MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore.

Similar presentations

Presentation on theme: "MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore."— Presentation transcript:

1 MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore and University of Peloponnese, Greece

2 2 L ocation- B ased S ervices  LBS users Mobile devices with GPS capabilities NN and Range Queries  Location server is NOT trusted Google Maps, Mapquest, Microsoft Live, etc.  Privacy? Anonymity? “Find closest hospital to my present location”

3 3 Problem Statement  Hide IP address and username  But user location may disclose identity Triangulation of device signal Publicly available databases Physical surveillance  How to preserve query source anonymity? Even when exact user locations are known

4 4 K-Anonymity [Swe02] AgeZipCodeDisease 4225000Flu 4635000AIDS 5020000Cancer 5440000Gastritis 4850000Dyspepsia 5655000Bronchitis [Swe02] L. Sweeney. k-Anonymity: A Model for Protecting Privacy. Int. J. of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557-570, 2002. NameAgeZipCode Andy4225000 Bill4635000 Ken5020000 Nash5440000 Mike4850000 Sam5655000 (a) Microdata (b) Voting Registration List (public) Quasi-identifier

5 5 K-Anonymity (cont.) AgeZipCodeDisease 42-4625000-35000Flu 42-4625000-35000AIDS 50-5420000-40000Cancer 50-5420000-40000Gastritis 48-5650000-55000Dyspepsia 48-5650000-55000Bronchitis (a) 2-anonymous microdata(b) Voting Registration List (public) NameAgeZipCode Andy4225000 Bill4635000 Ken5020000 Nash5440000 Mike4850000 Sam5655000

6 6 A nonymizing S patial R egion  Identification probability ≤ 1/K

7 7 Centralized Anonymizer  Intermediate tier between users and LBS Bottleneck and single point of attack/failure

8 8 MobiHide – Fully Distributed

9 9 Existing Work: CloakP2P [Chow06]  Find K-1 NN of query source  Source likely to be closest to ASR center Vulnerable to “center-of-ASR” attack [Chow06] – Chow et al, A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location- based Services, ACM GIS ’06 uquq 5-ASR NOT SECURE !!!

10 10 Existing Work: PRIVE [GKS07] A q has the reciprocity property iff i. |AS| ≥ K ii.  u i,u j  AS, u i  AS j  u j  AS i [GKS07] – PRIVÉ: Anonymous Location-based Queries in Distributed Mobile Systems, WWW ‘07

11 11 PRIVE (cont.)  Based on Hilbert space-filling curve index users by Hilbert value of location partition Hilbert sequence into “K-buckets”

12 12 PRIVE (cont.)  Based on Hilbert space-filling curve index users by Hilbert value of location partition Hilbert sequence into “K-buckets” StartEnd

13 13 PRIVÉ Hierarchical Architecture  But requires “global knowledge” Global rank of query source required PRIVÉ employs an annotated tree index

14 14 Motivation PRIVE CloakP2P MobiHide More secure Faster

15 15 MobiHide  Uses Hilbert transformation  Key Idea Remove the need for global knowledge Allow random group formation  Scalable DHT infrastructure employed Chord DHT

16 16 MobiHide: Group Formation K

17 17 MobiHide: Example

18 18 MobiHide: Privacy  MobiHide is not reciprocal  Privacy guaranty for uniform query distribution only  But offers strong privacy features in practice, even for skewed distribution

19 19 Correlation Attack (K = 4) U3U3 U2U2 U6U6 U4U4 U5U5 U9U9 U1U1 U8U8 U 10 U7U7 273343565835101518 U6U6 U7U7 U8U8 U9U9 U 10 U1U1 U2U2 U3U3 U4U4 U5U5 4-anonymity not achieved However: Difficult attack in practice

20 20 MobiHide Implementation  Two-layer Chord DHT Each Chord node is a cluster of users  Bounded cluster size [,3)

21 21 User Join/Cluster Split

22 22 Load Balancing & Fault Tolerance  Load Balancing Cluster head rotation mechanism  Fault Tolerance Chord Periodic Stabilization Protocol Leader election protocol  In case of cluster head failure

23 23 Experimental Setup  San Francisco Bay Area road network  Network-based Generator of Moving Objects * Up to 10000 users Velocities from 18 to 68 km/h  Uniform and skewed query distribution * T. Brinkhoff. A Framework for Generating Network-Based Moving Objects. Geoinformatica, 6(2):153–180, 2002.

24 24 “Center-of-ASR” Attack

25 25 Correlation Attack

26 26 ASR Formation Latency Response Time (sec)

27 27 Points to Remember  LBS Privacy an important concern Existing solutions are either not secure … … or not scalable  MobiHide Privacy guaranty for uniform query workload Good best-effort privacy for skewed workload Excellent scalability inherited from Chord DHT

28 28 Bibliography on LBS Privacy

29 29 Bibliography  [Chow06] – Mokbel et al, A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location-based Services, ACM GIS ’06  [Gru03] - Gruteser et al, Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking, MobiSys 2003  [GKS07] – Ghinita G., Kalnis P., Skiadopoulos S., PRIVÉ: Anony- mous Location-based Queries in Distributed Mobile Systems, WWW 2007  [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006

Download ppt "MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore."

Similar presentations

Ads by Google