Hiding Stars with Fireworks: Location Privacy through Camouflage Joseph Meyerowitz Romit Roy Choudhury ECE and PhysicsDept. of ECE and CS - PowerPoint PPT Presentation
1 / 44
Title:
Hiding Stars with Fireworks: Location Privacy through Camouflage Joseph Meyerowitz Romit Roy Choudhury ECE and PhysicsDept. of ECE and CS
Description:
Hiding Stars with Fireworks: Location Privacy through Camouflage Joseph Meyerowitz Romit Roy Choudhury ECE and Physics Dept. of ECE and CS ... – PowerPoint PPT presentation
Number of Views:112
Avg rating:3.0/5.0
Title: Hiding Stars with Fireworks: Location Privacy through Camouflage Joseph Meyerowitz Romit Roy Choudhury ECE and PhysicsDept. of ECE and CS
1
Hiding Stars with FireworksLocation Privacy
through CamouflageJoseph Meyerowitz Romit
Roy ChoudhuryECE and Physics Dept. of ECE and
CS
2
Context
- Better localization technology
- Pervasive wireless connectivity
- Location-based applications
3
Location-Based Apps
- For Example
- GeoLife shows grocery list near WalMart
- Micro-Blog allows location scoped querying
- Location-based ad Coffee coupon at Starbucks
- Location expresses context of user
- Facilitating content delivery
Location is the IP address
Its as if
for content
4
Double-Edged Sword
- While location drives this new class of
applications, - it also violates users privacy
- Sharper the location, richer the app, deeper the
violation
5
Double-Edged Sword
- While location drives this new class of
applications, - it also violates users privacy
- Sharper the location, richer the app, deeper the
violation - Moreover, range of apps are PUSH based.
- Require continuous location information
- Phone detected at Starbucks, PUSH a coffee
coupon - Phone located on highway, query traffic
congestion
6
Location Privacy
- Problem
- Research
Continuous location exposure a serious threat to
privacy
Preserve privacy without sacrificing the quality
of continuous loc. based apps
7
Just Call Yourself Freddy
- Pseudonymns Gruteser04
- Effective only when infrequent location exposure
- Else, spatio-temporal patterns enough to
deanonymize - think breadcrumbs
Leslie
Jack
John
Susan
Alex
Romits Office
8
Add Noise
- K-anonymity Gedic05
- Convert location to a space-time bounding box
- Ensure K users in the box
- Location Apps reply to boxed region
- Issues
- Poor quality of location
- Degrades in sparse regions
- Not real-time
Bounding Box
You
K4
9
Confuse Via Mixing
- Path intersections is an opportunity for privacy
- If users intersect in space-time, cannot say who
is who later
10
Confuse Via Mixing
- Path intersections is an opportunity for privacy
- If users intersect in space-time, cannot say who
is who later
Hospital
Airport
11
Hiding Until Mixed
- Partially hide locations until users mixed
Gruteser07 - Expose after a delay
Hospital
Airport
12
Hiding Until Mixed
- Partially hide locations until users mixed
Gruteser07 - Expose after a delay
Hospital
Airport
But delays unacceptable to real-time apps
13
- Existing solutions seem to suggest
- Privacy and Quality of Localization (QoL)
- is a zero sum game
- Need to sacrifice one to gain the other
14
Our Goal
- Break away from this tradeoff
- Target Spatial accuracy
- Real-time updates
- Privacy guarantees
- Even in sparse populations
We design CacheCloak
15
The Intuition
- Predict until paths intersect
Hospital
Airport
16
The Intuition
- Predict until paths intersect
Hospital
Predict
Airport
Predict
17
The Intuition
- Predict until paths intersect
- Expose predicted intersection to application
Hospital
Predict
Airport
Predict
Cache the information on each predicted location
18
- CacheCloak
- System Design and Evaluation
19
Architecture
- Assume trusted privacy provider
- Reveal location to CacheCloak
- CacheCloak exposes anonymized location to Loc. App
Loc. App1
Loc. App2
Loc. App3
Loc. App4
CacheCloak
20
In Steady State
Location Based Application
CacheCloak
21
Prediction
Location Based Application
Backward prediction
Forward prediction
CacheCloak
22
Prediction
Location Based Application
CacheCloak
23
Predicted Intersection
Location Based Application
Predicted Path
CacheCloak
24
Query
Location Based Application
Predicted Path
CacheCloak
25
Query
Location Based Application
?
?
?
?
CacheCloak
26
LBA Responds
Location Based Application
Array of responses
CacheCloak
27
Cached
Location Based Application
Cached Responses
CacheCloak
Location based Information
28
Cached Response
Location Based Application
Cached Responses
CacheCloak
Location based Information
29
Cached Response
Location Based Application
Cached Responses
CacheCloak
Location based Information
30
Cached Response
Location Based Application
Cached Responses
CacheCloak
31
Cached Response
Location Based Application
Predicted Path
CacheCloak
32
Benefits
- Real-time
- Response ready when user
- arrives at predicted location
- High QoL
- Responses can be specific to location
- Overhead on the wired backbone (caching helps)
- Entropy guarantees
- Entropy increases at traffic intersections
- Sparse population
- Can be handled with dummy users, false branching
33
Quantifying Privacy
- City converted into grid of small sqaures
(pixels) - Users are located at a pixel at a given time
- Each pixel associated with 8x8 matrix
- Element (x, y) probability that user enters x
and exits y - Probabilities diffuse
- At intersections
- Over time
- Privacy entropy
y
x
pixel
34
Diffusion
- Probability of users presence diffuses
- Diffusion gradient computed based on history
- i.e., what fraction of users take right turn at
this intersection
Time t1
Time t2
Time t3
Road Intersection
35
Evaluation
- Trace based simulation
- VanetMobiSim US Census Bureau trace data
- Durham map with traffic lights, speed limits,
etc. - Vehicles follow Google map paths
- Performs collision avoidance
6km x 6km 10m x 10m pixel 1000 cars
36
Results
- High average entropy
- Quite insensitive to user density (good for
sparse regions) - Minimum entropy reasonably high
Max.
Bits of Mean Entropy
Min.
Time (Minutes)
Number of Users (N)
37
Results
- Peak Counting
- of places where attackers confidence is gt
Threshold
Mean of Peaks
Time (Seconds)
Time (Seconds)
38
Results
- Peak Counting
- of places where attackers confidence is gt
Threshold
Mean of Peaks
Number of Users (N)
39
Limitations, Discussions
- CacheCloak overhead
- Application replies to lot of queries
- However, overhead on wired infrastructure
- Caching reduces this overhead significantly
- CacheCloak assumes same, indistinguishable query
- Different queries can deanonymize
- Possible through query combination future work
- Per-user privacy guarantee not yet supported
- Adaptive branching dummy users
- CacheCloak - a central trusted entity
- Distributed version proposed in the paper
40
Closing Thoughts
- Two nodes may intersect in space but not in time
- Mixing not possible, without sacrificing
timeliness - Mobility prediction creates space-time
intersections - Enables virtual mixing in future
41
Closing Thoughts
- CacheCloak
- Implements the prediction and caching function
- High entropy possible
- even under sparse population
- Spatio-temporal accuracy
- remains uncompromised
42
(No Transcript)
43
(No Transcript)
44
- Thank You
- For more related work, visit
- http//synrg.ee.duke.edu
Recommended
CrystalGraphics Presentations
