Preserving Privacy and Functionality in GeoSocial Networks
Geosocial Networks (GSNs) are social networks centered on the locations of users and businesses. GSNs such as Foursquare and Yelp allow users to register or ``check-in'' their location, share it with their friends, leave recommendations and collect prize ``badges''. Badges are acquired by checking-in at certain locations (i.e., venues), following a required pattern. Users rely on GSNs to keep track of the locations of their friends, and to receive promotional deals, coupons and personalized recommendations. For GSN providers however, the main source of revenue is location-based ad targeting. Thus, the price of participation for users is compromised privacy, in particular, location privacy. Service providers learn the places visited by each user, the times and the sequence of visits as well as user preferences, e.g., the frequency distribution of their visits.
In this project we seek solutions that balance three requirements. On one dimension, clients need strong privacy guarantees. The service provider should not learn user profile information, including (i) linking users to (location, time) pairs, (ii) linking users to any location, even if they achieve special status at that location and even (iii) building pseudonymous user profiles – linking multiple locations where the same “unknown” user has checked-in. On the second dimension, the service provider needs assurances of client correctness when awarding location-related badges. Otherwise, since special status often comes with financial and social perks, privacy would protect users that perpetrate fraudulent behaviors such as, reporting fake locations, duplicating and sharing special status tokens, or checking-in more frequently than allowed. On a third dimension, the provider needs to be able to collect certain user information. Being denied access to all user information discourages participation.
We first study geosocial networks, in an effort to confirm the relevance of
this problem. We need to understand if geosocial network subscribers are active
in terms of numbers of check-ins performed, badges obtained, users befriended
and things done at locations. We have collected publicly available data from
Foursquare and Gowalla2 using their public APIs. We have collected profiles of
781,239 Foursquare users (out of 5 million queried) and the entire Gowalla set
– 143,476 users. For every Foursquare/Gowalla user, we have gathered the user
profile, the total number of friends, check-ins and “days out” (days the user
was actively performing check-ins).
We then focus on fraudulent behaviors concerning user location reports. The use of financial incentives by GSNs introduces reasons for cheating, motivating users to commit location fraud: falsely claim to be at a location, to receive undeserved rewards or social status. Even with GPS verification mechanisms in place, committing location fraud has been largely simplified by the recent emergence of specialized applications for the most popular mobile eco-systems (LocationSpoofer for iPhone and GPSCheat for Android).
To address this problem, we exploit the insight that venues have the most to gain from properly rewarding users: their main goal is to retain customers and attract new users. We introduce XACT , a suite of venue-oriented, secure location verification mechanisms, that require participating venues to deploy minimalist equipment. To promote its adoptability, we design XACT to be not only secure and correct, but also user friendly, economical and easy to deploy. XACT consists of mechanisms that (i) broadcast unpredictable Wi-Fi SSIDs, (ii) display QR codes encoding venue certified information, and (iii) implement challenge/response protocols.
We then develop solutions to enable GSN providers to privately build a variety of badges. For instance, GeoBadge, allows users to privately prove having performed k check-ins at one venue, where k is a predefined parameter. FreqBadge extends GeoBadge with provably time-constrained check-ins as well as arbitrary values for k. e-Badge extends GeoBadge with the notion of levels of expertise, unlocked as the user performs more check-ins at new venues. MPBadge extends GeoBadge with the notion of simultaneous, co-located check-ins from multiple users.
As mentioned above, GSNs introduce a conflict: Without privacy people may be
reluctant to use geosocial networks; without user information the provider and
venues cannot support applications and have no incentive to participate. We
investigate solutions to enable the GSN provider to build aggregate location
predicates from data of users that check-in at certain locations, while
preserving the privacy of users.
Publications
Bogdan Carbunar, Mahmudur Rahman, Jaime Ballesteros, Naphtali Rishe, Athanasios V. Vasilakos.
IEEE Transactions on Information Forensics and Security (TIFS), Volume 9, Issue 4, 2014. [pdf]
Ian Michael Terry, Anita Wu, Sebastian Ramirez, Alex Pissinou Makki, Leonardo Bobadilla, Niki Pissinou, S.S. Iyengar, Bogdan Carbunar.
In Proceedings of the First National Workshop for REU Research in Networking and Systems (REUNS), Philadelphia, October 2014.
Bogdan Carbunar, Mahmudur Rahman, Niki Pissinou, Athanasios V. Vasilakos.
In the IEEE Communications Magazine, Volume 15, Issue 11, 2013. [pdf]
Bogdan Carbunar, Radu Sion, Rahul Potharaju, Moussa Ehsan.
Accepted for publication in the IEEE Transactions on Mobile Computing (TMC), 2013. [pdf]
Bogdan Carbunar, Mahmudur Rahman, Jaime Ballesteros, Naphtali Rishe.
In Proceedings of the 20th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems (GIS) - short paper.
Redondo Beach, CA, November 2012. [pdf]
Bogdan Carbunar, Rahul Potharaju.
To appear in the 9th IEEE International Conference on Mobile Ad hoc and Sensor Systems (MASS), Las Vegas, October 2012. [pdf]
Bogdan Carbunar, Radu Sion, Rahul Potharaju, Moussa Ehsan.
In Proceedings of the 10th International Conference on Applied Cryptography and Network Security (ACNS) [acceptance rate=17.1%], Singapore, June 2012 [pdf]