Presentation is loading. Please wait.

Presentation is loading. Please wait.

Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University.

Published byMarian Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University."— Presentation transcript:

1 Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University

2 Location-based Services (LBS)

3 Dilemma To use an LBS, a user needs to disclose her location, but a person’s whereabouts may imply sensitive private information HospitalPolitical Party Nightclub Stalking….

4 Location Privacy Protection Policy-based approaches Legislation governs the collection and distribution of personal location data Personal location management lets users determine when and whom to release location information These schemes cannot prevent location data from being abused by insiders

5 Challenge Simply using pseudonym is not sufficient because a user’s location itself may reveal her real-world identity e.g., correlate with restricted spaces such as home address and office

6 Location Depersonalization Basic idea: reducing location resolution Report a cloaking area, instead of actual location

7 Location Depersonalization Basic idea: reducing location resolution Report a cloaking area, instead of actual location Research issue: each cloaking area must provide a desired level of depersonalization, and be as small as possible

8 The state of the art Ensuring each cloaking area contains a certain number of users A cloaking area with K users provides K-anonymity protection

9 Problem 1 The anonymity server requires frequent location updates from all users Practicality Scalability Users not engaged in LBSs may not be willing to help protect others’ anonymity

10 Problem 2 In the case of continuous LBSs, simply ensuring each cloaking area contains at least K users does NOT guarantee K-anonymity protection

11 Problem 2 In the case of continuous LBSs, simply ensuring each cloaking area contains at least K users does NOT guarantee K-anonymity protection New threats 1. Location resolution refinement 2. Trace attack

12 Problem 3 A cloaking area guarantees service anonymity, but NOT location privacy An adversary does not know who requests the service, but knows that the requestor was inside the area, and in particular, she was with some other people there Where you are and whom you are with are closely related with what you are doing …

13 The root of the problems All existing techniques cloak a user’s position based on her current neighbors

14 Observation Public areas are naturally depersonalized A large number of visits by different people More footprints, more popular Park Highway

15 Basic Idea Using footprints for location depersonalization Each cloaking area contains at least K different footprints Location privacy protection An adversary may be able to identify all these users, but will not know who was there at what time

16 Trajectory database Source of historical location data From wireless service carriers, which provide the communication infrastructure From the users of LBSs, who need to report location for cloaking

17 Trajectory database Source of historical location data From wireless service carriers, which provide the communication infrastructure From the users of LBSs, who need to report location for cloaking Trajectory indexing for efficient retrieval Partition network domain into cells Maintain a cell table for each cell

18 Sporadic LBS A client reports server p: its current location K: its desired privacy level Server computes a circular region containing p and K-1 footprints, each from a different user needs to be as small as possible

19 Sporadic LBS A client reports server p: its current location K: its desired privacy level Server computes a circular region containing p and K-1 footprints, each from a different user needs to be as small as possible

20 Continuous LBSs A client reports a base trajectory T 0 = {c 1,c 2,…,c n } the desired anonymity level K Server computes a new trajectory T = { B 1,B 2,…,B n }

21 Continuous LBSs A client reports a base trajectory T 0 = {c 1,c 2,…,c n } the desired anonymity level K The server computes a K-anonymity trajectory (KAT) T = { B 1,B 2,…,B n } When the user arrives at c i, server reports B i for LBS

22 K-Anonymity Trajectory (KAT) Problem How to find the KAT with the best resolution? K=3

23 Challenges Given a database of N trajectories, there are sets of trajectories with size K-1 Given a fixed set of addictive trajectories, different orders of cloaking result in different KATs Exhaustive search: expensive

24 A Heuristic Approach Cloak T 0 with one trajectory Cloak T 0 with a set of K-1 trajectories Select additive trajectory candidates

25 Cloaking One Additive Trajectory Cloaking T 0 with additive trajectory T a T o = {c 1,c 2,…,c n }; T a = {a 1,a 2,…,a m }, where n ≤ m T = { B 1,B 2,…,B n } is the cloaking result Goal: minimize T ’s resolution B1B1 B2B2 B3B3 B4B4 T=Cloak(To,Ta) ToTo TaTa

26 Cloaking with a Set of Additive Trajectories Different order of cloaking can have vastly different results T 0 +T 1 +T 2 = T 0 +T 2 +T 1 ? T0T0 T1T1 T2T2

27 Approach 1: Linear(T 0,S) 1. Sort the trajectories based on their distances to T 0 2. Cloak with T 0 in order of their distance

28 Approach 1: Linear(T 0,S) 1. Sort the trajectories based on their distances to T 0 2. Cloak with T 0 in order of their distance Cloak(To, Ta) is called s + K – 1 times

29 Approach 1: Linear(T 0,S) 1. Sort the trajectories based on their distances to T 0 2. Cloak with T 0 in order of their distance K=3. Linear cloaks T 0 with T 1 and T 2 But cloaking with T 1 and T 3 have a better result. Cloak(To, Ta) is called s + K – 1 times Limit of Linear

30 Approach 1: Linear(T 0,S) 1. Sort the trajectories based on their distances to T 0 2. Cloak with T 0 in order of their distance K=3. Linear cloaks T 0 with T 1 and T 2 But cloaking with T 1 and T 3 have a better result. Cloak(To, Ta) is called s + K – 1 times Limit of Linear

31 Approach 1: Linear(T 0,S) 1. Sort the trajectories based on their distances to T 0 2. Cloak with T 0 in order of their distance K=3. Linear cloaks T 0 with T 1 and T 2 But cloaking with T 1 and T 3 have a better result. Cloak(To, Ta) is called s + K – 1 times Limit of Linear

32 Quadratic(T 0,S) Once an additive trajectory is cloaked Set the cloaking result as T For the rest trajectories, compare the distance to T, instead of T 0 In the worst case, Cloak(T 0,T a ) is called (K-1)(s-K/2+1) times 1. T 1 is closest to T 0, so T = Cloak(T 0,T a ) 2. T 3 is closest to T, so T = Cloak(T,T a )

33 Select Additive Trajectory Candidates Only those trajectories close to the base trajectory should be considered Searching algorithm

34 Performance Study Simulate mobile nodes movement on the real road map. Extract four types of roads Speed changes at intersection. Generate a footprints database containing certain number of trajectories with random assigned user ID.

35 Experiments Performance metric Cloaking range: the average radius of the cloaking circles Single location cloaking Neighboring nodes vs. footprints Trajectory cloaking Linear, Quadratic, and BaseLine Baseline: cloaking using neighboring mobile users

36 Trajectory Cloaking Generate a set of LBS requests, each containing A User ID The start and destination  Randomly selected in the map  The fastest path as the user’s expected route  Select a location sample every 100 meters along the route Required degree of privacy protection

37 Effective of Anonymity Level (a) shows cloaking range of different algorithms Cloaking range increases as K increases (b) shows the cloaking range on different roads Popular roads have a large number of footprints Unpopular roads are sensitive to the change of K

38 Concluding Remarks We explore historical location data for location depersonalization Each reported location/trajectory has been visited by at least K different people We develop a suite of novel location cloaking algorithms for Sporadic LBSs Continuous LBSs Up to date, this is the only solution that can support location privacy protection

Download ppt "Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University."

Similar presentations

Location Based Services and Privacy Issues

Location Based Services and Privacy Issues
Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University.

Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University.
Bidding Protocols for Deploying Mobile Sensors Reporter: Po-Chung Shih Computer Science and Information Engineering Department Fu-Jen Catholic University.

Bidding Protocols for Deploying Mobile Sensors Reporter: Po-Chung Shih Computer Science and Information Engineering Department Fu-Jen Catholic University.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Generated Waypoint Efficiency: The efficiency considered here is defined as follows: As can be seen from the graph, for the obstruction radius values (200,

Generated Waypoint Efficiency: The efficiency considered here is defined as follows: As can be seen from the graph, for the obstruction radius values (200,
Effectively Indexing Uncertain Moving Objects for Predictive Queries School of Computing National University of Singapore Department of Computer Science.

Effectively Indexing Uncertain Moving Objects for Predictive Queries School of Computing National University of Singapore Department of Computer Science.
1 Accessing nearby copies of replicated objects Greg Plaxton, Rajmohan Rajaraman, Andrea Richa SPAA 1997.

1 Accessing nearby copies of replicated objects Greg Plaxton, Rajmohan Rajaraman, Andrea Richa SPAA 1997.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
On Reducing Communication Cost for Distributed Query Monitoring Systems. Fuyu Liu, Kien A. Hua, Fei Xie MDM 2008 Alex Papadimitriou.

On Reducing Communication Cost for Distributed Query Monitoring Systems. Fuyu Liu, Kien A. Hua, Fei Xie MDM 2008 Alex Papadimitriou.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Malicious parties may employ (a) structure-based or (b) label-based attacks to re-identify users and thus learn sensitive information about their rating.

Malicious parties may employ (a) structure-based or (b) label-based attacks to re-identify users and thus learn sensitive information about their rating.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)

Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)
1 Efficient Placement and Dispatch of Sensors in a Wireless Sensor Network Prof. Yu-Chee Tseng Department of Computer Science National Chiao-Tung University.

1 Efficient Placement and Dispatch of Sensors in a Wireless Sensor Network Prof. Yu-Chee Tseng Department of Computer Science National Chiao-Tung University.
Trip Planning Queries F. Li, D. Cheng, M. Hadjieleftheriou, G. Kollios, S.-H. Teng Boston University.

Trip Planning Queries F. Li, D. Cheng, M. Hadjieleftheriou, G. Kollios, S.-H. Teng Boston University.
ICDE 2004 1 A Peer-to-peer Framework for Caching Range Queries Ozgur D. Sahin Abhishek Gupta Divyakant Agrawal Amr El Abbadi Department of Computer Science.

ICDE A Peer-to-peer Framework for Caching Range Queries Ozgur D. Sahin Abhishek Gupta Divyakant Agrawal Amr El Abbadi Department of Computer Science.

Similar presentations

Ads by Google