Preserving Privacy in GPS Traces via Uncertainty- Aware Path Cloaking Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady Presented by Joseph T. Meyerowitz.

Slides:



Advertisements
Similar presentations
Cipher Techniques to Protect Anonymized Mobility Traces from Privacy Attacks Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip and Nageswara S. V. Rao.
Advertisements

A Survey of Web Cache Replacement Strategies Stefan Podlipnig, Laszlo Boszormenyl University Klagenfurt ACM Computing Surveys, December 2003 Presenter:
On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.
Presented by: Richard Wood. Goals and strategies Methods Performance evaluation Performance improvements Remaining Challenges.
Preserving Location Privacy Uichin Lee KAIST KSE Slides based on by Ling Liuhttp://
An Interactive-Voting Based Map Matching Algorithm
Mustafa Cayci INFS 795 An Evaluation on Feature Selection for Text Clustering.
Differentially Private Recommendation Systems Jeremiah Blocki Fall A: Foundations of Security and Privacy.
Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University.
Virtual Trip Lines for Distributed Privacy-Preserving Traffic Monitoring Baik Hoh, Marco Gruteser WINLAB / ECE Dept., Rutgers University Ryan Herring,
VTrack: Accurate, Energy-Aware Road Traffic Delay Estimation Using Mobile Phones Arvind Thiagarajan, Lenin Ravindranath, Katrina LaCurts, Sivan Toledo,
1 Location Privacy. 2 Context Better localization technology + Pervasive wireless connectivity = Location-based applications.
Application of Stacked Generalization to a Protein Localization Prediction Task Melissa K. Carroll, M.S. and Sung-Hyuk Cha, Ph.D. Pace University, School.
Mohamed F. Mokbel University of Minnesota
Constructing Popular Routes from Uncertain Trajectories Authors of Paper: Ling-Yin Wei (National Chiao Tung University, Hsinchu) Yu Zheng (Microsoft Research.
1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.
Privacy Preserving Publication of Moving Object Data Joey Lei CS295 Francesco Bonchi Yahoo! Research Avinguda Diagonal 177, Barcelona, Spain 6/10/20151CS295.
1 Preserving Privacy in Collaborative Filtering through Distributed Aggregation of Offline Profiles The 3rd ACM Conference on Recommender Systems, New.
Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)
TrafficView: A Scalable Traffic Monitoring System Tamer Nadeem, Sasan Dashtinezhad, Chunyuan Liao, Liviu Iftode* Department of Computer Science University.
Tracking Moving Objects in Anonymized Trajectories Nikolay Vyahhi 1, Spiridon Bakiras 2, Panos Kalnis 3, and Gabriel Ghinita 3 1 St. Petersburg State University.
1 OUTLINE Motivation Distributed Measurements Importance Sampling Results Conclusions.
TrafficView: A Driver Assistant Device for Traffic Monitoring based on Car-to-Car Communication Sasan Dashtinezhad, Tamer Nadeem Department of CS, University.
PRIVACY CRITERIA. Roadmap Privacy in Data mining Mobile privacy (k-e) – anonymity (c-k) – safety Privacy skyline.
C LOAKING AND M ODELING T ECHNIQUES FOR LOCATION P RIVACY PROTECTION Ying Cai Department of Computer Science Iowa State University Ames, IA
Rutgers: Gayathri Chandrasekaran, Tam Vu, Marco Gruteser, Rich Martin,
1 Preserving Privacy in GPS Traces via Uncertainty-Aware Path Cloaking by: Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady ACM CCS '07 Presentation:
Baik Hoh Marco Gruteser Hui Xiong Ansaf Alrabady All images are credited to “ACM” Hoh et al (2007), pp
Location Privacy Location privacy in mobile systems: A personalized Anonymization Model Burga Gedik, Ling Liu.
Business Process Performance Prediction on a Tracked Simulation Model Andrei Solomon, Marin Litoiu– York University.
F EELING - BASED L OCATION P RIVACY P ROTECTION FOR L OCATION - BASED S ERVICES CS587x Lecture Department of Computer Science Iowa State University Ames,
Quantifying Location Privacy Reza Shokri George Theodorakopoulos Jean-Yves Le Boudec Jean-Pierre Hubaux May 2011.
Mirco Nanni, Roberto Trasarti, Giulio Rossetti, Dino Pedreschi Efficient distributed computation of human mobility aggregates through user mobility profiles.
1 Realtime Location Privacy Via Mobility Prediction Creating Confusion at Crossroads Joseph Meyerowitz Romit Roy Choudhury Undergraduate Senior,Asst. Professor.
HERO: Online Real-time Vehicle Tracking in Shanghai Xuejia Lu 11/17/2008.
APPLYING EPSILON-DIFFERENTIAL PRIVATE QUERY LOG RELEASING SCHEME TO DOCUMENT RETRIEVAL Sicong Zhang, Hui Yang, Lisa Singh Georgetown University August.
90288 – Select a Sample and Make Inferences from Data The Mayor’s Claim.
Energy-Aware Scheduling with Quality of Surveillance Guarantee in Wireless Sensor Networks Jaehoon Jeong, Sarah Sharafkandi and David H.C. Du Dept. of.
Refined privacy models
A Graph-based Friend Recommendation System Using Genetic Algorithm
DISCERN: Cooperative Whitespace Scanning in Practical Environments Tarun Bansal, Bo Chen and Prasun Sinha Ohio State Univeristy.
A study of Intelligent Adaptive beaconing approaches on VANET Proposal Presentation Chayanin Thaina Advisor : Dr.Kultida Rojviboonchai.
ACOMP 2011 A Novel Framework for LBS Privacy Preservation in Dynamic Context Environment.
1 Hiding Stars with Fireworks: Location Privacy through Camouflage Joseph Meyerowitz Romit Roy Choudhury ECE and PhysicsDept. of ECE and CS.
Artificial Intelligence in Game Design N-Grams and Decision Tree Learning.
Elastic Pathing: Your Speed Is Enough to Track You Presented by Ali.
Data Triangulation Applications in Population and Health Programs- -The Global Experience.
Finding Top-k Shortest Path Distance Changes in an Evolutionary Network SSTD th August 2011 Manish Gupta UIUC Charu Aggarwal IBM Jiawei Han UIUC.
Preserving Location Privacy in Wireless LANs Jiang, Wang and Hu MobiSys 2007 Presenter: Bibudh Lahiri.
A Sociability-Based Routing Scheme for Delay-Tolerant Networks May Chan-Myung Kim
Doc.: IEEE r0 Amin Jafarian, Newracom 1 CCA Revisit May 2015 NameAffiliationsAddressPhone Amin
Privacy vs. Utility Xintao Wu University of North Carolina at Charlotte Nov 10, 2008.
Virtual Trip Lines for Distributed Privacy- Preserving Traffic Monitoring Baik Hoh et al. MobiSys08 Slides based on Dr. Hoh’s MobiSys presentation.
Preserving Privacy GPS Traces via Uncertainty-Aware Path Cloaking Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady Presenter:Yao Lu ECE 256, Spring.
February 4, Location Based M-Services Soon there will be more on-line personal mobile devices than on-line stationary PCs. Location based mobile-services.
Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University.
The Art of Deceptive Statistics Using statistics as a dishonest tool to achieve desired results, and how to determine the validity of statistical results.
U of Minnesota DIWANS'061 Energy-Aware Scheduling with Quality of Surveillance Guarantee in Wireless Sensor Networks Jaehoon Jeong, Sarah Sharafkandi and.
Unraveling an old cloak: k-anonymity for location privacy
Optimizing the Location Obfuscation in Location-Based Mobile Systems Iris Safaka Professor: Jean-Pierre Hubaux Tutor: Berker Agir Semester Project Security.
DOiT Dynamic Optimization in Transportation Ragnhild Wahl, SINTEF (Per J. Lillestøl SINTEF)
Privacy Vulnerability of Published Anonymous Mobility Traces Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip (Purdue University) Nageswara S. V. Rao (Oak.
Feeling-based location privacy protection for LBS
Location Cloaking for Location Safety Protection of Ad Hoc Networks
Differential Privacy in Practice
Location Privacy.
Presented by : SaiVenkatanikhil Nimmagadda
A Unified Framework for Location Privacy
Presentation transcript:

Preserving Privacy in GPS Traces via Uncertainty- Aware Path Cloaking Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady Presented by Joseph T. Meyerowitz

Location Based Services ► Location Based Services (LBSs) are services that use, in some way, the user's location ► Example: GPS in your car, Microblog, etc ► Growing field

Privacy Issues ► Giving your location to another party creates privacy concerns ► Two kinds of privacy involved; location privacy and query privacy ► Example: You need to visit the hospital and don't want anyone to know that you are at the hospital. You ask an LBS for directions. ► Example: You are at home and want to ask where the nearest hospital is.

Hospital Example ► Pseudonyms insufficient because of temporal and spatial correlations in your GPS trace ► Identifying locations may be tied to sensitive locations Home Hospital

Existing Work ► Location k-anonymity – Queries do not give a coordinate but instead give a region to the LBS that encloses k users ► Path perturbation – Traces are perturbed to increase number of points that can be unambiguously assigned to a single user ► Subsampling – Same as perturbation, data points are removed instead of perturbed

CliqueCloak ► Best published k-anonymity algorithm ► Data from vehicles in a 70km x 70km area

Overview ► Suggest a different metric, Time To Confusion (TTC) ► Create an algorithm to meet a TTC bound based on empirical data ► Less focus on road coverage metrics

Testbed – Traffic Monitoring ► 233 vehicles ► 1 sample per minute while car is moving ► Using data for a hypothetical traffic management system ► Determined that 100m spatial accuracy and 1/minute frequency sufficient to determine what major road a car was on

Architecture

Empirical Data

► A gap of greater than 10 minutes results in the splitting of traces into separate “trips”

Empirical Data ► Average trip time of 10 minutes noted; thus tracking for 10 minutes may connect an identifying location with a sensitive location.

Privacy Metric and Adversary ► Adversaries can link correlated space/time anonymous coordinates into paths ► This is done with a simple momentum-free extrapolation based on current velocity ► Time to Confusion (TTC) is the time an adversary could correctly follow a trace ► Suggested as a good metric because the link between identifying locations and sensitive locations can be broken with low TTC

Privacy Metric and Adversary ► Tracking uncertainty: H = -Σp log(p) ► p is the probability that a location sample belongs to a given user ► Tracking confidence: C = (1 – H) ► p = exp(-d/μ) ► μ is from the empirical PDF of trip times ► d is distance from predicted location* ► In this dataset, μ = 2094 meters ► One must choose a H threshold

Proposed Solution ► Maximum time to confusion can be guaranteed if samples are revealed when:  Time since last point of confusion is less than the maximum time to confusion ► Point of confusion is a point where (H_i > H_thresh)  Tracking uncertainty is above the confusion threshold ► (H_i > H_thresh)

Proposed Solution ► Adversary may simply cull points with high H ► Path may still be determinable without a single point ► Empirical CDF of reacquisition  Shows what proportion of reacquisitions can occur after a given time gap*  Original time gaps are empirical*  Remember that each minute is one data point in this system

Empirical Reacquisition CDF

Extension ► Calculate confusion/uncertainty from past ten minutes ► After Maximum Time to Confusion:  Release samples if past 10 minutes contain an aggregate uncertainty value above the threshold ► Before Maximum Time to Confusion:  Release samples if past 10 minutes + all samples from last release contain an aggregate uncertainty value above the threshold*

Evaluation ► Added traces from the same drivers over different days to get to desired density ► Simulated high-density and low-density systems with n=2000 and n=500 ► Metrics used to measure privacy were maximum time to confusion and median time to confusion ► Metric used to measure data quality was relative weighted road coverage

Evaluation ► Black dots are suppressed, gray dots are released

Does it work? ► Looking at it without reacquisition ► Comparing to a baseline of random sampling ► Uncertainty threshold set to H = 0.4 ► H = 0.4 means the tracker needs to believe that the next sample has a 0.92 chance of belonging the correct target*

Does it work? (n=2000)

Does it work? (n=500)

Release Quantity

Continuing Problems ► No defenses to a-priori knowledge ► Requires a centralized location server ► All users in this system worked at the same site, artificially aiding the algorithm in finding places of high confusion ► Tracker is crude – knowledge of topology may allow for more accurate tracking

Takeaway Concepts ► Path entropy can be calculated for intelligent suppression/subsampling of GPS traces ► Tracking can be made more difficult ► Time to Confusion is a useful privacy metric  Breaks links between identifying locations and sensitive locations

My Critique My Critique ► No guidance for confusion threshold values ► The algorithm will still fail in low-density situations by obscuring too many data points  They claim low density areas are irrelevant because they are doing traffic management ► They tested using the empirical data they optimized for – where's the cross-validation? ► Does not protect short trips at all

My Conclusion ► Anonymity and privacy are difficult, especially because it is volatile and contextual ► Existing methods cope poorly with low density, but are improving ► Early adoption phases will require better low- density methods ► Hot research topic – ACM workshop on network data anonymization coming up if you're interested

Questions?

Presenter can be reached at