A Mobile Terminal Based Trajectory Preserving Strategy for Continuous Querying LBS Users Yunxia Feng, Peng Liu, Jianhui Zhang May , 2012 Hangzhou, China IEEE DCOSS '12 ———

Introduction Problem Description and Assumptions Overview of Virtual Avatar (VAvatar) Performance Evaluation Conclusion Contents

 Privacy Threats in Location-based Services Introduction  In order to enjoy location based services (LBS), messages sent by a user should include his current location information.  Without safeguards, query messages pose a severe privacy risk exposing users to constant identification and tracking throughout the day. For LBS users: Real-time anonymity of location/trajectory is essential

Introduction CCentral; CComplicated; CCan not be implemented on mobile terminals; NNeed a third party server to implement. Shortcomings of Current Approaches

Typical Architecture of Current Resolutions Location-based Database Server Location Anonymization Server End Users Complicated; Third part

Introduction Problem Description and Assumptions Overview of Virtual Avatar (VAvatar) Performance Evaluation Conclusion Contents

Problem Description and Assumptions Our purpose: protect users from being tracked by linking the user with his trajectory information. The problem of mobile terminal based trajectory preserving for continuous query users in LBS systems. Problem Description

 Architecture of the LBS system Components of the system:  LBS server  Routers/Wireless Access Points (APs)  Mobile Terminals Problem Description and Assumptions

 There is no third part server to provide privacy anonymity;  Users send location-related queries periodically to LBS servers;  Communications (queries/replies) are relayed by AP & routers.  Communication links (both wireless and wired links) are safe.  LBS server has a map, which precision is fine enough to accurately locate any place queried by users.  The attacker  Can only access data from the LBS server consistently.  Can achieve all communication records from the LBS server.  Can deduce location/trajectory of users by analyzing spatial- time relationships between communication records. Assumptions:

Introduction Problem Description and Assumptions Overview of Virtual Avatar (VAvatar) Performance Evaluation Conclusion Contents

Basic Idea of VAvator  Users sends both true and fake queries to the LBS server.  Fake queries are selected and scheduled carefully so that multiple reliable trajectories are achieved from the view point of a third part.

An Example The Corresponding Map taken in this example:

Possible paths established by the attacker in each phase Phase 1Phase 2Phase 3Phase 4 1, 25, 3, 74, 9, 6D1, D, 5, 8, D2 Queries are sent in each phases (time period): Basic Idea of VAvator Suppose that the trajectory of the user is: S D

 Reasons  Attacker may distinguish noisy data from true position data if they are chosen arbitrary by analyzing spatio-temporal relationships among communication records.  The trajectory is affected by multiple factors, such as type of the, the trip purpose, real-time traffic condition and etc.  Problems that Vavatar should resolve  Interrupt spatial temporal relationships among locations (included in both true queries and fake queries).  Consider impacts of several factors such as type of query time, the vehicle, the trip purpose, real-time traffic condition of the specific road, and etc. Challenges Vavatar Faces

Resolutions Vavatar Adopts A. Noisy Location Selection Strategy(Rules) (a) Public Locations Near (Within) Markable Places (b) Independent Selection (c) Places with Real-time Traffic Information (d) Redundant Inquiries Metrics: real and reachable

Resolutions Vavatar Adopts (cont.) (a) The Normal Scheduling Strategy B. Query Scheduling Strategy : a small positive number, which is decided by both V and v. μ : a positive number, which value is: < μ < p∙v. P: a positive pure decimal fraction. Δt: an experiential parameter to denote impacts of other factors (eg: trip goal and the location type) Both and μ are used here to adjust the value of v. d: distance between two noisy locations; V: upper velocity; v: the real-time velocity of the path δt: possible additional traveling time. Meanings of Inputs: T: time period between two fake queries. Meanings of Outputs Values of other Parameters:

(b) The Disordered Scheduling Strategy  It is especially suitable when  virtual paths have intersections with true path.  path segments near intersections where there are multiple entrances and exits of alternative paths. The query sequence is disordered purposely to interrupt spatio-temporal relationships between communication data. Resolutions Vavatar Adopts (cont.) B. Query Scheduling Strategy

Introduction Problem Description and Assumptions Overview of Virtual Avatar (VAvatar) Performance Evaluation Conclusion Contents

Performance Evaluation A. Analysis of Trajectory Preservation Degree TPD (Trajectory Preservation Degree): the number of feasible paths achieved from the viewpoint of attacker. N C (N C > 1) : the total number of distinct candidate paths at that time. p r (0 ≤ p r ≤ 1): the trajectory risk possibility faced by the user at time t c. δ (0 ≤ δ ≤ 1): an empirical parameter. The more the spatial-time complexity of nodes is, the larger the value of δ will be. Evaluation Matric:

Performance Evaluation B. Experiments & Results  Consider the scenario where users keep moving.  Select candidate paths of true paths and virtual paths from a digital map from a publicly accessible portal.  Every user uses 3-5 virtual paths independently.  Implement two modes:  All virtual paths start at the same time;  Starting time of virtual paths are independent from each other.  Users are divided into two groups  Users in the first group do not adopts VAvatar; Data are used as metrics to find candidate paths for attackers.  Users in the second group adopts Vavatar.

Performance Evaluation All candidate paths taken by 3 users in the experiments:

Performance Evaluation TABLE Detailed Paths Information of 3 Users:

Results and Analysis Results achieved by user 1 Candidate trajectories analysis Relationships between time and distance The starting time of users impacts the average velocity of the same road. This makes it more difficult for the attacker to distinguish true trajectory from false paths.

Results and Analysis: Energy consumption under different scheduling strategies (n=4) n ： the ratio between true queries and false queries random_i and syn_i (i = 1, 2) denotes the average energy consumption results of user i when he adopts distinct and continuous scheduling strategy, respectively.

Introduction Problem Description and Assumptions Overview of Virtual Avatar (VAvatar) Performance Evaluation Conclusions Contents

Conclusions PProposed a trajectory preservation scheme DDoes not need additional third part servers. CCan be implemented on the smart mobile terminals. DDoes not need multiple number of users. AAchieves efficient location & trajectory protection with endurable overheads.

Thanks Q&A ?