Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.

Similar presentations


Presentation on theme: "1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri."— Presentation transcript:

1 1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri Julien Freudiger Murtuza Jadliwala Jean-Pierre Hubaux http://lca.epfl.ch/privacy

2 2 Privacy in Mobile Networks Pervasive Networks Location-based Services

3 3 Privacy in Mobile Networks

4 4 Location Privacy Protection Several privacy preserving mechanisms No common notation in previous work Various metrics for location privacy How to compare different mechanisms? Which metric to use? Is location privacy captured properly?

5 5 Our Contributions 1.A generic framework for location privacy 2.Analysis of the effectiveness of existing location privacy metrics 3.A distortion-based metric that can capture location privacy more accurately

6 6 Outline A Framework for Location Privacy Location Privacy Metrics A Distortion-based Metric

7 7 A Framework for Location Privacy Mobile Users Actual Identities, Pseudonyms Events and Traces (Trajectories)

8 8 Actual Events/Traces 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 events ----------------------------------------------- Color: user identity Number: time-stamp Position in the map: location-stamp 01

9 9 A Framework for Location Privacy Mobile Users Actual Identities, Pseudonyms Events and Traces (Trajectories) Location Privacy Preserving Mechanisms

10 10 Anonymization Location Privacy Preserving Mechanism Observation Reconstruction Obfuscation Elimination Attack Actual Events Observable Events A Framework for Location Privacy Transformation function

11 11 Location Privacy Preserving Mechanisms 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18

12 12 Location Privacy Preserving Mechanisms 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Elimination

13 13 Location Privacy Preserving Mechanisms 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Elimination Obfuscation

14 14 Location Privacy Preserving Mechanisms 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Elimination Obfuscation Anonymization

15 15 A Framework for Location Privacy Mobile Users Actual Identities, Pseudonyms Events and Traces (Trajectories) Location Privacy Preserving Mechanisms Adversary

16 16 Adversary Knows the privacy preserving mechanism Knows how users tend to move Profiles users mobility –What is the probability of going from a location to another location in a given time period –What is the probability of being in a location at a time instance (density of users on the map) Aims at reconstructing users actual events

17 17 A Framework for Location Privacy Mobile Users Actual Identities, Pseudonyms Events and Traces (Trajectories) Location Privacy Preserving Mechanisms Adversary Location Privacy Metrics

18 18 Linkablity Graph 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Vertices: observed events Directed edges: linking subsequent events of the same user Weight of an edge: linkability probability

19 19 Outline A Framework for Location Privacy Location Privacy Metrics: Description A Distortion-based Metric

20 20 Existing Location Privacy Metrics Uncertainty-based “Clustering Error”-based K-anonymity

21 21 Uncertainty-based Metrics 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 C. Diaz, S. Seys, J. Claessens, and B. Preneel. Towards measuring anonymity. In PET, 2002. A. Serjantov and G. Danezis. Towards an information theoretic metric for anonymity. In PET, 2002. A. R. Beresford and F. Stajano. Mix zones: User privacy in location-aware services. IEEE PerCom Workshops, 2004. User privacy at the time of an observed event adversary’s uncertainty (i.e., Entropy) in linking that event with its subsequent events

22 22 “Clustering Error”-based Metrics 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 System privacy Average distance of the adversary set partition and the actual set partition B. Hoh and M. Gruteser. Protecting location privacy through path confusion. In SECURECOMM, 2005. L. Fischer, S. Katzenbeisser, and C. Eckert. Measuring unlinkability revisited. In ACM WPES, 2008. 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Actual set partition ■■ Adversary set partition ■■

23 23 K-anonymity P. Samarati and L. Sweeney. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. In IEEE Symposium Research in Security and Privacy, 1998. L. Sweeney. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst., 10(5), 2002. M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In ACM MobiSys, 2003. 01 03 07 09 12 14 16 17 18 02 04 05 11 13 15 18 05 At an observed event, a user is k-anonymous if there are at least k-1 other users that have the same observed events 05

24 24 Outline A Framework for Location Privacy Location Privacy Metrics: Evaluation A Distortion-based Metric

25 25 Evaluation: Scenario 1 Drawback of uncertainty-based and k-anonymity metrics 12 14 16 17 18 11 13 15 18 05 02 04 05 02 04 Adversary’s Probability of error Adversary’s tracking error

26 26 Evaluation: Scenario 2 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Drawback of “clustering error”-based metrics Adversary mistake The clustering error is high although both users are tracked most of the time

27 27 Outline A Framework for Location Privacy Location Privacy Metrics A Distortion-based Metric

28 28 A Distortion-based Metric (1) For each observed event for a given user For each time instance Predict the subsequent events (based on the adversary knowledge) Until the next observed event Distortion at each time instance The expected error (in space) in predicted events 02 03 p2p2 p1p1 d1d1 d2d2 D = P 1.d 1 +p 2.d 2 observed predicted actual

29 29 05 07 09 12 02 04 05 11 13 03 02 04 05 06 07 08 09 10 11 10 11 04 02 04 05 03 06 07 08 09 10 11 Linkability graph Actual trace 08 09 A Distortion-based Metric (2)

30 30 Evaluation: Scenario 1 12 14 16 17 18 11 13 15 18 05 02 04 05 02 04 Adversary’s Probability of error Adversary’s tracking error

31 31 Evaluation: Scenario 2 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Adversary mistake

32 32 Sensitivity to Location/Time 01 03 05 07 09 12 14 16 17 18 02 04 05 11 13 15 18 Home Work Place Sensitivity of a user to a locations at a specific time instance Friend’s Place We weight the distortion based on the sensitivity of a user to a location/time parir

33 33 Conclusion and Future Work A framework for location privacy Modeling different metrics within our framework A new distortion-metric for measuring location privacy that satisfies the expected criteria Future: Modeling time obfuscation methods Future: Using the metric in different scenarios http://lca.epfl.ch/privacy


Download ppt "1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri."

Similar presentations


Ads by Google