Virtual Trip Lines for Distributed Privacy-Preserving Traffic Monitoring

Baik Hoh, Marco GruteserWINLAB / ECE Dept., Rutgers University

Ryan Herring, Jeff Bana, Dan Work, Juan-Carlos Herrera, Alexandre Bayen

Civil Engineering Dept., UC Berkeley

Murali Annavaram, Quinn JacobsonNokia Research Center

Presentation By: Saurabh Hukerikar30th March 2009

IntroductionVirtual trip lines Geographic markers that indicate where vehicles should provide location updates

Aggregating and cloaking several location updates based on trip line identifiers for privacy by preventing updates from VTL’s deemed private.

Distributed architecture

The Conventions

Eye witness reports

Traffic cameras

Loop detectors

Cellular base station hand-off

In-Vehicle Transponders (IVTs) and License Plate Readers (LPRs).

Privacy risks & threat model

www.privacyrights.org

Preserving privacy in GPS traces via uncertainty-aware path cloaking[B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady]

Spatio-temporal characteristics of the data allows tracking and re- identification of anonymous vehicles when user density is low.

Consecutive location samples from a vehicle exhibit temporal and spatial correlation, paths of individual vehicles can be reconstructed from a mix of anonymous samples belonging to several vehicles

Process can be formalized and automated through target tracking algorithms

Algorithms generally predict the target position using the last known speed and heading information and then decide which next sample to link to the same vehicle through Maximum Likelihood Detection

Privacy Metrics

Mean Time To Confusion (MTTC)

Mean Distance To Confusion (MDTC)

Tracking Uncertainity

Traffic Monitoring With Virtual Trip Lines

Virtual trip line (VTL): [id; x1; y1; x2; y2; d]

Handset

VTL generator

ID proxy server

Traffic monitoring service provider

Virtual trip lines control disclosure of location by sampling in space

VTL Placement: Minimum Spacing

Speed variation Penetration & Speed – impact on Minimum spacing

If trip lines are placed immediately before or after intersections, an adversary may be able to follow vehicles paths based on speed differences

VTL Placement: Road Layout

VTL Placement: Minimum Spacing – Speed consideration

Experimental Evaluation

Travel time of each link is computed with the length of a link and the mean speed that is obtained by averaging out speed readings from probe vehicles during an aggregation interval.

RMS error of about 80 seconds

Distance-to-confusion with two different sets of anonymous flow updates from both oThe evenly spaced VTLs (with exclusion area) and oThe evenly spaced VTLs (without exclusion area)

o 1 – 2 % penetration

o 500 meters exclusion area

o Sets of equidistant trip lines with minimum spacing varying from 333 ft (100 meters) to 1670 ft (500 meters)

o Uncertainty threshold of 0.2

Experimental Evaluation – Privacy v Accuracy Trade-Off

Two successive anonymous updates that are sampled longer than 800 feet apart experience high tracking uncertainty. Existence of the exclusion area

The travel time estimation generally improves with an increasing number of VTLs

Privacy v Accuracy Trade-Off

Source: http://www.calccit.org/projects/PDF-2008/Mobile%20Century%20Fact%20Sheet.pdf

Experimental Evaluation

Critique Energy requirements

- dash board charger

Processing and Communication overhead on Client phone

Real time?- Distributed architecture

Exclusion of VTLs- Generic exclusion risks undercoverage- Individualized exclusion processing overhead or configuration

                  

Source: http://www.tomtom.com/services

“The TomTom devices with HD Traffic all use a built-in receiver including a SIM-card. Does this mean that I can be traced?

TomTom takes privacy of personal information very seriously, and the information retreived is entirely anonymous. TomTom only uses information about the speed and direction travelled of TomTom device users. We don't know anything about the devices themselves, nor who owns them”

“Data generated from the mobile phones is completely anonymous. TomTom, and has information about user direction and speed only - not the type of device, nor the owner of the mobile phone.”

WEBLINK: TomTom High Definition

WEBLINK:

Questions?

Thank-you