/
Cloaking and Modeling Techniques for location Privacy prote Cloaking and Modeling Techniques for location Privacy prote

Cloaking and Modeling Techniques for location Privacy prote - PowerPoint Presentation

giovanna-bartolotta
giovanna-bartolotta . @giovanna-bartolotta
Follow
387 views
Uploaded On 2016-03-03

Cloaking and Modeling Techniques for location Privacy prote - PPT Presentation

Ying Cai Department of Computer Science Iowa State University Ames IA 50011 Locationbased Services Risks Associated with LBS Exposure of service uses Location privacy Hospital Political Party ID: 240414

cloaking location users region location cloaking region users footprints service privacy set level trajectory solution popularity protection anonymity techniques

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Cloaking and Modeling Techniques for loc..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Cloaking and Modeling Techniques for location Privacy protection

Ying Cai

Department of Computer Science

Iowa State University

Ames, IA 50011Slide2

Location-based ServicesSlide3

Risks Associated with LBS

Exposure of service uses

Location privacy

Hospital

Political Party

Nightclub

Stalking….Slide4

Challenge

Restricted space identification

Simply using a pseudonym is not sufficient because anonymous location data may be correlated with restricted spaces such as home and office for subject re-identification

………

identifiedSlide5

Location Depersonalization

Basic idea: reducing location resolution

Report a

cloaking region

, instead of actual locationSlide6

Location Depersonalization

Basic idea: reducing location resolution

Report a

cloaking region

, instead of actual location

Key Issue

E

ach cloaking area must provide a

desired

level of

depersonalization,

and

be

as small as possibleSlide7

Existing Solution

Ensuring each cloaking area contains a certain number of users

[MobiSys’03, ICDCS’05, VLDB’07]Slide8

Problems (1)

The anonymity server needs frequent location update from

all

users

Practicality

Scalability

Difficult to support continuous LBS

Simply ensuring each cloaking region contains K users does not support K-anonymity protectionSlide9

Problems (2)

Guarantee only

anonymous uses of services

, but

not

location privacyAn adversary may not know who requests the service, but knows that the K users are all there at the time when the service is requested

Where you are and whom you are with are closely related with what you are doing …Slide10

The root of the problems

These techniques

cloak a user’s position based

on

his

current neighborsSlide11

Observation

Public areas are naturally depersonalized

A large number of visits by different people

More footprints, more popular

Park

HighwaySlide12

Proposed solution [Infocom’08]

Using

footprints

for location cloaking

A footprint is a historical location sample

Each cloaking region contains at least K different footprints

Location privacy protection

An adversary may be able to identify all these users, but will not know who was there at what timeSlide13

Footprint database

Source of footprints

From wireless service carriers, which provide the communication infrastructure

From the users of LBSs, who need to report location for cloakingSlide14

Footprint database

Source of

footprints

From wireless service carriers, which provide the communication infrastructure

From the users of LBSs, who need to report location for cloaking

Trajectory indexing for efficient retrieval

Partition network domain into cells

Maintain a cell table for each cellSlide15

Cloaking Techniques

Sporadic LBS

Each a cloaking region needs to 1) be as small as possible, 2) contain footprints from at least K different users

Continuous LBS

Each trajectory disclosed must be a K-anonymity trajectory (KAT) Slide16

Privacy Requirement Modeling

K

-anonymity model

To request a desired level of protection, a user needs to specify a value of

K

Problem: choosing an appropriate

K

is difficultPrivacy is about feeling, and it is difficult to scale one’s feeling using a numberA user can always choose a large K

, but this will reduce location resolution unnecessarilySlide17

A feeling-based approach

A user specifies a public region

A spatial region which she feels comfortable that it is reported as her location should she request a service inside it

The public region becomes her privacy requirement

All location reported on her behalf will be at least as popular as the public region she identifies

Proposed Solution

[CCS09]Slide18

Challenge

How to measure the popularity of a spatial region?

More visitors

higher popularity

More even distribution

 higher popularity

Given a spatial region R, we defineEntropy E(R) =Popularity P(R) = 2

E(R) Slide19

Cloaking Techniques

Sporadic LBS

Each cloaking region needs to 1) be as small as possible, 2) have a popularity no less than P(R)

Continuous LBS

A sequence of location updates which form a trajectory

The strategy for sporadic LBSs may not work

Adversary may identify the common set of visitorsSlide20

Cloaking Techniques

Sporadic LBS

Each disclosed cloaking region must be as small as possible and have a popularity no less than P(R)

Continuous LBS

The time-series sequence of location samples must form a P-Populous Trajectory (PPT)

A trajectory is a PPT if its popularity is no less than P

The popularity of each cloaking region in the trajectory must be computed

w.r.t. a common set of usersSlide21

Finding a cloaking set

A simple solution is to find the set of users who have footprints closest to the service-user

Resolution becomes worse

There

may exist another

cloaking set

which leads to a finer average resolutionSlide22

Proposed solution

Using populous users for cloaking

Popular users have more footprints spanning in a larger regions

Pyramid footprint indexing

A user is

l

-popular if she has footprints in all cells at level l

Sort

users by the level

l, and choose the most popular ones as the cloaking setSlide23

Simulation

We implement two other strategies for comparison

Naive

cloaks each location independently

Plain

selects cloaking set by finding footprints closest to service user’s start position

Performance metrics

Cloaking area

Protection levelSlide24

Experiment

A Location Privacy Aware Gateway (LPAG)

ePost

-It: a spatial messaging system

[MobiSys’08]Slide25

Concluding Remarks

Exploring historical location samples for location cloaking

Up to date, this is the only solution that can prevent anonymous location data from being correlated with restricted spaces to derive who’s where at what time

A feeling-based approach for users to express their location privacy requirement

K-anonymity model was the only choice

A suite of location cloaking algorithms

Satisfy a required level of protection while resulting in good location resolution

A location privacy-aware gateway prototype has been implemented