TruzGPS:基於TrustZone的位置隱私權保護系統

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：21

、訪客IP：18.189.14.219

姓名

張哲嘉(Che-Chia Chang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

TruzGPS:基於TrustZone的位置隱私權保護系統
(TruzGPS: A TrustZone-based Location Privacy Protection System)

相關論文

★ 基於OP-TEE的可信應用程式軟體生態系統	★ 在低軌道衛星無線通訊中的CSI預測方法
★ 為多流量低軌道衛星系統提出的動態換手策略	★ 基於Trustzone的智慧型設備語音隱私保護系統
★ 一種減輕LEO衛星網路干擾的方案	★ 衛星地面整合網路之隨機接入前導訊號設計與偵測
★ SatPolicy: 基於Trustzone的衛星政策執行系統	★ TruzMalloc: 基於TrustZone 的隱私資料保護系統
★ 衛星地面網路中基於物理層安全的CSI保護方法	★ 低軌道衛星地面整合網路之安全非正交多重存取傳輸
★ 低軌道衛星地面網路中的DRX機制設計	★ 衛星地面整合網路之基於集合系統的前導訊號設計
★ 基於省電的低軌衛星網路路由演算法	★ 衛星上可重組化計算之安全FPGA動態部分可重組架構
★ 衛星網路之基於空間多樣性的前導訊號設計	★ TrustCS: 基於 Trusted Firmware-M 的安全 CubeSat 韌體更新機制

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

近年來，愈來愈多基於位置的服務 (Location-based Services, LBS) 豐富了人類的日常生活，然而，使用者必須提供自身的地理位置才能取得基於位置的服務，此舉動會侵害到使用者的位置隱私權，因此，如何在提供基於位置的服務同時仍能保障使用者的位置隱私，一直是基於位置的服務的重要研究議題之一。除了分享位置造成的隱私權疑慮，許多的安全報告已顯示這些行動裝置系統中有許多漏洞，攻擊者可以利用這些漏洞入侵裝置的系統，並取得使用者的精確位置，造成隱私的極大損失。現有許多的文獻雖提出了保障使用者位置隱私權的機制，但他們並未考慮行動裝置的系統漏洞。為了解決此問題，此篇論文設計一種位置模糊化演算法，該演算法僅提供同一粗略精確度的使用者模糊化定位資訊給所有基於位置的服務應用程式，卻能在基於位置服務伺服器端達到多層次精確度的效果，加以防禦基於位置的服務場景中非伺服器端的位置攻擊。此外，此篇論文加以設計了基於 ARM TrustZone 的 TruzGPS 系統，藉由TruzGPS 系統，即使使用者的行動裝置系統遭到攻擊者入侵，也能防止攻擊者取得使用者的精確位置，保護使用者的位置隱私權。實驗結果顯示TruzGPS 可以有效保護使用者的位置隱私權而不會造成過多的系統成本。

摘要(英)

In recent years, location-based services (LBS) have significantly enriched the quality of people’s daily life. However, LBS users may lose their privacy due to their location sharing while they utilize these convenient services. Thus, the protection of location privacy is one of the most significant issues in LBS. In addition to the location sharing, many security reports have shown that mobile devices have many vulnerabilities. Once the system is compromised, the user’s exact location will likely be accessed by the adversary, and the location privacy will be lost. Adversaries can access the user’s exact location, either by circumventing the permissions system, or by compromising the mobile system. Existing solutions are dedicated to preserving LBS user’s privacy, but they do not take the vulnerabilities into account, which may result in vain efforts. To address these issues, we first purpose a hidden multi-level location granularity (Hi-MLG) algorithm. This algorithm
can not only obfuscate the user’s location, but also manage to allow different LBS providers to obtain different granularity of user’s location on identical user’s obfuscated location data. We further propose a system named TruzGPS, an ARM TrustZone-based solution that prevents the location data leakage of LBS users, even if the users’ devices are compromised. The evaluations show that our work can preserve LBS user’s privacy with minimal performance overhead.

關鍵字(中)

★ 基於位置的服務
★ 位置隱私權
★ 可信任執行環境
★ ARM TrustZone

關鍵字(英)

★ Location-based Services
★ Location Privacy
★ Trusted Execution Environment
★ ARM TrustZone

論文目次

中文摘要 i
Abstract ii
致謝 iii
Contents iv
List of Figures vii
List of Tables ix
1 Introduction 1
2 Related Work and Preliminary 5
2.1 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.1 LBS Server-side Protection Schemes . . . . . . . . . . . . . . . 5
2.1.2 LBS User-side Protection Schemes . . . . . . . . . . . . . . . . 6
2.2 Preliminary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.1 Latin Square . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.2 Trusted Execution Environment . . . . . . . . . . . . . . . . . . 8
2.2.3 ARM TrustZone . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 System Model and Assumptions 11
3.1 Location-based Service System . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 System Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
iv
3.3 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4 Hidden Multi-level Location Granularity Algorithm 15
4.1 Main Ideas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 The Hi-MLG Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.1 Basic Idea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.2 Identical-Granularity Location Data . . . . . . . . . . . . . . . . 18
4.3 Server-side Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.3.1 High-privacy-level Server . . . . . . . . . . . . . . . . . . . . . 23
4.3.2 Medium-privacy-level Server . . . . . . . . . . . . . . . . . . . 23
4.3.3 Low-privacy-level Server . . . . . . . . . . . . . . . . . . . . . 24
4.4 Cost Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.4.1 Server-side Storage Cost . . . . . . . . . . . . . . . . . . . . . . 24
4.4.2 Server-side Computational Cost . . . . . . . . . . . . . . . . . . 25
4.4.3 Network Communication Cost . . . . . . . . . . . . . . . . . . . 26
4.5 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.5.1 Robustness of Latin Square . . . . . . . . . . . . . . . . . . . . 27
4.5.2 Resistance to Eavesdropping and Covert Channel Attacks . . . . 27
4.5.3 Strengthen the Security Level of Hi-MLG Algorithm . . . . . . . 27
4.6 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5 TruzGPS System Design 31
5.1 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.2 Normal World . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.2.1 Location Service Interface . . . . . . . . . . . . . . . . . . . . . 33
5.2.2 Periodically Location Update . . . . . . . . . . . . . . . . . . . 33
5.3 Secure World . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5.3.1 Location Privacy Protection Trusted Application . . . . . . . . . 34
5.3.2 GPS Message Forwarder . . . . . . . . . . . . . . . . . . . . . . 34
5.4 TruzGPS Data and Control Flow . . . . . . . . . . . . . . . . . . . . . . 35
v
6 TruzGPS System Implementation 37
6.1 Challenge of Hardware Setup . . . . . . . . . . . . . . . . . . . . . . . . 37
6.2 TruzGPS System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
6.2.1 Location Service Manager . . . . . . . . . . . . . . . . . . . . . 39
6.2.2 Location Privacy Protection Trusted Application . . . . . . . . . 41
6.2.3 TEE Serial Bridge . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.2.4 GPS Message Forwarder . . . . . . . . . . . . . . . . . . . . . . 42
6.3 Performance Optimizations . . . . . . . . . . . . . . . . . . . . . . . . . 42
6.3.1 Session Reuse and KeepAlive TA . . . . . . . . . . . . . . . . . 42
6.3.2 Last Location Preservation . . . . . . . . . . . . . . . . . . . . . 43
7 Evaluation 44
7.1 Security Analysis of TruzGPS . . . . . . . . . . . . . . . . . . . . . . . 44
7.2 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7.2.1 Hi-MLG vs AES GCM . . . . . . . . . . . . . . . . . . . . . . . 45
7.2.2 TruzGPS Overhead . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.2.3 Success Ratio of Parsing the GPS Message . . . . . . . . . . . . 48
8 Conclusion 49
Bibliography 50
Appendices 57
A GPS Message Parser . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
B Location Obfuscation Module . . . . . . . . . . . . . . . . . . . . . . . 58
C GPS Messages Example . . . . . . . . . . . . . . . . . . . . . . . . . . 58

參考文獻

[1] European Global Navigation Satellite Systems Agency, “Gnss market report,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://www.gsa.europa.eu/market/marketreport
[2] M. Gruteser and D. Grunwald, “Anonymous usage of location-based services through spatial and temporal cloaking,” in Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, ser. MobiSys’03. New York, NY, USA: Association for Computing Machinery, 2003. [Online]. Available: https://doi.org/10.1145/1066116.1189037
[3] A. R. Beresford and F. Stajano, “Location privacy in pervasive computing,” IEEE Pervasive Computing, vol. 2, no. 1, pp. 46–55, 2003.
[4] C. A. Ardagna, M. Cremonini, S. De Capitani di Vimercati, and P. Samarati, “An obfuscation-based
approach for protecting location privacy,” IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 1, pp. 13–27, 2011.
[5] A. Gutscher, “Coordinate transformation a solution for the privacy problem of location based services?” in Proceedings of the 20th International Conference on Parallel and Distributed Processing, ser. IPDPS＇06. USA: IEEE Computer Society, 2006.
[6] H. Kido, Y. Yanagisawa, and T. Satoh, “An anonymous communication technique using dummies for location-based
services,” in ICPS ’05. Proceedings. International Conference on Pervasive Services, 2005., 2005.
[7] H. Lu, C. S. Jensen, and M. L. Yiu, “Pad: Privacy-area aware, dummy-based location privacy in mobile services,” in Proceedings of the Seventh ACM International Workshop on Data Engineering for Wireless and Mobile Access, ser. MobiDE ＇08. New York, NY, USA: Association for Computing Machinery, 2008. [Online]. Available: https://doi.org/10.1145/1626536.1626540
[8] B. Niu, Q. Li, X. Zhu, G. Cao, and H. Li, “Achieving k-anonymity in privacy-aware location-based services,” in IEEE INFOCOM 2014 IEEE Conference on Computer Communications, 2014.
[9] G. Sun, V. Chang, M. Ramachandran, Z. Sun, G. Li, H. Yu, and D. Liao, “Efficient location privacy algorithm for internet of things (iot) services and applications,” J. Netw. Comput. Appl., vol. 89, no. C, p. 3–13, Jul. 2017. [Online]. Available: https://doi.org/10.1016/j.jnca.2016.10.011
[10] B. Niu, Q. Li, X. Zhu, G. Cao, and H. Li, “Enhancing privacy through caching in location-based services,” in 2015 IEEE Conference on Computer Communications (INFOCOM), 2015.
[11] H. Li, H. Zhu, S. Du, X. Liang, and X. Shen, “Privacy leakage of location sharing in mobile social networks: Attacks and defense,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 4, pp. 646–660, 2018.
[12] K. Fawaz and K. G. Shin, “Location privacy protection for smartphone users,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ＇14. New York, NY, USA: Association for Computing Machinery, 2014. [Online]. Available: https://doi.org/10.1145/2660267.2660270
[13] Apple Inc., “Apple ios 14 preview,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://www.apple.com/ios/ios-14-preview/
[14] J. Reardon, Á. Feal, P. Wijesekera, A. E. B. On, N. VallinaRodriguez, and S. Egelman, “50 ways to leak your data: An exploration of apps’ circumvention of the android permissions system,” in 28th USENIX Security
Symposium (USENIX Security 19). Santa Clara, CA: USENIX Association, Aug. 2019. [Online]. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/reardon
[15] Common Vulnerabilities and Exposures, “Cve in android,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Android
[16] CVE Details, “Google’s android vulnerability statistics,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://www.cvedetails.com/product/19997/Google-Android.html?vendor_id=1224
[17] M. Hron, “The secret life of gps trackers (1/2),” 2019, [Online; accessed 27-July-2020]. [Online]. Available: https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/
[18] Wikipedia contributors, “Latin square — Wikipedia, the free encyclopedia,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://en.wikipedia.org/w/index.php?title=Latin_square&oldid=967783072
[19] S. Pinto and N. Santos, “Demystifying arm trustzone: A comprehensive survey,” ACM Comput. Surv., vol. 51, no. 6, Jan. 2019. [Online]. Available: https://doi.org/10.1145/3291047
[20] Wikipedia contributors, “Trusted execution environment — Wikipedia, the free encyclopedia,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://en.wikipedia.org/w/index.php?title=Trusted_execution_environment&oldid=967289182
[21] S. Mascetti, D. Freni, C. Bettini, X. S. Wang, and S. Jajodia, “Privacy in geo-social networks: Proximity notification with untrusted service providers and curious buddies,” The VLDB Journal, vol. 20, no. 4, p. 541–566, Aug. 2011. [Online]. Available: https://doi.org/10.1007/s00778-010-0213-7
[22] A. Beresford, A. Rice, N. Skehin, and R. Sohan, “Mockdroid: Trading privacy for application functionality on smartphones,” HotMobile 2011: The 12th Workshop on Mobile Computing Systems and Applications, 03 2011.
[23] V. T. Muralidharan, V. Namboodiri, and B. S. Rajan, “Wireless network-coded bidirectional relaying using latin squares for m-psk modulation,” IEEE Transactions on Information Theory, vol. 59, no. 10, pp. 6683–6711, 2013.
[24] R. Tso and Y. Miao, “A survey of secret sharing schemes based on latin squares,” 08 2018.
[25] M. Y. Hsiao, D. C. Bossen, and R. T. Chien, “Orthogonal latin square codes,” IBM Journal of Research and Development, vol. 14, no. 4, pp. 390–394, 1970.
[26] C. Colbourn, “The complexity of completing partial latin squares,” Discrete Applied Mathematics, vol. 8, no. 1, pp. 25–30, Apr. 1984.
[27] CVE Details, “Linux kernel vulnerability statistics,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33
[28] OMTP.org, “Omtp advanced trusted environment omtp tr1 v1.1,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: http://www.omtp.org/OMTP_Advanced_Trusted_Environment_OMTP_TR1_v1_1.pdf
[29] GlobalPlatform.org, 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://globalplatform.org/
[30] GlobalPlatform, “Tee system architecture v1.2,” 2018, [Online; accessed 27-July-2020]. [Online]. Available: https://globalplatform.org/specs-library/tee-system-architecture-v1-2/
[31] GlobalPlatform, “Tee client api specification v1.0,” 2010, [Online; accessed 27-July-2020]. [Online]. Available: https://globalplatform.org/specs-library/tee-client-api-specification/
[32] GlobalPlatform, “Tee internal core api specification v1.2.1,” 2019, [Online; accessed 27-July-2020]. [Online]. Available: https://globalplatform.org/specs-library/tee-internal-core-api-specification-v1-2/
[33] V. Costan and S. Devadas, “Intel sgx explained,” IACR Cryptol. ePrint Arch., vol. 2016, p. 86, 2016.
[34] David Kaplanm Jeremy Powell, and Tom Woller, “Amd memory encryption,” 2016, [Online; accessed 27-July-2020]. [Online]. Available: https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
[35] ARM Limited, “Arm trustzone technology,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://developer.arm.com/ip-products/security-ip/trustzone
[36] ARM Limited, “Building a secure system using trustzone technology,” 2009, [Online; accessed 27-July-2020]. [Online]. Available: https://static.docs.arm.com/genc009492/c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf
[37] ARM Limited, “Smc calling convention system software on arm platforms,” 2016, [Online; accessed 27-July-2020]. [Online]. Available: https://developer.arm.com/documentation/den0028/b/
[38] Wikipedia contributors, “List of countries and dependencies by area — Wikipedia, the free encyclopedia,” 2020, [Online; accessed 18-August-2020]. [Online]. Available: https://en.wikipedia.org/w/index.php?title=List_of_countries_and_dependencies_by_area&oldid=971253659
[39] A. Howse, “Minimal critical sets for some small latin squares,” Australas. J Comb., vol. 17, pp. 275–288, 1998.
[40] J. Cooper, D. Donovan, and J. Seberry, “Latin squares and critical sets of minimal size,” The Australasian Journal of Combinatorics [electronic only], vol. 4, 01 1991.
[41] T. Hara, A. Suzuki, M. Iwata, Y. Arase, and X. Xie, “Dummy-based user location anonymization under real-world constraints,” IEEE Access, vol. 4, pp. 673–687, 2016.
[42] C. Y. T. Ma, D. K. Y. Yau, N. K. Yip, and N. S. V. Rao, “Privacy vulnerability of published anonymous mobility traces,” IEEE/ACM Transactions on Networking, vol. 21, no. 3, pp. 720–733, 2013.
[43] X. Liu, K. Liu, L. Guo, X. Li, and Y. Fang, “A game-theoretic approach for achieving k-anonymity in location based services,” in 2013 Proceedings IEEE INFOCOM, 2013.
[44] ARM-software, “arm-trusted-firmware,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://github.com/ARMsoftware/arm-trusted-firmware
[45] ublox, “Neo-6 u-blox 6 gps modules data sheet,” 2011, [Online; accessed 27-July-2020]. [Online]. Available: https://www.u-blox.com/sites/default/files/products/documents/NEO-6_DataSheet_(GPS.G6-HW-09005).pdf
[46] Wikipedia contributors, “Nmea 0183 — Wikipedia, the free encyclopedia,” 2020, [Online; accessed 18-August-2020]. [Online]. Available: https://en.wikipedia.org/w/index.php?title=NMEA_0183&oldid=963303783
[47] OPTEE, “Op-tee client api,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://github.com/OP-TEE/optee_client
[48] GPSD, “gpsd —a gps service daemon,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://gpsd.gitlab.io/gpsd/index.html
[49] Kosma Moczek, “minmea, a lightweight gps nmea 0183 parser library,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://github.com/kosma/minmea
[50] Linux Programmer’s Manual, “termios(3) —linux manual page,” 2020, [Online; accessed 27-July-2020]. [Online]. Available: https://man7.org/linux/man-pages/man3/termios.3.html
[51] Wikipedia contributors, “Galois/Counter Mode — Wikipedia, the free encyclopedia,” 2020, [Online; accessed 15-August-2020]. [Online]. Available: https://en.wikipedia.org/wiki/Galois/Counter_Mode
[52] ARM Developer, “Neon,” [Online; accessed 15-August-2020]. [Online]. Available: https://developer.arm.com/architectures/instruction-sets/simd-isas/neon
[53] Wikipedia contributors, “Simd — Wikipedia, the free encyclopedia,” 2020, [Online; accessed 18-August-2020]. [Online]. Available: https://en.wikipedia.org/w/index.php?title=SIMD&oldid=972038390

指導教授

張貴雲(Guey-Yun Chang)

審核日期

2020-8-20

推文