required robustness for VANET communiations. We present the key design aspects and outline a ‘p-compliant’ simulation model. In addition, we outline recent receiver structures.
Forwarding, routing, and information dissemination strategies. We discuss various forwarding strategies focussing on position-based techniques including ‘contention-based forwarding’. We survey various ‘intelligent flooding’ and information dissemination approaches. Scenarios for highways and cities are taken as example.
Challenges of robust inter-vehicle communications. We will point out the challenges depending on the different types of potential applications. Mainly the following types of communications and applications will be addressed:

i) active safety: periodic broadcast messages,
ii) emergency warning: event driven messages, information dissemination, and
iii) non-safety applications: point-to-point communications, routing/forwarding strategies.

4. Architectural and application-specific issues (0.5 hour)

We discuss the relationship to sensor networks and peer-to-peer networks. In addition, decision and control aspects for various VANET-specific applications are addressed. Based on the interdependencies between ‘layers’ we discuss alternative protocol architectures for VANETs. Furthermore, we survey middleware approaches that have been proposed for vehicle-to-vehicle and vehicle-to-roadside communications.

5. Security, privacy and incentives aspects (0.5 hour)

Security is a crucial aspect in VANETs in order to become a reliable and accepted system bringing safety on public roads. In this section we will discuss the major security goals (authenticity, message integrity and source authentication, privacy, and robustness) and proposals in the context of VANETs. Finally, we will describe the requirements and strategies being considered to bring the technology to the market. Aspects such as costs or the willingness of consumers to pay for the technology will be addressed as well as different wireless technologies seen as competitors in the market introduction phase.

6. Discussion (0.5 hours)

Audience and Prerequisite Knowledge

A basic understanding of IEEE 802.11 and of ad hoc networks in general is beneficial but not required. There exists a broad range of potential participants who will be interested in this emerging topic. We identify two main profiles:

Researchers from both industry (e.g., automotive, telecommunications, hardware) and academia that are involved (or would like to be) in inter-vehicle communications and want to know the state of the art (w.r.t. models, protocols and tools), challenges and directions of further research in this field.
Industry representatives that see in VANETs a new field for their business for their companies (e.g., service providers, telecom operators, toll collect system providers) and want to understand the possibilities and state of the art of such technology.

Biographies of Presenters

Hannes Hartenstein is a professor at the University of Karlsruhe, Germany with affiliations to the Institute of Telematics and the university’s Computing Center. He is also member of the scientific directorate of IBFI Schloss Dagstuhl. Before joining University of Karlsruhe in 2003 he was with NEC Europe Ltd., Network Labs in Heidelberg, Germany. He was NEC’s project leader (2001-2003) for the ‘FleetNet – Internet on the Road’ project partly funded by the German Ministry of Education and Research (BMBF). In the FleetNet project, DaimlerChrysler together with NEC, Siemens, Bosch and others pioneered and explored the feasibility of vehicular ad hoc networks. Hannes is now involved in the ‘NOW: Network on Wheels’ project, again partly funded by the German BMBF. In the NOW project, DaimlerChrysler, Volkswagen and BMW teamed up to push the development of VANET technology. Hannes was general co-chair of the 2nd ACM International Workshop on Vehicular Ad Hoc Networks that was held in conjunction with ACM Mobicom in Cologne, Germany, September 2005. He was program co-chair of the ACM VANET workshop in 2006. He co-authored more than 80 publications, about 25 devoted to vehicular ad hoc networks. For further information please see http://dsn.tm.uni-karlsruhe.de.

Ken Laberteaux is a Senior Principal Research Engineer for the Toyota Technical Center in Ann Arbor, MI. Ken’s research focus is information-rich vehicular safety systems, focusing on architecture and protocol design for vehicle-to-vehicle and vehicle-to-roadside wireless communication. He is one of the founders and two-year (2004, 2005) General Co-Chair of the highly-selective, international Vehicular Adhoc Networks (VANET) workshop. Ken serves as the technical lead for communications of the multi-year, multi-million dollar Vehicle Safety Communications-Applications collaboration project between the US Government and several automotive companies. He also serves as Toyota’s technical lead for various ITS standards efforts and multi-company demonstration projects. Before joining Toyota, Ken spent ten years as a researcher at the Tellabs Research Center, a leading North American telecommunications lab. While working full-time at Tellabs, Ken earned his M.S. (1996) and Ph.D. (2000) degrees in Electrical Engineering from the University of Notre Dame, focusing on adaptive control for communications. In 1992, he received his B.S.E. (summa cum laude) in Electrical Engineering from the University of Michigan, Ann Arbor.

Tutorial 4: Sunday, September 9 (afternoon)

Protecting Location Privacy in Mobile Computing Systems: Architecture and Algorithms

Ling Liu, Georgia Tech, USA

Introduction

With the rapid development in positioning technologies such as GPS, GSM, RFID, and WiFi (802.11) and the wide deployment of wireless local area networks (WLAN), many devices today are equipped with wireless communication capabilities and location-awareness. These new technologies have enabled a new class of applications, known as Location-Based Services (LBSs). While location-based services (LBSs) hold the promise of new business opportunities and a wide range of life enhancing services, the ability to locate users and mobile objects accurately also opens door for new threats - intrusion of location privacy. Location privacy threats refer to the risks that an adversary can obtain unauthorized access to raw location data, derived or computed location information by locating a transmitting device, hijacking the location transmission channel, and identifying the subject (person) using the device.

Location privacy refers to the ability to prevent other unauthorized parties from learning one's current or past location. In LBSs, there are conceivably two types of location privacy - personal subscriber level privacy and corporate enterprise-level privacy. Extensive deployment of location-based services without safeguards may endanger location privacy of mobile users due to significant vulnerabilities for abuse. For example, location information can be used to spam users with unwanted advertisements or to learn about users, medical conditions, alternative lifestyles or unpopular political views. Inferences can be drawn from visits to clinics, doctors offices, entertainment districts, or political events. In extreme cases, public location information can lead to physical harm, for example in stalking or domestic abuse scenarios.

Location privacy has attracted attention by the research community in the recent couple of years. Most of the solutions proposed so far are focused on dealing with location privacy protection under a uniform assumption (i.e., all mobile users have similar location privacy requirements). Very few have studied personalized privacy protection strategies and have provided qualitative and quantitative analysis of the inherent tradeoff between the utility that LBSs can offer and the location privacy they afford to risk. Furthermore, there is an inherent tradeoff between the utility that LBSs can offer and the location privacy they afford to risk. On one hand, the quality of an LBS depends on the accuracy of the location of mobile users, and on the other hand, the more accurate the location information is disclosed, the higher risk of location privacy being invaded. It is important to develop mechanisms that can help finding an acceptable balance between the extreme of fully disclosure and completely withheld of location data. In this tutorial we present an in-depth description of location privacy and privacy-aware location-based services in mobile information systems, with the emphasis on architectures, concepts, and techniques.

Tutorial Content (3 hours)

1. Motivation: Applications and Requirements (0.5 hours)

First, we motivate the need for location privacy in future mobile and ubiquitous computing environments and address different requirements for protecting location privacy. We also define the concept of location privacy, and discuss the tradeoffs between the utility of locations, the quality of service provided by the LBS, and the desired location privacy of the user, and how to reach such a tradeoff through location cloaking mechanisms.

(1) Location Privacy and Location Service Quality

In mobile computing environments, location-based applications track people's movement so they can offer various location-dependent services. Users who do not want such services should be given the choice of refusing to be tracked and thus maintain their location privacy. Of course, if a user provides little location information to the service provider, the risk of her privacy being compromised will be significantly reduced. However, this may prevent an LBS from providing the best service to the user. Alternatively, before contacting the LBS provider, a user can have her location information filtered by reducing its precision/resolution in terms of time and space. An important question is how much privacy protection is necessary. Perfect privacy is clearly impossible as long as communication takes place. Moreover, different users may have varying privacy needs in different contexts. Therefore, it is important to develop customizable privacy protection mechanisms that can help users finding a comfortable balance between the extreme of fully disclosed and completely withheld location data. This includes the qualitative and quantitative analysis of the inherent tradeoff between the quality of service provided by the LBS and the desired location privacy of the user, and how fuzzy the location information sent by a mobile user to the LBS can be in order to reach such a tradeoff.

(2) Location Privacy and Personalization

We argue that location privacy is context sensitive. Different users may require different levels of privacy at different times. A user's willingness to share location data may depend on a range of factors, including different contextual information about the user (such as environmental context, task context, social context, etc.). Thus, ``one size fits all'' framework for location privacy does not work. We promote user-defined privacy rules combined with a personalized anonymization model since it allows users to tailor the system-level privacy protection strategies to meet their personal privacy preferences.

2. Protecting Location Privacy: Policy-based Model v.s. Location Anonymization (1 hour)

Several approaches have been proposed for protecting location privacy of a user. Most of them try to prevent disclosure of unnecessary information by techniques that explicitly or implicitly control what information is given to whom and when. These techniques can be classified into three categories:

Location protection through user-defined or system-supplied privacy policies;
Location protection through anonymous usage of information, such as location cloaking, by reducing temporal and spatial resolutions of location information; and
Location protection through pseudonymity of user identities, which uses an internal pseudonym rather than the user’s actual identity. Such pseudonyms should be different for different services and frequently changing to prevent applications tracking them. More importantly, such pseudonyms should be generated in such a manner that makes the linking between the old and the new pseudonym very hard.

Some location-based services can operate completely anonymously, such as ``when I pass a gas station, alert me with the unit price of the gas". Others can not work without the user's identity, such as ``when I am inside the office building, let my colleagues find out where I am". Between these two extremes are those applications that cannot be accessed anonymously but do not require the user's true identity, such as ``when I walk past a computer screen, let me teleport my desktop to it". Here, the application must know whose desktop to teleport but it could do this using an internal pseudonym rather than the user's true identity. For those LBSs that require our true identity, strong security mechanisms, such as location authentication and authorization, have to be enforced in conjunction with their location privacy policy.

In this tutorial we will give an overview of two types of location privacy protection strategies: Policy-based models and anonymity-based models, describe different classes of location privacy threats, and provide an overview of the possible techniques and solutions for location privacy protection. We will describe the design and development of a secure and customizable architecture for privacy-aware location-based services, which provides a careful combination of policy-based location privacy mechanisms and location anonymization based privacy schemes. In the policy-based approach, mobile subscribers need to evaluate and choose privacy policies offered by the service provider. These policies serve as a contractual agreement about which data can be collected, for what purpose the data can be used, and how it can be distributed. Typically the mobile subscribers have to trust the service provider that private data is adequately protected. In contrast, the anonymity-based approach de-personalizes data before it is dispatched to service providers. Thus it can provide a high degree of privacy, save users from dealing with service providers’ privacy policies, and reduce the service providers’ requirements for safeguarding private information. However, guaranteeing anonymous usage of location services requires that the precise location information transmitted by a user cannot be easily used to re-identify the subject. One common way to anonymize location information is to provide location k-anonymity by location cloaking, which reduces temporal and spatial resolutions of location information.

3. Location k-anonymity and Location Privacy (1 hour)

The concept of k-anonymity is originally introduced in the context of relational data privacy research. In the context of LBSs and mobile users, location k-anonymity refers to k-anonymous usage of location information. A larger k indicates more difficulty in linking a location to a particular user. This uncertainty will increase with the increasing value of k. Users can specify the value of k in her location privacy policy as a parameter to control her desired level of privacy. Location perturbation is an effective technique for implementing location k-anonymity. Two fundamental questions are raised frequently with location k-anonymity: (1) how large the value of k should be? and (2) should we use different k values for different users or even different service requests of the same user (context sensitivity)? We argue that there is a close synergy between location privacy and location k-anonymity. Larger k in location anonymity usually implies higher guarantees for location privacy. We will present the design of several personalized anonymization models and location cloaking algorithms, and discuss issues such as safeguards for secure transmission, use and storage of location information, reducing the risks of unauthorized disclosure of location information. We also describe our impact study on both the performance of the system and the quality of service by incorporating different location privacy protection strategies into the proposed distributed location service middleware architecture.

4. Privacy and Security of Location Information (05. hours)

Security and privacy are two dimensions of the safety problem in future mobile and ubiquitous computing systems. I will discuss the intrinsic relationships between location security and location privacy, in terms of requirements, potential risks and defense mechanisms, and how the solutions to these problems will impact the future mobile computing systems, services, and applications.

Audience and Prerequisite Knowledge

The tutorial presents the necessary concepts, architectures, techniques, and infrastructure to understand location privacy in mobile location-based services (LBSs). The tutorial is designed to be self-contained, and gives the essential background for anyone interested in learning about the concept of location privacy, and the principles for design and development of a secure and customizable architecture for privacy-aware location-based services. This tutorial will guide the researchers, graduate students, and practitioners by highlighting best practices in building scalable and privacy-aware distributed location based services, including the location utility and location privacy trade-offs, the limitations of current approaches, the need for a careful combination of policy-based location privacy mechanisms and location anonymization based privacy schemes, as well as the set of safeguards for secure transmission, use and storage of location information, reducing the risks of unauthorized disclosure of location information. This tutorial is presented at a senior graduate student level and is accessible to data management administrators, advanced mobile location based service developers, and graduate students who are interested in mobile information systems, pervasive computing, and data privacy.

Biography of Presenter

Dr. Ling Liu is an Associate Professor in the College of Computing at Georgia Institute of Technology. There she directs the research programs in Distributed Data Intensive Systems Lab (DiSL), examining performance, security, privacy, and data management issues in building large scale distributed computing systems. Dr. Liu and the DiSL research group have been working on various aspects of distributed data intensive systems, ranging from decentralized overlay networks, mobile computing and location based services, sensor network and event stream processing, to service oriented computing and architectures. She has published over 150 international journal and conference articles in the areas of Internet Computing systems, Internet data management, distributed systems, and information security. Her research group has produced a number of open source software systems, among which the most popular ones include WebCQ, XWRAPElite, PeerCrawl. She has chaired a number of conferences as a PC chair, vice PC chair, or a general chair, including IEEE International Conference on Data Engineering (ICDE 2004, ICDE 2006, ICDE 2007), IEEE International Conference on Distributed Computing (ICDCS 2006), IEEE International Conference on Web Services (ICWS 2004), ACM International Conference on Knowledge and Information Management (CIKM 2000). Dr. Liu is currently on the editorial board of several international journals, including IEEE Transactions on Knowledge and Data Engineering, International Journal of Very Large Database systems (VLDBJ), Wireless Network Journal (WINET), International Journal of Peer-to-Peer Networking and Applications (Springer), International Journal of Web Services Research. Dr. Liu is the recipient of the best paper award of ICDCS 2003 and the best paper award of WWW 2004, a recipient of 2005 Pat Goldberg Memorial Best Paper Award, and a recipient of IBM faculty award in 2003 and 2006. Dr. Liu’s research is primarily sponsored by NSF, DARPA, DoE, and IBM.

Acknowledgement: This work is partially funded by the NSF CyberTrust Program.