a unified framework for location privacy
DESCRIPTION
A Unified Framework for Location Privacy. Reza …….. Shokri Julien ..... Freudiger Jean-Pierre .... Hubaux. http://lca.epfl.ch/privacy. Exposing Location Information. Location Privacy. - PowerPoint PPT PresentationTRANSCRIPT
A Unified Framework for Location Privacy
Reza……..ShokriJulien.....FreudigerJean-Pierre....Hubaux
http://lca.epfl.ch/privacy
2
Exposing Location Information
3
Location Privacy
“… a special type of information privacy which concerns the claim of individuals to determine for themselves when, how, and to what extent location information about them is communicated to others.”
Duckham, M. and L. Kulik, Location privacy and location-aware computing, 2006.
4
Research on Location PrivacyAchievements So Far
• Attracted researchers from various disciplines– Database, Network Anonymity, Ubiquitous
Computing, Cryptography• Variety of protection mechanisms proposed
– Highly influenced by methods that are not tailored for location privacy (e.g., K-anonymity)
• Different terminologies and models make the proposed methods difficult to compare
5
A Unified Framework
• Organizing and classifying location privacy fundamental components
• Providing a generic model and terminology
• Modeling and understanding existing efforts• Identifying missing elements• Designing new schemes
6
Components of the Framework
• Basic elements– Spatial Model– Events and Traces
• Threat Model
• Protection Mechanisms
• Measurement
7
Basic Elements
8
Spatial ModelLayer I - location instances e.g., <latitude, longitude>
Layer II - location sites e.g., hospital A at 45th St.
Layer III - location types e.g., bar, hospital
9
Events and TracesEvents
<who, when, where>
- Who: identifier- When: time-stamp- Where: location-stamp
Trace- Set of events
10
Threat Model
11
Threat Model
LBS Operator
Eavesdroppers
Adversary is an observer of users’ events
12
Adversary Statistical InformationStatistical information about users’ actual events.
e.g., users’ spatiotemporal distribution and mobility pattern
13
Adversary Knowledge
• Real-time location information– A set of events (observed by the adversary)
• Statistical information– Users’ population– Users’ mobility pattern– Users’ spatiotemporal distribution– …
14
?
AttacksTargeting individuals or communities
Tracking Identification
Bob’s Home
Bob’s Workplace
15
Consequences Presence Disclosure
– Layer I: Finding mobility traces/patterns
– Layer II: Disclosing visits to some places
– Layer III: Profiling the type of visited locations• Personal activities => My Hobbies/Interests
• Professional activities => Where I Work
• Social activities => My Social Network
16
Absence Disclosure
Consequences
17
Protection
18
Location Privacy Preservation
Actual Events
Obs
erva
tion
Observable Events
Modifying the set of events before they are
observable to the adversary
19
Location Privacy Preservation
Actual Events
Use
rs
Appl
icati
ons
Priv
acy
Tool
s
MethodsEntities
Observable Events
20
Location Privacy Preservation
Actual Events
Hiding Events
Use
rs
Appl
icati
ons
Priv
acy
Tool
s
MethodsEntities
Observable Events
21
Location Privacy Preservation
Actual Events
Hiding Events
Adding Dummy EventsU
sers
Appl
icati
ons
Priv
acy
Tool
s
MethodsEntities
Observable Events
22
Location Privacy Preservation
Actual Events
Obfuscation
Hiding Events
Adding Dummy EventsU
sers
Appl
icati
ons
Priv
acy
Tool
s
MethodsEntities
Observable Events
23
Location Privacy Preservation
Actual Events
Obfuscation
Hiding Events
Adding Dummy EventsU
sers
Appl
icati
ons
Priv
acy
Tool
s
MethodsEntities
Observable EventsAnonymization
24
Measurement
25
Location Privacy Measurement
• Notions of location privacy in two different scales:
• Microscopic Location Privacy– How far is the adversary’s estimation of a user’s location
by having a single event observed from the user?
• Macroscopic Location Privacy– How far is the adversary’s estimation of a user’s location
by observing a set of events from the users?
26
Microscopic Location Privacy with respect to a single observed event
<ID: abc, Location-stamp: Midtown Center Manhattan, Time-stamp: 1pm>
who is abc? Alice, Bob, …?
where is abc?
?
27
Macroscopic Location Privacy with respect to a set of observed events
what are the trajectories?
whom the trajectories belong to?
Bob’s House
Alice’s House
Eve’s House
28
Location Privacy Metrics
• Uncertainty-based Metrics
• K-anonymity, l-diversity, …
• Clustering-based Metrics
• Distortion-based Metrics
29
Distortion-based Metric
Darkness: the probability that a user is there. The darker, the more probable.
User’s actual locationHypothesized locations for the user
Obfuscated Area
Location Privacy=
Distortion in the user’s reconstructed location
by the adversary
Sumi (pi*di)
30
Location Privacy Measurement
• Existing schemes only focus on measuring location privacy in 1st layer of the spatial model
• What about other layers?
31
Location Privacy Measurement
Diversity matters
Layer II – Location Sites
Distance (to user’s location) matters
Suggestion: Distortion-based Metric
32
Location Privacy Measurement
bar
bar
bar
casino
Layer III – Location Types
Suggestion: Uncertainty-based or Distortion-based Metric
33
Conclusion
34
Conclusion
• Proposed a unified framework for location privacy– Helps to design, understand and compare location
privacy schemes
• Embedded existing schemes in our framework