Gabriel Ghinita1 Panos Kalnis1 Ali Khoshgozaran2 Cyrus Shahabi2

Slides:

Advertisements

Similar presentations

Voronoi-based Geospatial Query Processing with MapReduce

Advertisements

Location Based Services and Privacy Issues

Efficient Evaluation of k-Range Nearest Neighbor Queries in Road Networks Jie BaoChi-Yin ChowMohamed F. Mokbel Department of Computer Science and Engineering.

Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Presenter: Nguyen Ba Anh HCMC University of Technology Information System Security Course.

Outsourcing Search Services on Private Spatial Data Man Lung Yiu, Gabriel Ghinita, Christian Jensen, and Panos Kalnis Presenter: Uma Kannan 1.

PRIVACY AND SECURITY ISSUES IN DATA MINING P.h.D. Candidate: Anna Monreale Supervisors Prof. Dino Pedreschi Dott.ssa Fosca Giannotti University of Pisa.

PrivacyGrid Visualization Balaji Palanisamy Saurabh Taneja.

Mohamed F. Mokbel University of Minnesota

Fast Data Anonymization with Low Information Loss 1 National University of Singapore 2 Hong Kong University

A Crowd-Enabled Approach for Efficient Processing of Nearest Neighbor Queries in Incomplete Databases Samia Kabir, Mehnaz Tabassum Mahin Department of.

Multimedia Indexing and Retrieval Kowshik Shashank Project Advisor: Dr. C.V. Jawahar.

1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.

Spatial Data Security Methods Avinash Kumar Sahu Under Guidance of Prof. (Mrs.) P. Venkatachalam Centre of Studies in Resources Engineering Indian Institute.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Location Privacy in Casper: A Tale of two Systems

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No Reporter : Chen, Chun-Hua Date.

An architecture for Privacy Preserving Mining of Client Information Jaideep Vaidya Purdue University This is joint work with Murat.

1 On the Anonymization of Sparse High-Dimensional Data 1 National University of Singapore 2 Chinese University of Hong.

PRIVÉ : Anonymous Location-Based Queries in Distributed Mobile Systems 1 National University of Singapore 2 University.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Tracking Moving Objects in Anonymized Trajectories Nikolay Vyahhi 1, Spiridon Bakiras 2, Panos Kalnis 3, and Gabriel Ghinita 3 1 St. Petersburg State University.

Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:

MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore.

Click to edit Present’s Name Trends in Location-based Services Muhammad Aamir Cheema.

Database Laboratory Regular Seminar TaeHoon Kim.

Research Overview Kyriakos Mouratidis Assistant Professor School of Information Systems Singapore Management University

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

1 Privacy-Preserving Distributed Information Sharing Nan Zhang and Wei Zhao Texas A&M University, USA.

Privacy Preserving Data Mining on Moving Object Trajectories Győző Gidófalvi Geomatic ApS Center for Geoinformatik Xuegang Harry Huang Torben Bach Pedersen.

Christian S. Jensen joint work with Man Lung Yiu, Hua Lu, Jesper Møller, Gabriel Ghinita, and Panos Kalnis Privacy for Spatial Queries.

Shiyuan Wang, Divyakant Agrawal, Amr El Abbadi Department of Computer Science UC Santa Barbara DBSec 2010.

Location Privacy CompSci Instructor: Ashwin Machanavajjhala Some slides are from a tutorial by Mohamed Mokbel (ICDM 2008) Lecture 19: Fall.

Private Content Based Image Retrieval Shashank J, Kowshik P, Kannan Srinathan and C.V. Jawahar Is it possible for an image database to respond accurately.

On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.

Towards Robust Indexing for Ranked Queries Dong Xin, Chen Chen, Jiawei Han Department of Computer Science University of Illinois at Urbana-Champaign VLDB.

Privacy-Preserving Optimal Meeting Location Determination on Mobile Devices Igor Bilogrevic, Member, IEEE, Murtuza Jadliwala, Member, IEEE, Vishal Joneja,

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

ACOMP 2011 A Novel Framework for LBS Privacy Preservation in Dynamic Context Environment.

1 SpaceTwist: A Flexible Approach for Hiding Query User Location Speaker: Man Lung Yiu Aalborg University Joint work with Christian S. Jensen, Xuegang.

Related Works LOFConclusion Introduction Contents ICISS

1 Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data Peishun Wang, Huaxiong Wang, and Josef Pieprzyk: SDM LNCS, vol.

This document is for academic purposes only. © 2012 Department of Computer Science, Hong Kong Baptist University. All rights reserved. 1 Authenticating.

Efficient Processing of Top-k Spatial Preference Queries

Privacy Preserving In LBS

Wei-Shinn Ku Slide 1 Auburn University Computer Science and Software Engineering Query Integrity Assurance of Location-based Services Accessing Outsourced.

Virtual Trip Lines for Distributed Privacy- Preserving Traffic Monitoring Baik Hoh et al. MobiSys08 Slides based on Dr. Hoh’s MobiSys presentation.

Sensor Networks: privacy-preserving queries Nguyen Dinh Thuc University of Science, HCMC

A Hybrid Technique for Private Location-Based Queries with Database Protection Gabriel Ghinita 1 Panos Kalnis 2 Murat Kantarcioglu 3 Elisa Bertino 1 1.

Information Technology (Some) Research Trends in Location-based Services Muhammad Aamir Cheema Faculty of Information Technology Monash University, Australia.

EVALUATING LBS PRIVACY IN DYNAMIC CONTEXT 1. Outline 2  Overview Attack Model  Classification Defend Model  Evaluation Module  Conclusion.

Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University.

Private Information Retrieval Based on the talk by Yuval Ishai, Eyal Kushilevitz, Tal Malkin.

Privacy-Preserving and Content-Protecting Location Based Queries.

Secure Data Outsourcing

Unraveling an old cloak: k-anonymity for location privacy

Privacy-Preserving Publication of User Locations in the Proximity of Sensitive Sites Bharath Krishnamachari Gabriel Ghinita Panos Kalnis National University.

Center for E-Business Technology Seoul National University Seoul, Korea Private Queries in Location Based Services: Anonymizers are not Necessary Gabriel.

National Science Foundation Engineering Research Center GeoRealism GeoRealism Expanding the human ability to comprehend a larger geo space Cyrus Shahabi.

 A Two-level Protocol to Answer Private Location-based Queries Roopa Vishwanathan Yan Huang [RoopaVishwanathan, Computer Science and.

Gabriel Ghinita1 Panos Kalnis1 Ali Khoshgozaran2 Cyrus Shahabi2

Efficient Multi-User Indexing for Secure Keyword Search

Pervasive Data Access (PDA) Research Group

Location Privacy.

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.

Efficient Processing of Top-k Spatial Preference Queries

Presentation transcript:

Private Queries in Location-Based Services: Anonymizers are Not Necessary Gabriel Ghinita1 Panos Kalnis1 Ali Khoshgozaran2 Cyrus Shahabi2 Kian Lee Tan1 1 National University of Singapore 2 University of Southern California

Location-Based Services (LBS) LBS users Mobile devices with GPS capabilities Queries NN Queries Location server is NOT trusted “Find closest hospital to my present location” We study the problem of privacy in LBS LBS are chract by mobile users with positioning capabilities Users ask spatial Q such as NN or range: in our example u1 asks for the closest hospital, which is h2 The LBS is not trusted, and finds out that u1 suffers from a medical condition

Problem Statement Queries may disclose sensitive information Query through anonymous web surfing service But user location may disclose identity Triangulation of device signal Publicly available databases Physical surveillance How to preserve query source anonymity? Even when exact user locations are known To prevent the LBS from learning the identity of the Q user, we can use a pseudonym service to hide the user ID. But Q contains location, which can be easily mapped to the identity Pb Form: how to preserve query privacy, even in the worst case?

PIR Overview Computationally hard to find i from q(i) Bob can easily find Xi from r (trap-door)

Existing LBS Privacy Solutions

Spatial K-Anonymity Query issuer “hides” among other K-1 users Probability of identifying query source ≤ 1/K Idea: anonymizing spatial regions (ASR) SKA is an extension of KA, widely used in relational DB, and “hides” the Q user among K-1 other users Instead of reporting exact location to LBS, an ASR (or cloaked region) is built which encloses at least K users; the LBS process the Q wrt ASR

Casper[Mok06] NOT SECURE !!! Quad-tree based Fails to preserve anonymity for outliers Unnecessarily large ASR size u2 Let K=3 A1 u1 u3 If any of u1, u2, u3 queries, ASR is A1 Both use a quad-tree structure IC: smallest quadrant enclosing u as well as other k-1 users; Casper allows half-quadrants Anonymity of outliers compromised Detailed analytical proof in appendix NOT SECURE !!! u4 If u4 queries, ASR is A2 A2 u4’s identity is disclosed [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006

Reciprocity u2 u3 u5 u3 u2 u1 u1 u4 u6 u5 u6 u4 We were the first to identify this property Later, it has been reformulated as “k-sharing” Stress that optimal reciprocal partitioning is hard, especially for mobile users [KGMP07] – Kalnis P., Ghinita G., Mouratidis K., Papadias D., "Preventing Location-Based Identity Inference in Anonymous Spatial Queries", IEEE TKDE 2007.

Hilbert Cloak (HC) Based on Hilbert space-filling curve index users by Hilbert value of location partition Hilbert sequence into “K-buckets” HC obeys reciprocity Start End

Continuous Queries[CM07] Problems ASRs grows large Query dropped if some user in U disconnects u1 u3 u2 [CM07] C.-Y. Chow and M. Mokbel “Enabling Private Continuous Queries For Revealed User Locations”. In Proc. of SSTD 2007

Space Encryption[KS07] Drawbacks answers are approximate makes use of tamper-resistant devices may be vulnerable if some POI are known Hilbert Mapping P2 P1 P2 P4 12 14 19 P3 24 P4 P1 NN(15)=P2 Q P3 15 [KS07] A. Khoshgozaran, C. Shahabi. Blind Evaluation of Nearest Neighbor Queries Using Space Transformation to Preserve Location Privacy , In Proc. Of SSTD 2007

Motivation Limitations of existing solutions Assumption of trusted entities anonymizer and trusted, non-colluding users Considerable overhead for sporadic benefits maintenance of user locations No privacy guarantees especially for continuous queries

Our Approach

LBS Privacy with PIR PIR Two-party cryptographic protocol No trusted anonymizer required No trusted users required No pooling of a large user population required No need for location updates Location data completely obscured

PIR Theoretical Foundations Let N =q1*q2, q1 and q2 large primes Quadratic Residuosity Assumption (QRA) QR/QNR decision computationally hard Essential properties: QR * QR = QR QR * QNR = QNR

PIR Protocol for Binary Data X4 X8 X16 X12 X3 X7 X15 X11 X2 X6 X14 X10 X1 X5 X13 X9 a b y1 y2 y3 y4 z4 z3 z2 z1 Get X10 QNR a=2, b=3 Explain what is computed, i.e. “dot-product-like” with mask, will be needed in the optimization slide z2=QNR => X10=1 z2=QR => X10=0

Approximate Nearest Neighbor u Data organized as a square matrix Each column corresponds to index leaf An entire leaf is retrieved – the closest to the user

Exact Nearest Neighbor 4 3 2 1 D C B A p1 A3: p1, p2, p3 A4: p1, --, -- p3 p4 Z4 Z3 Z2 Z1 Only z2 needed u p2 Y1 Y2 Y3 Y4 QNR

Rectangular PIR Matrix

Avoiding Redundant Computations Data mining Identify frequent partial products

Parallelize Computation Values of z can be computed in parallel Master-slave paradigm Offline phase: master scatters PIR matrix Online phase: Master broadcasts y Each worker computes z values for its strip Master collects z results

Experimental Settings Sequoia dataset + synthetic sets 10,000 to 100,000 POI Modulus up to 1280 bits

Parallel Execution

Data Mining Optimization

Disclosed POI

Conclusions PIR-based LBS privacy Future work No need to trust third-party Secure against any location-based attack Future work Further reduce PIR overhead Support more complex queries Include more POI information in the reply

Bibliography [KGMP07] – Kalnis P., Ghinita G., Mouratidis K., Papadias D., "Preventing Location-Based Identity Inference in Anonymous Spatial Queries", IEEE Transactions on Knowledge and Data Engineering (IEEE TKDE), 19(12), 1719-1733, 2007. [GZPK07] – Ghinita G., Zhao K., Papadias D., Kalnis P., Reciprocal Framework for Spatial K-Anonymity, Technical Report [GKS07a] – Ghinita G., Kalnis P., Skiadopoulos S., "PRIVE: Anonymous Location-based Queries in Distributed Mobile Systems", Proc. of World Wide Web Conf. (WWW), Banff, Canada, 371-380, 2007. [GKS07b] – Ghinita G., Kalnis P., Skiadopoulos S., "MOBIHIDE: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries", Proc. of the Int. Symposium in Spatial and Temporal Databases (SSTD), Boston, MA, 221-238, 2007. http://anonym.comp.nus.edu.sg