1 / 25

Cloaking and Modeling Techniques for location Privacy protection

Ying Cai Department of Computer Science Iowa State University Ames, IA 50011. Cloaking and Modeling Techniques for location Privacy protection. Location-based Services. Risks Associated with LBS. Exposure of service uses Location privacy . Stalking…. Nightclub. Hospital.

bozica
Télécharger la présentation

Cloaking and Modeling Techniques for location Privacy protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ying Cai Department of Computer Science Iowa State University Ames, IA 50011 Cloaking and Modeling Techniques for location Privacy protection

  2. Location-based Services

  3. Risks Associated with LBS • Exposure of service uses • Location privacy Stalking…. Nightclub Hospital Political Party

  4. Challenge • Restricted space identification • Simply using a pseudonym is not sufficient because anonymous location data may be correlated with restricted spaces such as home and office for subject re-identification ……… identified

  5. Location Depersonalization • Basic idea: reducing location resolution • Report a cloaking region, instead of actual location

  6. Location Depersonalization • Basic idea: reducing location resolution • Report a cloaking region, instead of actual location • Key Issue • Each cloaking area must provide a • desired level of depersonalization, and • be as small as possible

  7. Existing Solution • Ensuring each cloaking area contains a certain number of users [MobiSys’03, ICDCS’05, VLDB’07]

  8. Problems (1) • The anonymity server needs frequent location update from all users • Practicality • Scalability • Difficult to support continuous LBS • Simply ensuring each cloaking region contains K users does not support K-anonymity protection

  9. Problems (2) • Guarantee only anonymous uses of services, but notlocation privacy • An adversary may not know who requests the service, but knows that the K users are all there at the time when the service is requested Where you are and whom you are with are closely related with what you are doing …

  10. The root of the problems • These techniques cloak a user’s position based on his current neighbors

  11. Observation • Public areas are naturally depersonalized • A large number of visits by different people • More footprints, more popular Highway Park

  12. Proposed solution [Infocom’08] • Using footprintsfor location cloaking • A footprint is a historical location sample • Each cloaking region contains at least K different footprints Location privacy protection An adversary may be able to identify all these users, but will not know who was there at what time

  13. Footprint database • Source of footprints • From wireless service carriers, which provide the communication infrastructure • From the users of LBSs, who need to report location for cloaking

  14. Footprint database • Source of footprints • From wireless service carriers, which provide the communication infrastructure • From the users of LBSs, who need to report location for cloaking • Trajectory indexing for efficient retrieval • Partition network domain into cells • Maintain a cell table for each cell

  15. Cloaking Techniques • Sporadic LBS • Each a cloaking region needs to 1) be as small as possible, 2) contain footprints from at least K different users • Continuous LBS • Each trajectory disclosed must be a K-anonymity trajectory (KAT)

  16. Privacy Requirement Modeling • K-anonymity model • To request a desired level of protection, a user needs to specify a value of K • Problem: choosing an appropriate K is difficult • Privacy is about feeling, and it is difficult to scale one’s feeling using a number • A user can always choose a large K, but this will reduce location resolution unnecessarily

  17. Proposed Solution [CCS09] • A feeling-based approach • A user specifies a public region • A spatial region which she feels comfortable that it is reported as her location should she request a service inside it • The public region becomes her privacy requirement • All location reported on her behalf will be at least as popular as the public region she identifies

  18. Challenge • How to measure the popularity of a spatial region? • More visitors  higher popularity • More even distribution  higher popularity • Given a spatial region R, we define • Entropy E(R) = • Popularity P(R) = 2E(R)

  19. Cloaking Techniques • Sporadic LBS • Each cloaking region needs to 1) be as small as possible, 2) have a popularity no less than P(R) • Continuous LBS • A sequence of location updates which form a trajectory • The strategy for sporadic LBSs may not work • Adversary may identify the common set of visitors

  20. Cloaking Techniques • Sporadic LBS • Each disclosed cloaking region must be as small as possible and have a popularity no less than P(R) • Continuous LBS • The time-series sequence of location samples must form a P-Populous Trajectory (PPT) • A trajectory is a PPT if its popularity is no less than P • The popularity of each cloaking region in the trajectory must be computed w.r.t. a common set of users

  21. Finding a cloaking set • A simple solution is to find the set of users who have footprints closest to the service-user • Resolution becomes worse • There may exist another cloaking set which leads to a finer average resolution

  22. Proposed solution • Using populous users for cloaking • Popular users have more footprints spanning in a larger regions • Pyramid footprint indexing • A user is l-popular if she has footprints in all cells at level l Sort users by the level l, and choose the most popular ones as the cloaking set

  23. Simulation • We implement two other strategies for comparison • Naive cloaks each location independently • Plain selects cloaking set by finding footprints closest to service user’s start position • Performance metrics • Cloaking area • Protection level

  24. Experiment • A Location Privacy Aware Gateway (LPAG) • ePost-It: a spatial messaging system [MobiSys’08]

  25. Concluding Remarks • Exploring historical location samples for location cloaking • Up to date, this is the only solution that can prevent anonymous location data from being correlated with restricted spaces to derive who’s where at what time • A feeling-based approach for users to express their location privacy requirement • K-anonymity model was the only choice • A suite of location cloaking algorithms • Satisfy a required level of protection while resulting in good location resolution • A location privacy-aware gateway prototype has been implemented

More Related