1 (ECE 256: Wireless Networking and Mobile Computing) Location Privacy in Mobile Computing Topics: Pseudonymns, CliqueCloak, Path Confusion, CacheCloak.

Slides:



Advertisements
Similar presentations
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Advertisements

1 Leveraging social networking in your business marketing Leveraging social networking in your business marketing.
Angstrom Care 培苗社 Quadratic Equation II
Zhongxing Telecom Pakistan (Pvt.) Ltd
AP STUDY SESSION 2.
1
& dding ubtracting ractions.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Processes and Operating Systems
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Objectives: Generate and describe sequences. Vocabulary:
UNITED NATIONS Shipment Details Report – January 2006.
1 Hyades Command Routing Message flow and data translation.
David Burdett May 11, 2004 Package Binding for WS CDL.
We need a common denominator to add these fractions.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.
Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.
Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
CALENDAR.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt RhymesMapsMathInsects.
Polygon Scan Conversion – 11b
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
Pole Placement.
Break Time Remaining 10:00.
Andrew McNaughton 1 Radical Change is Entirely Possible! 2 nd November 2011.
Turing Machines.
Table 12.1: Cash Flows to a Cash and Carry Trading Strategy.
Red Tag Date 13/12/11 5S.
PP Test Review Sections 6-1 to 6-6
1 The Blue Café by Chris Rea My world is miles of endless roads.
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.
Outline Minimum Spanning Tree Maximal Flow Algorithm LP formulation 1.
Bellwork Do the following problem on a ½ sheet of paper and turn in.
Preserving Location Privacy Uichin Lee KAIST KSE Slides based on by Ling Liuhttp://
Exarte Bezoek aan de Mediacampus Bachelor in de grafische en digitale media April 2014.
Privacy of Location Trajectory
Copyright © 2013, 2009, 2006 Pearson Education, Inc. 1 Section 5.5 Dividing Polynomials Copyright © 2013, 2009, 2006 Pearson Education, Inc. 1.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
Adding Up In Chunks.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt Synthetic.
1 hi at no doifpi me be go we of at be do go hi if me no of pi we Inorder Traversal Inorder traversal. n Visit the left subtree. n Visit the node. n Visit.
Signs, Signals, and Pavement Markings
1 Let’s Recapitulate. 2 Regular Languages DFAs NFAs Regular Expressions Regular Grammars.
Types of selection structures
Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.
Essential Cell Biology
Converting a Fraction to %
Clock will move after 1 minute
PSSA Preparation.
Physics for Scientists & Engineers, 3rd Edition
Select a time to count down from the clock above
Distributed Computing 9. Sorting - a lower bound on bit complexity Shmuel Zaks ©
1 Decidability continued…. 2 Theorem: For a recursively enumerable language it is undecidable to determine whether is finite Proof: We will reduce the.
Distributed Computing 5. Snapshot Shmuel Zaks ©
1 Location Privacy. 2 Context Better localization technology + Pervasive wireless connectivity = Location-based applications.
A Customizable k-Anonymity Model for Protecting Location Privacy Written by: B. Gedik, L.Liu Presented by: Tal Shoseyov.
1 Realtime Location Privacy Via Mobility Prediction Creating Confusion at Crossroads Joseph Meyerowitz Romit Roy Choudhury Undergraduate Senior,Asst. Professor.
1 Hiding Stars with Fireworks: Location Privacy through Camouflage Joseph Meyerowitz Romit Roy Choudhury ECE and PhysicsDept. of ECE and CS.
Location Privacy.
Presentation transcript:

1 (ECE 256: Wireless Networking and Mobile Computing) Location Privacy in Mobile Computing Topics: Pseudonymns, CliqueCloak, Path Confusion, CacheCloak …

2 Context Better localization technology + Pervasive wireless connectivity = Location-based pervasive applications

3 Location-Based Apps For Example:  GeoLife shows grocery list on phone when near WalMart  Micro-Blog allows querying people at a desired region  Location-based ad: Phone gets coupon at Starbucks  … Location expresses context of user  Facilitating content delivery Location is the IP address Its as if for content

4 Double-Edged Sword While location drives this new class of applications, it also violates user’s privacy Sharper the location, richer the app, deeper the violation

5 The Location Based Service Workflow Client Server LBS Database (Location Based Service) Request: Retrieve all available services in client’s location Forward to local service: Retrieve all available services in location Reply:

6 The Location Anonymity Problem Client Server LBS Database (Location Based Service) Request: Retrieve all bus lines from location to address == Privacy Violated

7 Moreover, range of apps are PUSH based. Require continuous location information Phone detected at Starbucks, PUSH a coffee coupon Phone located on highway, query traffic congestion Double-Edged Sword

8 Location Privacy Problem: Research: Continuous location exposure a serious threat to privacy Continuous location exposure a serious threat to privacy Preserve privacy without sacrificing the quality of continuous loc. based apps Preserve privacy without sacrificing the quality of continuous loc. based apps

9 Just Call Yourself ``Freddy” Pseudonymns  Effective only when infrequent location exposure  Else, spatio-temporal patterns enough to deanonymize … think breadcrumbs Romit’s Office John LeslieJack Susan Alex

10 A Customizable k-Anonymity Model for Protecting Location Privacy Paper by: B. Gedik, L.Liu (Georgia Tech) Slides adopted from: Tal Shoseyov

11 Location Anonymity “A message from a client to a database is called location anonymous if the client’s identity cannot be distinguished from other users based on the client’s location information.” Database

12 k-Anonymity “A message from a client to a database is called location k-anonymous if the client cannot be identified by the database based on the client’s location from other k-1 clients.”

13 Implementation of Location Anonymity Client sends plain request to the server Server sends “anonymized” message Database executes request according to the received anonymous data Database replies to server with compiled data Server forwards data to client Server transforms the message by “anonymizing” the location data in the message

14 Implementation of Location k-Anonymity Spatial Cloaking – Setting a range of space to be a single box, where all clients located within the range are said to be in the “same location”. x y Temporal Cloaking – Setting a time interval, where all the clients in a specific location sending a message in that time interval are said to have sent the message in the “same time”. t

15 Implementation of Location k-Anonymity x y t Spatial-Temporal Cloaking – Setting a range of space and a time interval, where all the messages sent by client inside the range in that time interval. This spatial and temporal area is called a “cloaking box”.

16 Previous solutions M. Gruteser, D Grunwald (2003) – For a fixed k value, the server finds the smallest area around the client’s location that potentially contains k-1 different other clients, and monitoring that area over time until such k-1 clients are found. Drawback: Fixed anonymity value for all clients (service dependent)

17 The CliqueCloak Approach Definitions:Constraint Area: For a message m, a constraint area is a spatial-temporal area that contains the sending client’s location. A client sends his message along with a constraint area to prevent the database from sending the client useless information on locations outside the constraint area. x y m k=3

18 The CliqueCloak Approach Definitions: m 2 k=3 m 1 k=2 m 4 k=3 x y Cloaking Box: A spatial and temporal area assigned to a transformed message. A valid cloaking box must comply to the following conditions: 1. The client that sent the message m is located in the cloaking box 2. The number of different clients inside the cloaking box must be at least m.k (the anonymity level of the message). 3. The cloaking box must be included inside the message’s constraint area.

19 The CliqueCloak Approach Constraint Graph: Each mobile node is a vertice in the graph, and 2 nodes are connected iff each of them is inside the other node’s constraint area. x y m 2 k=3 m 1 k=2 m 3 k=2 m 4 k=3 Definitions: An l-clique in that graph such that l ≥ m i.k for each i is mapped by the algorithm to a spatial cloaking box, where all messages in the clique will be transformed using the cloaking box, making each of the messages’ senders indistinguishable from one another. Approach:

20 The CliqueCloak Algorithm The Idea: x y t For each plain message, along with its constraints and anonymity level k, we try to find a k-clique in the constraint graph and convert the clique into a spatial cloaking box. Each of the messages inside the cloaking box will be converted into transformed messages, replacing their location values with the cloaking box. We try finding a cloaking box for a message until it is expired (exceeds its temporal constraints).

21 Does CliqueCloak solve the location privacy problem? Any further concerns? Doubts?

22 Add Noise K-anonymity and CliqueCloak  Convert location to a space-time bounding box  Ensure K users in the box  Location Apps reply to boxed region Issues  Poor quality of location  Degrades in sparse regions  Not real-time You Bounding Box K=4

23 Confuse Via Mixing Path intersections is an opportunity for privacy  If users intersect in space-time, cannot say who is who later Issues  Users may not be collocated in space and time  Mixing still possible at the expense of delay

24 Existing solutions seem to suggest: Privacy and Quality of Localization (QoL) is a zero sum game Need to sacrifice one to gain the other

25 Ideal Solution Should Break away from this tradeoff Target: Spatial accuracy Real-time updates Privacy guarantees Even in sparse populations Another Idea: CacheCloak

26 CacheCloak Intuition Exploit mobility prediction to create future path intersections User’s paths are like crossroads of breadcrumbs App knows precise locations, but doesn’t know the user

27 CacheCloak Assume trusted privacy provider  Reveal location to CacheCloak  CacheCloak exposes anonymized location to Loc. App CacheCloak Loc. App1 Loc. App2 Loc. App3 Loc. App4

28 CacheCloak Design User A drives down path P1  P1 is a sequence of locations  CacheCloak has cached response for each location User A takes a new turn (no cached response)  CacheCloak predicts mobility  Deliberately intersects predicted path with another path P2  Exposes predicted path to application Application replies to queries for entire path CacheCloak always knows user’s current location  Forwards cached responses for that precise location

29 CacheCloak Design Adversary confused  New path intersects paths P1 and P2 (crossroads)  Not clear where the user came from or turned onto Example …

30 Example

31 Benefits Real-time  Response ready when user arrives at predicted location High QoL  Responses can be specific to location  Overhead on the wired backbone (caching helps) Entropy guarantees  Entropy increases at traffic intersections  In low regions, desired entropy possible via false branching Sparse population  Can be handled with dummy users

32 Quantifying Privacy City converted into grid of small sqaures (pixels)  Users are located at a pixel at a given time Each pixel associated with 8x8 matrix  Element (x, y) = probability that user enters x and exits y Probabilities diffuse  At intersections  Over time Privacy = entropy x y pixel

33 Diffusion Probability of user’s presence diffuses  Diffusion gradient computed based on history  i.e., what fraction of users take right turn at this intersection Time t 1 Time t 2 Time t 3 Road Intersection

34 Evaluation Trace based simulation  VanetMobiSim + US Census Bureau trace data  Durham map with traffic lights, speed limits, etc.  Vehicles follow Google map paths  Performs collision avoidance 6km x 6km 10m x 10m pixel 1000 cars 6km x 6km 10m x 10m pixel 1000 cars

35 Results High average entropy  Quite insensitive to user density (good for sparse regions)  Minimum entropy reasonably high

36 Results Per-user entropy  Increases quickly over time  No user starves of location privacy

37 Issues and Limitations CacheCloak overhead  Application replies to lots of queries  However, overhead on wired infrastructure  Caching reduces this overhead significantly CacheCloak assumes same, indistinguishable query  Different queries can deanonymize  Need more work Per-user privacy guarantee not yet supported  Adaptive branching & dummy users

38 Closing Thoughts Two nodes may intersect in space but not in time Mixing not possible, without sacrificing timeliness Mobility prediction creates space-time intersections Enables virtual mixing in future

39 Closing Thoughts CacheCloak Implements the prediction and caching function Significant entropy attained even under sparse population Spatio-temporal accuracy remains uncompromised

40 Final Take Away Chasing a car is easier on highways … Much harder in Manhattan crossroads CacheCloak tries to turn a highway into a virtual Manhattan … Well, sort of …

41 Questions?

42 Emerging trends in content distribution Content delivered to a location / context  As opposed to a destination address Thus, “location” is a key driver of content delivery IP address : Internet = Location : CDN New wave of applications

43 Emerging trends in content distribution Content delivered to a location / context  As opposed to a destination address Thus, “location” is a key driver of content delivery IP address : Internet = Location : CDN New wave of applications

44 Example

45 Location Privacy Problem: Continuous location exposure deprives user of her privacy. Continuous location exposure deprives user of her privacy.

46 Location Frequency Some location apps are reactive / infrequent  E.g., List Greek restaurants around me now (PULL) But, many emerging apps are proactive  E.g., Phone detected at Starbucks, PUSH a coffee coupon

47 Location Frequency Some location apps are reactive / infrequent  E.g., List Greek restaurants around me now (PULL) But, many emerging apps are proactive  E.g., Phone detected at Starbucks, PUSH a coffee coupon Opportunity for Big Bro to track you over space and time Proactive apps require continuous location Proactive apps require continuous location

48 Categorizing Apps Some location apps are reactive  You ask, App answers  E.g., Pull all Greek restaurants around your location But, many emerging apps are proactive  E.g., Phone detected at Starbucks, PUSH a coffee coupon

49 Categorizing Apps Some location apps are reactive  You ask, App answers  E.g., Pull all Greek restaurants around your location But, many emerging apps are proactive  E.g., Phone detected at Starbucks, PUSH a coffee coupon Proactive apps require continuous location Proactive apps require continuous location