Gabriel Ghinita1 Panos Kalnis1 Ali Khoshgozaran2 Cyrus Shahabi2

Slides:



Advertisements
Similar presentations
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Advertisements

Private Inference Control
Location Based Services and Privacy Issues
Efficient Evaluation of k-Range Nearest Neighbor Queries in Road Networks Jie BaoChi-Yin ChowMohamed F. Mokbel Department of Computer Science and Engineering.
Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University.
An Ω(n 1/3 ) Lower Bound for Bilinear Group Based Private Information Retrieval Alexander Razborov Sergey Yekhanin.
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
Query Optimization of Frequent Itemset Mining on Multiple Databases Mining on Multiple Databases David Fuhry Department of Computer Science Kent State.
Outsourcing Search Services on Private Spatial Data Man Lung Yiu, Gabriel Ghinita, Christian Jensen, and Panos Kalnis Presenter: Uma Kannan 1.
PRIVACY AND SECURITY ISSUES IN DATA MINING P.h.D. Candidate: Anna Monreale Supervisors Prof. Dino Pedreschi Dott.ssa Fosca Giannotti University of Pisa.
PrivacyGrid Visualization Balaji Palanisamy Saurabh Taneja.
Mohamed F. Mokbel University of Minnesota
Fast Data Anonymization with Low Information Loss 1 National University of Singapore 2 Hong Kong University
A Crowd-Enabled Approach for Efficient Processing of Nearest Neighbor Queries in Incomplete Databases Samia Kabir, Mehnaz Tabassum Mahin Department of.
Multimedia Indexing and Retrieval Kowshik Shashank Project Advisor: Dr. C.V. Jawahar.
Spatial Data Security Methods Avinash Kumar Sahu Under Guidance of Prof. (Mrs.) P. Venkatachalam Centre of Studies in Resources Engineering Indian Institute.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Location Privacy in Casper: A Tale of two Systems
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
An architecture for Privacy Preserving Mining of Client Information Jaideep Vaidya Purdue University This is joint work with Murat.
PRIVÉ : Anonymous Location-Based Queries in Distributed Mobile Systems 1 National University of Singapore 2 University.
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.
Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:
Indexing Spatio-Temporal Data Warehouses Dimitris Papadias, Yufei Tao, Panos Kalnis, Jun Zhang Department of Computer Science Hong Kong University of Science.
MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore.
PRIVACY CRITERIA. Roadmap Privacy in Data mining Mobile privacy (k-e) – anonymity (c-k) – safety Privacy skyline.
Database Laboratory Regular Seminar TaeHoon Kim.
Research Overview Kyriakos Mouratidis Assistant Professor School of Information Systems Singapore Management University
Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.
Gabriel Ghinita1 Panos Kalnis1 Ali Khoshgozaran2 Cyrus Shahabi2
Privacy Preserving Data Mining on Moving Object Trajectories Győző Gidófalvi Geomatic ApS Center for Geoinformatik Xuegang Harry Huang Torben Bach Pedersen.
Christian S. Jensen joint work with Man Lung Yiu, Hua Lu, Jesper Møller, Gabriel Ghinita, and Panos Kalnis Privacy for Spatial Queries.
Shiyuan Wang, Divyakant Agrawal, Amr El Abbadi Department of Computer Science UC Santa Barbara DBSec 2010.
Private Content Based Image Retrieval Shashank J, Kowshik P, Kannan Srinathan and C.V. Jawahar Is it possible for an image database to respond accurately.
On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.
Towards Robust Indexing for Ranked Queries Dong Xin, Chen Chen, Jiawei Han Department of Computer Science University of Illinois at Urbana-Champaign VLDB.
ACOMP 2011 A Novel Framework for LBS Privacy Preservation in Dynamic Context Environment.
1 SpaceTwist: A Flexible Approach for Hiding Query User Location Speaker: Man Lung Yiu Aalborg University Joint work with Christian S. Jensen, Xuegang.
Related Works LOFConclusion Introduction Contents ICISS
This document is for academic purposes only. © 2012 Department of Computer Science, Hong Kong Baptist University. All rights reserved. 1 Authenticating.
Similarity Searching in High Dimensions via Hashing Paper by: Aristides Gionis, Poitr Indyk, Rajeev Motwani.
Wei-Shinn Ku Slide 1 Auburn University Computer Science and Software Engineering Query Integrity Assurance of Location-based Services Accessing Outsourced.
Spatial Database 2/5/2011 Reference – Ramakrishna Gerhke and Silbershatz.
Sensor Networks: privacy-preserving queries Nguyen Dinh Thuc University of Science, HCMC
Monitoring k-NN Queries over Moving Objects Xiaohui Yu University of Toronto Joint work with Ken Pu and Nick Koudas.
A Hybrid Technique for Private Location-Based Queries with Database Protection Gabriel Ghinita 1 Panos Kalnis 2 Murat Kantarcioglu 3 Elisa Bertino 1 1.
EVALUATING LBS PRIVACY IN DYNAMIC CONTEXT 1. Outline 2  Overview Attack Model  Classification Defend Model  Evaluation Module  Conclusion.
Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University.
Efficient OLAP Operations in Spatial Data Warehouses Dimitris Papadias, Panos Kalnis, Jun Zhang and Yufei Tao Department of Computer Science Hong Kong.
Private Information Retrieval Based on the talk by Yuval Ishai, Eyal Kushilevitz, Tal Malkin.
Secure Data Outsourcing
Privacy-Preserving Publication of User Locations in the Proximity of Sensitive Sites Bharath Krishnamachari Gabriel Ghinita Panos Kalnis National University.
A Metric Cache for Similarity Search fabrizio falchi claudio lucchese salvatore orlando fausto rabitti raffaele perego.
Privacy Preserving Outlier Detection using Locality Sensitive Hashing
Center for E-Business Technology Seoul National University Seoul, Korea Private Queries in Location Based Services: Anonymizers are not Necessary Gabriel.
 A Two-level Protocol to Answer Private Location-based Queries Roopa Vishwanathan Yan Huang [RoopaVishwanathan, Computer Science and.
Spatio-Temporal Databases
Efficient Multi-User Indexing for Secure Keyword Search
Xiaokui Xiao and Yufei Tao Chinese University of Hong Kong
A Black-Box Approach to Query Cardinality Estimation
Pervasive Data Access (PDA) Research Group
Location Privacy.
Chapter 9: Database Systems
Spatio-Temporal Databases
“Location Privacy Protection for Smartphone Users”
Presented by : SaiVenkatanikhil Nimmagadda
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.
15-826: Multimedia Databases and Data Mining
Efficient Processing of Top-k Spatial Preference Queries
Trust-based Privacy Preservation for Peer-to-peer Data Sharing
Presentation transcript:

Private Queries in Location-Based Services: Anonymizers are Not Necessary Gabriel Ghinita1 Panos Kalnis1 Ali Khoshgozaran2 Cyrus Shahabi2 Kian Lee Tan1 1 National University of Singapore 2 University of Southern California

Location-Based Services (LBS) LBS users Mobile devices with GPS capabilities Queries NN Queries Location server is NOT trusted “Find closest hospital to my present location” We study the problem of privacy in LBS LBS are chract by mobile users with positioning capabilities Users ask spatial Q such as NN or range: in our example u1 asks for the closest hospital, which is h2 The LBS is not trusted, and finds out that u1 suffers from a medical condition

Problem Statement Queries may disclose sensitive information Query through anonymous web surfing service But user location may disclose identity Triangulation of device signal Publicly available databases Physical surveillance How to preserve query source anonymity? Even when exact user locations are known To prevent the LBS from learning the identity of the Q user, we can use a pseudonym service to hide the user ID. But Q contains location, which can be easily mapped to the identity Pb Form: how to preserve query privacy, even in the worst case?

PIR Overview Computationally hard to find i from q(i) Bob can easily find Xi from r (trap-door)

Existing LBS Privacy Solutions

Spatial K-Anonymity Query issuer “hides” among other K-1 users Probability of identifying query source ≤ 1/K Idea: anonymizing spatial regions (ASR) SKA is an extension of KA, widely used in relational DB, and “hides” the Q user among K-1 other users Instead of reporting exact location to LBS, an ASR (or cloaked region) is built which encloses at least K users; the LBS process the Q wrt ASR

Casper[Mok06] NOT SECURE !!! Quad-tree based Fails to preserve anonymity for outliers Unnecessarily large ASR size u2 Let K=3 A1 u1 u3 If any of u1, u2, u3 queries, ASR is A1 Both use a quad-tree structure IC: smallest quadrant enclosing u as well as other k-1 users; Casper allows half-quadrants Anonymity of outliers compromised Detailed analytical proof in appendix NOT SECURE !!! u4 If u4 queries, ASR is A2 A2 u4’s identity is disclosed [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006

Reciprocity u2 u3 u5 u3 u2 u1 u1 u4 u6 u5 u6 u4 We were the first to identify this property Later, it has been reformulated as “k-sharing” Stress that optimal reciprocal partitioning is hard, especially for mobile users [KGMP07] – Kalnis P., Ghinita G., Mouratidis K., Papadias D., "Preventing Location-Based Identity Inference in Anonymous Spatial Queries", IEEE TKDE 2007.

Hilbert Cloak (HC) Based on Hilbert space-filling curve index users by Hilbert value of location partition Hilbert sequence into “K-buckets” HC obeys reciprocity Start End

Continuous Queries[CM07] Problems ASRs grows large Query dropped if some user in U disconnects u1 u3 u2 [CM07] C.-Y. Chow and M. Mokbel “Enabling Private Continuous Queries For Revealed User Locations”. In Proc. of SSTD 2007

Space Encryption[KS07] Drawbacks answers are approximate makes use of tamper-resistant devices may be vulnerable if some POI are known Hilbert Mapping P2 P1 P2 P4 12 14 19 P3 24 P4 P1 NN(15)=P2 Q P3 15 [KS07] A. Khoshgozaran, C. Shahabi. Blind Evaluation of Nearest Neighbor Queries Using Space Transformation to Preserve Location Privacy , In Proc. Of SSTD 2007

Motivation Limitations of existing solutions Assumption of trusted entities anonymizer and trusted, non-colluding users Considerable overhead for sporadic benefits maintenance of user locations No privacy guarantees especially for continuous queries

Our Approach

LBS Privacy with PIR PIR Two-party cryptographic protocol No trusted anonymizer required No trusted users required No pooling of a large user population required No need for location updates Location data completely obscured

PIR Theoretical Foundations Let N =q1*q2, q1 and q2 large primes Quadratic Residuosity Assumption (QRA) QR/QNR decision computationally hard Essential properties: QR * QR = QR QR * QNR = QNR

PIR Protocol for Binary Data X4 X8 X16 X12 X3 X7 X15 X11 X2 X6 X14 X10 X1 X5 X13 X9 a b y1 y2 y3 y4 z4 z3 z2 z1 Get X10 QNR a=2, b=3 Explain what is computed, i.e. “dot-product-like” with mask, will be needed in the optimization slide z2=QNR => X10=1 z2=QR => X10=0

Approximate Nearest Neighbor u Data organized as a square matrix Each column corresponds to index leaf An entire leaf is retrieved – the closest to the user

Exact Nearest Neighbor 4 3 2 1 D C B A p1 A3: p1, p2, p3 A4: p1, --, -- p3 p4 Z4 Z3 Z2 Z1 Only z2 needed u p2 Y1 Y2 Y3 Y4 QNR

Rectangular PIR Matrix

Avoiding Redundant Computations Data mining Identify frequent partial products

Parallelize Computation Values of z can be computed in parallel Master-slave paradigm Offline phase: master scatters PIR matrix Online phase: Master broadcasts y Each worker computes z values for its strip Master collects z results

Experimental Settings Sequoia dataset + synthetic sets 10,000 to 100,000 POI Modulus up to 1280 bits

Parallel Execution

Data Mining Optimization

Disclosed POI

Conclusions PIR-based LBS privacy Future work No need to trust third-party Secure against any location-based attack Future work Further reduce PIR overhead Support more complex queries Include more POI information in the reply

Bibliography [KGMP07] – Kalnis P., Ghinita G., Mouratidis K., Papadias D., "Preventing Location-Based Identity Inference in Anonymous Spatial Queries", IEEE Transactions on Knowledge and Data Engineering (IEEE TKDE), 19(12), 1719-1733, 2007. [GZPK07] – Ghinita G., Zhao K., Papadias D., Kalnis P., Reciprocal Framework for Spatial K-Anonymity, Technical Report [GKS07a] – Ghinita G., Kalnis P., Skiadopoulos S., "PRIVE: Anonymous Location-based Queries in Distributed Mobile Systems", Proc. of World Wide Web Conf. (WWW), Banff, Canada, 371-380, 2007. [GKS07b] – Ghinita G., Kalnis P., Skiadopoulos S., "MOBIHIDE: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries", Proc. of the Int. Symposium in Spatial and Temporal Databases (SSTD), Boston, MA, 221-238, 2007. http://anonym.comp.nus.edu.sg