Computational Location Privacy: Two Fundamental Problems Reza Shokri ETH Zurich Department of Computer Science
They Profile You! They Track You! Loc ocation on-base sed S d Services es NSA L NSA Locati tion T Tracking Programs • Co-Traveler • HappyFoot Soc ocial N Network orks washingtonpost.com NSA collects 5 billion location records a day on cellphones
Different Approaches to Privacy Legal Behavioral Computational
Computational Privacy Protecting Quantifying Privacy Privacy
Location Traces and Location-based Services Actual Traces
User-Centric Protection Mechanisms • Anonymization • Location Obfuscation • Decrease Granularity (Location Cloaking) • Decrease Accuracy (Location Perturbation) • Fake Location Observed Traces • …
How to Consistently Quantify Location Privacy? Observation Personal Information Obfuscation (location) S System (Location-based Service) O User Background Knowledge Estimate of Inference User’s Location (Mobility Model) ^ Attack K S ^ ^ ∑ Pr ( S | O , K ) . d( S , S ) Privacy (as expected inference error): ^ S • R. Shokri, et al., “Quantifying Location Privacy,” IEEE S&P - Oakland, 2011. • R. Shokri, et al., “Quantifying Location Privacy: The Case of Sporadic Location Exposure,” PETS, 2011.
Inference Attacks • Identification: Which trace does belong to Alice? • Localization : Where was Alice at 8:00? • Tracking : Where did Alice go yesterday? • Meeting Disclosure : How many times did Alice and Bob meet? • R. Shokri, PhD Dissertation, EPFL 2013
How to Optimally Protect Location Privacy using Obfuscation? Personal Information Obfuscation Observation System (location) Service User Utility Requirements There is a tradeoff between privacy and utilit ility
Solution: Decision Theory ? • Minimize privacy loss • Satisfy utility constraints Inference Inference Inference Algorithm Algorithm Algorithm … Obfuscation Obfuscation Privacy decision making must be interact ctive
Attacker Has the Upper Hand Defender Must Anticipate the Inference Attack Game Theory … … Defender Obfuscation #1 Obfuscation #2 Obfuscation #k … … Anticipated Optimal Attack Optimal Attack Optimal Attack Attacker #1 #2 #k Privacy MAX … … • Solve conflicting optimizations: Defense and Attack • R. Shokri, et al., “Protecting Location Privacy: Optimal Strategy against Localization Attacks,” in ACM CCS 2012.
Conclusions • Defense against surveillance Practical protection mechanisms with theoretical foundations Intelligent obfuscation methods, considering user behavior • Computational privacy Quantify privacy using statistical inference: measure adversary error Protect privacy in a strategic decision making process: find the optimal balance between privacy , utility , and computing budgets
Recommend
More recommend
![Existing LBS Privacy Existing LBS Privacy Solutions 1 7 8 Casper [Mok06] Reciprocity](https://c.sambuz.com/838590/existing-lbs-privacy-existing-lbs-privacy-solutions-s.jpg)
