Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 (ECE 256: Wireless Networking and Mobile Computing) Location Privacy in Mobile Computing Topics: Pseudonymns, CliqueCloak, Path Confusion, CacheCloak.

Published byDamien Church Modified over 10 years ago

Similar presentations

Presentation on theme: "1 (ECE 256: Wireless Networking and Mobile Computing) Location Privacy in Mobile Computing Topics: Pseudonymns, CliqueCloak, Path Confusion, CacheCloak."— Presentation transcript:

1 1 (ECE 256: Wireless Networking and Mobile Computing) Location Privacy in Mobile Computing Topics: Pseudonymns, CliqueCloak, Path Confusion, CacheCloak …

2 2 Context Better localization technology + Pervasive wireless connectivity = Location-based pervasive applications

3 3 Location-Based Apps For Example:  GeoLife shows grocery list on phone when near WalMart  Micro-Blog allows querying people at a desired region  Location-based ad: Phone gets coupon at Starbucks  … Location expresses context of user  Facilitating content delivery Location is the IP address Its as if for content

4 4 Double-Edged Sword While location drives this new class of applications, it also violates user’s privacy Sharper the location, richer the app, deeper the violation

5 5 The Location Based Service Workflow Client Server LBS Database (Location Based Service) Request: Retrieve all available services in client’s location Forward to local service: Retrieve all available services in location Reply:

6 6 The Location Anonymity Problem Client Server LBS Database (Location Based Service) Request: Retrieve all bus lines from location to address == Privacy Violated

7 7 Moreover, range of apps are PUSH based. Require continuous location information Phone detected at Starbucks, PUSH a coffee coupon Phone located on highway, query traffic congestion Double-Edged Sword

8 8 Location Privacy Problem: Research: Continuous location exposure a serious threat to privacy Continuous location exposure a serious threat to privacy Preserve privacy without sacrificing the quality of continuous loc. based apps Preserve privacy without sacrificing the quality of continuous loc. based apps

9 9 Just Call Yourself ``Freddy” Pseudonymns  Effective only when infrequent location exposure  Else, spatio-temporal patterns enough to deanonymize … think breadcrumbs Romit’s Office John LeslieJack Susan Alex

10 10 A Customizable k-Anonymity Model for Protecting Location Privacy Paper by: B. Gedik, L.Liu (Georgia Tech) Slides adopted from: Tal Shoseyov

11 11 Location Anonymity “A message from a client to a database is called location anonymous if the client’s identity cannot be distinguished from other users based on the client’s location information.” Database

12 12 k-Anonymity “A message from a client to a database is called location k-anonymous if the client cannot be identified by the database based on the client’s location from other k-1 clients.”

13 13 Implementation of Location Anonymity Client sends plain request to the server Server sends “anonymized” message Database executes request according to the received anonymous data Database replies to server with compiled data Server forwards data to client Server transforms the message by “anonymizing” the location data in the message

14 14 Implementation of Location k-Anonymity Spatial Cloaking – Setting a range of space to be a single box, where all clients located within the range are said to be in the “same location”. x y Temporal Cloaking – Setting a time interval, where all the clients in a specific location sending a message in that time interval are said to have sent the message in the “same time”. t

15 15 Implementation of Location k-Anonymity x y t Spatial-Temporal Cloaking – Setting a range of space and a time interval, where all the messages sent by client inside the range in that time interval. This spatial and temporal area is called a “cloaking box”.

16 16 Previous solutions M. Gruteser, D Grunwald (2003) – For a fixed k value, the server finds the smallest area around the client’s location that potentially contains k-1 different other clients, and monitoring that area over time until such k-1 clients are found. Drawback: Fixed anonymity value for all clients (service dependent)

17 17 The CliqueCloak Approach Definitions:Constraint Area: For a message m, a constraint area is a spatial-temporal area that contains the sending client’s location. A client sends his message along with a constraint area to prevent the database from sending the client useless information on locations outside the constraint area. x y m k=3

18 18 The CliqueCloak Approach Definitions: m 2 k=3 m 1 k=2 m 4 k=3 x y Cloaking Box: A spatial and temporal area assigned to a transformed message. A valid cloaking box must comply to the following conditions: 1. The client that sent the message m is located in the cloaking box 2. The number of different clients inside the cloaking box must be at least m.k (the anonymity level of the message). 3. The cloaking box must be included inside the message’s constraint area.

19 19 The CliqueCloak Approach Constraint Graph: Each mobile node is a vertice in the graph, and 2 nodes are connected iff each of them is inside the other node’s constraint area. x y m 2 k=3 m 1 k=2 m 3 k=2 m 4 k=3 Definitions: An l-clique in that graph such that l ≥ m i.k for each i is mapped by the algorithm to a spatial cloaking box, where all messages in the clique will be transformed using the cloaking box, making each of the messages’ senders indistinguishable from one another. Approach:

20 20 The CliqueCloak Algorithm The Idea: x y t For each plain message, along with its constraints and anonymity level k, we try to find a k-clique in the constraint graph and convert the clique into a spatial cloaking box. Each of the messages inside the cloaking box will be converted into transformed messages, replacing their location values with the cloaking box. We try finding a cloaking box for a message until it is expired (exceeds its temporal constraints).

21 21 Does CliqueCloak solve the location privacy problem? Any further concerns? Doubts?

22 22 Add Noise K-anonymity and CliqueCloak  Convert location to a space-time bounding box  Ensure K users in the box  Location Apps reply to boxed region Issues  Poor quality of location  Degrades in sparse regions  Not real-time You Bounding Box K=4

23 23 Confuse Via Mixing Path intersections is an opportunity for privacy  If users intersect in space-time, cannot say who is who later Issues  Users may not be collocated in space and time  Mixing still possible at the expense of delay

24 24 Existing solutions seem to suggest: Privacy and Quality of Localization (QoL) is a zero sum game Need to sacrifice one to gain the other

25 25 Ideal Solution Should Break away from this tradeoff Target: Spatial accuracy Real-time updates Privacy guarantees Even in sparse populations Another Idea: CacheCloak

26 26 CacheCloak Intuition Exploit mobility prediction to create future path intersections User’s paths are like crossroads of breadcrumbs App knows precise locations, but doesn’t know the user

27 27 CacheCloak Assume trusted privacy provider  Reveal location to CacheCloak  CacheCloak exposes anonymized location to Loc. App CacheCloak Loc. App1 Loc. App2 Loc. App3 Loc. App4

28 28 CacheCloak Design User A drives down path P1  P1 is a sequence of locations  CacheCloak has cached response for each location User A takes a new turn (no cached response)  CacheCloak predicts mobility  Deliberately intersects predicted path with another path P2  Exposes predicted path to application Application replies to queries for entire path CacheCloak always knows user’s current location  Forwards cached responses for that precise location

29 29 CacheCloak Design Adversary confused  New path intersects paths P1 and P2 (crossroads)  Not clear where the user came from or turned onto Example …

30 30 Example

31 31 Benefits Real-time  Response ready when user arrives at predicted location High QoL  Responses can be specific to location  Overhead on the wired backbone (caching helps) Entropy guarantees  Entropy increases at traffic intersections  In low regions, desired entropy possible via false branching Sparse population  Can be handled with dummy users

32 32 Quantifying Privacy City converted into grid of small sqaures (pixels)  Users are located at a pixel at a given time Each pixel associated with 8x8 matrix  Element (x, y) = probability that user enters x and exits y Probabilities diffuse  At intersections  Over time Privacy = entropy x y pixel

33 33 Diffusion Probability of user’s presence diffuses  Diffusion gradient computed based on history  i.e., what fraction of users take right turn at this intersection Time t 1 Time t 2 Time t 3 Road Intersection

34 34 Evaluation Trace based simulation  VanetMobiSim + US Census Bureau trace data  Durham map with traffic lights, speed limits, etc.  Vehicles follow Google map paths  Performs collision avoidance 6km x 6km 10m x 10m pixel 1000 cars 6km x 6km 10m x 10m pixel 1000 cars

35 35 Results High average entropy  Quite insensitive to user density (good for sparse regions)  Minimum entropy reasonably high

36 36 Results Per-user entropy  Increases quickly over time  No user starves of location privacy

37 37 Issues and Limitations CacheCloak overhead  Application replies to lots of queries  However, overhead on wired infrastructure  Caching reduces this overhead significantly CacheCloak assumes same, indistinguishable query  Different queries can deanonymize  Need more work Per-user privacy guarantee not yet supported  Adaptive branching & dummy users

38 38 Closing Thoughts Two nodes may intersect in space but not in time Mixing not possible, without sacrificing timeliness Mobility prediction creates space-time intersections Enables virtual mixing in future

39 39 Closing Thoughts CacheCloak Implements the prediction and caching function Significant entropy attained even under sparse population Spatio-temporal accuracy remains uncompromised

40 40 Final Take Away Chasing a car is easier on highways … Much harder in Manhattan crossroads CacheCloak tries to turn a highway into a virtual Manhattan … Well, sort of …

41 41 Questions?

42 42 Emerging trends in content distribution Content delivered to a location / context  As opposed to a destination address Thus, “location” is a key driver of content delivery IP address : Internet = Location : CDN New wave of applications

43 43 Emerging trends in content distribution Content delivered to a location / context  As opposed to a destination address Thus, “location” is a key driver of content delivery IP address : Internet = Location : CDN New wave of applications

44 44 Example

45 45 Location Privacy Problem: Continuous location exposure deprives user of her privacy. Continuous location exposure deprives user of her privacy.

46 46 Location Frequency Some location apps are reactive / infrequent  E.g., List Greek restaurants around me now (PULL) But, many emerging apps are proactive  E.g., Phone detected at Starbucks, PUSH a coffee coupon

47 47 Location Frequency Some location apps are reactive / infrequent  E.g., List Greek restaurants around me now (PULL) But, many emerging apps are proactive  E.g., Phone detected at Starbucks, PUSH a coffee coupon Opportunity for Big Bro to track you over space and time Proactive apps require continuous location Proactive apps require continuous location

48 48 Categorizing Apps Some location apps are reactive  You ask, App answers  E.g., Pull all Greek restaurants around your location But, many emerging apps are proactive  E.g., Phone detected at Starbucks, PUSH a coffee coupon

49 49 Categorizing Apps Some location apps are reactive  You ask, App answers  E.g., Pull all Greek restaurants around your location But, many emerging apps are proactive  E.g., Phone detected at Starbucks, PUSH a coffee coupon Proactive apps require continuous location Proactive apps require continuous location

Download ppt "1 (ECE 256: Wireless Networking and Mobile Computing) Location Privacy in Mobile Computing Topics: Pseudonymns, CliqueCloak, Path Confusion, CacheCloak."

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
1 Leveraging social networking in your business marketing Leveraging social networking in your business marketing.

1 Leveraging social networking in your business marketing Leveraging social networking in your business marketing.
Angstrom Care 培苗社 Quadratic Equation II

Angstrom Care 培苗社 Quadratic Equation II
Zhongxing Telecom Pakistan (Pvt.) Ltd

Zhongxing Telecom Pakistan (Pvt.) Ltd
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
& dding ubtracting ractions.

& dding ubtracting ractions.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Processes and Operating Systems

Processes and Operating Systems
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Objectives: Generate and describe sequences. Vocabulary:

Objectives: Generate and describe sequences. Vocabulary:
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
1 Hyades Command Routing Message flow and data translation.

1 Hyades Command Routing Message flow and data translation.
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
We need a common denominator to add these fractions.

We need a common denominator to add these fractions.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.

Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.
Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.

Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.
Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.

Process a Customer Chapter 2. Process a Customer 2-2 Objectives Understand what defines a Customer Learn how to check for an existing Customer Learn how.

Similar presentations

Ads by Google