600M mobile users 3"> 600M mobile users 3">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Location Privacy: Optimal Strategy against Localization Attacks Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux,

Published byLillian Oglesbee Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting Location Privacy: Optimal Strategy against Localization Attacks Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux,"— Presentation transcript:

1 Protecting Location Privacy: Optimal Strategy against Localization Attacks Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, Jean-Yves Le Boudec EPFL Cardiff University K. U. Leuven 19 th ACM Conference on Computer and Communications Security (CCS), October 2012

2 Location-based Services Sharing Location with Friends Sharing Location with Businesses Uploading location, tagging documents, photos, messages, … Asking for near-by services, finding near-by friends, … 2

3 Example: Facebook Location-Tagging Source: WHERE 2012, Josh Williams, "New Lines on the Horizon“, Justin Moore, "Ignite - Facebook's Data" >600M mobile users 3

4 Check-ins at Facebook, one-day Source: Where 2012, Josh Williams, "New Lines on the Horizon“, Justin Moore, "Ignite - Facebook's Data" 4

5 The contextual information attached to a trace tells much about our habits, interests, activities, and relationships A location trace is not only a set of positions on a map Threat 5

6 Location-Privacy Protection Mechanisms Anonymization (removing the user’s identity) – It has been shown inadequate, as a single defense – The traces can be de-anonymized, given an adversary with some knowledge on the users Obfuscation (reporting a fake location) – Service Quality? – Users share their locations to receive some services back. Obfuscation degrades the service quality in favor of location privacy 6

7 Designing a Protection Mechanism Challenges – Respect users’ required service quality – User-based protection – Real-time protection Common Pitfall – Ignor adversary knowledge Adversary can invert the obfuscation mechanism – Disregard optimal attack Given a protection mechanism, attacker designs an attack to minimize his estimation error in his inference attack 7

8 Our Objective: Design Optimal Protection Strategy A defense mechanism that anticipates the attacks that can happen against it, and maximizes the users’ location privacy against the most effective attack, and respects the users’ service quality constraint. 8

9 Outline Assumptions Model – User’s Profile – Protection Mechanism – Inference Attack Problem Statement Solution: Optimal strategy for user and adversary Evaluation 9

10 Assumptions LBS: Sporadic Location Exposure – Location check-in, search for nearby services, … Adversary: Service provider – Or any entity who eavesdrops on the users’ LBS accesses Attack: Localization – What is the user’s location when accessing LBS? Protection: User-centric obfuscation mechanism – So, we focus on a single user Privacy Metric: – Adversary’s expected error in estimating the user’s true location, given the user’s profile and her observed location 10

11 Adversary Knowledge: User’s “Location Access Profile” 11 Data source: Location traces collected by Nokia Lausanne (Lausanne Data Collection Campaign)Lausanne Data Collection Campaign

12 Location Obfuscation Mechanism Consequence: “Service Quality Loss” 12

13 Location Inference Attack Estimation Error: “Location Privacy” 13

14 Problem Statement 14

15 Zero-sum Bayesian Stackelberg Game User Adversary (leader) (follower) Game LBS message user gain / adversary loss 15

16 Optimal Strategy for the User Proper probability distribution Respect service quality constraint 16

17 Optimal Strategy for the Adversary Note: This is the dual of the previous optimization problem Proper probability distribution Shadow price of the service quality constraint. (exchange rate between service quality and privacy) Minimizing the user’s maximum privacy under the service quality constraint 17

18 Evaluation: Obfuscation Function 18

19 Output Visualization of Obfuscation Mechanisms Optimal ObfuscationBasic Obfuscation (k = 7) 19

20 Evaluation: Localization Attack Optimal attack against optimal obfuscation – Given the service quality constraint Bayesian attack against any obfuscation Optimal attack against any obfuscation – Regardless of any service quality constraint 20

21 Optimal vs. non-Optimal Service quality threshold is set to the service quality loss incurred by basic obfuscation. 21 k=1 k=30

22 Conclusion (Location) Privacy is an undisputable issue, with more people uploading their location more regularly Privacy (similar to any security property) is adversarial- dependent. Disregarding adversary’s strategy and knowledge limits the privacy protection Our game theoretic analysis helps solving optimal attack and optimal defense simultaneously – Given the service quality constraint Our methodology can be applied in other privacy domains 22

23 23

24 24

25 Optimal Attack & Optimal Defense 25 Service quality threshold is set to the service quality loss incurred by basic obfuscation.

26 “Optimal Strategies” Tradeoff between Privacy and Service Quality 26

Download ppt "Protecting Location Privacy: Optimal Strategy against Localization Attacks Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux,"

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.

© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
1 15.053 Thursday, March 7 Duality 2 – The dual problem, in general – illustrating duality with 2-person 0-sum game theory Handouts: Lecture Notes.

Thursday, March 7 Duality 2 – The dual problem, in general – illustrating duality with 2-person 0-sum game theory Handouts: Lecture Notes.
Ramin Khalili (T-Labs/TUB) Nicolas Gast (LCA2-EPFL)

Ramin Khalili (T-Labs/TUB) Nicolas Gast (LCA2-EPFL)
Summary of Convergence Tests for Series and Solved Problems

Summary of Convergence Tests for Series and Solved Problems
Human Performance Improvement Process

Human Performance Improvement Process
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
My Alphabet Book abcdefghijklm nopqrstuvwxyz.

My Alphabet Book abcdefghijklm nopqrstuvwxyz.
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Similar presentations

Ads by Google