Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.

Published byJamel Jaquith Modified over 10 years ago

Similar presentations

Presentation on theme: "On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009."— Presentation transcript:

1 On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009

2 Phones – Always on (Bluetooth, WiFi) – Background apps New hardware going wireless – Cars, passports, keys, … Wireless Trends 2

3 Peer-to-Peer Wireless Networks 3 1 1 Message Identifier 2 2

4 Examples 4 Urban Sensing networks Delay tolerant networks Peer-to-peer file exchange VANETs Social networks

5 Location Privacy Problem 5 a b c Monitor identifiers used in peer-to-peer communications

6 bluetoothtracking.org 6

7 Previous Work Pseudonymous location traces – Home/work location pairs are unique [1] – Re-identification of traces through data analysis [2,3,5] Location traces without any pseudonyms – Re-identification of individual trace and home [4] Attack: Spatio-Temporal correlation of traces 7 Message Identifier [1] P. Golle and K. Partridge. On the Anonymity of Home/Work Location Pairs. Pervasive Computing, 2009 [2] A. Beresford and F. Stajano. Location Privacy in Pervasive Computing. IEEE Pervasive Computing, 2003 [3] B. Hoh et al. Enhancing Security & Privacy in Traffic Monitoring Systems. Pervasive Computing, 2006 [4] B. Hoh and M. Gruteser. Protecting location privacy through path confusion. SECURECOMM, 2005 [5] J. Krumm. Inference Attacks on Location Tracks. Pervasive Computing, 2007 Pseudonym Message

8 Location Privacy with Mix Zones Prevent long term tracking 8 Mix zone 1 1 2 2 1 1 2 2 1 1 a a b b ? Change identifier in mix zones [6,7] Key used to sign messages is changed MAC address is changed [6] A. Beresford and F. Stajano. Mix Zones: User Privacy in Location-aware Services. Pervasive Computing and Communications Workshop, 2004 [7] M. Gruteser and D. Grunwald. Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. Mobile Networks and Applications, 2005

9 Mix Zones Mix network Mix networks vs Mix zones 9 Mix node Mix node Mix node Mix node Mix node Mix node Alice Bob Alice home Alice work

10 Where to place mix zones? 10

11 Outline 1.Mix Zone Effectiveness 2.Placement of Mix Zones 3.Application Example 11 Shibuyu Crossing, Tokyo

12 Mobility Model Nodes move according to flows [8] – A flow defines a trajectory in network – Nodes belong to a single flow – Several nodes share same flow 12 [8] M.C. Gonzalez, C.A. Hidalgo, and A.-L. Barabasi. Understanding individual Human Mobility Patterns. Nature, 2008

13 Mix Zones Model Mix zones have – Set of entry/exit points – Traversed by mobile nodes Mobility profile of a mix zone [6] – Trajectory – Sojourn time 13

14 Trajectory 14 3/41/40 1/3 2/301/3 1/21/4

15 Sojourn Time 15 ΔtΔt Pr( Δ t)

16 Mix Zone Effectiveness Event-Based Metric [6] 16 P v is probability of assignment I = total number of assignments T t t Entering events Exiting events 1 2 ab

17 Event-Based Discussion Precise Measures attacker success Requires installing eavesdropping stations at every mix zones What if nodes are across various windows T High complexity (compute all assignments) 17 + + – –

18 Mix Zone Effectiveness Flow-based Metric Desired properties – Prior to network operation – Rely on general statistics of mobility – Efficient Key idea – Consider average behavior in mix zones – Measure probability of error of adversary 18

19 Decision Theory Model Assume 2 flows f 1, f 2 converge to same exit 19 Mix zone 1 1 x x 2 2 Choice under uncertainty Any event

20 Bayes Decision Rule Choose hypothesis with largest a posteriori probability Minimizes probability of error 20 is the a priori probability that an event belongs to f j is the conditional probability of observing x knowing that x belongs to f j

21 pepe Probability of Error 21

22 Jensen-Shannon Divergence Measure distance between probability distributions 22 Provides both lower and upper bounds for the probability of error

23 Outline 23 Illustration of Metric

24 Outline 1.Mix Zone Effectiveness 2.Placement of Mix Zones 3.Application Example 24

25 Description Central authority decides offline where to deploy mix zones – Knows mobility model – Knows effectiveness of possible mix zones locations 25

26 Distance to Confusion [9] Between mix zones, adversary can track nodes Mix zone = confusion point Bound distance between mix zones 26 Mix zone 1 Mix zone 2 Distance-to-confusion [9] B. Hoh et al.. Virtual Trip Lines for Distributed Privacy-Preserving Traffic Monitoring. MobiSys, 2008

27 Cost of mix zones Use pseudonyms Must remain silent for a period of time Bound cost for each node 27

28 Placement Optimization Use a subset of all possible mix zones 28 Cost Distance to confusion Mix zone effectiveness where w i is cost of a mix zone W max is maximum cost C max is maximum distance-to-confusion

29 Illustration of Algorithm 29 3 3 2 2 1 1 4 4

30 Outline 1.Mix Zone Effectiveness 2.Placement of Mix Zones 3.Application Example 30

31 Simulation Setup Urban mobility simulator (SUMO) – Real (cropped) map – Flows Attack Implementation (MOBIVACY) – Compute mobility profiles for each mix zone – Predict most probable assignment of entering/exiting nodes for each mix zone 31

32 Map of New York City 32

33 Metric & Configuration Matching success of mix zone i Tracking success System parameters – dtc <= 2km – cost <= 3 mix zones 33

34 Mix Zone Performance 34

35 Mix Zone Placement 35 (avg=0.48) (avg=1.56) (avg=1.55) (avg=3.56)

36 Tracking Success for different deployments 36

37 Performance of Deployment 37

38 Tracking Success with different traffic conditions 38

39 Conclusion Construct a network of mix zones Measure of mix zones effectiveness based on – Mobility profiles – Jensen-Shannon divergence Optimization model Results – Optimal algorithm prevents bad placement – 30% increase of location privacy compared to random 39 julien.freudiger@epfl.ch

40 BACKUP SLIDES 40

41 Future Work Real mobility traces – More realistic intersection model Weight location in optimization – Some regions are more sensitive Larger map Other attacks 41

42 How to obtain mix zones? Silent mix zones – Turn off transceiver Passive mix zones – Where adversary is absent – Before connecting to Wireless Access Points Encrypt communications – With help of infrastructure – Distributed 42

43 Event-based Metric Assume adversary knows mobility profiles Consider nodes entering/exiting mix zone i over T time steps P v is probability of assignment I = total number of assignments Average entropy: 43

44 Generalization Consider average behavior 44 Mix zone 1 1 x x 2 2 2 2 2 2 2 2 1 1

45 Mix Zone Placement 45 Average number of traversed mix zone = average cost Optimal performs close to full at much lower cost

46 Tracking Success for different adversary strength 46

47 Tracking Success for different mix zone radius 47

48 Average Tracking Success 48

Download ppt "On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009."

Similar presentations

1 Inducements–Call Blocking. Aware of the Service?

1 Inducements–Call Blocking. Aware of the Service?
Online Max-Margin Weight Learning with Markov Logic Networks Tuyen N. Huynh and Raymond J. Mooney Machine Learning Group Department of Computer Science.

Online Max-Margin Weight Learning with Markov Logic Networks Tuyen N. Huynh and Raymond J. Mooney Machine Learning Group Department of Computer Science.
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.

© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
Cognitive Radio Communications and Networks: Principles and Practice By A. M. Wyglinski, M. Nekovee, Y. T. Hou (Elsevier, December 2009) 1 Chapter 12 Cross-Layer.

Cognitive Radio Communications and Networks: Principles and Practice By A. M. Wyglinski, M. Nekovee, Y. T. Hou (Elsevier, December 2009) 1 Chapter 12 Cross-Layer.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
Energy-Efficient Distributed Algorithms for Ad hoc Wireless Networks Gopal Pandurangan Department of Computer Science Purdue University.

Energy-Efficient Distributed Algorithms for Ad hoc Wireless Networks Gopal Pandurangan Department of Computer Science Purdue University.
15.082 and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem 1 24 35 10, $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $7 25 0 0 0-25.

and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $
15.082 and 6.855J Spanning Tree Algorithms. 2 The Greedy Algorithm in Action 1 2 3 4 5 6 7 35 10 30 15 25 40 20 17 8 15 11 21 1 2 3 4 5 6 7.

and 6.855J Spanning Tree Algorithms. 2 The Greedy Algorithm in Action
Scalable Routing In Delay Tolerant Networks

Scalable Routing In Delay Tolerant Networks
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

Similar presentations

Ads by Google