Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRIVÉ : Anonymous Location-Based Queries in Distributed Mobile Systems 1 National University of Singapore 2 University.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "PRIVÉ : Anonymous Location-Based Queries in Distributed Mobile Systems 1 National University of Singapore 2 University."— Presentation transcript:

1 PRIVÉ : Anonymous Location-Based Queries in Distributed Mobile Systems 1 National University of Singapore {ghinitag,kalnis}@comp.nus.edu.sg 2 University of Peloponnese, Greece spiros@uop.gr Gabriel Ghinita 1 Panos Kalnis 1 SpirosSkiadopoulos 2

2 Location-Based Services (LBS)  LBS users Mobile devices with GPS capabilities Spatial database queries  Queries NN and Range Queries Location server is NOT trusted “Find closest hospital to my present location”

3 Problem Statement  Queries may disclose sensitive information Query through anonymous web surfing service  But user location may disclose identity Triangulation of device signal Publicly available databases Physical surveillance  How to preserve query source anonymity? Even when exact user locations are known

4 Solution Overview  Anonymizing Spatial Region (ASR) Identification probability ≤ 1/K  Minimize overhead Reduce ASR extent  Fast ASR assembly time  Support user mobility

5 Central Anonymizer Architecture  Intermediate tier between users and LBS Bottleneck and single point of attack/failure

6 PRIVÉ Architecture

7 K-Anonymity * AgeZipCodeDisease 4225000Ulcer 4635000Pneumonia 5020000Flu 5440000Gastritis 4850000Dyspepsia 5655000Bronchitis * L. Sweeney. k-Anonymity: A Model for Protecting Privacy. Int. J. of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557-570, 2002. NameAgeZipCode Andy4225000 Bill4635000 Ken5020000 Nash5440000 Mike4850000 Sam5655000 (a) Microdata (b) Voting Registration List (public)

8 K-Anonymity * AgeZipCodeDisease 42-4625000-35000Ulcer 42-4625000-35000Pneumonia 50-5420000-40000Flu 50-5420000-40000Gastritis 48-5650000-55000Dyspepsia 48-5650000-55000Bronchitis * L. Sweeney. k-Anonymity: A Model for Protecting Privacy. Int. J. of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557-570, 2002. (a) 2-anonymous microdata(b) Voting Registration List (public) NameAgeZipCode Andy4225000 Bill4635000 Ken5020000 Nash5440000 Mike4850000 Sam5655000

9 Relational and Spatial Anonymity 4244464850525456 20k 25k 30k 35k 40k 45k 50k 55k Zip Age

10 Existing Cloaking Solutions

11 Redundant Queries  Send K-1 redundant queries Gives away exact location of users Potentially high overhead

12 CloakP2P [Chow06]  Find K-1 NN of query source  Source likely to be closest to ASR center Vulnerable to “center-of-ASR” attack [Chow06] – Chow et al, A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location- based Services, ACM GIS ’06 uquq 5-ASR NOT SECURE !!!

13 QuadASR [Gru03, Mok06]  Quad-tree based Fails to preserve anonymity for outliers Unnecessarily large ASR size u1u1 u2u2 u3u3 u4u4 A1A1 A2A2 u 4 ’s identity is disclosed If u 4 queries, ASR is A 2 If any of u 1, u 2, u 3 queries, ASR is A 1 Let K=3 [Gru03] - Gruteser et al, Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking, MobiSys 2003 [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006 NOT SECURE !!!

14 Secure Location Anonymization

15 Reciprocity  Consider querying user u q and ASR A q  Let AS q = {set of users enclosed by A q }  A q has the reciprocity property iff i. |AS| ≥ K ii.  u i,u j  AS, u i  AS j  u j  AS i

16 hilbASR  Based on Hilbert space-filling curve index users by Hilbert value of location partition Hilbert sequence into “K-buckets” StartEnd

17 Advantages of hilbASR  Guarantees source privacy K-ASRs have the “reciprocity” property  Reduced ASR size Hilbert ordering preserves locality well K-ASR includes exactly K users (in most cases)  Efficient ASR assembly and user relocation Balanced, annotated index tree User relocation, ASR assembly in O(log #users)

18 hilbASR with Annotated Index K=6 Example

19 PRIVÉ

20 PRIVÉ Characteristics  P2P overlay network Resembles annotated B + -tree Hierarchical clustering architecture  Bounded cluster size [,3) S relocates to 60

21 Relocation

22 PRIVÉ Protocol  Users self-organize into clusters Bounded cluster size [,3) Cluster head handles operations State replicated at each cluster peer  Operations Join/Departure  Similar to B-tree insert/delete Relocation  Handled bottom-up, restrict propagation K-request  Decentralized implementation of hilbASR

23 Operation Complexity OperationLatency Communication Cost Join/Departurelog  N log  N +  Relocationlog  N log  N +  K-requestlog  N + log  K log  N + K/

24 Load Balancing  Hierarchical architecture Inherent imbalance in peer load  Cluster head rotation mechanism Rotation triggered by load Communication cost predominant

25 Fault Tolerance  Soft-state mechanism Cluster membership periodically updated Recovery facilitated by state replication  Leader election protocol In case of cluster head failure

26 Experimental Evaluation

27 Experimental Setup  San Francisco Bay Area road network  Network-based Generator of Moving Objects * Up to 10000 users Velocities from 18 to 68 km/h  Uniform and skewed query distributions  Anonymity degree K in the range [10, 160] * T. Brinkhoff. A Framework for Generating Network-Based Moving Objects. Geoinformatica, 6(2):153–180, 2002.

28 Anonymity Strength (center-of-ASR)

29 ASR Size

30 Query Efficiency

31 Relocation Efficiency

32 Load Balancing 0% 20% 40% 60% 80% 100% Node Fraction

33 Conclusions  LBS Privacy an important concern Existing solutions have no privacy guarantees Centralized approach has limitations  Poor scalability, legal issues  Contribution Anonymization with privacy guarantees  hilbASR Extension to decentralized systems  Improved scalability and availability  No single point-of-attack/failure

34 Ongoing & Future Work  Relational DB Employ space mapping techniques to achieve k-anonymity and l-diversity We outperform existing “state-of-the art”  Space/Data Partitioning and Clustering  Spatial anonymity Address anonymization of trajectories  As opposed to point locations

35 Ongoing & Future Work  Address anonymization of trajectories As opposed to point locations  Infrastructure-less scenario

36 Bibliography on LBS Privacy http://anonym.comp.nus.edu.sg

37 Bibliography  [Chow06] – Mokbel et al, A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location-based Services, ACM GIS ’06  [Gru03] - Gruteser et al, Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking, MobiSys 2003  [Ged05] – Gedik et al, Location Privacy in Mobile Systems: A Personalized Anonymization Model, ICDCS 2005  [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006

38 MobiHide  Randomized ASR assembly technique: Also uses Hilbert ordering ASR chosen as random K-user sequence  Advantages No global knowledge required Flat index structure (Chord DHT)  Disadvantages No privacy guarantees for skewed query distributions  but still strong anonymity in practice

Download ppt "PRIVÉ : Anonymous Location-Based Queries in Distributed Mobile Systems 1 National University of Singapore 2 University."

Similar presentations

SkipNet: A Scalable Overlay Network with Practical Locality Properties Nick Harvey, Mike Jones, Stefan Saroiu, Marvin Theimer, Alec Wolman Microsoft Research.

SkipNet: A Scalable Overlay Network with Practical Locality Properties Nick Harvey, Mike Jones, Stefan Saroiu, Marvin Theimer, Alec Wolman Microsoft Research.
C. Mastroianni, D. Talia, O. Verta - A Super-Peer Model for Resource Discovery Services in Grids A Super-Peer Model for Building Resource Discovery Services.

C. Mastroianni, D. Talia, O. Verta - A Super-Peer Model for Resource Discovery Services in Grids A Super-Peer Model for Building Resource Discovery Services.
Efficient Event-based Resource Discovery Wei Yan*, Songlin Hu*, Vinod Muthusamy +, Hans-Arno Jacobsen +, Li Zha* * Chinese Academy of Sciences, Beijing.

Efficient Event-based Resource Discovery Wei Yan*, Songlin Hu*, Vinod Muthusamy +, Hans-Arno Jacobsen +, Li Zha* * Chinese Academy of Sciences, Beijing.
Efficient Evaluation of k-Range Nearest Neighbor Queries in Road Networks Jie BaoChi-Yin ChowMohamed F. Mokbel Department of Computer Science and Engineering.

Efficient Evaluation of k-Range Nearest Neighbor Queries in Road Networks Jie BaoChi-Yin ChowMohamed F. Mokbel Department of Computer Science and Engineering.
Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University.

Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
PrivacyGrid Visualization Balaji Palanisamy Saurabh Taneja.

PrivacyGrid Visualization Balaji Palanisamy Saurabh Taneja.
Mohamed F. Mokbel University of Minnesota

Mohamed F. Mokbel University of Minnesota
Fast Data Anonymization with Low Information Loss 1 National University of Singapore 2 Hong Kong University

Fast Data Anonymization with Low Information Loss 1 National University of Singapore 2 Hong Kong University
1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.

1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.
Peer-to-Peer Networks as a Distribution and Publishing Model Jorn De Boever (june 14, 2007)

Peer-to-Peer Networks as a Distribution and Publishing Model Jorn De Boever (june 14, 2007)
Location Privacy in Casper: A Tale of two Systems

Location Privacy in Casper: A Tale of two Systems
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 One Torus to Rule Them All: Multi-dimensional Queries in P2P Systems Prasanna Ganesan Beverly Yang Hector Garcia-Molina Stanford University.

1 One Torus to Rule Them All: Multi-dimensional Queries in P2P Systems Prasanna Ganesan Beverly Yang Hector Garcia-Molina Stanford University.
Eddie Bortnikov/Aran Bergman, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 1 Principles of Reliable Distributed Systems Recitation.

Eddie Bortnikov/Aran Bergman, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Recitation.
Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.

Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.
1 On the Anonymization of Sparse High-Dimensional Data 1 National University of Singapore 2 Chinese University of Hong.

1 On the Anonymization of Sparse High-Dimensional Data 1 National University of Singapore 2 Chinese University of Hong.
SkipNet: A Scalable Overlay Network with Practical Locality Properties Nick Harvey, Mike Jones, Stefan Saroiu, Marvin Theimer, Alec Wolman Microsoft Research.

SkipNet: A Scalable Overlay Network with Practical Locality Properties Nick Harvey, Mike Jones, Stefan Saroiu, Marvin Theimer, Alec Wolman Microsoft Research.
Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)

Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)
Tracking Moving Objects in Anonymized Trajectories Nikolay Vyahhi 1, Spiridon Bakiras 2, Panos Kalnis 3, and Gabriel Ghinita 3 1 St. Petersburg State University.

Tracking Moving Objects in Anonymized Trajectories Nikolay Vyahhi 1, Spiridon Bakiras 2, Panos Kalnis 3, and Gabriel Ghinita 3 1 St. Petersburg State University.

Similar presentations

Ads by Google