A Unified Framework for Location Privacy Shokri, R., Freudiger, J., & Hubaux, J. P. (2010). 3rd Hot Topics in Privacy Enhancing Technologies (HotPETs), 203-214. Paper Presentation by George Corser Oakland University , June 6, 2014

Abstract Source: Shokri, 2010, page 1 Link to paper on Google Scholar

Outline of Paper Introduction Mobile Networks Location Privacy Preserving Mechanisms Threat Model* Location Privacy Measurement Application Scenario: LBS Related Work Conclusion * Defines structure of a threat model, not a particular threat model LBS: Location Based Service

1. Introduction: Definition Source: Shokri, 2010, page 1

1. Introduction: Problem Source: Shokri, 2010, page 1

1. Introduction: Solution Source: Shokri, 2010, page 2

2. Mobile Networks: App. Categories Set of mobile users with wireless devices Connections ad hoc or via cellular, wifi, ... Applications like LBS, mobile social network, recommender systems, friend finder, ... Automatic Manual Continuous People Sensing LBS (w/FPL*) Discrete Elec. Ticketing LBS (typical) Source: Shokri, 2010, pages 2-3 LBS: Location Based Service, FPL: Frequent Precise Location

2. Mobile Networks: Events Users ( ): set of mobile network members Each has real identity ( ) and pseudonym ( ) Time and Space Time instance (t): a natural number in time period Location instance ( ): a coordinate on a grid of The Spatiotemporal State of Users (Events) Event: a 3-tuple < identity, time, location > Actual trajectory, all events of user u ( ): Source: Shokri, 2010, pages 3-5

3. Privacy Preserving Mechanisms Distributed (user-side): Adding noise to GPS coordinates Centralized (server-side): Cloaking proxy server Hybrid Source: Shokri, 2010, pages 5-7 GPS: Global Positioning System

4. Threat Model Source: Shokri, 2010, pages 7-11

5. Location Privacy Measurement Microscopic: within a time interval Uncertainty: size of anonymity set of positions Macroscopic: throughout trajectory Uncertainty: size of anonymity set of trajectories Error-based metrics Clustering-error metrics (degree of path confusion) Probability of error metrics (degree of accuracy in using endpoint map deanonymization) Distortion-based metrics (geographical precision) Consider user location privacy (probability of error) versus system location privacy (uncertainty/entropy) Source: Shokri, 2010, pages 11-14 Map deanonymization: Linking identities with endpoint home/work locations

6. Application Scenario: LBS Application is manual and discrete Entity: User Anonymization when connect with pseudonym Hiding when not connected to LBS Entity: Application Obfuscation when GPS not precise Entity: Privacy Tool Dummification when using group pseudonym If FPL, application may be manual and continuous Source: Shokri, 2010, pages 14 LBS: Location Based Service, FPL: Frequent Precise Location Highly effective in centralized architecture

6. App. Scenario: LBS: Threat Model Means Access Server side application Knowledge Map deanonymization Actions Type Passive Spatial Scope Global Temporal Scope Long-term Goals Disclosure Presence Target Individual Attack Identification Tracking Source: Shokri, 2010, pages 14-15

6. App. Scenario: LBS: Open Problems Source: Shokri, 2010, pages 15

7. Related Work Hong/Landay [43]: toolkit (Confab) Duckham/Kulik [26]: obfuscation mechanisms Bettini et al [11]: microscopic location privacy Decker [24]: LBS location privacy problems Blumberg/Eckersley [13]: emerging threats Krumm [52]: literature review Shokri [66]: macroscopic location privacy Source: Shokri, 2010, pages 15-16

8. Conclusion Source: Shokri, 2010, pages 16