Published on August 23rd, 2017 | by Surya Venkat0
Security and Privacy in Indoor Positioning
In the technology driven world of today, location based techniques are very popular in fields which include map services, navigation services and others. Because most of the time, the user (people) are using the services indoors so service providers feel the urge to get the exact indoor positioning information. The technologies which are used for indoor location information include Bluetooth, Wi-Fi etc.
One of the fundamental question users have regarding indoor positioning systems is the user privacy and security. While user privacy and security is the top priority for many service providers, but the risks involved with technology cannot be forfeited.
In this article, we look more closely at the indoor positioning systems and security and privacy concerns of the users.
So, to start with the most basic question, how is the user data protected?
The indoor positioning systems which are client-based with Wi-Fi or Bluetooth transmitters also called beacons are extremely safe. They do not restrict user privacy in anyway. In client-based indoor positioning systems, location is not further communicated with server of the service provider rather directly with user’s smartphone. The location data is not evaluated on any account.
Also, the beacons which are extensively used in indoor positioning systems aren’t storage media to store user’s personal data. They become extremely useful in indoor navigation especially in sensitive environments like hospitals. Beacons will not store any kind of personal data or health records. So, it is safe to say that user data is protected and his privacy is guaranteed in the indoor positioning systems (most of the time).
Now, that was for the user side, How the data is protected when it comes to positioning systems which are server-based?
When it comes to anonymous analysis and tracking solutions server based application/systems which include RSSI (which is the strength of the signal between beacon/telephone or receiver), UID (which is the unique ID of beacon or mobile) and timestamp are transferred particularly to locator nodes. The given MAC address is use as an identifier for a particular mobile telephone or beacon. With the help of Hash Algorithm (SHA-1), all the device’s MAC addresses are re-used with anonymous ID’s. Making the track of original MAC address impossible. With the name of “MAC RANDOMIZATION” this process is already being done by the manufacturers of various smartphone devices.
So, is it possible that in light of all this security and privacy, a beacon network be “Hijacked”?
“Hijack” is probably the most dreaded word by most companies. It is one of the primary concerns of many companies that if their beacon infrastructure is “hijacked” what will they do? Consider the example of an unprotected beacon network navigation system of an airport operator, it can be used by a shop operator for his own navigation. But, it can easily be prevented with the help of “Rolling ID” method. With the help of this method, the ID’s which have unambiguous identification of beacons are switched automatically. The beacon network operator is the only one with the appropriate key to decode.
One of the greatest advantages of the beacon networks is that they do not distort the signal of other networks. They do not interfere in the radio networks transmission and of sensitive devices like the ones in the medical field. A beacon installed in a room where there are tons of Wi-Fi signals, then it is possible for the interference to occur. This happens because BLE and Wi-Fi share exactly the same frequency which is 2.3 GHz. The problem can be larger if the configuration of beacon is not done correctly and you can expect a lot of distorted signals and interference coming your way. However, this problem can be minimized with the help of proper configuration.