Cipher Techniques to Protect Anonymized Mobility Traces from Privacy Attacks Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip and Nageswara S. V. Rao.

Slides:

Advertisements

Similar presentations

Recommender System A Brief Survey.

Advertisements

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

An Interactive-Voting Based Map Matching Algorithm

Naïve Bayes. Bayesian Reasoning Bayesian reasoning provides a probabilistic approach to inference. It is based on the assumption that the quantities of.

1 Evaluation Rong Jin. 2 Evaluation  Evaluation is key to building effective and efficient search engines usually carried out in controlled experiments.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Quantifying Location Privacy: The Case of Sporadic Location Exposure Reza Shokri George Theodorakopoulos George Danezis Jean-Pierre Hubaux Jean-Yves Le.

Learning Objectives Explain similarities and differences among algorithms, programs, and heuristic solutions List the five essential properties of an algorithm.

UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Data Structures Hash Tables

Privacy Preserving Publication of Moving Object Data Joey Lei CS295 Francesco Bonchi Yahoo! Research Avinguda Diagonal 177, Barcelona, Spain 6/10/20151CS295.

Query Operations: Automatic Local Analysis. Introduction Difficulty of formulating user queries –Insufficient knowledge of the collection –Insufficient.

Retrieval Evaluation. Brief Review Evaluation of implementations in computer science often is in terms of time and space complexity. With large document.

Anatomy: Simple and Effective Privacy Preservation Israel Chernyak DB Seminar (winter 2009)

SubSea: An Efficient Heuristic Algorithm for Subgraph Isomorphism Vladimir Lipets Ben-Gurion University of the Negev Joint work with Prof. Ehud Gudes.

Computing Sketches of Matrices Efficiently & (Privacy Preserving) Data Mining Petros Drineas Rensselaer Polytechnic Institute (joint.

Role and Place of Statistical Data Analysis and very simple applications Simplified diagram of scientific research When you know the system: Estimation.

Ch. 9 Fundamental of Hypothesis Testing

Query Operations: Automatic Global Analysis. Motivation Methods of local analysis extract information from local set of documents retrieved to expand.

Sensys 2009 Speaker:Lawrence.  Introduction  Overview & Challenges  Algorithm  Travel Time Estimation  Evaluation  Conclusion.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

6 am 11 am 5 pm Fig. 5: Population density estimates using the aggregated Markov chains. Colour scale represents people per km. Population Activity Estimation.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

UNIVERSITY of NOTRE DAME COLLEGE of ENGINEERING Preserving Location Privacy on the Release of Large-scale Mobility Data Xueheng Hu, Aaron D. Striegel Department.

Quantifying Location Privacy Reza Shokri George Theodorakopoulos Jean-Yves Le Boudec Jean-Pierre Hubaux May 2011.

MINING RELATED QUERIES FROM SEARCH ENGINE QUERY LOGS Xiaodong Shi and Christopher C. Yang Definitions: Query Record: A query record represents the submission.

Using Bayesian Networks to Analyze Expression Data N. Friedman, M. Linial, I. Nachman, D. Hebrew University.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Protecting Sensitive Labels in Social Network Data Anonymization.

Retrieval Models for Question and Answer Archives Xiaobing Xue, Jiwoon Jeon, W. Bruce Croft Computer Science Department University of Massachusetts, Google,

Announcements: Please pass in Assignment 1 now. Please pass in Assignment 1 now. Assignment 2 posted (when due?) Assignment 2 posted (when due?)Questions?

Improving MBMS Security in 3G Wenyuan Xu Rutgers University.

1 Cryptanalysis Four kinds of attacks (recall) The objective: determine the key ( Herckhoff principle ) Assumption: English plaintext text Basic techniques:

A Formal Analysis of Conservative Update Based Approximate Counting Gil Einziger and Roy Freidman Technion, Haifa.

PRISM: Private Retrieval of the Internet’s Sensitive Metadata Ang ChenAndreas Haeberlen University of Pennsylvania.

Ahmed Osama Research Assistant. Presentation Outline Winc- Nile University- Privacy Preserving Over Network Coding 2  Introduction  Network coding 

Kaleidoscope – Adding Colors to Kademlia Gil Einziger, Roy Friedman, Eyal Kibbar Computer Science, Technion 1.

Preserving Privacy in GPS Traces via Uncertainty- Aware Path Cloaking Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady Presented by Joseph T. Meyerowitz.

Virtual Trip Lines for Distributed Privacy- Preserving Traffic Monitoring Baik Hoh et al. MobiSys08 Slides based on Dr. Hoh’s MobiSys presentation.

Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.

Privacy-preserving data publishing

De novo discovery of mutated driver pathways in cancer Discussion leader: Matthew Bernstein Scribe: Kun-Chieh Wang Computational Network Biology BMI 826/Computer.

Privacy Protection in Social Networks Instructor: Assoc. Prof. Dr. DANG Tran Khanh Present : Bui Tien Duc Lam Van Dai Nguyen Viet Dang.

Bloom Cookies: Web Search Personalization without User Tracking Authors: Nitesh Mor, Oriana Riva, Suman Nath, and John Kubiatowicz Presented by Ben Summers.

Chapter 10 Algorithmic Thinking. Learning Objectives Explain similarities and differences among algorithms, programs, and heuristic solutions List the.

Presented By Amarjit Datta

Preserving Privacy GPS Traces via Uncertainty-Aware Path Cloaking Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady Presenter:Yao Lu ECE 256, Spring.

Location Privacy Protection for Location-based Services CS587x Lecture Department of Computer Science Iowa State University.

Efficient OLAP Operations in Spatial Data Warehouses Dimitris Papadias, Panos Kalnis, Jun Zhang and Yufei Tao Department of Computer Science Hong Kong.

Differential Privacy (1). Outline  Background  Definition.

Jin Huang M.I.T. For Transversity Collaboration Meeting Jan 29, JLab.

1 Differential Privacy Cynthia Dwork Mamadou H. Diallo.

Privacy Preserving in Social Network Based System PRENTER: YI LIANG.

Unraveling an old cloak: k-anonymity for location privacy

HANGMAN OPTIMIZATION Kyle Anderson, Sean Barton and Brandyn Deffinbaugh.

11/24/2008CS Common Voting Rules as Maximum Likelihood Estimators - Matthew Kay 1 Common Voting Rules as Maximum Likelihood Estimators Vincent Conitzer,

Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.

Reconciling Confidentiality Risk Measures from Statistics and Computer Science Jerry Reiter Department of Statistical Science Duke University.

Privacy Vulnerability of Published Anonymous Mobility Traces Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip (Purdue University) Nageswara S. V. Rao (Oak.

University of Texas at El Paso

Feeling-based location privacy protection for LBS

Location Cloaking for Location Safety Protection of Ad Hoc Networks

Privacy-preserving Release of Statistics: Differential Privacy

Differential Privacy in Practice

“Location Privacy Protection for Smartphone Users”

Presented by : SaiVenkatanikhil Nimmagadda

Presentation transcript:

Cipher Techniques to Protect Anonymized Mobility Traces from Privacy Attacks Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip and Nageswara S. V. Rao

Motivations Mobility traces published to assist study of mobile networks and their applications Simply removing identity and reducing spatial and temporal granularities of traces are not enough

Proposed Privacy Protection Approaches Granularity-reduction – Until a trace is not differentiable with k-1 other traces – The granularity could be so coarse that makes the traces useless (e.g., we are all inside Singapore today) Differential privacy – Provide guarantee on privacy protection – even the most powerful adversary, who knows all but one record in the traces, cannot gain information from the answer – Only allowed limited type and number of queries which answers statistics of traces only, and never the individual ones (what if we want to know how one interacts with others?)

Problem Definition Mobility traces, each recording a series of time and corresponding location of a mobile node, are published – Traces are anonymized, location granularity is reduced An adversary with snapshots (time and location pairs) of a victim tries to identify the complete mobility history of the victim from the traces – She also has general knowledge about the region and general preference of the mobile nodes, but NOT that of the victim

Some Possible Protection Approaches Noise addition – Magnitude of noise is limited to preserve usefulness of traces Strong ciphers – Encrypting the whole mobility trace – Need the key to access – To enforce privacy, even legitimate users cannot have the key! Traces are useless for any applications

Our Protection Approaches Reducing the linkability between the traces published and the side information possessed by the adversary Cipher techniques – Location cipher Using symbols to represent locations (consistently) – Instead of saying I am in Novotel, say I am in location A – Zero-time cipher Publishing time relative to a (concealed) absolute time (consistently) – Instead of saying at 5pm I am in Novotel, say at the n+12-th hour I am in Novotel – Combining the two cipher Say at the n+12-th hour I am in location A

ATTACK STRATEGIES OF ADVERSARY

Adversarys Attack – Breaking the Ciphers Assumptions – Knowing the cipher techniques used – Knowing the region the traces are collected – Knowing the physical constraints and general preference of the mobile nodes (again, NOT that of the victim)

Adversarys Attack – Breaking the Location Cipher (Order-0) Breaking the location cipher – Frequency analysis (Order-0 Markov model) By knowing the region where the traces are collected, the adversary can rank locations inside the region using general knowledge Compare the ranking with that from the published location ID – Challenges Popularity of locations is less clear than texts – may only know the top few ones distinctively

Frequency Analysis (Order-0) English text 235 grid cells in San Francisco

Breaking the Location Cipher – Frequency Analysis (Higher-Order) Breaking the location cipher – Frequency analysis (higher-order Markov model) Using general preference and physical constraints to learn higher order trajectory – Challenges Higher-order knowledge may not be too beneficial – Noisier to learn – Less specific

Adversarys Attack – Breaking the Zero-Time Cipher Sub-string matching – Since traces are published with time relative to a concealed absolute time, their order of location- visit is kept – With snapshots collected about a mobile node, the adversary could determine the similarity between the traces and that of the victim

Breaking the Time-Zero Cipher – Substring Matching Example – 1 snapshot – 2 snapshots – More snapshots give more accurate results

Calculating the Similarity Infers the possible locations of the victim at the time instants of the side information Uses Bayesian approach to determine the trace that gives the best match with the side information

The Bayesian Approach Maximum Likelihood Estimation (MLE) – Assuming distribution of noise is known

Experimental Analysis – Overview Basic information of traces – 536 San Francisco taxi cabs Special case of sampling times coincide with that of side information – No inference in location needed

Experimental Analysis – Metrics Performance-quantifying metrics – % of correct conclusions % of runs the algorithm returns the victims trace (or a trace that is identical to the victims trace) correctly with the highest similarity value – % of incorrect conclusions % of runs the algorithm misidentifies the victims trace

Performance of Cipher Techniques – Having both time and location cipher is the most secure % of correct conclusions % of incorrect conclusions

Knowing more may not help! (to break the location cipher) % of correct conclusions % of incorrect conclusions

Experimental Analysis – Summary Location cipher – Less effective than time cipher, yet effect is not affected by the amount of side information possessed by the adversary Time cipher – More effective than location cipher, yet effect is affected by the amount of side information possessed by the adversary Combining both location and time cipher – The most effective approach

Conclusion Presented two cipher techniques to protect published traces (when they need to be published) Individual cipher technique helps, while using both together gives the best protection (verified in experiments)