Privacy-Preserving Location-Aware Data Availability and Access Authorization in Public Safety Broadband Networks

Abstract

The increased demand for interoperability among Emergency Responders (ERs) and timely accessibility to a large amount of reliable, accurate, context and location aware, and privacy-preserved data (e.g., environmental data, health records, building plan, etc.), mandates the emergence of dedicated Public Safety Broadband Networks (PSBNs). However, realizing PSBNs and addressing such requirements encounters substantial challenges. For example, several security and privacy vulnerabilities have been detected in the Long Term Evolution (LTE) which is the leading enabler of PSBNs. Nonetheless, the more significant challenge lies under the corresponding data requirements. This is because data is unstructured, its volume is enormous, and it includes inaccurate, irrelevant, and context-free data. Moreover, the data sources are heterogeneous and may not be reachable in an emergency. Furthermore, the data contains personally identifiable information for which privacy and access authorization should be respected. In this thesis, we investigate and address the aforementioned challenges. Here, we propose an efficient and secure algorithm to mitigate the main security and privacy vulnerability of LTE. In addition, to provide context and location aware data availability during an emergency, we propose a secure data storage structure and privacy-preserving search scheme. Furthermore, we propose a location-aware data access model to filter irrelevant data with regards to an incident and prevent unauthorized data access. To envision our access model, we propose a location-aware fine grained access authorization scheme. Our security analysis shows that our search scheme is secure against a chosen keyword attack and the proposed authorization scheme is formally proven secure against a selective chosen ciphertext attack. Concerning performance efficiency, our search scheme requires minimal data search and retrieval delay and the proposed authorization scheme imposes constant communication and decryption computation overheads. Finally, we propose a context-aware framework, which fully complies with emergency response requirements, based on the concept of trust to filter-out inaccurate and irrelevant data. The integration of our contributions promises highly reliable, accurate, context and location aware, and privacy-preserved data availability and timely data accessibility.