Upload
louise-henderson
View
216
Download
0
Embed Size (px)
Citation preview
1
Realtime Location Privacy Via Mobility PredictionCreating Confusion at Crossroads
Joseph Meyerowitz Romit Roy ChoudhuryUndergraduate Senior, Asst. Professor ECE and Physics, Dept. of ECE and CSDuke University Duke University
2
Context
Better localization technology+
Pervasive wireless connectivity
=
Location-based pervasive applications
3
Location-Based Apps
For Example: GeoLife shows grocery list on phone when near WalMart Micro-Blog allows querying people at a desired region Location-based ad: Phone gets coupon at Starbucks …
Location expresses context of user Facilitating content delivery
Location is the IP addressLocation is the IP addressIts as if for content
4
Double-Edged Sword
While location drives this new class of applications,it also violates user’s privacy
Sharper the location, richer the app, deeper the violation
5
While location drives this new class of applications,it also violates user’s privacy
Sharper the location, richer the app, deeper the violation
Moreover, range of apps are PUSH based.Require continuous location information
Phone detected at Starbucks, PUSH a coffee coupon Phone located on highway, query traffic congestion
Double-Edged Sword
6
Location Privacy
Problem:
Research:
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Continuous location exposurea serious threat to privacy
Continuous location exposurea serious threat to privacy
Preserve privacy without sacrificing the quality of
continuous loc. based apps
Preserve privacy without sacrificing the quality of
continuous loc. based apps
7
Just Call Yourself ``Freddy”
Pseudonymns Effective only when infrequent location exposure Else, spatio-temporal patterns enough to deanonymize
… think breadcrumbs
Romit’s OfficeRomit’s Office
John Leslie Jack Susan
Alex
8
Add Noise
K-anonymity Convert location to a space-time bounding box Ensure K users in the box Location Apps reply to boxed region
Issues Poor quality of location Degrades in sparse regions Not real-time
YouBounding Box
K=4
9
Confuse Via Mixing
Path intersections is an opportunity for privacy If users intersect in space-time, cannot say who is who
later
Issues Users may not be collocated in space and time Mixing still possible at the expense of delay
10
Existing solutions seem to suggest:
Privacy and Quality of Localization (QoL) is a zero sum game
Need to sacrifice one to gain the other
11
Our Goal
Break away from this tradeoff
Target: Spatial accuracyReal-time updatesPrivacy guarantees
Even in sparse populations
We design: CacheCloakWe design: CacheCloak
12
CacheCloak Intuition
Exploit mobility prediction to create future path intersections
User’s paths are like crossroads of breadcrumbsApp knows precise locations, but doesn’t know the user
13
CacheCloak
Assume trusted privacy provider Reveal location to CacheCloak CacheCloak exposes anonymized location to Loc. App
CacheCloakCacheCloak
Loc. App1Loc. App1 Loc. App2Loc. App2 Loc. App3Loc. App3 Loc. App4Loc. App4
14
CacheCloak Design
User A drives down path P1 P1 is a sequence of locations CacheCloak has cached response for each location
User A takes a new turn (no cached response) CacheCloak predicts mobility Deliberately intersects predicted path with another path
P2 Exposes predicted path to application
Application replies to queries for entire path
CacheCloak always knows user’s current location Forwards cached responses for that precise location
15
CacheCloak Design
Adversary confused New path intersects paths P1 and P2 (crossroads) Not clear where the user came from or turned onto
Example …
17
Benefits
Real-time Response ready when user
arrives at predicted location
High QoL Responses can be specific to location Overhead on the wired backbone (caching helps)
Entropy guarantees Entropy increases at traffic intersections In low regions, desired entropy possible via false
branching
Sparse population Can be handled with dummy users
18
Quantifying Privacy
City converted into grid of small sqaures (pixels) Users are located at a pixel at a given time
Each pixel associated with 8x8 matrix Element (x, y) = probability that user enters x and exits
y
Probabilities diffuse At intersections Over time
Privacy = entropy
x
y
€
Euser = − pipixels∑ log pi
pixel
19
Diffusion
Probability of user’s presence diffuses Diffusion gradient computed based on history i.e., what fraction of users take right turn at this
intersection
Time t1
Time t2
Time t3
Road Intersection
20
Evaluation
Trace based simulation VanetMobiSim + US Census Bureau trace data Durham map with traffic lights, speed limits, etc.
Vehicles follow Google map paths Performs collision avoidance
6km x 6km10m x 10m pixel
1000 cars
6km x 6km10m x 10m pixel
1000 cars
21
Results
High average entropy Quite insensitive to user density (good for sparse
regions) Minimum entropy reasonably high
23
Issues and Limitations
CacheCloak overhead Application replies to lots of queries However, overhead on wired infrastructure Caching reduces this overhead significantly
CacheCloak assumes same, indistinguishable query Different queries can deanonymize Need more work
Per-user privacy guarantee not yet supported Adaptive branching & dummy users
24
Closing Thoughts
Two nodes may intersect in space but not in timeMixing not possible, without sacrificing timeliness
Mobility prediction creates space-time intersectionsEnables virtual mixing in future
25
Closing Thoughts
CacheCloak Implements the prediction and caching function
Significant entropy attained even under sparse population
Spatio-temporal accuracy remains uncompromised
26
Final Take Away
Chasing a car is easier on highways …Much harder in Manhattan crossroads
CacheCloak tries to turn a highway intoa virtual Manhattan
… Well, sort of …
28
Emerging trends in content distribution
Content delivered to a location / context As opposed to a destination address
Thus, “location” is a key driver of content delivery
IP address : Internet = Location : CDN
New wave of applications
29
Emerging trends in content distribution
Content delivered to a location / context As opposed to a destination address
Thus, “location” is a key driver of content delivery
IP address : Internet = Location : CDN
New wave of applications
31
Location Privacy
Problem:
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Continuous location exposuredeprives user of her privacy.
Continuous location exposuredeprives user of her privacy.
32
Location Frequency
Some location apps are reactive / infrequent E.g., List Greek restaurants around me now (PULL)
But, many emerging apps are proactive E.g., Phone detected at Starbucks, PUSH a coffee coupon
33
Location Frequency
Some location apps are reactive / infrequent E.g., List Greek restaurants around me now (PULL)
But, many emerging apps are proactive E.g., Phone detected at Starbucks, PUSH a coffee coupon
Opportunity for Big Bro to track youover space and time
Proactive apps requirecontinuous location
Proactive apps requirecontinuous location
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
34
Categorizing Apps
Some location apps are reactive You ask, App answers E.g., Pull all Greek restaurants around your location
But, many emerging apps are proactive E.g., Phone detected at Starbucks, PUSH a coffee coupon
35
Categorizing Apps
Some location apps are reactive You ask, App answers E.g., Pull all Greek restaurants around your location
But, many emerging apps are proactive E.g., Phone detected at Starbucks, PUSH a coffee coupon
Proactive apps requirecontinuous location
Proactive apps requirecontinuous location
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.