PRIV - PowerPoint PPT Presentation

About This Presentation
Title:

PRIV

Description:

Anonymous Location-Based Queries in Distributed Mobile Systems ... Query through anonymous web surfing service. But user location may disclose identity ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 35
Provided by: csSta
Learn more at: https://cs.stanford.edu
Category:

less

Transcript and Presenter's Notes

Title: PRIV


1
PRIVÉ Anonymous Location-Based Queries in
Distributed Mobile Systems
Gabriel Ghinita1 Panos Kalnis1
Spiros Skiadopoulos2
  • 1 National University of Singapore
  • ghinitag,kalnis_at_comp.nus.edu.sg
  • 2 University of Peloponnese, Greece
  • spiros_at_uop.gr

2
Location-Based Services (LBS)
  • LBS users
  • Mobile devices with GPS capabilities
  • Spatial database queries
  • Queries
  • NN and Range Queries
  • Location server is
  • NOT trusted

Find closest hospital to my present location
3
Problem Statement
  • Queries may disclose sensitive information
  • Query through anonymous web surfing service
  • But user location may disclose identity
  • Triangulation of device signal
  • Publicly available databases
  • Physical surveillance
  • How to preserve query source anonymity?
  • Even when exact user locations are known

4
Solution Overview
  • Anonymizing Spatial Region (ASR)
  • Identification probability 1/K
  • Minimize overhead
  • Reduce ASR extent
  • Fast ASR assembly time
  • Support user mobility

5
Central Anonymizer Architecture
  • Intermediate tier between users and LBS

Bottleneck and single point of attack/failure
6
PRIVÉ Architecture
7
K-Anonymity
Age ZipCode Disease
42 25000 Ulcer
46 35000 Pneumonia
50 20000 Flu
54 40000 Gastritis
48 50000 Dyspepsia
56 55000 Bronchitis
Name Age ZipCode
Andy 42 25000
Bill 46 35000
Ken 50 20000
Nash 54 40000
Mike 48 50000
Sam 56 55000
(a) Microdata
(b) Voting Registration List (public)
L. Sweeney. k-Anonymity A Model for Protecting
Privacy. Int. J. of Uncertainty, Fuzziness and
Knowledge-Based Systems, 10(5)557-570, 2002.
8
K-Anonymity
Age ZipCode Disease
42-46 25000-35000 Ulcer
42-46 25000-35000 Pneumonia
50-54 20000-40000 Flu
50-54 20000-40000 Gastritis
48-56 50000-55000 Dyspepsia
48-56 50000-55000 Bronchitis
Name Age ZipCode
Andy 42 25000
Bill 46 35000
Ken 50 20000
Nash 54 40000
Mike 48 50000
Sam 56 55000
  1. 2-anonymous microdata

(b) Voting Registration List (public)
L. Sweeney. k-Anonymity A Model for Protecting
Privacy. Int. J. of Uncertainty, Fuzziness and
Knowledge-Based Systems, 10(5)557-570, 2002.
9
Relational and Spatial Anonymity
Age
Zip
20k
25k
30k
35k
40k
45k
50k
55k
10
Existing Cloaking Solutions
11
Redundant Queries
  • Send K-1 redundant queries
  • Gives away exact location of users
  • Potentially high overhead

12
CloakP2P Chow06
  • Find K-1 NN of query source
  • Source likely to be closest to ASR center
  • Vulnerable to center-of-ASR attack

NOT SECURE !!!
uq
5-ASR
Chow06 Chow et al, A Peer-to-Peer Spatial
Cloaking Algorithm for Anonymous Location-based
Services, ACM GIS 06
13
QuadASRGru03, Mok06
  • Quad-tree based
  • Fails to preserve anonymity for outliers
  • Unnecessarily large ASR size

u2
  • Let K3

A1
u1
u3
  • If any of u1, u2, u3 queries, ASR is A1

NOT SECURE !!!
u4
  • If u4 queries, ASR is A2

A2
  • u4s identity is disclosed

Gru03 - Gruteser et al, Anonymous Usage of
Location-Based Services Through Spatial and
Temporal Cloaking, MobiSys 2003 Mok06 Mokbel
et al, The New Casper Query Processing for
Location Services without Compromising Privacy,
VLDB 2006
14
Secure LocationAnonymization
15
Reciprocity
  • Consider querying user uq and ASR Aq
  • Let ASq set of users enclosed by Aq
  • Aq has the reciprocity property iff
  • AS K
  • ? ui,uj ? AS, ui ? ASj ? uj ? ASi

16
hilbASR
  • Based on Hilbert space-filling curve
  • index users by Hilbert value of location
  • partition Hilbert sequence into K-buckets

Start
End
17
Advantages of hilbASR
  • Guarantees source privacy
  • K-ASRs have the reciprocity property
  • Reduced ASR size
  • Hilbert ordering preserves locality well
  • K-ASR includes exactly K users (in most cases)
  • Efficient ASR assembly and user relocation
  • Balanced, annotated index tree
  • User relocation, ASR assembly in O(log users)

18
hilbASR with Annotated Index
K6 Example
19
PRIVÉ
20
PRIVÉ Characteristics
  • P2P overlay network
  • Resembles annotated B-tree
  • Hierarchical clustering architecture
  • Bounded cluster size ?,3?)

S relocates to 60
21
Relocation
22
PRIVÉ Protocol
  • Users self-organize into clusters
  • Bounded cluster size ?,3?)
  • Cluster head handles operations
  • State replicated at each cluster peer
  • Operations
  • Join/Departure
  • Similar to B-tree insert/delete
  • Relocation
  • Handled bottom-up, restrict propagation
  • K-request
  • Decentralized implementation of hilbASR

23
Operation Complexity
Operation Latency Communication Cost
Join/Departure log?N log?N ?
Relocation log?N log?N ?
K-request log?N log?K log?N K/?
24
Load Balancing
  • Hierarchical architecture
  • Inherent imbalance in peer load
  • Cluster head rotation mechanism
  • Rotation triggered by load
  • Communication cost predominant

25
Fault Tolerance
  • Soft-state mechanism
  • Cluster membership periodically updated
  • Recovery facilitated by state replication
  • Leader election protocol
  • In case of cluster head failure

26
Experimental Evaluation
27
Experimental Setup
  • San Francisco Bay Area road network
  • Network-based Generator of Moving Objects
  • Up to 10000 users
  • Velocities from 18 to 68 km/h
  • Uniform and skewed query distributions
  • Anonymity degree K in the range 10, 160

T. Brinkhoff. A Framework for Generating
Network-Based Moving Objects. Geoinformatica, 6(2)
153180, 2002.
28
Anonymity Strength (center-of-ASR)
29
ASR Size
30
Query Efficiency
31
Relocation Efficiency
32
Load Balancing
0 20 40 60 80 100
Node Fraction
33
Conclusions
  • LBS Privacy an important concern
  • Existing solutions have no privacy guarantees
  • Centralized approach has limitations
  • Poor scalability, legal issues
  • Contribution
  • Anonymization with privacy guarantees
  • hilbASR
  • Extension to decentralized systems
  • Improved scalability and availability
  • No single point-of-attack/failure

34
Ongoing Future Work
  • Relational DB
  • Employ space mapping techniques to achieve
    k-anonymity and l-diversity
  • We outperform existing state-of-the art
  • Space/Data Partitioning and Clustering
  • Spatial anonymity
  • Address anonymization of trajectories
  • As opposed to point locations

35
Ongoing Future Work
  • Address anonymization of trajectories
  • As opposed to point locations
  • Infrastructure-less scenario

36
Bibliography on LBS Privacy
  • http//anonym.comp.nus.edu.sg

37
Bibliography
  • Chow06 Mokbel et al, A Peer-to-Peer Spatial
    Cloaking Algorithm for Anonymous Location-based
    Services, ACM GIS 06
  • Gru03 - Gruteser et al, Anonymous Usage of
    Location-Based Services Through Spatial and
    Temporal Cloaking, MobiSys 2003
  • Ged05 Gedik et al, Location Privacy in Mobile
    Systems A Personalized Anonymization Model,
    ICDCS 2005
  • Mok06 Mokbel et al, The New Casper Query
    Processing for Location Services without
    Compromising Privacy, VLDB 2006

38
MobiHide
  • Randomized ASR assembly technique
  • Also uses Hilbert ordering
  • ASR chosen as random K-user sequence
  • Advantages
  • No global knowledge required
  • Flat index structure (Chord DHT)
  • Disadvantages
  • No privacy guarantees for skewed query
    distributions
  • but still strong anonymity in practice
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "PRIV" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!