Preserving Location Privacy Uichin Lee KAIST KSE Slides based on http://www.vldb.org/conf/2007/papers/tutorials/p1429-liu.pdf by Ling Liuhttp://www.vldb.org/conf/2007/papers/tutorials/p1429-liu.pdf.

  • Published on
    31-Mar-2015

  • View
    218

  • Download
    0

Transcript

  • Slide 1

Preserving Location Privacy Uichin Lee KAIST KSE Slides based on http://www.vldb.org/conf/2007/papers/tutorials/p1429-liu.pdf by Ling Liuhttp://www.vldb.org/conf/2007/papers/tutorials/p1429-liu.pdf http://synrg.ee.duke.edu/ppts/cachecloak-mobicom09.ppthttp://synrg.ee.duke.edu/ppts/cachecloak-mobicom09.ppt by Romit Choudhury Slide 2 Location Based Service (LBS): Examples Location based emergency services & traffic monitoring How many cars on the highway 85 north? What is the estimated time of travel to my destination? Give me the location of 5 nearest Toyota maintenance stores? Location based advertisement & entertainment Send E-coupons to all customers within five miles of my store Where are the nearest movie theater to my current location? Location finder Where are the gas stations within five miles of my location? Where is nearest movie theater? Slide 3 Location privacy The claim/right of individuals, groups and institutions to determine for themselves, when, how and to what extent location information about them is communicated to others (similar to Westins def) Location privacy also refers to the ability to prevent other parties from learning ones current or past location. Slide 4 Privacy threats through LBS Communication privacy threats Sender anonymity? Location inference threats Precise location tracking Successive position updates can be linked together, even if identifiers are removed from location updates Observation identification If external observation is available, it can be used to link a position update to an identity (e.g., Bluetooth scanning) Restricted space identification A known location owned by identity relationship can link an update to an identity (e.g., home) Slide 5 Location privacy architecture Centralized trusted third party location anonymization model A trusted third party anonymization proxy server is served for both location updates and location anonymization. Capable of supporting customizable and personalized location k- anonymization Client-based non-cooperative location anonymization model Mobile clients maintain their location privacy based on their knowledge Location cloaking without location k-anonymity support Decentralized corporative mobility group model Group of mobile clients collaborate with one another to provide location privacy of a single user without involving a centralized trusted authority. Distributed Hybrid Architecture with limited cooperation Slide 6 Assume Trusted Privacy Provider (TPP) Reveal location to TPP TPP exposes anonymized location to Loc. App (or LBS) Centralized trusted third party arch. Privacy Provider Loc. App1 Loc. App2 Loc. App3 Loc. App4 Slide 7 How to preserve location privacy? Pseudonymns Spatio-temporal cloaking: K-anonymity + Mix zones Location perturbation (adding noise) PoolView (sensys08) Slide 8 Pseudonymns Just Call Yourself ``Freddy [Gruteser04] Effective only when infrequent location exposure Else, spatio-temporal patterns enough to deanonymize think breadcrumbs Romits Office John LeslieJack Susan Alex Slides from: http://synrg.ee.duke.edu/ppts/cachecloak-mobicom09.ppt Slide 9 K-anonymity K-anonymity [Gedic05] Convert location to a space-time bounding box Ensure K users in the box Location Apps reply to boxed region Issues Poor quality of location Degrades in sparse regions Not real-time (e.g., wait until k is reached as in CliqueCloak) You Bounding Box K=4 Slide 10 Mix zone: confuse via mixing Path intersections is an opportunity for privacy If users intersect in space-time, cannot say who is who later Slide 11 Mix zone: confuse via mixing Path intersections is an opportunity for privacy If users intersect in space-time, cannot say who is who later Unfortunately, users may not intersect in both space and time Unfortunately, users may not intersect in both space and time Hospital Airport ? ? Slide 12 Mix zone/time: hiding until mixed Partially hide locations until users mixed [Hoh et al., CCS07] Expose after a delay Hospital Airport Slide 13 Mix zone/time: hiding until mixed Partially hide locations until users mixed [Hoh et al., CCS07] Expose after a delay But delays unacceptable to real-time apps Hospital Airport Slide 14 Mix zone/time+caching: predict & cache Predict until paths intersect [Meyerowitz et al., Mobicom09] Hospital Airport Predict Slide 15 Mix zone/time+caching: predict & cache Predict until paths intersect [Meyerowitz et al., Mobicom09] Expose predicted intersection to application Hospital Airport Cache the information on each predicted location Predict Slide 16 Summary: R-U Confidentiality Map 16 No Data Data Utility U Disclosure Risk R Original Data Maximum Tolerable Risk Released Data Slide from: http://www.ccsr.ac.uk/methods/archive/AccessGrid/documents/GeorgeDuncanPresentation.ppthttp://www.ccsr.ac.uk/methods/archive/AccessGrid/documents/GeorgeDuncanPresentation.ppt George Duncan 2001

Recommended

View more >