quantifying privacy loss of human mobility graph topology
play

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th - PowerPoint PPT Presentation

Dec 14, 2022 •299 likes •758 views

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 2427, 2018 Dionysis Manousakas , Cecilia Mascolo , , Alastair R. Beresford , Dennis Chan , Nikhil Sharma

  1. Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 24–27, 2018 Dionysis Manousakas ∗ , Cecilia Mascolo ∗ , † , Alastair R. Beresford ∗ , Dennis Chan ∗ , Nikhil Sharma ‡ ∗ University of Cambridge † The Alan Turing Institute ‡ UCL

  2. Mobility data privacy vs. utility analytics PETS’18 Background 2 • Information sharing for data-driven customization and large-scale • context-awareness • transportation management, health studies, urban development • Utility -preserving anonymized data representations • timestamped GPS, CDR, etc. measurements • histograms • heatmaps • graphs • How privacy conscientious they are? • often poorly understood, leading to privacy breaches

  3. Mobility data privacy vs. utility analytics PETS’18 Background 2 • Information sharing for data-driven customization and large-scale • context-awareness • transportation management, health studies, urban development • Utility -preserving anonymized data representations • timestamped GPS, CDR, etc. measurements • histograms • heatmaps • graphs • How privacy conscientious they are? • often poorly understood, leading to privacy breaches

  4. Mobility data privacy vs. utility analytics PETS’18 Background 2 • Information sharing for data-driven customization and large-scale • context-awareness • transportation management, health studies, urban development • Utility -preserving anonymized data representations • timestamped GPS, CDR, etc. measurements • histograms • heatmaps • graphs • How privacy conscientious they are? • often poorly understood, leading to privacy breaches

  5. Mobility data privacy vs. utility analytics PETS’18 Background 2 • Information sharing for data-driven customization and large-scale • context-awareness • transportation management, health studies, urban development • Utility -preserving anonymized data representations • timestamped GPS, CDR, etc. measurements • histograms • heatmaps • graphs • How privacy conscientious they are? • often poorly understood, leading to privacy breaches

  6. Deanonymizing mobility Raw mobility data Inference on individual traces information 1 Sparsity and regularity-based [Zang and Bolot, 2011] [de Montjoye et al., 2013] [Naini et al., 2016] PETS’18 Background 3 • ”top- N ” location attacks • unicity of spatio-temporal points • matching of individual mobility histograms

  7. Deanonymizing mobility Raw mobility data Inference on individual traces information [De Mulder et al., 2008] PETS’18 Background 4 2 Probabilistic models • Markovian mobility models • Mobility Markov chains [Gambs et al., 2014]

  8. Deanonymizing mobility Raw mobility data Inference on population statistics aggregated mobility data [Xu et al., 2017] location time-series [Pyrgelis et al., 2017] PETS’18 Background 5 3 On aggregate information • Individual trajectory recovery from • Probabilistic inference on aggregated

  9. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  10. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  11. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  12. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  13. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  14. Motivation Let’s remove – What is the privacy leakage of this representation? – Does topology still bear identifjable information? – Can an adversary exploit it in a deanonymization attack? PETS’18 Motivation 7 • temporal (except from ordering of states) • geographic, and • cross-referencing information

  15. Motivation Let’s remove – What is the privacy leakage of this representation? – Does topology still bear identifjable information? – Can an adversary exploit it in a deanonymization attack? PETS’18 Motivation 7 • temporal (except from ordering of states) • geographic, and • cross-referencing information

  16. Mobility information fmow Removal of Geographic-Temporal Information Mobility Data Graph Topology Sparsity Recurrence Privacy Loss PETS’18 Overview 8

  17. Mobility information fmow Removal of Geographic-Temporal Information Mobility Data Graph Topology Sparsity Recurrence Privacy Loss PETS’18 Overview 8

  18. Mobility information fmow Removal of Geographic-Temporal Information Mobility Data Graph Topology Sparsity Recurrence Privacy Loss PETS’18 Overview 8

  19. Mobility information fmow Removal of Geographic-Temporal Information Mobility Data Graph Topology Sparsity Recurrence Privacy Loss PETS’18 Overview 8

  20. Difgerences of our approach Mobility deanonymization Overview PETS’18 information Sharad and Danezis, 2014] [Narayanan and Shmatikov, 2008, node matching entire graph : No need for Privacy on graphs [Lin et al., 2015] ) information (as opposed to locations 9 • Each user ’s information is an • No cross-referencing between • No fjne-grained temporal • No social network

  21. Data information, cellular and wireless location PETS’18 Overview 10 • Device Analyzer : global dataset from mobile devices with system • 1500 users with the most cid location datapoints • average of 430 days of observation, • 200 regions of interest • cids pseudonymized per handset

  22. Mobility networks Graphs with nodes corresponding to ROIs and edges to recorded transitions between ROIs data [Scholtes, 2017] visited regions in user’s routine PETS’18 Overview 11 • Network Order Selection via Markov chain modeling of sequential • Node attributes with no temporal/geographic information • Edge weights corresponding to frequency of transitions • Location pruning to top − N networks by keeping the most frequently

  23. Empirical statistics Graphs with: PETS’18 Overview 12 • heavy-tailed degree distributions • large number of rarely repeated transitions • small number of frequent transitions • high recurrence rate

  24. Privacy framework is the minimum cardinality of isomorphism classes within a population of graphs [Sweeney, 2002] PETS’18 Method 13 k − anonymity via graph isomorphism Graph k − anonymity

  25. directed undirected undirected networks PETS’18 Method 14 Identifjability of top − N mobility networks • 15 and 19 locations suffjce to form uniquely identifjable directed and • 5 and 8 are the corresponding theoretical upper bounds

  26. directed and undirected networks respectively PETS’18 Method 15 Anonymity size of top − N mobility networks • small isomorphism clusters for even very few locations • median anonymity becomes one for network sizes of 5 and 8 in

  27. Recurring patterns in typical user’s mobility 1st half of the observation period 2nd half of the observation period observation window PETS’18 Method 16 shown edges correspond to the 10 % most frequent transitions in the respective

  28. Threat Model PETS’18 Method 17

  29. Threat Model DISCLOSED IDs UNDISCLOSED IDs PETS’18 Method 18 G train G test • closed-world • partition point for each user randomly ∈ (0 . 3 , 0 . 7) of total obs. period • state frequency information

  30. Threat Model PETS’18 Method 19

  31. Attacks: Uninformed Adversary P for every G i PETS’18 Method 20 ( ) l G ′ = l G i = 1/ |L| , ∈ G train expected rank = |L| / 2

  32. Attacks: Informed Adversary P Method PETS’18 f : non-decreasing K : graph similarity metric, , 21 K ( G i , G ′ ) ( l G ′ = l G i ) ( ) |G train , K ∝ f for every G i ∈ G train

  33. Attacks: Informed Adversary PL Method PETS’18 true P 22 P • Posterior probability K ( G i , G ′ ) ( ) ( ) l G ′ = l G i |G train , K ∝ f , for every G i ∈ G train • Privacy Loss ( ) l G ′ = l G ′ true |G train , K G ′ ; G train , K ( ) = P − 1 ( ) l G ′ = l G ′

  34. Graph Similarity Functions Graph Kernels Method PETS’18 G 23 Express similarity as inner product of vectors with graph statistics [Vishwanathan et al., 2010] subtrees) • on Atomic Substructures (e.g. Shortest-Paths, Weisfeiler-Lehman ⟨ ⟩ φ ( G ′ ) φ ( G ) K ( G , G ′ ) = || φ ( G ) || , || φ ( G ′ ) || • Deep Kernels [Yanardag and Vishwanathan, 2015] K ( G , G ′ ) = φ G ′ ) ( ) T M φ ( M : encodes similarities between substructures

Recommend

Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in

Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in

Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in Human Health Risk/Safety Assessment Ralph L. Kodell, Ph.D. Department of Biostatistics University of Arkansas for Medical Sciences Little Rock,

600 views • 33 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
More mobility options, more data: Transportation and privacy issues in shared-mobility data use

More mobility options, more data: Transportation and privacy issues in shared-mobility data use

More mobility options, more data: Transportation and privacy issues in shared-mobility data use Tuesday, February 25, 2020 1:30pm California Legislature Information Hearing State Capitol, Room 4203 Senate Transportation & Judiciary

315 views • 14 slides
Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1

Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1

Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1 Poten7al&Problems&for&Individuals Loss&of&Autonomy Exclusion Loss&of&Self& Loss&of&Liberty

538 views • 19 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Body Weight Dynamics Kevin D. Hall, Ph.D. NIDDK May 2, 2013 The Old Math of Weight Loss 3500

Body Weight Dynamics Kevin D. Hall, Ph.D. NIDDK May 2, 2013 The Old Math of Weight Loss 3500

The Calculus of Calories Quantifying Human Body Weight Dynamics Kevin D. Hall, Ph.D. NIDDK May 2, 2013 The Old Math of Weight Loss 3500 kcal per pound Practical Guide to the Identification, Evaluation, and Treatment of Overweight and

900 views • 37 slides
Social and economic mobility: are destinies diverging? Anna Ludwinek Research Manager European

Social and economic mobility: are destinies diverging? Anna Ludwinek Research Manager European

Social and economic mobility: are destinies diverging? Anna Ludwinek Research Manager European Foundation For the Improvement of Living and Working Conditions LSE, June 14th, 2017 Why does social mobility matter? Economic loss of human

299 views • 14 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
3.6 GRAPH THEORY APPROACH Graph theory is basically a branch of topology. Geometric structure of a

3.6 GRAPH THEORY APPROACH Graph theory is basically a branch of topology. Geometric structure of a

CE -751, SLD, Class Notes, Fall 2006, IIT Bombay Where Y = the average assigned volumes Y =The trips assigned to the links during the ith iteration of the linear i graph procedure including iterations n= the number of linear graph iterations

745 views • 48 slides
The Connected Mobility Global Forecast Quantifying future connected car services April 2016 -

The Connected Mobility Global Forecast Quantifying future connected car services April 2016 -

PTOLEMUS Consulting Group The Connected Mobility Global Forecast Quantifying future connected car services April 2016 - PTOLEMUS intellectual property PTOLEMUS in a nutshell The consulting & research firm for the connected world Our

869 views • 19 slides
in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

Open Charging Cloud Security and Privacy in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network Architecture e-Mobility Energy Provider 1 Provider Charging (Mobile) Station Charging Internet

563 views • 39 slides
Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas

Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas

Graph Perturbation as Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas Data Privacy Management Luxembourg, 26 September 2019 Outline 1. Introduction Motivations and objectives Random graph

355 views • 20 slides
Graph-theoretic methods in combinatorial (algebraic) topology Micha l Adamaszek Universit

Graph-theoretic methods in combinatorial (algebraic) topology Micha l Adamaszek Universit

Graph-theoretic methods in combinatorial (algebraic) topology Micha l Adamaszek Universit at Bremen Joint work with Jan Hladk y and Juraj Stacho Micha l Adamaszek Graph-theoretic methods 1 / Combinatorial (algebraic)

272 views • 16 slides
Crowdsourcing and HCI 2: Privacy and Latency Crowdsourcing and Human Computation Instructor:

Crowdsourcing and HCI 2: Privacy and Latency Crowdsourcing and Human Computation Instructor:

Crowdsourcing and HCI 2: Privacy and Latency Crowdsourcing and Human Computation Instructor: Chris Callison-Burch Website: crowdsourcing-class.org Privacy Would you let crowd workers read your email? Problems with email as a task management

786 views • 59 slides
Deep Topology Classifica0on: A New Approach for Massive Graph Classifica0on Stephen Bonner, John

Deep Topology Classifica0on: A New Approach for Massive Graph Classifica0on Stephen Bonner, John

Deep Topology Classifica0on: A New Approach for Massive Graph Classifica0on Stephen Bonner, John Brennan, Georgios Theodoropoulos, Ibad Kureshi and Andrew Stephen McGough School of Engineering and Computing Sciences Durham University, Durham,

300 views • 16 slides
Decision Aid Methodologies In Transportation Lecture 5: Graph and Network Graph and Networks

Decision Aid Methodologies In Transportation Lecture 5: Graph and Network Graph and Networks

Decision Aid Methodologies In Transportation Lecture 5: Graph and Network Graph and Networks Shadi SHARIF AZADEH Transport and Mobility Laboratory TRANSP-OR cole Polytechnique Fdrale de Lausanne EPFL Branch and Bound Pruned by

820 views • 32 slides
Directed Network Topology Inference via Graph Filter Identification Rasoul Shafipour, Santiago

Directed Network Topology Inference via Graph Filter Identification Rasoul Shafipour, Santiago

Directed Network Topology Inference via Graph Filter Identification Rasoul Shafipour, Santiago Segarra , Antonio G. Marques and Gonzalo Mateos Institute for Data, Systems, and Society Massachusetts Institute of Technology segarra@mit.edu

464 views • 30 slides
A systematic approach to constructing families of incremental topology control algorithms using

A systematic approach to constructing families of incremental topology control algorithms using

A systematic approach to constructing families of incremental topology control algorithms using graph transformation Presentation at ICGT 2018 Toulouse, France, 2018-06-25 Sensor node Properties Topology control Aux. Algorithm Weight

331 views • 30 slides
WHAT DO WE KNOW ABOUT THE TOPOLOGY? WHAT DO WE KNOW ABOUT THE TOPOLOGY? Number of nodes and

WHAT DO WE KNOW ABOUT THE TOPOLOGY? WHAT DO WE KNOW ABOUT THE TOPOLOGY? Number of nodes and

TxProbe: Discovering Bitcoins Network Topology Using Orphan Transactions Sergi Delgado-Segura , Surya Bakshi, Cristina Prez-Sol, James Litton, Andrew Pachulski, Andrew Miller and Bobby Bhattacharjee sr_gi WHAT DO WE KNOW ABOUT THE TOPOLOGY?

1.84k views • 162 slides
Can residential mobility programs improve human capital? Comparing social mechanisms in different

Can residential mobility programs improve human capital? Comparing social mechanisms in different

Can residential mobility programs improve human capital? Comparing social mechanisms in different mobility programs James Rosenbaum Northwestern University, Evanston, IL. j-rosenbaum@northwestern.edu 11/15/07 Defining terms Human Capital

298 views • 12 slides
Graph Database Querying vs String Constraints Pablo Barcel o Millennium Institute for

Graph Database Querying vs String Constraints Pablo Barcel o Millennium Institute for

Graph Database Querying vs String Constraints Pablo Barcel o Millennium Institute for Foundational Research on Data & DCC, University of Chile INTRODUCTION Graph DBs and applications Graph DBs are crucial when topology is as

1.35k views • 113 slides
Online Topology Inference from Streaming Stationary Graph Signals Rasoul Shafipour Dept. of

Online Topology Inference from Streaming Stationary Graph Signals Rasoul Shafipour Dept. of

Online Topology Inference from Streaming Stationary Graph Signals Rasoul Shafipour Dept. of Electrical and Computer Engineering University of Rochester rshafipo@ece.rochester.edu http://www.ece.rochester.edu/~rshafipo/ Co-authors: Abolfazl

767 views • 30 slides
Repetitive Loss Properties and the CRS NFIP/Community Rating System Visual 10.1 Repetitive Loss

Repetitive Loss Properties and the CRS NFIP/Community Rating System Visual 10.1 Repetitive Loss

Repetitive Loss Properties and the CRS NFIP/Community Rating System Visual 10.1 Repetitive Loss Properties and the CRS Overview Section 501 The Repetitive Loss List The Privacy Act Section 502 Repetitive Loss Category CRS

773 views • 73 slides

More recommend