1 / 26

Feeling-based location privacy protection for LBS

Feeling-based location privacy protection for LBS. Location privacy. Location privacy leak in LBSs A person’s whereabouts may imply private information Potential abuse of users’ location data collected by service providers. Location privacy protection.

ember
Download Presentation

Feeling-based location privacy protection for LBS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Feeling-based location privacy protection for LBS

  2. Location privacy • Location privacy leak in LBSs • A person’s whereabouts may imply private information • Potential abuse of users’ location data collected by service providers

  3. Location privacy protection • Simply using pseudonym is not sufficient. • a user’s location may reveal her real identity • Reducing location resolution • Cloak a client’s location with a spatial region, called cloaking region

  4. Location privacy protection • Location cloaking techniques • Anonymous use of LBSs • Ensure each cloaking region contains a number of users • Prevent adversary identifying the service client • Location privacy protection • Ensure each cloaking region has been visited by a number of users • Prevent adversary deriving who is where at what time

  5. Problems (1) • Privacy modeling • Users need to specify a K value • Privacy is about personal feelings • Difficult for users to choose a K value • What is the difference between K=20 and K=19? • Users have no idea how much K should be in order to make them feel safe enough. • A user may choose a very large K, but it leads to poor cloaking resolution

  6. Problems (2) • Robustness • Just ensuring each cloaking region have been visited by K people may NOT provide protection at level K. • Robust only when the users’ footprints are uniformly distributed • Dominant users are more likely be the service client

  7. Problem (3) • On-the-fly cloaking • Current cloaking technique needs a client submit her route before a travel • In many cases, the moving route is not predetermined • Cloaking should be in an on-the-fly fashion

  8. Basic idea • Let a client specify her privacy requirement by a spatial region, called public region • A spatial region is considered public by a user if the user feels comfortable that the region is reported as her location • E.g., a user can specify a shopping mall as her safe region

  9. Feeling-based privacy model • A user u specifies a public region Ru instead of K • The user feels that Ru is public enough, reporting Ru is safe for herself. • Challenge: • How to measure the privacy level that such region can provide to the user

  10. Popularity (1) • Use entropy to measure the popularity of a region • Let R be a region, S(R)={u1, u2,…,um} be the set of users who have visited R. • Entropy of R is E(R) = • Popularity of R is P(R) =

  11. Popularity (2) • E(R): the amount of information needed for the adversary to identify the client • P(R): actually indicates the number of users among which the client is indistinguishable • 1<P(R)≤m • P(R) is lower if footprint distribution is more skewed • From a client’s perspective, a spatial region is a public region as long as its popularity is no less than P(Ru)

  12. Public trajectory (1) • Continuous LBS – a sequence of location updates • Location updates are not independent • Simply ensuring each cloaking box is a public region is not enough • T={R1, R2, …, Rn} • Adversary may identify S(Ri), and then join all S(Ri). • As a result, the privacy level is reduced

  13. Public trajectory (2) • We must use the common set of users to compute the popularity • Let U ={u1, u2,…,um’} be a sub set of S(R) • The entropy of R with respect to U is • The popularity of R with respect to U is • Goal: the popularity of each cloaking box in the trajectory with respect to a common set of users is no less than P(Ru) ----- P-Public Trajectory (PPT)

  14. On-the-fly trajectory cloaking • System overview • Clients communicate with LBS providers through a location depersonalization server (LDS) • To receive a LBS, a client needs to submit • Public region Ru • Travel bound B • Location updates repeatedly during her travel • In response, LDS • Generates a cloaking box for each location update • Ensure the sequence of cloaking boxes form a PPT

  15. Data structure • Grid-based pyramid structure • 4i-1 cells at layer i • Cells at the bottom layer h keep the footprint index • Footprint table, stores the footprints in this cell • Cell table, stores the number of footprints each user has in the cell

  16. Generating PPT • Given public region Ru, calculate Pu=P(Ru) • Each cloaking box in a PPT • Contains footprints of a same set of users, called cloaking set • Popularity with respect to the cloaking set is no less than Pu • Challenge: • How to find the cloaking set which can generate PPT with fine resolution

  17. Selecting cloaking set • Simple solution • Cloak the client’s first location using the footprints closest to it • Record the corresponding users as cloaking set • Cloak the client’s rest location updates using the historical trajectories of the users in cloaking set • Disadvantage • First cloaking box is small, but the rest will become larger and larger as the client moves

  18. Basic idea • Observation • Popular user: has visited many places in the client's travel bound • Using her historical trajectories to cloak tends to have a fine cloaking resolution, no matter where the client moves • Idea • Find the most popular users for cloaking

  19. Popular level • Measure how popular a user is in B, based on her footprints in B • l-popular : the user has visited all cells at layer l overlapping with B • l is larger, the user is more popular • If a user is l-popular, she must be l’-popular for any l’<l • Example • u1, u2, u3 : 2-popular • u2, u3 : 3-popular • u3: 4-popular

  20. Cloaking set selection algorithm • From bottom to top of the pyramid • Find the l-popular users in terms of B for each layer l, say Sl (l from h down to 1) • Calculate the popularity of B with respect to Sl • If for some l, the popularity is no less than Pu, Sl is set as the cloaking set candidate

  21. Refine the cloaking set • Sl needs refinement if PSl (B) > Pu • Overprotect • Larger cloaking set may downgrade the cloaking resolution • Find a subset of Sl • Remove some users who are l-popular but not (l+1)-popular, i.e., S’=Sl - Sl+1 • A user is more popular • if visited more cells at layer l+1 • if visited cells are closer to the client’s start position • Measure a user u in S’ with • C’l+1 is the cells at layer l+1 overlapping with B • dc is the distance between a cell c and the cell containing the client’s start position

  22. Cloaking client’s location • Let S be the cloaking set, p be the client’s location, we cloak p by • 1) find closest footprints to p for each user in S • 2) compute the minimal bounding box of these footprints, say R • 3) calculate PS(R) • If PS(R) < Pu, expand R by merging its neighbors, goto 2) • If PS(R) ≥ Pu, R is reported as the client’s location

  23. Performance • Evaluate the impact of the cloaking technique on the quality of LBSs • Metric: cloaking area, average area of cloaking boxes in a PPT • Comparison • Baseline: determine the cloaking set based on the closest footprints to client’s start position • Advanced: the proposed technique

  24. Effect of privacy requirement • Our technique has better performance • The cloaking resolution on more popular roads is finer

  25. Conclusion • We proposed a feeling-based model for location privacy protection • Allow users to configure their privacy preference based on intuitive feelings ---- public region • Borrow the concept of entropy to measure the privacy level of a cloaking box • Based on this model, we developed algorithms for on-the-fly trajectory cloaking

  26. Thanks

More Related