Presentation is loading. Please wait.

Presentation is loading. Please wait.

On Non-Cooperative Location Privacy: A Game-theoreticAnalysis

Published byQuentin Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "On Non-Cooperative Location Privacy: A Game-theoreticAnalysis"— Presentation transcript:

1 On Non-Cooperative Location Privacy: A Game-theoreticAnalysis
CCS 2009 Julien Freudiger, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux David C. Parkes

2 Pervasive Wireless Networks
Vehicular networks Mobile Social networks Human sensors Many new devicesequippedwith Wireless interfaces. Many new applications. Personal WiFi bubble

3 Peer-to-Peer Communications
WiFi/Bluetooth enabled 1 2 Peer-to-Peer wireless network WiFi, Bluetooth Location privacy problem Third party can track location of nodes by monitoring identifiers Obtain location traces MAC address, authentication credentials Message Identifier Signature || Certificate

4 Location Privacy Problem
Passive adversary monitors identifiers used in peer-to-peer communications 1 13h00: Lunch 11h00: Art Institute 10h00: Millenium Park Easy mass surveillance of location (not by network operator, but by anyone with WiFi sniffer)

5 Spatio-Temporal correlation of traces
Previous Work Message Pseudonym Message Identifier Pseudonymity is not enough for location privacy [1, 2] Removing pseudonyms is not enough either [3] Spatio-Temporal correlation of traces Linkability breaks anonymity. Need spatial and temporal decorrelation of traces => Filtering based on tracking model [1] P. Golle and K. Partridge. On the Anonymity of Home/Work Location Pairs. Pervasive Computing, 2009 [2] B. Hoh et al. Enhancing Security & Privacy in Traffic Monitoring Systems. Pervasive Computing, 2006 [3] B. Hoh and M. Gruteser. Protecting location privacy through path confusion. SECURECOMM, 2005

6 Location Privacy with Mix Zones
Spatial decorrelation: Remain silent Temporal decorrelation: Change pseudonym y ? 1 1 Notionof cooperation x 2 2 Mix zone Why should a node participate? [1] A. Beresford and F. Stajano. Mix Zones: user privacy in location aware services. Percom, 2004

7 Mix Zone Privacy Gain B D 1 x 2 y t- t=T Number of nodes in mix zone
Note: A node not changing does not get anything => no free-riding Need for coordination here! Number of nodes in mix zone

8 Cost caused by Mix Zones
Turn off transceiver Routing is difficult Load authenticated pseudonyms + + Inconvenience of =

9 When should nodes change pseudonym?
Problem Tension between cost and benefit of mix zones When should nodes change pseudonym? A lot of discussions of “human nature” and evolution often get down to a game theory Game theoryallows to predictbehavior of nodes

10 Method Game theory Example Evaluate strategies
Rational Behavior Selfishoptimization Security protocols Multi-party computations Game theory Evaluate strategies Predict evolution of security/privacy Example Cryptography Revocation Privacymechanisms Traditionally: global optimization, derive good moment to change pseudonym. Here, consider rational behavior. Allows to predictevolution: Notion of equilibriumstrategy, best wecan do withoutbeingexploited.

11 Outline User-centric Model Pseudonym Change Game Results Contributions
User centricdoesntmeanusers have to makeanydecisions. Meansdecisionsdepend on usersproperties. Contributions Propose user-centric model of location privacy Derivestrategies of rational nodes Evaluate effect of rationality on location privacy

12 Mix Zone Establishment
In pre-determined regions [1] Dynamically [2] Distributed protocol Particularly appealing for MANET because no need for infrastructure nor prior knowledge We rely on their protocol. [1] A. Beresford and F. Stajano. Mix Zones: user privacy in location aware services. PercomW, 2004 [2] M. Li et al. Swing and Swap: User-centric approaches towards maximizing location privacy . WPES, 2006

13 User-Centric Location Privacy Model
Privacy = Ai(T) – PrivacyLoss Privacy Ai(T1) Ai(T2) Not cumulative Traceable for some time t Traceable

14 Pros/Cons of user-centric Model
Control when/where to protect your privacy Con Misaligned incentives

15 Outline User-centric Model Pseudonym Change Game Results

16 Assumptions Pseudonym Change game Simultaneous decision
1 2 Pseudonym Change game Simultaneous decision Players want to maximize their payoff Consider privacy upperboundAi(T) = log2(n(t))

17 Game Model Players Strategy Mobile nodes in transmission range
There is a game iif Strategy Cooperate (C) : Change pseudonym Defect (D): Do not change pseudonym

18 Pseudonym Change Game C D 3 2 1 t t1 Silent period

19 Payoff Function ui = privacy - cost If C & Not alone, then
ui = Ai(T)- γ If C & Alone, then ui = ui-- γ Formally Alpha is a more subtle cost that models the fact that the more errors the more unhappy we are Abstract time If D, then ui = ui-

20 Sequence of Pseudonym Change Games
5 6 E2 7 8 9 C3 2 3 4 E1 1 ui Ai(T1)- γ Ai(T2)- γ Costs are gamma and beta γ E3 E1 E2

21 Outline User-centric Model Pseudonym Change Game Results

22 Each player knows the payoff of its opponents
C-Game Complete information Each player knows the payoff of its opponents

23 Two pure-strategy Nash Equilibria (NE): (C,C)&(D,D)
2-Player C-Game Two pure-strategy Nash Equilibria (NE): (C,C)&(D,D) One mixed-strategy NE Log2(2)=1 Coordination game: situation in which all parties can realize mutual gains, but only by making mutually consistent decisions. Mixed strategy, each other depend on the other’s utility.

24 Best Response Correspondence
1 mixed-strategy NE 2 pure-strategy NE Explain the meaning of Best resp

25 n-Player C-Game All Defection is always a NE
Theorem The static n-player pseudonym change C-game has at least 1 and at most 2 pure strategy Nash equilibria. All Defection is always a NE A NE with cooperation exists iif there is a group of k users with NE with cooperation does not always exists. Depends on users and their private information. Payoffs are asymmetric. in the group of k nodes

26 Result 1: high coordination among nodes at NE
C-Game Results Result 1: high coordination among nodes at NE Change pseudonyms only when necessary Otherwise defect Idea:Whenever gain issufficient, change pseudonym.

27 I-Game Incomplete information
Players don’t know the payoff of their opponents Explain why it makes more sense to consider incomplete information

28 Predict action of opponents based on pdf over type
Bayesian Game Theory Define type of playerθi = ui- Predict action of opponents based on pdf over type If you cannot know, they you guess Private information = what others don’t know, determines move (E.g. mixed strategies)

29 Environment Lowprivacy Middle privacy High privacy

30 Threshold Strategy A threshold determines players’ action
Probability of cooperation is θi D ~ θi C t Idea: Change pseudonym only when expected gain is better than current privacy level

31 2-Player I-Game Bayesian NE
~ Find threshold θi* such that Average utility of cooperation = Average utility of defection This is a sufficient condition for the existence of BNE assuming that we have threshold strategies.

32 Result 2: Large costincreasescooperationprobability.
Solve numerically (Matlabfsolve) with varying gamma Symmetric equilibria, three equilibria. Probability of cooperation increases with a higher cost of pseudonyms. Intermediate equilibrium varies according to distribution of types.

33 Result 3: Strategiesadapt to yourenvironment.
Surprisingresult:

34 Result 4: A large number of nodes n provides incentive not to cooperate
Surprising result: As n increases, probability to cooperate (ratio max theta, theta*) at eq decreases => non-coop behavior is less important

35 Conclusion Rational behavior in location privacy protocol
Propose a user-centric model of location privacy Introduce Pseudonym Change game Derive existence of equilibrium strategies Evaluate effect of non-cooperative behavior Outcome: Protocol for distributed pseudonym changes among rational nodes Future: Evaluate performance of protocol

36 lca.epfl.ch/privacy

37 Backup Slides

38 Payoff Function C D If , then If , then If , then where
Formally Alpha is a more subtle cost that models the fact that the more errors the more unhappy we are Abstract time where the payoff function at the time immediately prior to the strategy of the opponents of i the number of cooperating nodes besides i

39 Best Response Correspondence
1 mixed-strategy NE 2 pure-strategy NE Explain the meaning of Best resp

40 Type Incomplete information =>imperfect information [1]
Type captures the private information of players Assume type is distributed with probability known to all players Each player can predict the behavior of its opponents with Bayesian Game Theory If you cannot know, they you guess Private information = what others don’t know, determines move (E.g. mixed strategies) [1] J. Harsanyi. Games with Incomplete Information Played by Bayesian Players . Management Science , 1967

41 Result 3: Strategies adapt to environment.

42 PseudoGame Protocol

Download ppt "On Non-Cooperative Location Privacy: A Game-theoreticAnalysis"

Similar presentations

On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.

On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.
Evolving Cooperation in the N-player Prisoner's Dilemma: A Social Network Model Dept Computer Science and Software Engineering Golriz Rezaei Michael Kirley.

Evolving Cooperation in the N-player Prisoner's Dilemma: A Social Network Model Dept Computer Science and Software Engineering Golriz Rezaei Michael Kirley.
EPFL, Lausanne, Switzerland Márk Félegyházi Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks – the Static Case Márk Félegyházi.

EPFL, Lausanne, Switzerland Márk Félegyházi Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks – the Static Case Márk Félegyházi.
This Segment: Computational game theory Lecture 1: Game representations, solution concepts and complexity Tuomas Sandholm Computer Science Department Carnegie.

This Segment: Computational game theory Lecture 1: Game representations, solution concepts and complexity Tuomas Sandholm Computer Science Department Carnegie.
3. Basic Topics in Game Theory. Strategic Behavior in Business and Econ Outline 3.1 What is a Game ? 3.1.1 The elements of a Game 3.1.2 The Rules of the.

3. Basic Topics in Game Theory. Strategic Behavior in Business and Econ Outline 3.1 What is a Game ? The elements of a Game The Rules of the.
© 2009 Institute of Information Management National Chiao Tung University Game theory The study of multiperson decisions Four types of games Static games.

© 2009 Institute of Information Management National Chiao Tung University Game theory The study of multiperson decisions Four types of games Static games.
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
DARWIN: Distributed and Adaptive Reputation Mechanism for Wireless Ad- hoc Networks CHEN Xiao Wei, Cheung Siu Ming CSE, CUHK May 15, 2008 This talk is.

DARWIN: Distributed and Adaptive Reputation Mechanism for Wireless Ad- hoc Networks CHEN Xiao Wei, Cheung Siu Ming CSE, CUHK May 15, 2008 This talk is.
Congestion Games with Player- Specific Payoff Functions Igal Milchtaich, Department of Mathematics, The Hebrew University of Jerusalem, 1993 Presentation.

Congestion Games with Player- Specific Payoff Functions Igal Milchtaich, Department of Mathematics, The Hebrew University of Jerusalem, 1993 Presentation.
ECO290E: Game Theory Lecture 5 Mixed Strategy Equilibrium.

ECO290E: Game Theory Lecture 5 Mixed Strategy Equilibrium.
Chapter 6 Game Theory © 2006 Thomson Learning/South-Western.

Chapter 6 Game Theory © 2006 Thomson Learning/South-Western.
Chapter 6 Game Theory © 2006 Thomson Learning/South-Western.

Chapter 6 Game Theory © 2006 Thomson Learning/South-Western.
An Introduction to... Evolutionary Game Theory

An Introduction to... Evolutionary Game Theory
 1. Introduction to game theory and its solutions.  2. Relate Cryptography with game theory problem by introducing an example.  3. Open questions and.

 1. Introduction to game theory and its solutions.  2. Relate Cryptography with game theory problem by introducing an example.  3. Open questions and.
EC941 - Game Theory Lecture 7 Prof. Francesco Squintani

EC941 - Game Theory Lecture 7 Prof. Francesco Squintani
Short introduction to game theory 1. 2  Decision Theory = Probability theory + Utility Theory (deals with chance) (deals with outcomes)  Fundamental.

Short introduction to game theory 1. 2  Decision Theory = Probability theory + Utility Theory (deals with chance) (deals with outcomes)  Fundamental.
Appendix B: A tutorial on game theory for wireless networks

Appendix B: A tutorial on game theory for wireless networks
A Introduction to Game Theory Xiuting Tao. Outline  1 st a brief introduction of Game theory  2 nd Strategic games  3 rd Extensive games.

A Introduction to Game Theory Xiuting Tao. Outline  1 st a brief introduction of Game theory  2 nd Strategic games  3 rd Extensive games.
Using Game Theoretic Approach to Analyze Security Issues In Ad Hoc Networks Term Presentation Name: Li Xiaoqi, Gigi Supervisor: Michael R. Lyu Department:

Using Game Theoretic Approach to Analyze Security Issues In Ad Hoc Networks Term Presentation Name: Li Xiaoqi, Gigi Supervisor: Michael R. Lyu Department:
Chapter 6 © 2006 Thomson Learning/South-Western Game Theory.

Chapter 6 © 2006 Thomson Learning/South-Western Game Theory.

Similar presentations

Ads by Google