在一個無線區域網路裡，每個節點在通信的時候，通信範圍內每個節點都聽的到。通信時的訊息封包包含了節點ID。透過三角定位，訊息強度，信號來源方位等方法，可以判斷出一個點的位置。如果對一個點進行長時間的追蹤，就可以蒐集到一些使用者資訊，侵犯到使用者的隱私。
　　一些論文透過暫停通訊後更新ID的方式來降低節點被追蹤的準確性，達到保護位置隱私的效果。由於每個節點對於隱私的要求不太一樣，因此一個機制最好是使用者導向的，可以自己決定更新ID的位置與時間。在考量到使用者導向，透過區域性同步和更新ID的方式，使得更新能夠達到最佳的位置隱私效果。
　　在設計新的機制時，會運用新方法達到更好的位置隱私效果，但有時這些方法也會透露出資訊給敵人利用，使得位置隱私的效能不增反減。我們提出ID追蹤法，針對使用交換ID的方法時，利用其一對一交換的關係，挑戰交換ID的位置隱私效能。我們另外提出一個新交換機制，透過多對多的交換，因此不受ID追蹤法的挑戰。效能評估的結果顯示，新的追蹤方法是可以有效追蹤節點的，而新機制的效能也有達到最佳的位置隱私效果。

When nodes communicate in a wireless local area network (WLAN), all nodes within transmission range hears the transmitting packet.  Every packet contains the ID of the transmitting node, and through triangulation, received signal strength and other methods, the location of the node can be detected.  Long term tracking of a node can gather user information, violating one’s privacy.
  Recent works suggests that by pausing transmission and updating ID, a node can lower the chance of being tracked and obtain one’s location privacy.  It is also suggested that a location privacy protection mechanism should be user-centric, having nodes update independently, fulfilling the different needs of each node.  Considering the need for user-centric, local synchronization and different ID updating methods are proposed to achieve optimum location privacy.
  When designing a new mechanism, new ways are proposed to achieve better location privacy, but at the same time, it can also reveal information to an adversary resulting less location privacy.  We propose a tracking method called ID tracking that can be used when a node swaps its ID with another, which lowers location privacy of the node.  We propose a new mechanism that has nodes switching their IDs and can counter the proposed tracking method.  Simulation result shows the effectiveness of the proposed tracking method against nodes that swaps IDs.  Results also show that nodes using the new mechanism have good location privacy.

中文摘要	I
英文摘要	III
目錄	V
圖表目錄	VII
第一章	緒論	1
第二章 相關背景與研究	5
2.1	概論	5
2.2	Mix-Zone[7]	7
2.3	Silent Period[6]	15
2.4	Swing & Swap[8]	18
第三章 新位置隱私保護機制	24
3.1	研究動機	24
3.2	ID追蹤法	26
3.2.1	鄰居節點為目標時，位置隱私沒有最大化	26
3.2.2	發動節點為目標時，位置隱私沒有最大化	29
3.3	新位置隱私保護機制	34
3.3.1	新機制之更新ID協定	34
3.3.2	節點使用新機制時的演算法	37
3.4	新位置隱私保護機制評估	40
第四章 模擬結果	44
4.1	模擬參數說明	44
4.2	各機制在基本追蹤法下的位置隱私效能	49
4.3	基本追蹤法與ID追蹤法追蹤Swap機制的精準度	53
4.4	Swap機制在ID追蹤法下的位置隱私效能	55
4.5	綜合結果	57
第五章	結論	60
參考文獻	63

圖2.1混合區域示意圖[13]	8
圖2.2進出混合區域之時間關係示意圖[13]	9
圖2.3混合區域之位置關係示意圖	10
圖2.4進出混合區域之時間關係示意圖	11
圖2.5 SP示意圖	16
圖2.6可到達區域與區域性廣播範圍示意圖	20
圖2.7 Swing之更新ID示意圖	21
圖2.8 Swap之交換ID示意圖	22
圖3.1Simple tracking之流程圖	25
圖3.2鄰居節點之可到達區域示意圖	27
圖3.3交換ID示意圖	30
圖3.4偵測發動節點ID示意圖	30
圖3.5尋找可能交換節點示意圖	31
圖3.6 ID追蹤法之流程圖	33
圖3.7新機制之更新ID方式示意圖	35
圖3.8節點使用機制時之流程圖	38
圖3.9(a) 節點移動狀況示意圖	41
圖3.9(b) 節點ID混合過後示意圖	41
圖3.10節點移動情況與節點ID混合示意圖	41
圖3.11更新後找出目標節點ID示意圖	42
圖3.12更新前找出可能交換節點示意圖	42
圖4.1各機制位置隱私效能之比較圖	49
圖4.2 ID追蹤法之準確性示意圖	54
圖4.3 Swap在不同追蹤法下之效能比較圖	56
圖4.4綜合結果	57

表2.1各位置隱私保護機制比較表	23
表4.1模擬參數表	44
表4.2新機制與各位置隱私保護機制比較表	59

[1]	R. P. Minch, “Privacy Issues in Location-Aware Mobile Devices,” Proc. 37th Hawaii International Conference on System Sciences, Jan. 2004.

[2] 	M. Gruteser and D. Grunwald, “Anonymous Usage of Location-Based Services through Spatial and Temporal Cloaking,” Proc. of First ACM/USENIX International Conference on Mobile Systems, Applications, and Services, May 2003, pp. 31-42.

[3]	J. Al-Muhtadi, R. Campbell, A. Kapadia, D. Mickunas, S. Yi, “Routing Through the Mist: Privacy Preserving Communication in Ubiquitous Computing Environments,” Proc. International Conference of Distributed Computing Systems, July 2002, pp.74-83.

[4]	R. Moskowitz, “Host Identity Protocol,” draft-ietf-hip-base-08.txt, IETF, June 2006.

[5]	R. Moskowitz, “Host Identity Protocol (HIP)Architecture,” RFC 4423, IETF, May 2006.
[6]	L. Huang, K. Matsuura, H. Yamane and K. Sezaki, “Towards Modeling Wireless Location Privacy,” Proc. of Privacy Enhancing Technologies, May 2005, pp. 59-77.

[7]	A. Beresford and F. Stajano, “Location Privacy in Pervasive Computing,” IEEE Pervasive Computing, vol. 2, no. 1, 2003, pp. 46-55.

[8]	M. Li, K. Sampigethaya, L. Huang and R. Poovendran, “Swing & Swap: User-Centric Approaches Towards Maximizing Location Privacy,” Proc. of the 5th ACM Workshop on Privacy in Electronic Society, Oct. 2006, pp. 19-28.

[9]	M. Gruteser and D. Grunwald, “Enhancing Location Privacy in Wireless LAN through Disposable Interface Identifiers: a Quantitative Analysis,” MASH ’03: Proc. of the 1st ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots, Sep. 2003, pp. 46-55.

[10]	IEEE 802.11 WG. http://grouper.ieee.org/groups/802/11/.

[11]	L. Huang, K. Matsuura, H. Yamane, and K. Sezaki, “Silent Cascade: Enhancing Location Privacy without Communication QoS Degradation,” Proc. of Security in Pervasive Computing, Apr. 2006, pp. 165-180.

[12]	D. Chaum, “Untraceable Electronic Mail, Return Addresses and Digital Pseudonyms,” Comm. ACM, vol. 24, no. 2, 1981, pp. 84-88.

[13]	A. Beresford and F. Stajano, “Mix Zones: User Privacy in Location-Aware Services,” IEEE International Workshop on Pervasive Computing and Communication Security, Mar. 2004, pp. 127-131.

[14]	A. Serjantov and G. Danezis, “Towards an Information Theoretic Metric for Anonymity,” Proc. Workshop on Privacy Enhancing Technologies, Apr. 2002, pp. 41-53.