Download presentation
Presentation is loading. Please wait.
1
1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri Julien Freudiger Murtuza Jadliwala Jean-Pierre Hubaux http://lca.epfl.ch/privacy
2
2 Privacy in Mobile Networks Pervasive Networks Location-based Services
3
3 Privacy in Mobile Networks
4
4 Location Privacy Protection Several privacy preserving mechanisms No common notation in previous work Various metrics for location privacy How to compare different mechanisms? Which metric to use? Is location privacy captured properly?
5
5 Our Contributions 1.A generic framework for location privacy 2.Analysis of the effectiveness of existing location privacy metrics 3.A distortion-based metric that can capture location privacy more accurately
6
6 Outline A Framework for Location Privacy Location Privacy Metrics A Distortion-based Metric
7
7 A Framework for Location Privacy Mobile Users Actual Identities, Pseudonyms Events and Traces (Trajectories)
8
8 Actual Events/Traces 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 events ----------------------------------------------- Color: user identity Number: time-stamp Position in the map: location-stamp 01
9
9 A Framework for Location Privacy Mobile Users Actual Identities, Pseudonyms Events and Traces (Trajectories) Location Privacy Preserving Mechanisms
10
10 Anonymization Location Privacy Preserving Mechanism Observation Reconstruction Obfuscation Elimination Attack Actual Events Observable Events A Framework for Location Privacy Transformation function
11
11 Location Privacy Preserving Mechanisms 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18
12
12 Location Privacy Preserving Mechanisms 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Elimination
13
13 Location Privacy Preserving Mechanisms 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Elimination Obfuscation
14
14 Location Privacy Preserving Mechanisms 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Elimination Obfuscation Anonymization
15
15 A Framework for Location Privacy Mobile Users Actual Identities, Pseudonyms Events and Traces (Trajectories) Location Privacy Preserving Mechanisms Adversary
16
16 Adversary Knows the privacy preserving mechanism Knows how users tend to move Profiles users mobility –What is the probability of going from a location to another location in a given time period –What is the probability of being in a location at a time instance (density of users on the map) Aims at reconstructing users actual events
17
17 A Framework for Location Privacy Mobile Users Actual Identities, Pseudonyms Events and Traces (Trajectories) Location Privacy Preserving Mechanisms Adversary Location Privacy Metrics
18
18 Linkablity Graph 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Vertices: observed events Directed edges: linking subsequent events of the same user Weight of an edge: linkability probability
19
19 Outline A Framework for Location Privacy Location Privacy Metrics: Description A Distortion-based Metric
20
20 Existing Location Privacy Metrics Uncertainty-based “Clustering Error”-based K-anonymity
21
21 Uncertainty-based Metrics 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 C. Diaz, S. Seys, J. Claessens, and B. Preneel. Towards measuring anonymity. In PET, 2002. A. Serjantov and G. Danezis. Towards an information theoretic metric for anonymity. In PET, 2002. A. R. Beresford and F. Stajano. Mix zones: User privacy in location-aware services. IEEE PerCom Workshops, 2004. User privacy at the time of an observed event adversary’s uncertainty (i.e., Entropy) in linking that event with its subsequent events
22
22 “Clustering Error”-based Metrics 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 System privacy Average distance of the adversary set partition and the actual set partition B. Hoh and M. Gruteser. Protecting location privacy through path confusion. In SECURECOMM, 2005. L. Fischer, S. Katzenbeisser, and C. Eckert. Measuring unlinkability revisited. In ACM WPES, 2008. 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Actual set partition ■■ Adversary set partition ■■
23
23 K-anonymity P. Samarati and L. Sweeney. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. In IEEE Symposium Research in Security and Privacy, 1998. L. Sweeney. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst., 10(5), 2002. M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In ACM MobiSys, 2003. 01 03 07 09 12 14 16 17 18 02 04 05 11 13 15 18 05 At an observed event, a user is k-anonymous if there are at least k-1 other users that have the same observed events 05
24
24 Outline A Framework for Location Privacy Location Privacy Metrics: Evaluation A Distortion-based Metric
25
25 Evaluation: Scenario 1 Drawback of uncertainty-based and k-anonymity metrics 12 14 16 17 18 11 13 15 18 05 02 04 05 02 04 Adversary’s Probability of error Adversary’s tracking error
26
26 Evaluation: Scenario 2 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Drawback of “clustering error”-based metrics Adversary mistake The clustering error is high although both users are tracked most of the time
27
27 Outline A Framework for Location Privacy Location Privacy Metrics A Distortion-based Metric
28
28 A Distortion-based Metric (1) For each observed event for a given user For each time instance Predict the subsequent events (based on the adversary knowledge) Until the next observed event Distortion at each time instance The expected error (in space) in predicted events 02 03 p2p2 p1p1 d1d1 d2d2 D = P 1.d 1 +p 2.d 2 observed predicted actual
29
29 05 07 09 12 02 04 05 11 13 03 02 04 05 06 07 08 09 10 11 10 11 04 02 04 05 03 06 07 08 09 10 11 Linkability graph Actual trace 08 09 A Distortion-based Metric (2)
30
30 Evaluation: Scenario 1 12 14 16 17 18 11 13 15 18 05 02 04 05 02 04 Adversary’s Probability of error Adversary’s tracking error
31
31 Evaluation: Scenario 2 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Adversary mistake
32
32 Sensitivity to Location/Time 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Home Work Place Sensitivity of a user to a locations at a specific time instance Friend’s Place We weight the distortion based on the sensitivity of a user to a location/time parir
33
33 Conclusion and Future Work A framework for location privacy Modeling different metrics within our framework A new distortion-metric for measuring location privacy that satisfies the expected criteria Future: Modeling time obfuscation methods Future: Using the metric in different scenarios http://lca.epfl.ch/privacy
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.