Abstract
The availability of mobile devices has led to an arising development of indoor location services collecting a large amount of sensitive information. However, without accurate and verified management, such information could become severe back-doors for security and privacy issues. We propose in this paper a novel Location-Based Service (LBS) architecture in line with the GDPR’s provisions. For feasibility purposes and considering a representative use-case, a reference implementation, based on the popular Telegram app, is also presented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Art. 15.1 of the GDPR: 1. The data subject shall have the right to obtain [...] the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; [...] (Right of access by the data subject).
References
Barsocchi, P., Calabrò, A., Ferro, E., Gennaro, C., Marchetti, E., Vairo, C.: Boosting a low-cost smart home environment with usage and access control rules. Sensors 18(6), 1886 (2018)
Bartolini, C., Daoudagh, S., Lenzini, G., Marchetti, E.: GDPR-based user stories in the access control perspective. In: Piattini, M., Rupino da Cunha, P., García Rodríguez de Guzmán, I., Pérez-Castillo, R. (eds.) QUATIC 2019. CCIS, vol. 1010, pp. 3–17. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29238-6_1
Bartolini, C., Daoudagh, S., Lenzini, G., Marchetti, E.: Towards a lawful authorized access: a preliminary GDPR-based authorized access. In: Proceedings of ICSOFT 2019, Prague, Czech Republic, 26–28 July 2019, pp. 331–338 (2019)
Basin, D., Debois, S., Hildebrandt, T.: On purpose and by necessity: compliance under the GDPR. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 20–37. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_2
Calabrò, A., Marchetti, E., Moroni, D., Pieri, G.: A dynamic and scalable solution for improving daily life safety. In: Proceedings of APPIS 2019, pp. 1–6 (2019)
Daoudagh, S., Marchetti, E.: A life cycle for authorization systems development in the GDPR perspective. In: Proceedings of the Fourth Italian Conference on Cyber Security (ITASEC), Ancona, Italy, 4–7 February 2020, pp. 128–140 (2020)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation). Official Journal of the European Union L119, 1–88, May 2016
Furfari, F., Crivello, A., Barsocchi, P., Palumbo, F., Potortì, F.: What is next for indoor localisation? Taxonomy, protocols, and patterns for advanced location based services. In: Proceedings of IPIN 2019, pp. 1–8. IEEE (2019)
Gellman, B., Gribbons, J.M.: Edward snowden says motive behind leaks was to expose surveillance state (2013)
Georgiou, K., Constambeys, T., Laoudias, C., Petrou, L., Chatzimilioudis, G., Zeinalipour-Yazti, D.: Anyplace: a crowdsourced indoor information service. In: Proceedings of CMDM 2015, vol. 1, pp. 291–294. IEEE (2015)
Greaves, B., Coetzee, M., Leung, W.S.: Access control requirements for physical spaces protected by virtual perimeters. In: Furnell, S., Mouratidis, H., Pernul, G. (eds.) TrustBus 2018. LNCS, vol. 11033, pp. 182–197. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98385-1_13
Greaves, B., Coetzee, M., Leung, W.S.: A comparison of indoor positioning systems for access control using virtual perimeters. In: Yang, X.-S., Sherratt, S., Dey, N., Joshi, A. (eds.) Fourth International Congress on Information and Communication Technology. AISC, vol. 1041, pp. 293–302. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-0637-6_24
Haofeng, J., Xiaorui, G.: Wi-Fi secure access control system based on geo-fence. In: Proceedings of ISCC 2019, pp. 1–6 (2019)
Konstantinidis, A., Chatzimilioudis, G., Zeinalipour-Yazti, D., Mpeis, P., Pelekis, N., Theodoridis, Y.: Privacy-preserving indoor localization on smartphones. IEEE Trans. Knowl. Data Eng. 27(11), 3042–3055 (2015)
OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
Potortì, F., Crivello, A., Girolami, M., Barsocchi, P., Traficante, E.: Localising crowds through Wi-Fi probes. Ad Hoc Netw. 75, 87–97 (2018)
Ramadan, Q., Salnitriy, M., Strüber, D., Jürjens, J., Giorgini, P.: From secure business process modeling to design-level security verification. In: Proceedings of MODELS 2017, pp. 123–133. IEEE, September 2017
Ranise, S., Siswantoro, H.: Automated legal compliance checking by security policy analysis. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 361–372. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_30
Acknowledgments
Partially Supported by CyberSec4Europe Grant Agreement ID 830929.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Barsocchi, P. et al. (2020). A Privacy-By-Design Architecture for Indoor Localization Systems. In: Shepperd, M., Brito e Abreu, F., Rodrigues da Silva, A., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2020. Communications in Computer and Information Science, vol 1266. Springer, Cham. https://doi.org/10.1007/978-3-030-58793-2_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-58793-2_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58792-5
Online ISBN: 978-3-030-58793-2
eBook Packages: Computer ScienceComputer Science (R0)