Muddler: Using Oblivious RAM For A Privacy Preserving Location-Based Service
MetadataShow full item record
As smartphones become ever more prevalent, context aware applications are becoming increasingly popular. Location-based services such as Foursquare have been among the leaders of this trend. Some of the most popular location-based services offer users the ability to check-in to locations, leave tips for others and provide ratings. These applications require the user's location information to deliver a localized user experience. The release of this information raises some serious privacy concerns. We present Muddler, a privacy preserving location-based service modeled on Foursquare. The service is designed to be flexible and practical. It ensures user privacy, while withstanding threats that previously proposed designs have failed to address. Muddler uses an Oblivious RAM based data storage that is manipulated by a secure coprocessor to ensure that adversaries cannot learn about user information even if they operate the service or simply observe traffic between entities in the system. The service also exposes a public API that provides venue owners with functionality that may help them understand user behavioral patterns in an attempt to make it commercially feasible. We describe our implementation in depth and explain how the API is implemented and also discuss possible use cases. We then present a performance analysis of Path ORAM, the Oblivious RAM scheme used. We explain how we simulated realistic user check-in distributions followed by an experimental evaluation of the system. The results validate the usefulness of our proposal.