Users of mobile devices increasingly expect Internet connectivity wherever they travel. Despite the roll-out of wide-area wireless broadband, many devices, such as iPods and portable game stations still rely on local area WiFi networks to obtain connectivity. Even smart phones may prefer WiFi over 3G and WiMAX to improve the performance of high throughput applications or to avoid data charges. Fortunately, there is often a large selection of WiFi service providers to choose from. For example JiWire, 1 a hotspot directory, reports 400 to 1000 commercial WiFi networks in each of the top ten U.S. metropolitan areas. Nevertheless, in a study of commercial hotspots in Seattle, we found significant diversity in performance and functionality due to differing back-haul capacity, port blocking, and poorly functioning WiFi access

Location-based social applications (LBSAs) rely on the location coordinates of the users to provide services. Today, smartphones using these applications act as simple clients and send out user locations to untrusted third-party servers. These servers have the application logic to provide the service, and in the process collect large amounts of user location information over time. This design, however, is shown to be susceptible to large-scale user privacy compromises even if several location cloaking techniques are employed. In this position paper, we argue that the LBSAs should adapt an approach where the untrusted third-party servers are treated simply as encrypted data stores, and the application functionality be moved to the client devices. The location coordinates are encrypted, when shared, and can be decrypted only by the users that the data is intended for. This approach significantly improves user location privacy. We argue that this approach not only improves privacy, but it is also flexible enough to support a wide variety of location-based applications used today. In this paper, we identify the key building blocks necessary to construct the applications in this approach, give examples of using the building blocks by constructing several applications, and outline the privacy properties provided by this approach. We believe our approach provides a practical alternative design for LBSAs that is deployable today. 1.

Abstract—To benefit from a location-based service, a person must reveal her location to the service. However, knowing the person’s location might allow the service to re-identify the person. Location privacy based on k-anonymity addresses this threat by cloaking the person’s location such that there are at least k − 1 other people within the cloaked area and by revealing only the cloaked area to a location-based service. Previous research has explored two ways of cloaking: First, have a central server that knows everybody’s location determine the cloaked area. However, this server needs to be trusted by all users and is a single point of failure. Second, have users jointly determine the cloaked area. However, this approach requires that all users trust each other, which will likely not hold in practice. We propose a distributed approach that does not have these drawbacks. Our approach assumes that there are multiple servers, each deployed by a different organization. A user’s location is known to only one of the servers (e.g., to her cellphone provider), so there is no single entity that knows everybody’s location. With the help of cryptography, the servers and a user jointly determine whether the k-anonymity property holds for the user’s area, without the servers learning any additional information, not even whether the property holds. A user learns whether the k-anonymity property is satisfied and no other information. The evaluation of our sample implementation shows that our distributed k-anonymity protocol is sufficiently fast to be practical. Moreover, our protocol integrates well with existing infrastructures for location-based services, as opposed to the previous research. I.

Abstract. Recently, we started to experience a shift from physical communities to virtual communities, which leads to missed social opportunities in our daily routine. For instance, we are not aware of neighbors with common interests or nearby events. Mobile social computing applications (MSCAs) promise to improve social connectivity in physical communities by leveraging information about people, social relationships, and places. This article presents MobiSoC, a middleware that enables MSCA development and provides a common platform for capturing, managing, and sharing the social state of physical communities. Additionally, it incorporates algorithms that discover previously unknown emergent geo-social patterns to augment this state. To demonstrate MobiSoC's feasibility, we implemented and tested on smart phones two MSCAs for location-based mobile social matching and place-based ad hoc social collaboration. Experimental results showed that MobiSoC can provide good response time for 1000 users. We also demonstrated that an adaptive localization scheme and carefully chosen cryptographic methods can significantly reduce the resource consumption associated with the location engine and security on smart phones. A user study of the mobile social matching application proved that geo-social patterns can double the quality of social matches and that people are willing to share their location with MobiSoC in order to benefit from MSCAs.

This thesis contributes a new system in support of large scale people-centric sensing applications. Over the last decade, wireless sensor networking has developed into ar-guably the most active area in networking research. The state of the art largely follows an application-specific philosophy, where modest numbers of static wirelessly-connected sensor nodes are placed in the target environment in support of a single application. In a properly engineered network, sensor nodes are well-equipped and well-positioned to best provide the connectivity and sensing required by the application. Such networks are ill-suited, however, to the demands of a new class of applications focused on providing sensor information about people, their daily lives, and their environments. These people-centric applications require the ability to both sample very detailed information on the individual scale, and to provide a view of the urban landscape- a very large scale challenge. A new approach is required. Therefore, we propose the novel MetroSense architecture in support of people-centric sensing. While incorporating static infrastructure elements, to get large scale sensing cover-age the architecture primarily makes use of devices with embedded sensors, such as mobile

Abstract. We introduce a novel framework that provides a logical structure for identifying, classifying and organizing fundamental components, assumptions, and concepts of location privacy. Our framework models mobile networks and applications, threats, location-privacy preserving mechanisms, and metrics. The flow of information between these components links them together and explains their interdependencies. We demonstrate the relevance of our framework by showing how the existing achievements in the field of location privacy are embodied appropriately in the framework. Our framework provides “the big picture ” of research on location privacy and hence aims at paving the way for future research. 1

Abstract—In people-centric opportunistic sensing, people offer their mobile nodes (such as smart phones) as platforms for collecting sensor data. A sensing application distributes sensing ‘tasks, ’ which specify what sensor data to collect and under what conditions to report the data back to the application. To perform a task, mobile nodes may use on-board sensors, a body-area network of personal sensors, or sensors from neighboring nodes that volunteer to contribute their sensing resources. In all three cases, continuous sensor monitoring can drain a node’s battery. We propose DEAMON (Distributed Energy-Aware MONitoring), an energy-efficient distributed algorithm for long-term sensor monitoring. Our approach assumes only that mobile nodes are tasked to report sensor data under conditions specified by a Boolean expression, and that a network of nearby sensor nodes contribute to monitoring subsets of the task’s sensors. Our algorithm to select sensor nodes and to monitor the sensing condition conserves energy of all nodes by limiting sensing and communication operations. We evaluate DEAMON with a stochastic analysis and with simulation results, and show that it should significantly reduce energy consumption. I.

We present a novel hybrid communication protocol that guarantees mobile users’ k-anonymity against a wide-range of adversaries by exploiting the capability of handheld devices to connect to both WiFi and cellular networks. Unlike existing anonymity schemes, we consider all parties that can intercept communications between the mobile user and a server as potential privacy threats. We formally quantify the privacy exposure and the protection of our system in the presence of malicious neighboring peers, global WiFi eavesdroppers, and omniscient mobile network operators. We show how our system provides an automatic incentive for users to collaborate, since by forwarding packets for other peers users gain anonymity for their own traffic.

Abstract. The proliferation of mobile devices has given rise to novel user-centric applications and services. In current mobile systems, users gain access to remote servers over mobile network operators. These operators are typically assumed to be trusted and to manage the information they collect in a privacy-preserving way. Such information, however, is extremely sensitive and coveted by many companies, which may use it to improve their business. In this context, safeguarding the users ’ privacy against the prying eyes of the network operators is an emerging requirement. In this chapter, we first present a survey of existing state-of-the-art protection mechanisms and their challenges when deployed in the context of wired and wireless networks. Moreover, we illustrate recent and ongoing research that attempts to address different aspects of privacy in mobile applications. Furthermore, we present a new proposal to ensure private communication in the context of hybrid mobile networks, which integrate wired, wireless and cellular technologies. We conclude by outlining open problems and possible future research directions. 1

Programmable consumer devices have placed computation within arm’s reach at all times and in all places. Unfortunately, researchers interested in investigating this phenomenon often struggle with the expense, inconvenience, and limited scale of existing experimental platforms. In this paper, we introduce a new experimental platform for mobile and pervasive computing based on JellyNets, an abstraction for exposing experiments to arbitrary mobile social contexts. 1.