Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hidetoshi Kido1, Yutaka Yanagisawa2, Tetsuji Satoh1,2

Published byDörte Goldschmidt Modified over 6 years ago

Similar presentations

Presentation on theme: "Hidetoshi Kido1, Yutaka Yanagisawa2, Tetsuji Satoh1,2"— Presentation transcript:

1 Hidetoshi Kido1, Yutaka Yanagisawa2, Tetsuji Satoh1,2
Anonymous Communication Technique using Dummies for Location-based Services Hidetoshi Kido1, Yutaka Yanagisawa2, Tetsuji Satoh1,2 1) Osaka University, Japan 2) NTT Corporation, Japan

2 Background We can use highly accurate positioning devices such as GPS.
Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Background We can use highly accurate positioning devices such as GPS. Various types of location-based services (LBS) are currently provided. e.g. Restaurant search, Road navigation… Protecting location privacy is crucial. Person’s position data are significant personal data. GPS receiver July 11, 2005 ICPS 2005

3 Location-based Service (LBS)
1. User device obtains position data as shown in red area by GPS and sends it to service provider. Users can get necessary data of their position from service providers. Service provider handles the position data of users. Restaurant Search A user Position data A Service provider A query Reply messages Restaurants DB 3. Service provider replies with information to user. 2. Service provider retrieves restaurant information from database using received position data. Serious invasion of user’s privacy! July 11, 2005 ICPS 2005

4 Location Privacy Invasion
Service provider Hospital Search Hospitals Caches time N E 1:00 34’12 135’67 1:05 34’15 135’66 1:10 34’16 135’64 1:15 135’61 1:20 34’18 135’60 Service provider can continuously grasp user location in detail. Home Finding - User route - Hospital visited by user Position data allows invasion of user privacy. July 11, 2005 ICPS 2005

5 Goal and Approach Our goal Our approach
Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Goal and Approach Our goal Protection of user location privacy in location-based services Our approach Anonymous communication technique using false position data (dummies) mixed with true position data July 11, 2005 ICPS 2005

6 Our Anonymous Communication Technique for LBS
2. Device sends dummies with true position data to a service provider. 4. Service provider sends all retrieved information to user. Each user sends several dummies with true position data. Restaurant Search User Position data Service provider Dummies A query Restaurants DB Reply messages 3. Service provider retrieves restaurant information from database using all received position data. 5. User only selects necessary data using true position data. 1. User device obtains position data and generates dummies. Service provider cannot distinguish true position data from all received data. July 11, 2005 ICPS 2005

7 Features and Issues Features Issues
  True position Dummies Features Dummies can be generated at any position. Dummies move in various directions. Issues Realistic dummy movements Dummies should not be distinguished from true position data. Reduction of communication costs Dummies should not interfere with LBS communication. Based on dummies, observers can’t easily trace true position. Dummy generation Dummy generation algorithms Cost reduction technique July 11, 2005 ICPS 2005

8 Dummy Generation Algorithms
Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Dummy Generation Algorithms Dummy generation Dummies must behave like true users. Focus on velocity of moving users. Ex. People walk at less than 4 km/h. Our proposed algorithms Moving in Neighborhoods (MN) Moving in Limited Neighborhoods (MLN) These algorithms allow dummies to behave like true position data. July 11, 2005 ICPS 2005

9 Moving in Neighborhoods (MN)
Area limitation where dummies can move - Future position of a dummy is decided using its previous position. 1. Ranges of dummy movement are decided. Dummies 2. Dummies are generated within the ranges. Moving in Neighborhoods A quite simple algorithm Dummies tend to move randomly July 11, 2005 ICPS 2005

10 Moving in Limited Neighborhoods (MLN)
Limitation of number of dummies included in a region Future position of a dummy is decided using its previous position. Maximum number of users included in a region is limited.   True position Dummies   Dummies are generated in a region where few users are More users than other regions Moving in Limited Neighborhoods More complicated algorithm than MN Dummies move more uniformly. July 11, 2005 ICPS 2005

11 Example of Movements Dummies camouflage their true position data.
Normal with MN algorithm Dummies camouflage their true position data. Time July 11, 2005 ICPS 2005

12 Evaluations of Anonymity
Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Evaluations of Anonymity Anonymity Set How is location anonymity enhanced? Two requirements Indicators based-on Anonymity Set Experiments Ubiquity Congestion F P, Shift(P) July 11, 2005 ICPS 2005

13 Enhanced Anonymity Set
A: set of subjects i: information about position related to A Anonymity Set “a set of possible subjects” [Pfitzmann 2000] Set of all subjects determined by position information Extended AS(i): set of subjects determined by i Formalization   Users Scale: 1 When the number of subjects is large, anonymity is high. We define the following two functions: ASF(i) returns regions specified by i. ASP(i) returns persons specified by i. Information i: I’m in the region where an arrow points. Information i: I’m in the blue regions. |ASF(i)| = 16 |ASF(i)| = 9 |ASP(i)| = 3 July 11, 2005 ICPS 2005

14 Regions in which data exist
Ubiquity Ubiquity For every user All position data exist widely in an entire area. All position data exist only in a part of an area. Users stay in an entire area. Observers must check many regions to find specific users An indicator: F Scale of all regions where users are F = {|ASF(i)| | i = (multiple regions)} Regions in which data exist All regions F = F = 2/16 F= 13/16 (%) High Ubiquity Low Ubiquity July 11, 2005 ICPS 2005

15 Congestion Congestion Large number of users are in a region.
For local users Low Congestion Large number of users are in a region. It is difficult to distinguish one user from many users in the same region. Indicator: P 1 1 4 P = {|ASP(i)| | i = (a specific region)} P = Number of users in a specific region P=5 High Congestion Extended for moving users July 11, 2005 ICPS 2005

16 Dummies seem to move unnaturally.
Shift(P)   True position Dummies A difference of P in each region from time t to t+1 While dummies are generated unnaturally, Shift(P) is high. |0-4| |6-2| |1-1| |2-3| |1-2| |3-1| 6 4 2 1 3 4 1 2 1 2 Shift(P) is high. 1 3 Dummies seem to move unnaturally. Time: t Time: t + 1 A matrix of Shift(P) Relationships between Shift(P) and dummy generation While Shift(P) in each region is low, location anonymity is enhanced. July 11, 2005 ICPS 2005

17 Experiments Simulation system implementation Settings
Number of dummies: 0 ~ 10 Number of regions: 8x8, 10x10, and 12x12 Dummy generation algorithms: Random, MN, and MLN Trajectory data for evaluations 39 trajectories of rickshaws working in Nara Our simulation system Rickshaws Sample trajectory July 11, 2005 ICPS 2005

18 Relationship between Location Anonymity and Ubiquity: F
Observers can easily trace user movement. Location anonymity is high enough to protect the location privacy of the user. F: 10% F: 50% F: 80% Users in a region F > 80%: high location anonymity July 11, 2005 ICPS 2005

19 Comparison of Number of Dummies and Ubiquity: F
To enhance location anonymity at degree of F > 80(%): regions 64(8x8): three dummies regions 100(10x10): four dummies regions 144(12x12): six dummies Number of dummies July 11, 2005 ICPS 2005

20 Comparison of Dummy Generation Algorithms and Shift(P)
Number of dummies: 3 Number of regions: 10x10 0.1 1.6 3.8 0.2 Shift(P) (best) 1, (good) 3,4,5 6 or more (bad) 8.9 27.9 47.9 46.1 52.3 48.1 63.1 Unit: % Random MN MLN When Shift(P) in each region is low, location anonymity is enhanced. Enhancement of location anonymity: MN > MLN >>Random July 11, 2005 ICPS 2005

21 Cost Reduction Techniques
Communication costs Requiring message cost (S) Answering message cost (R) Users send position data which consists of sets of X and Y. True position data Dummies Return address Point of true data Dummies Previous S = (u,(Xr,Yr),(X1,Y1),(X2,Y2)) Y1 Yr (sets of X), (sets of Y) New S = (u,(Xr, X1,X2),(Yr,Y1,Y2)) Y2 Service provider believes that total combinations of Xs and Ys are position data. Xr X1 X2 Previous technique New technique July 11, 2005 ICPS 2005

22 Cost Comparisons for Requiring Messages
Number of points Message size size [Bytes] without technique with technique 32 2 4 8 [Bytes] 56 5 25 2.24 96 10 100 0.96 176 20 400 0.44 416 50 2500 0.17 816 10000 0.08 Even if the number of position data is 10,000, the message size is less than one Kbyte. July 11, 2005 ICPS 2005

23 Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Conclusions We proposed an anonymous communication technique for location-based services. Findings Our technique protects location privacy of LBS users. Our technique can be applied in practical LBS. Future work Improvement of dummy generation algorithms for natural movement. July 11, 2005 ICPS 2005

Download ppt "Hidetoshi Kido1, Yutaka Yanagisawa2, Tetsuji Satoh1,2"

Similar presentations

Context-based object-class recognition and retrieval by generalized correlograms by J. Amores, N. Sebe and P. Radeva Discussion led by Qi An Duke University.

Context-based object-class recognition and retrieval by generalized correlograms by J. Amores, N. Sebe and P. Radeva Discussion led by Qi An Duke University.
1 Location Privacy. 2 Context Better localization technology + Pervasive wireless connectivity = Location-based applications.

1 Location Privacy. 2 Context Better localization technology + Pervasive wireless connectivity = Location-based applications.
PHP-based Image Recognition and Retrieval of Late 18th Century Artwork Ben Goodwin Handouts are available for students writing summaries for class assignments.

PHP-based Image Recognition and Retrieval of Late 18th Century Artwork Ben Goodwin Handouts are available for students writing summaries for class assignments.
Virtual Dart: An Augmented Reality Game on Mobile Device Supervisor: Professor Michael R. Lyu Prepared by: Lai Chung Sum Siu Ho Tung.

Virtual Dart: An Augmented Reality Game on Mobile Device Supervisor: Professor Michael R. Lyu Prepared by: Lai Chung Sum Siu Ho Tung.
Search Engines and Information Retrieval

Search Engines and Information Retrieval
Virtual Reality and Scientific Visualization in Archaeological Research.

Virtual Reality and Scientific Visualization in Archaeological Research.
Recall The Team Skills 1. Analyzing the Problem 2. Understanding User and Stakeholder Needs 3. Defining the System 4. Managing Scope 5. Refining the System.

Recall The Team Skills 1. Analyzing the Problem 2. Understanding User and Stakeholder Needs 3. Defining the System 4. Managing Scope 5. Refining the System.
Manajemen Basis Data Pertemuan 8 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.

Manajemen Basis Data Pertemuan 8 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
1 The Mystery of Cooperative Web Caching 2 b b Web caching : is a process implemented by a caching proxy to improve the efficiency of the web. It reduces.

1 The Mystery of Cooperative Web Caching 2 b b Web caching : is a process implemented by a caching proxy to improve the efficiency of the web. It reduces.
A Customizable k-Anonymity Model for Protecting Location Privacy Written by: B. Gedik, L.Liu Presented by: Tal Shoseyov.

A Customizable k-Anonymity Model for Protecting Location Privacy Written by: B. Gedik, L.Liu Presented by: Tal Shoseyov.
Methods of Psychology Hypothesis: A tentative statement about how or why something happens. e.g. non experienced teachers use corporal punishment more.

Methods of Psychology Hypothesis: A tentative statement about how or why something happens. e.g. non experienced teachers use corporal punishment more.
Genetic Programming on Program Traces as an Inference Engine for Probabilistic Languages Vita Batishcheva, Alexey Potapov

Genetic Programming on Program Traces as an Inference Engine for Probabilistic Languages Vita Batishcheva, Alexey Potapov
Search Engines and Information Retrieval Chapter 1.

Search Engines and Information Retrieval Chapter 1.
MobiQuitous 2004Kimaya Sanzgiri Leveraging Mobility to Improve Quality of Service in Mobile Networks Kimaya Sanzgiri and Elizabeth Belding-Royer Department.

MobiQuitous 2004Kimaya Sanzgiri Leveraging Mobility to Improve Quality of Service in Mobile Networks Kimaya Sanzgiri and Elizabeth Belding-Royer Department.
Privacy Preserving Data Mining on Moving Object Trajectories Győző Gidófalvi Geomatic ApS Center for Geoinformatik Xuegang Harry Huang Torben Bach Pedersen.

Privacy Preserving Data Mining on Moving Object Trajectories Győző Gidófalvi Geomatic ApS Center for Geoinformatik Xuegang Harry Huang Torben Bach Pedersen.
Our Twitter Profiles, Our Selves: Predicting Personality with Twitter Daniele Quercia, Michal Kosinski, David Stillwell, Jon Crowcroft COMP4332 Wong Po.

Our Twitter Profiles, Our Selves: Predicting Personality with Twitter Daniele Quercia, Michal Kosinski, David Stillwell, Jon Crowcroft COMP4332 Wong Po.
A Survey of Patent Search Engine Software Jennifer Lewis April 24, 2007 CSE 8337.

A Survey of Patent Search Engine Software Jennifer Lewis April 24, 2007 CSE 8337.
UOS 1 Ontology Based Personalized Search Zhang Tao The University of Seoul.

UOS 1 Ontology Based Personalized Search Zhang Tao The University of Seoul.
Content-Based Music Information Retrieval in Wireless Ad-hoc Networks.

Content-Based Music Information Retrieval in Wireless Ad-hoc Networks.
Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.

Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.

Similar presentations

Ads by Google