A Novel Framework for LBS Privacy Preserving in Dynamic Context Environment

ACOMP 2011A Novel Frameworkfor LBS Privacy Preservingin Dynamic Context EnvironmentLe Nguyen Duy VuNguyen Le VinhNguyen Ngoc TuanDo Son ThanhTran Trung HienDang Tran KhanhGood morning everyone,My name is Vu.Nice to meet you at ACOMP 2011.My presentation, named A Novel Framework for LBS Privacy Preserving in Dynamic Context Environment, presents to you a novel solution to current privacy problem in LBS.1Outline2Location-based services: privacy concerns in dynamic-context environmentPrivacy preserving based on an evaluating systemThe proposed frameworkDemoConclusionMy speech contains 5 parts.At first, Ill inform you about current state of Location based services and the privacy concerns.Then, Ill explain our approach to preserve user privacy.After that, Ill present the details the proposed framework.And, before giving the conclusion, Ill show you a demo to illustrate how the system works.Lets start here.2Outline3Location-based services: privacy concerns in dynamic-context environmentPrivacy preserving based on an evaluating systemThe proposed frameworkDemoConclusionMy speech contains 5 parts.At first, Ill inform you about current state of Location based services and the privacy concerns.Then, Ill explain our approach to preserve user privacy.After that, Ill present the details the proposed framework.And, before giving the conclusion, Ill show you a demo to illustrate how the system works.Lets start here.3Location-based service: Definition [1]4In an abstract wayA certain service that is offered to the users based on their locationsLocation based service is a kind of service that is primarily based on users location to provide value added services.User get access to LBS by using any geolocation-ready mobile device and connecting to service provider via cellular network operators or radio stations4Location-based service: Everywhere5Location-based traffic reports:What is the estimated time travel to reach my destination?Location-based store finder:Where is my nearest fast food restaurant?Location-based advertisement:Send E-coupons to all customers within five miles of my store.

Basically, LBS answer three questions: Where am I? Whats around me? How do I get there?. Here some examples.That LBS help you navigate when travelling.or to locate the nearest KFC.Since it appearance, LBS brings a lot of conveniences that help us in everyday situation of today world.However that innovation have both pros and cons. Thing we should be aware of is user privacy.5Privacy concenrns in LBS6

New technologies can pinpoint your location at any time and place. They promise safety and convenience but threaten privacy and security Cover story, IEEE Spectrum, July 2003 YOU ARE TRACKED!!!!

New technologies such as new generation of GPS satellites pinpoint your location more and more accurately.This not only bring convenience but also threaten privacy. Location leak may make user to be victim of burglar or harashment.Attacker may illiegal access your location data, maybe by evesdropping the transmission between you and service provider, or by violate the provider databases.

6Steadly growing with variety of servicesLocation-based service: Now7

Even when the privacy problem remains, location based services still increasing their polularity.The picture show the number of applications using context/location on Apple store by month 2008/2009.7Location-based service: Now8

There a more and more LBS ranging from information and entertainment services, such as Friend & Family Finder or Social Networking, ...8Context-enabling flourishes the quality of LBSLocation-based service: Now9

Eventually, for competing with others, several service provider try to add more added value by encourage their customer to share information other than location data. Such information covers your social relationship, daily activities, whose term are very common in social networking apps.Obviously, the more data you share, the more risk to your privacy.9Location-based service becoming context-aware service [2] 10

This picture is another view of LBS.Since more and more LBS include information other than location data, they should be considered as a context aware services.From now on, we use the term context to cover every pieces of information relevant to LBS provisioning between user and service provider.Thats the need for any modern privacy preserving technique, to take into concern that context, in order to work more effectively.10Key Problem11Users want to entertain LBS without revealing their sensitive-informationService providers must provide suitable privacy techniques concerning user current contextrobust enough to protect users informationensure service qualityHere I re-identify the key problem before going to our solution:User want to entertain LBS without revealing their sensitive information.For that reason, service provider must have the ability to provide to privacy mechanism to protect the user privacy.The chosen technique must be robust enough to protect users data in her current context, but still ensure the quality of service.11Outline12Location-based services: privacy concerns in dynamic-context environmentPrivacy preserving based on an evaluating systemThe proposed frameworkDemoConclusionNow we move to part 212Motivation and Approach13Motivation: offer the ability of privacy preserving and evaluating to service providersContext-using LBSs raise difficulties in evaluating privacy algorithm, because:Different services require different techniquesChoice of algorithms varies according to users current contextThe problem motivates us to develop a tool that supports Service Provider in preserving and evaluating privacy.But evaluating privacy algorithms is not an easy task. That the using of context in LBS provisioning which raise major difficulties:Firstly, services diversify from each other and require different class of privacy algorithm.Secondly, even each type of service varies the choice of algorithms according to current context .

13Motivation and Approach (cont.)14Approach: employ existing privacy preserving algorithmsevaluate privacy resultsmodify the outputs (if necessary)Privacy Algorithm ResultEvaluatingRefiningOutputOur approach is employing existing privacy algorithms and then evaluating the outputs and refining if neceesaray. Refining means we can change some input parameters or modify the outputs,in order to achieve a proper privacy level according to every gathered context data.14Privacy algorithms [3, 4]15Location obfuscationie. Location pertubation

Here I review some major classes of location privacy algorithm.Location obfuscation. One example of it is to fake real position with other one.15Privacy algorithms (cont.)16Location k-anonymity

10-anonymity

And location k-anonymity. User hide himself behind a group of k individuals.16Attack and Defense Models [5, 6]17Attack models categorized on adversary background-knowledgeAttack exploting Quasi-IndentifiersSnapshot or Historical attackSingle or Multiple-Issuer AttackAttack exploiting Knowledge of the Defense

Value the defense by metric:Snapshot, single-issuer, def-aware attack: Reciprocity Historical, single-issuer attack:memorization (i.e. historical k-anonymity) Mutiple issuers attack: m-invariance

Recently, we studied the attack models against k-anonymity algorithms. These models are classified based on background knowledge of the adversary.So that, attacks differ from what is quasi-identifiers, whether the attack is snapshot or historical, single or multiple issuer, and varies on how much it knows about the defense mechanism.We also identified several metric, such as reciprocity, memorization, and m-Invariance. Each of them allow us to evaluate the privacy defense algorithm against a specific attack case.17Related systems (1/4)18An index-based privacy-preserving service-trigger by Y. Lee, O. Kwon [7]

We also study several related systemm identify the valuable idea to our make our system more practical.First system is privacy-preserving service trigger by Y. Lee, O.Kwon. Their system aims to support the service providers to supply more acceptable technical characteristics to the user while still maintains a proper level of privacy protection. Users surveys on privacy concern are collected into database for later deducing a proper privacy protection level. 18Related systems (2/4)19An index-based privacy preserving service trigger by Y. Lee, O. Kwon [7]

AdvantageEasy implementation & good performance

DisadvantagesData mostly based on user feelingStatic context, lack of context managent methodHowever, this approach has an obvious weakness that it only relies on static context (user input barely changes over time) and on user awareness. The reason is the system has no mechanism for managing and handling dynamic context efficiently (context information at the time of request processing)19

Related systems (3/4)20CARE Middleware [8]The second system is CARE middleware. They introduce a systematic way to manage dynamic context efficiently with the use of Profile Managers. They manage the context data collected from user, the service provider and the network operator. 20Related systems (4/4)21CARE Middleware [8]

AdvantagesManage context effeciently and dynamicallyResults can be used directly for privacy algorithmsScalability

DisadvantagesNo mechanism to evaluate privacy techniquesHowever, the system does not provide any mechanism to evaluate privacy techniques. Our work takes account of the strengths of the above approaches. 21Outline22Location-based services: privacy concerns in dynamic-context environmentPrivacy preserving based on an evaluating systemThe proposed frameworkDemoConclusion22Architecture overview23

In order to guarantee the practicality, we need a good LBS middleware platform to deploy our privacy preserving tool based on.Such system is the Locationet middleware.We extend Locationet by adding Evaluation module, which depict our tool of privacy preserving and evaluating. It also interacts with Profile Manager module that devoted manage the context information.23The proposed framework24

This picture present our proposed framework in more details.This box depict the Evaluation module.We consider three entities that affect a service query: the user and his devices, the service provider and the content provider.Each of them have their corresponding Profile manger. We use the term profile to denote the set of context collected and managed by a certain entity, among user, service and content provider.(pause)The entire system works as follow:First, user request goes through User Gateway then is parsed to suitable format by Query Parsing. Then, Context Aggregation (3) merges the query relating context collected from Profile Manager Modules.Privacy Module now use these information to process privacy preserving technique.Next, the query is processed in Case-based Calculation and Ontology Reasoner. These modules duties is to evaluate the privacy level of user and make refinement to guarantee a certain privacy level in the current context. Especially, Case-based Calculation check the reciprocity property, Ontology check other properties: memorization and m-Invariance.After those refining phrases, the anonymized request passes through Application Gateway (7) to Service Provider. Result from the Service Provider is drive into through Application Gateway again to Privacy Module. This last phrase deanonymizes the answer before pushing it to User Gateway.Finally, the user get the service.24Context Aggregation25Context data collected from Profile Managers automatically and up to date.Capable of solving conflicts between policies of user, service provider and context provider.

Context Aggregation mainly acts as context collector by requesting up-to-date data from the profile managers.Additionally, its other important function is solving conflict: in the situation that context made from different sources is not consistence guaranteed.25Case-based calculation26Checking reciprocity property

Case-based Calculation is responsible for checking the reciprocity property (details in Section 4). The module aims for snapshot defense model that is well appropriate for storing its context (i.e. the aggregated profile for a user request) into a case in case-based database. The term case in our model is more general than in the model proposed by Y. Lee [1]. Recall that, a case in [1] only includes some pre-defined properties (i.e. context-aware service, users task, population movement characteristics) and the privacy value is based on the user concern; whereas our privacy value is result of privacy-preserving techniques (e.g. yes or no in a simple case). Furthermore, this privacy value should be independent of other released values, meaning that a specific context corresponds to a particular privacy value. This is naturally appropriate with snapshot defense model (remain defense models need multiple context at different timestamp for reasoning the privacy value).

Casebased dong vai tro nhu mot cai cache. Giup tang hieu suat cua he thong.26Ontology Reasoner27Checking memorization and m-invariance propertiesConnect to Profile Managers & retrieve relevant data

Ontology Reasoner is responsible for checking two remain properties, memorization and m-invariance, respectively. These properties can be checked simultaneously as described in Figure 5. 2 tinh nhat nay doc lap voi nhau nen co the check song song de tang hieu suat27Outline28Location-based services: privacy concerns in dynamic-context environmentPrivacy preserving based on an evaluating systemThe proposed frameworkDemoConclusionThe outline contains 5 parts.At first, Ill introduces what LBS is and identifies its privacy problem in dynamic context environment.Then, Ill bring on our idea of privacy preserving that based on an evaluating system.After that is the details of the framework and its modules functionalities.And finally a demo illustrating the system functions and the conclusion.28Demo29Outline30Location-based services: privacy concerns in dynamic-context environmentPrivacy preserving based on an evaluating systemThe proposed frameworkDemoConclusionThe outline contains 5 parts.At first, Ill introduces what LBS is and identifies its privacy problem in dynamic context environment.Then, Ill bring on our idea of privacy preserving that based on an evaluating system.After that is the details of the framework and its modules functionalities.And finally a demo illustrating the system functions and the conclusion.30Conclusion31Modern privacy techniques need to concern context information.A novel framework proposed to address users privacy in dynamic context.

Future work.

3132Thank you!!References33[1] F.M. Mohamed - Privacy in Location-based Services: State-of-the-art and Research Directions, MDM (2007).[2] A. Kupper - Location-Based Services - Fundamentals and Operation, Wiley, 2005[3] Preserving Anonymity in Location based Services, Technical Report B6/06 (2006).[4] C.A. Ardagna, M. Cremonini, E. Damiani, S.D.C. Vimercati, and P. Samarati - Location-Privacy Protection through Obfuscation-based Techniques, Springer 4602 (2007) 531-552.[5] C. Bettini, S. Mascetti, X. S. Wang, D. Freni, and S. Jajodia - Anonymity and Historical-Anonymity in Location-Based Services, Springer 5599 (2009) 1-30.[6] R. Dewri, I. Ray, I. Ray, and D. Whitley - Query m-Invariance: Preventing Query Disclosures in Continuous Location-Based Services, MDM (2010) 95-104.[7] Y. Lee and O. Kwon - An Index-based Privacy Preserving Service Trigger in Context-Aware Computing Environments, Expert Systems with Apps. 37(7) (2010) 51925200. [8] C. Bettini, L. Pareschi, and D. Riboni - Efficient Profile Aggregation and Policy Evaluation in a Middleware for Adaptive Mobile Applications, Pervasive and Mobile Computing 4(5) (2008) 697718.

33