BlueStar, a privacy centric location aware system.
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
BlueStar, a privacy centric location aware system.
Aaron Quigley1, Belinda Ward2, Chris Ottrey1, Dan Cutting1 and Robert
Kummerfeld1
Smart Internet Technology Research Group, University of Sydney, Australia1
{aquigley, dcutting, ottrey, bob}@it.usyd.edu.au
Telstra Research Laboratories, Melbourne, Australia2
belinda.ward@team.telstra.com.au
Abstract. This paper provides the research background and system approach
for project BlueStar. Our aim is to develop a system using a flexible in/outdoor
location management scheme that allows for only the end-user to be aware of
their location, while still enabling them to access location-relevant information
from a centralised source. In such a system the user can choose the level of
granularity with which they provide or publish their location details in contrast
to systems in which a fixed network is used to track the user. BlueStar
addresses the need for a scalable user-centric end-to-end solution in which end-
user privacy is protected. As we show in this paper many existing indoor
tracking systems rely on special purpose receivers (badges) and transmitters in
conjunction with a costly site radio survey, neither of which is necessary in the
BlueStar model. Finally, this paper describes one possible location-aware peer-
to-peer application, using location sniffing, namely an “ad-hocracy”.
1. Introduction
A paradigm shift in human computing interaction from single person, single device
scenarios to multi person, multi-device untethered pervasive computing is currently
underway [7]. This shift supports a more seamless interaction with future ubiquitous
wireless networks, where both services and connectivity can be provided for personal
and professional activities through a range and combination of mobile computing
devices [3,5,23,24].
Research in intelligent environments, pervasive computing, sentient computing, and
ubiquitous computing is attempting to take the current context of the human activity
into account when interacting with the user [13]. Context includes information from
the sensed environment (environmental state) and computational environment
(computational state) that can be provided to alter an application’s behaviour, or is an
application state that is of interest to the user. “Context is any information that can be
used to characterise the situation of an entity. An entity is a person, place, or object
that is considered relevant to the interaction between a user and an application,
including the user and application themselves” [2].
Acknowledgements: The authors would like to acknowledge the support of the Smart
Internet CRC Australia and Telstra Research Laboratories Australia.
2 Position, Location and Navigation Symposium 2004 (PLANS 2004) Context includes, though is not limited to, spatial information (location, speed), identity (users and others in vicinity), user model (profile, preferences), temporal (time of day or year), environmental (noise, light), social (meeting, party), resources (printers, fax, wireless access), computing (network bandwidth, login), physiological (hearing, heart rate), activity (supervision, interview), schedules and agendas [2,23,24]. Based on this, context-aware applications typically fall into the three broad categories of adaptive, proactive, and automatic. To support the seamless interaction across a number of devices, context aware applications attempt to reduce the cognitive burden on the user by offering services that are adaptive, proactive, or automatic. Clearly, one aspect of context aware computing is location-awareness. Location- awareness continues to be integral to a number of research projects both for indoor and outdoor applications [3,6,9,16]. Location-aware applications include location based services, finding services such as printing or telephone that are close by, tracking individuals, goods and resources, locating friends and colleagues, and localised information and guides [2,5,8,11,17]. The research discussed in this paper proposes a user-centric method based on “location sniffing” from a fixed infrastructure, which preserves privacy by exposing only course grained location data. Unlike the hacking term sniffing (eg. packet sniffing) which pertains to stealing information from the wired or wireless infrastructure, location sniffing is a method based on simply being able to find a piece of wireless infrastructure for which the location is known. This method does not rely on the ability to access the wireless infrastructure but rather know it is there. Our method does not support all classes of location-aware applications but rather applications that do not involve tracking or locating other people [16,19,25]. Our approach couples a network-centric positioning (enhanced cell-ID) system with a fine-grained indoor location system. The goal is to allow only the end-user to be aware of their accurate location while indoors, rather than the typical approach which tracks the users. The end-user can then provide or publish, on varying levels of granularity, their location details for information or group services. We focus on addressing the need for a practical user-centric end-to-end location-awareness solution rather than on improving the accuracy of either the network positioning or indoor location tracking. Our approach does not rely on special purpose receivers (badges) and transmitters. Rather it is based on existing wireless networks in the indoor locations. To address the major privacy issue in a location-aware system, we keep the accurate location information under the user’s local control. In practice the more privacy required, the more abstract or redundant data is delivered to ensure the system cannot deduce where the person is. The rest of this paper is organized as follows. Section 2 provides a background summary of both previous approaches to this problem and research currently underway. Section 3 describes our proposed system, including a description of typical application scenarios and the development of test bed infrastructure for the experiments. Section 4 describes a hybrid intelligent environment application (adhocracy) relying on location. Finally, Section 5 outlines our conclusions for the current state of this research work.
BlueStar, a privacy centric location aware system. 3 2. Background The increasing trend in mobile hand-held personal computers and mobile phones (mobile terminals) has seen the development of many different location-aware systems and technologies. Traditionally, location-awareness is synonymous with “tracking” and the entire social, control and big-brother implications. Tracking systems typically rely on a fixed infrastructure to determine the device’s location [15,18,20] or having the mobile terminal report its own position on a regular basis. However, it is now generally considered that location-aware applications can be based on location information, which is calculated either by the mobile terminal, the infrastructure, or a combination or hybrid approach [18,19,14]. Where the device has information, which allows it to locate itself, the applications, which reside on it, are self location-aware i.e. they do not require the infrastructure to provide the location calculation [19]. This approach places the responsibility on the device to retrieve, filter or present information appropriate to the current location. Location-awareness requires a data model (location space) that can represent the locations of mobile and fixed objects. A location space can be modelled using a coordinate system (geometric) or as a set of symbols with relationships between them (symbolic) [9]. However, before we address the data model, the range of location- aware systems and technologies can be broadly divided into outdoor and indoor approaches. 2.1 Outdoors Positioning: Network Based Due to the availability of telecommunications infrastructure for mobile telephony, considerable research and development has gone into cellular telecommunications network-based location or positioning systems. These systems position a mobile handset using information such as the cell of origin (which may range in size from hundreds of meters in metropolitan areas to tens of kilometres in rural areas), measurement of signal strength, direction of arrival of the signal, base station time of arrival (based on triangulation and base station time synchronisation) and handset time of arrival (which requires special purpose hardware in the handset). To date there has been no convergence on a common standard for cellular positioning. For example, a method called Enhanced Observed Time Difference is included in the GSM standard, but is not yet supported by many network providers. 2.2 Indoor Positioning One of the earliest indoor location-aware system was developed by researchers at Xerox Palo Alto Research Centre (PARC) who created a system to gather location data from special ID badges worn by each person. The collection points throughout the campus would then feed the location information into a central computer. The information in this system represented an accurate picture of where Xerox's PARC employees were at all times. The system, once deployed, faced two major challenges: identifying useful applications (follow-me phone, employee locator, and ad-hoc meeting planner were proposed) and the objections of some employees who
4 Position, Location and Navigation Symposium 2004 (PLANS 2004)
participated in the study to having their every move tracked and recorded (the big-
brother effect). The project produced a few patents but no commercial outcomes [11].
Fig. 1. Bat tag and infrastructure grid.
Research during the late 90’s at AT&T Research lab in Cambridge, UK saw the
development of a location-aware system called the Active Bat system [12]. This
system consists of a controller, a fixed node receiver infrastructure and a number of
active bat tags, as shown in Figure 1. The system operates using a combination of, RF
and ultrasound time-of-flight to estimate each tags location. Each tag emits a series of
ultrasonic pulses ( P1, P2, P3, P4 …) directed to a matrix of receiving nodes mounted on
the ceiling in each room, as shown in Figure 1. The system collects the time
at which each receiver measures the pulses ( P1, P2 , P3, P4 …) and, based on the speed
of the sound waves, determines the location at times (t1, t2, t3, t4…). Although
sensitive to the inter-node placement and requiring a large receiver node
infrastructure, the system can achieve sub-10cm accuracy. The largest test-bed
developed consisted of 720 receivers and 6 radio cells covering an area of
approximately 1000 m2 on three floors. In practice the system was able to determine
the positions of up to 75 objects per second while being accurate to approximately
3cm in three dimensions [18].
The Cricket system from MIT uses a combination of RF and ultrasound technologies
allowing a small “listener” device, which can be carried or attached to equipment, to
estimate its distance to the closet beacon [19]. The infrastructure is based on a
number of non-networked ceiling-mounted beacons fixed throughout a building. The
beacons transmit an RF pulse to a device called a listener. Each listener, upon receipt
of the first few RF bits from the beacon, turns on its ultrasonic receiver to listen for
the upcoming ultrasonic pulse and location data. Based on the measured time
difference between the first RF signal and the ultrasonic signal, the cricket device can
determine the distance to the beacon.
The benefits of the approach employed in the Cricket system include:
• decentralised scalability with no grid of ceiling sensors
• mobile listeners performing the timing and location computation functions
• user-privacy and low cost.BlueStar, a privacy centric location aware system. 5
However the drawback is that the special purpose listeners, decentralized architecture,
and receiver side computation place a significant power burden on each listener.
The RADAR system from Microsoft Research is an RF in-building user location and
tracking system using 802.11b wireless LAN technology [10]. This approach, which
is analogous to efforts in the Merino System [24] and Aura, uses the signal strength to
measure the distance between each Access Point (AP) and the mobile terminal. These
distances, in conjunction with an estimated signal propagation model or one obtained
from a site survey is used to compute the 2D position by trialateration. Such systems
typically operate with a sub-5m accuracy.
Table 2 (adapted from [16]) shows, in brief, the range of location technologies with
the corresponding location model and identifier employed.
Table 1. Location technologies and location model.
Technology Location Space Location Identifier Model
Active Bat Set of sensors Sensor identifier Symbolic
GPS Coordinate Coordinate tuple Geometric
system
ruserd (unix) Set of terminals IP address Symbolic
GSM Cell-ID Set of location MSC/VLR address Symbolic
areas
Typical Radar Coordinate Coordinate tuple Geometric
system
3. Bluestar
BlueStar aims to build a system using scaleable indoor and outdoor location
management schemes. Here the goal is to allow only the end user to be aware of their
accurate location while indoors, akin to the Cricket system, rather than a system such
as the Active Bat, which tracks the user.
In BlueStar the end-user can provide or publish, on varying levels of granularity, their
location details for information or group services. Much of the existing research in
this area has focused on improving the accuracy of either the network positioning or
indoor location tracking, rather than addressing the need for a scalable user-centric
end-to-end solution. Further, many indoor tracking systems rely on special purpose
receivers (badges) and transmitters in conjunction with a costly site “radio survey”.
The accuracy of the location computation is then typically a function of the resolution
of the radio survey.6 Position, Location and Navigation Symposium 2004 (PLANS 2004)
3.1 Typical Application Scenarios
The application scenarios in BlueStar are centred on people moving from outdoor
environments into confined indoor or localised situations. These indoor situations
may require the provision of both fine-grained maps in conjunction with location
dependent data.
Typical application scenarios include a large multi-storey shopping centre located in a
metropolitan area and a large sporting complex such as Olympic park outside of
Sydney, Australia.
In the shopping centre scenario: A user invokes their BlueStar application on their
Bluetooth enabled smart phone as they approach a large metropolitan shopping
centre. This invocation causes the application to send a network query for a map of
the local area (in SVG format) and information about wireless devices in that area,
including their identities, positions relative to the map, and associated data such as the
names of associated shops. Once the handset-resident application sniffs one of these
wireless devices, it places the user on the map and displays (either visually or aurally)
the data associated with that wireless device. The application may then request more
refined data relating to its newly identified location from the network. This pattern of
interaction continues, with the handset application determining its own position by
sensing wireless nodes, and then using this to position the user on an appropriate map
and to push location dependant meta-data such as shopping offers, specials, lists and
catalogues to the user. To ensure the user’s privacy the number of network
interactions should be small to ensure the user’s exact location and the network
cannot determine shopping patterns. This requires that each request return coarse-
grained pieces of data.
In the Olympic park scenario, a user in the park invokes the BlueStar application and
wireless devices within the buildings of the park act as beacons. The application
proceeds to download a detailed park map, along with information about wireless
access points, and daily information about events, opening times, booking details, and
historical information about the Olympics of 2000. As the user moves from venue to
venue more appropriate mapping and data is displayed.
3.2 Deducing Location
In BlueStar the indoor location information is deduced by handset/PDA-resident
(mobile terminal) applications, which combine two sources of information:
• Details about the local wireless infrastructure, which are provided based on
system knowledge of the user’s approximate location from the GSM network
positioning system.
• Evidence from passive sniffing of existing wireless infrastructure (Bluetooth
or 802.11b) or low-cost beacons.
The novel aspect of this system is that it combines network based geographic
positioning with local symbolic location information obtained using sniffed
information from existing wireless networks in the indoor locations. It allows only
the end user to be aware of their accurate location, since the network is only used to
determine their location to a very low resolution.BlueStar, a privacy centric location aware system. 7
The drawbacks of many of the existing location-aware systems described in section 2
include:
• the requirement for special purpose expensive infrastructure,
• the requirement for special purpose tags or locator devices,
• the need to authenticate or formally introduce transmitter and receiver,
• user privacy is compromised because the system keeps track of each
receiver, and
• system development is focussed on improving location accuracy.
Our approach addresses the major privacy issue by keeping the high-resolution
location information under the user’s local control. The more privacy someone
wants, the more abstract or redundant data that must be delivered to ensure the system
cannot deduce where the person is. Further, by including a network-centric approach
to the delivery of the mapping, local information and local wireless network
information, the proposed system can be deployed and tested on a large scale.
The primary research component is to develop a scalable delivery and data encoding
mechanism for both the location mapping and location-tied data. The primary
development component of this project is to integrate the approximate network
location technologies currently available with the low-cost localised location-
awareness. Typically, the handset-resident application will query the GSM network
for its approximate location, which will then trigger the delivery of high level
mapping, local information and existing local wireless network information, which
we refer to as MIW (Mapping, Information, Wireless) data.
The local wireless network information delivered will allow the application to
perform a number of tasks: the ability to position the end-user on a venue specific
map, the ability to deliver data when in particular regions of the venue, and the ability
to ask the GSM network for more localised MIW data. This refinement approach
ensures the user’s privacy as the GSM network isn’t being tasked with keeping track
of individuals on a micro level. Here the handset-resident application keeps track of
the user’s location and only queries the GSM network for macro information. Our
approach to location-awareness addresses both scalability and privacy concerns.
3.3 System Architecture
The architecture consists of a number of server-side components with which the
BlueStar server communicates. The handset-resident application transmits to only the
BlueStar server across a GPRS connection. Once the handset-resident location
module makes its initial inquiry, the BlueStar server contacts the location gateway
(typically a GSM mobile positioning centre (MPC)) to determine the handset’s
approximate location. This approximate location is used to query the information
gateway, the wireless infrastructure gateway, and for a map-based application, the
mapping gateway. Rather requiring the handset-resident application to cache all
mapping data and wireless details for all possible locations, utilising the approximate
location measurement allows BlueStar to extract a smaller portion of the world model
for delivery to the handset-resident application. This portion of the world model is
still large enough to ensure the system cannot micro-locate the end user.8 Position, Location and Navigation Symposium 2004 (PLANS 2004) The information consists of enough data for the handset-resident application to locate itself within the indoor setting. Along with this, an amount of SVG data is transmitted which allows the mapping application to render a high-level view of the area. Once the handset-resident application sniffs a wireless device of which it knows the location, it places the user on the map and then uses that location to request more refined data from the network. This pattern of interaction continues, with the handset application determining its own position and then using this to locate the user on an appropriate map and to push location-dependent data such as shopping offers, specials, lists and catalogues. We have developed a range of adaptor and battery based low-cost Bluetooth beacons that provide no data access functionality but instead act as discoverable Bluetooth devices. These simplified devices require no network connectivity and have been built into the form factor of an electrical plug, car cigarette lighter socket or even light bulb. 4. Hybrid Intelligent Environment Application: Adhocracy Although not providing a full context-aware system, BlueStar consists of many of the features common to client-server intelligent environments (IE). Broadly speaking, IEs can be broken into three classes defined as Client-Server, Peer-to-Peer and Hybrid. The Client-Server model involves fixed infrastructure providing services to mobile devices, such as a BlueStar system. The Peer-Peer model involves no fixed infrastructure. All storage and computation is intrinsic to the mobile devices that communicate without centralised coordination. The Hybrid model simply combines the two. e.g. communication between mobile devices may be Peer-to-Peer but devices may use a service from the infrastructure to initiate the communication. The BlueStar system, without the mapping or information data can be considered a hybrid model. In this way the handset-resident BlueStar module determines its location but receives application data only with other devices in the vicinity (rather than from the BlueStar server in our current implementation). An adhocracy is a style of IE that allows the storage of location-relevant information in such a way that it cannot be controlled or censored by a minority of individuals. This is achieved by storing the information not in centrally administered servers but across a multitude of mobile devices, using concepts similar to robust distributed file systems such as Freenet [1]. The core concept is democratisation of information by keeping it in a physical location without any fixed storage infrastructure, unlike the basic BlueStar model. The implications of this concept are several, but a primary use of adhocracy is envisioned to be the tagging of physical locations without the possibility of censorship. Since there are no centralised servers storing the information, it cannot be easily modified or removed. Building a location-based ad hoc information storage service requires at least two major elements: a way of determining mobile devices' locations, and a way of storing information. Since the concept of location itself is fundamentally fixed, some sort of fixed infrastructure is highly desirable to determine a mobile device's location. Wi-Fi
BlueStar, a privacy centric location aware system. 9
triangulation, GPS and BlueStar beacons are some examples of fixed infrastructure
that could be used either individually or in concert. (These technologies, though often
controlled by individual corporations in practice would not be involved in the actual
storage of information in an adhocracy.) Various sensor data could be combined or
fused to improve the accuracy of the location estimate. In fact, the actual method of
determining location is relatively unimportant, providing it can be transformed to
some canonical representation suitable for the system. In contrast to the problem of
physical location determination, storing information in an adhocracy does not
necessarily require any fixed infrastructure, only an identifier tying it to a particular
location.
A sample scenario of an adhocracy involves a shop that sells inferior products. After
several customers have discovered this fact for themselves, they may like to leave a
piece of “digital graffiti” on the shop-front informing other adhocracy users. Since the
graffiti is stored on the devices that pass through the area near the shop, there is no
way for the shop owner to censor the opinions. However they may be able to jam or
spam the location with irrelevant information, which is an issue worthy of attention.
The adhocracy concept is a Hybrid IE. It relies on fixed infrastructure, such as
BlueStar, to help mobile devices determine their locations but information in the
system is stored across the mobile devices themselves.
5. Conclusions
Our research and development for BlueStar continues as location-aware services are
slated to be the “killer application” for the next generation of mobile phones which
incorporate large displays, more memory and substantially more processing power
and battery. Along with the natural evolution of mobile phones there is now a
confluence of PDA and mobile functionality into more powerful and flexible
computing devices with “always on” capabilities.
The drive by telecommunication operators to distinguish their products in the fiercely
competitive mobile service sector may see the investment in location-aware services
explode. By focusing on an end-to-end and privacy-centric approach to location-
awareness the techniques and methods developed in this project can be readily
deployed by a telecommunications provider.
Finally, as experience in the Japanese market has shown, commercial partners such as
large business, banks, and services firms are often willing to use mobile application
technology in the provision of customised information for their customers. In a
similar manner, the mapping and data for a citywide BlueStar application, including
museum, shopping centres, government offices and commercial centres may be paid
for by a combination of commercial sponsorship and low-cost end-user pricing.
6. References
[1] Clarke, I., Sandberg, O., Wiley, B. and Hong, T.W., “Freenet: A Distributed Anonymous
Information Storage and Retrieval System”.10 Position, Location and Navigation Symposium 2004 (PLANS 2004)
[2] Salber, D., Dey, A. K., Orr, R. J., and Abowd, G. D. “The Context Toolkit: aiding the
development of context-enabled applications”. In Proceedings of the 1999 Conference on Human
Factors in Computing Systems, pages 434-441, Pittsburgh, PA.
[3] Andreas Butz, Jorg Baus, Antonio Kruger, “Different Views on Location-Awareness”, Technical
Report University of Saarbrucken.
[4] Elliot D. Caplan, “Understanding GPS: Principles and Applications”, Artech House, Boston, 1996
[5] George W. Fitzmaurice. “Situated information spaces and spatially aware palmtop computers”.
CACM, 36(7):38–49, July 1993.
[6] M. van Steen, F. J. Hauck, G. Ballintijn, and A. S. Tanenbaum. “Algorithmic Design of the Globe
Wide-Area Location Service”. The Computer Journal, 41(5):297–310, 1998.
[7] Mark Weiser and John Seeley Brown. 1997. “The Coming Age of Calm Technology”. In Beyond
Calculation: The Next Fifty Years of Computing. Peter J. Denning and Robert M.Metcalfe (eds).
Springer Verlag. 75-85.
[8] Joseph F. McCarthy, Eric S. Meidel, “ACTIVEMAP: A Visualization Tool for Location-
Awareness to Support Informal Interactions”, Proceedings of the International Symposium on
Handheld and Ubiquitous Computing (HUC ’99)
[9] Mike Spreitzer and Marvin Theimer. 1993. “Providing Location Information in a Ubiquitous
Computing Environment”. In Proceedings of the 14th ACM Symposium on Operating Systems
Principles (SIGOPS ’93). 270-283.
[10] P. Bahl, N. Padmanabhan: “RADAR: An In-Building RF-based User Location and Tracking
System”, in Proceedings of IEEE INFOCOM 2000, Vol. 2, Tel-Aviv, Israel (March 2000
[11] Pountain, Dick, "Track People with Active Badges", BYTE, Dec. 1993, pp. 57,58,62,64.
[12] R. Want, A. Hopper, V. Falcao and J. Gibbons, "The Active Badge Location System”, ACM
Transactions on Information Systems, pp. 91-102, Jan. 1992.
[13] Schmidt et al.; "Advanced Interaction in Context"; Lecture Notes in Science 1707, Sep. 1999. pp.
89-101.
[14] Spreitzer, M. and M. Theimer, "Providing Location Information in a Ubiquitous Computing
Environment'', Proc. 14th Symposium on Operating System Principles, ACM Press, December
1993, pages 270-283.
[15] “Ultrasonic Location System”, The Oliveti & Oracle Research Laboratory, Oct. 16, 1998.
[16] Ulf Leonhardt, “Supporting Location-Awareness in Open Distributed Systems”, PhD thesis,
Department of Computing, Imperial College of Science, Technology and Medicine, University of
London, May 1998.
[17] Want, Roy, et al., "Active Badges And Personal Interactive Computing Objects", IEEE
Transactions, Feb. 1992, pp. 10-20.
[18] Ward, A. Jones and A. Hopper, "A New Location Technique for the Active Office", IEEE
Personal Communications, vol. 4, No. 5, pp. 42-47, Oct. 1997.
[19] N. Priyantha, A. Chakraborthy and H. Balakrishnan, “The Cricket Location-Support System”,
Proceedings of International Conference on Mobile Computing and Networking, pp. 32-43,
August 6-11, 2000, Boston, MA
[20] N. Bulusu, J. Heidemann and D. Estrin, “GPS-less Low Cost Outdoor Localization For Very
Small Devices”, IEEE Personal Communications Magazine, Special Issue on Networking the
Physical World, August 2000.
[21] G.M. Djuknic and R.E. Richton. “Geolocation and assisted GPS”. IEEE Computer, pages 123–
125, February 2001.
[22] M. W. Kadous and C. Sammut, “Mobile Conversational Characters”, Workshop on Virtual
Conversational Characters, Human Factors Conference, Melbourne Australia 2002.
[23] Andy Harter, Andy Hopper, Pete Steggles, Andy Ward, and PaulWebster. “The anatomy of a
context-aware application”. In MOBICOM 1999, pages 59–68, August 1999.
[24] Bob Kummerfeld, Aaron Quigley, Chris Johnson, Rene Hexel, “Merino:Towards an intelligent
environment architecture for multi-granularity context description”, Workshop on User Modeling
for Ubiquitous Computing, UM June 2003 Pittsburgh, USA.
[25] Schmidt, A. and Beigl, M. “There is more to context than location” Environment sensing
technologies for adaptive mobile user interfaces, 1998.You can also read
