Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le.

Slides:



Advertisements
Similar presentations
A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
Advertisements

Cipher Techniques to Protect Anonymized Mobility Traces from Privacy Attacks Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip and Nageswara S. V. Rao.
On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.
Protecting Location Privacy: Optimal Strategy against Localization Attacks Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux,
1 University of Southern California Keep the Adversary Guessing: Agent Security by Policy Randomization Praveen Paruchuri University of Southern California.
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
Topology Control for Effective Interference Cancellation in Multi-User MIMO Networks E. Gelal, K. Pelechrinis, T.S. Kim, I. Broustis Srikanth V. Krishnamurthy,
Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.
Visual Recognition Tutorial
1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.
Hidden Markov Model Special case of Dynamic Bayesian network Single (hidden) state variable Single (observed) observation variable Transition probability.
Maximum Likelihood Network Topology Identification Mark Coates McGill University Robert Nowak Rui Castro Rice University DYNAMICS May 5 th,2003.
*Sponsored in part by the DARPA IT-MANET Program, NSF OCE Opportunistic Scheduling with Reliability Guarantees in Cognitive Radio Networks Rahul.
1 Preserving Privacy in Collaborative Filtering through Distributed Aggregation of Offline Profiles The 3rd ACM Conference on Recommender Systems, New.
Multiple Sender Distributed Video Streaming Thinh Nguyen, Avideh Zakhor appears on “IEEE Transactions On Multimedia, vol. 6, no. 2, April, 2004”
1 A Generic Mean Field Convergence Result for Systems of Interacting Objects From Micro to Macro Jean-Yves Le Boudec, EPFL Joint work with David McDonald,
May 11, 2005 Tracking on a Graph Songhwai Oh Shankar Sastry Target trajectoriesEstimated tracks Tracking in Sensor Networks Target tracking is a representative.
SeCoWiNet 2007 FAMIC Fast Authentication and Message Integrity Check in Vehicular Communications Nikodin Ristanovic Papadimitratos Panos George Theodorakopoulos.
CSE 221: Probabilistic Analysis of Computer Systems Topics covered: Statistical inference.
Yi Wang, Bhaskar Krishnamachari, Qing Zhao, and Murali Annavaram 1 The Tradeoff between Energy Efficiency and User State Estimation Accuracy in Mobile.
1 Preserving Privacy in GPS Traces via Uncertainty-Aware Path Cloaking by: Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady ACM CCS '07 Presentation:
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Digital Camera and Computer Vision Laboratory Department of Computer Science and Information Engineering National Taiwan University, Taipei, Taiwan, R.O.C.
Optimizing Mixing in Pervasive Networks: A Graph-Theoretic Perspective
Mobile Networks - Module H2 Privacy in Mobile Networks Privacy notions and metrics Location privacy Privacy preserving routing in ad hoc networks Slides.
Quantifying Location Privacy Reza Shokri George Theodorakopoulos Jean-Yves Le Boudec Jean-Pierre Hubaux May 2011.
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.
Privacy Preserving Data Mining on Moving Object Trajectories Győző Gidófalvi Geomatic ApS Center for Geoinformatik Xuegang Harry Huang Torben Bach Pedersen.
Thwarting Passive Privacy Attacks in Collaborative Filtering Rui Chen Min Xie Laks V.S. Lakshmanan HKBU, Hong Kong UBC, Canada UBC, Canada Introduction.
Hiding in the Mobile Crowd: Location Privacy through Collaboration.
Holistic Privacy From Location Privacy to Genomic Privacy Jean-Pierre Hubaux With contributions from E. Ayday, M. Humbert, J.-Y. Le Boudec, J.-L. Raisaro,
On the Age of Pseudonyms in Mobile Ad Hoc Networks Julien Freudiger, Mohammad Hossein Manshaei, Jean-Yves Le Boudec and Jean-Pierre Hubaux Infocom 2010.
ACOMP 2011 A Novel Framework for LBS Privacy Preservation in Dynamic Context Environment.
Preserving Location Privacy in Wireless LANs Jiang, Wang and Hu MobiSys 2007 Presenter: Bibudh Lahiri.
Ahmed Osama Research Assistant. Presentation Outline Winc- Nile University- Privacy Preserving Over Network Coding 2  Introduction  Network coding 
Randomization in Privacy Preserving Data Mining Agrawal, R., and Srikant, R. Privacy-Preserving Data Mining, ACM SIGMOD’00 the following slides include.
A Passive Approach to Sensor Network Localization Rahul Biswas and Sebastian Thrun International Conference on Intelligent Robots and Systems 2004 Presented.
How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots N. Vratonjic, K. Huguenin, V. Bindschaedler, and J.-P. Hubaux PETS.
GameSec 2010 November 22, Berlin Mathias Humbert, Mohammad Hossein Manshaei, Julien Freudiger and Jean-Pierre Hubaux EPFL - Laboratory for Computer communications.
Learning to Detect Events with Markov-Modulated Poisson Processes Ihler, Hutchins and Smyth (2007)
Hidden Markovian Model. Some Definitions Finite automation is defined by a set of states, and a set of transitions between states that are taken based.
MaskIt: Privately Releasing User Context Streams for Personalized Mobile Applications SIGMOD '12 Proceedings of the 2012 ACM SIGMOD International Conference.
1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,
Performance of Adaptive Beam Nulling in Multihop Ad Hoc Networks Under Jamming Suman Bhunia, Vahid Behzadan, Paulo Alexandre Regis, Shamik Sengupta.
Privacy-preserving data publishing
Bayesian Travel Time Reliability
Privacy Protection in Social Networks Instructor: Assoc. Prof. Dr. DANG Tran Khanh Present : Bui Tien Duc Lam Van Dai Nguyen Viet Dang.
Bloom Cookies: Web Search Personalization without User Tracking Authors: Nitesh Mor, Oriana Riva, Suman Nath, and John Kubiatowicz Presented by Ben Summers.
Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University.
OBJECT TRACKING USING PARTICLE FILTERS. Table of Contents Tracking Tracking Tracking as a probabilistic inference problem Tracking as a probabilistic.
Probabilistic km-anonymity (Efficient Anonymization of Large Set-valued Datasets) Gergely Acs (INRIA) Jagdish Achara (INRIA)
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
Graph Data Management Lab, School of Computer Science Personalized Privacy Protection in Social Networks (VLDB2011)
Differential Privacy (1). Outline  Background  Definition.
1 Chapter 8: Model Inference and Averaging Presented by Hui Fang.
Privacy Preserving in Social Network Based System PRENTER: YI LIANG.
Unraveling an old cloak: k-anonymity for location privacy
Optimizing the Location Obfuscation in Location-Based Mobile Systems Iris Safaka Professor: Jean-Pierre Hubaux Tutor: Berker Agir Semester Project Security.
Efficient Geographic Routing in Multihop Wireless Networks Seungjoon Lee*, Bobby Bhattacharjee*, and Suman Banerjee** *Department of Computer Science University.
1 Maintaining Data Privacy in Association Rule Mining Speaker: Minghua ZHANG Oct. 11, 2002 Authors: Shariq J. Rizvi Jayant R. Haritsa VLDB 2002.
Review on Test-Based Approach of Software Reliability November 22 nd, 2010 Nuclear I&C and Information Engineering LabKAIST Bo Gyung Kim.
Mean Field Methods for Computer and Communication Systems Jean-Yves Le Boudec EPFL Network Science Workshop Hong Kong July
Privacy Vulnerability of Published Anonymous Mobility Traces Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip (Purdue University) Nageswara S. V. Rao (Oak.
Keep the Adversary Guessing: Agent Security by Policy Randomization
Quantifying Location Privacy
WP2 INERTIA Distributed Multi-Agent Based Framework
Particle Filtering for Geometric Active Contours
Quantifying Location Privacy
A Unified Framework for Location Privacy
Presentation transcript:

Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le Boudec The 11th Privacy Enhancing Technologies Symposium (PETS), July 2011

2 ● Assume time and location are discrete…

Location-based Services Sporadic vs. Continuous Location Exposure Application Model 3 Mobility Model Actual Location of user ‘u’ at time ‘t’ Is the location exposed? 0/1

Protection Mechanisms Actual Location ● Consider a given user at a given time instant obfuscate anonymize Observed Location exposed Application hide fake Protection Mechanism uiui Actual Trajectory

Protection Mechanisms Model 5 ● User pseudonyms stay unchanged over time… user to pseudonym assignment Observed location of pseudonymous user u’ at time t

Adversary Background Knowledge – Stronger: Users’ transition probability between locations Markov Chain transition probability matrix – Weaker: Users’ location distribution over space Stationary distribution of the ‘transition probability matrix’ 6 ● Adversary also knows the PDFs associated to the ‘application’ and the ‘protection mechanism’

Adversary Localization Attack – What is the probability that Alice is at a given location at a specific time instant? (given the observation and adversary’s background knowledge) – Bayesian Inference relying on Hidden Markov Model Forward-Backward algorithm, Maximum weight assignment 7 ● Find the details of the attack in the paper

Location Privacy Metric Anonymity? – How successfully can the adversary link the user pseudonyms to their identities? – Metric: The percentage of correct assignments Location Privacy? – How correctly can the adversary localize the users? – Metric: Expected Estimation Error (Distortion) 8 ● Justification: R. Shokri, G. Theodorakopoulos, J-Y. Le Boudec, J-P. Hubaux. ‘Quantifying Location Privacy’. IEEE S&P 2011

Evaluation Location-Privacy Meter – Input: Actual Traces Vehicular traces in SF, 20 mobile users moving in 40 regions – Output: ‘Anonymity’ and ‘Location Privacy’ of users over time – Modules: Associated PDFs of ‘Location-based Application’ and ‘Location-Privacy Preserving Mechanisms’ 9 ● More information here:

Evaluation Location-based Applications – once-in-a-while APP(o, Θ ) – local search APP(s, Θ ) Location-Privacy Preserving Mechanisms – fake-location injection (with rate φ) (u) Uniform selection (g) Selection according to the average mobility profile – location obfuscation (with parameter ρ) ρ : The number of removed low-order bits from the location identifier 10 LPPM(φ, ρ, {u,g})

Results - Anonymity 11

Results – Location Privacy 12 φ: the fake-location injection rate

More Results – Location Privacy obfuscation fake injection hiding uniform selection

Conclusions & Future Work The effectiveness of ‘Location-Privacy Preserving Mechanisms’ cannot be evaluated independently of the ‘Location-based Application’ used by the users Fake-location injection technique is very effective for ‘sporadic location exposure’ applications – Advantage: no loss of quality of service – Drawback: more traffic exchange The ‘Location-Privacy Meter’ tool is enhanced in order to model the applications and also new protection mechanisms, notably fake- location injection Changing pseudonyms over time: to be added to our probabilistic framework 14

Location-Privacy Meter (LPM): A Tool to Quantify Location Privacy 15

16