1 / 62

Holistic Privacy From Location Privacy to Genomic Privacy

Holistic Privacy From Location Privacy to Genomic Privacy. Jean-Pierre Hubaux With contributions from E. Ayday, M. Humbert, J.-Y. Le Boudec, J.-L. Raisaro, R. Shokri, G. Theodorakopoulos. Make It Faster!!. Benz Motorwagen, 1885. Ford-T, 1915. After Some Decades….

kevin-blake
Download Presentation

Holistic Privacy From Location Privacy to Genomic Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Holistic PrivacyFrom Location Privacy to Genomic Privacy Jean-Pierre Hubaux With contributions from E. Ayday, M. Humbert, J.-Y. Le Boudec, J.-L. Raisaro, R. Shokri, G. Theodorakopoulos

  2. Make It Faster!! Benz Motorwagen, 1885 Ford-T, 1915

  3. After Some Decades…

  4. … the Concerns Have Changed • Reduce casualties • Better brakes • Safety belts • Airbags • … • Mitigate side effects • Road congestion • Depletion of fossil fuel • Climate change • ….

  5. Similar Phenomenon with IT Assault on privacy Cyber-crime, cyberwar Information overload, attention deficit disorder • For each end user: • 10s to 1000s Mb/s • Terabytes of storage • Processor in the Ghz

  6. Holistic PrivacyFrom Location Privacy to Genomic Privacy • On Privacy Protection • Location Privacy • Genomic Privacy

  7. Another Observation Tool… “The Right to Privacy” Warren and Brandeis Harvard Law Review Vol. IV Dec. 15, 1890 No. 5 Major concern: photography without consent

  8. Some Modern Observation Tools Cellularphones Genomicsequencing Online Social Networks

  9. Privacy: Definition • Privacy control is the ability of individuals to determine when, how, and to what extent information about themselves is revealed to others. • Goal: let personal data be used only in the context they have been released • Privacy is about the data of individuals

  10. Main Risk: People’s Mind Manipulation Those observing us Citizens (us)

  11. Privacy Protection at Odds with… Security (e.g., homeland security) Usability Business (e.g., targeted advertisement) Privacy Protection System performance Medical progress

  12. Holistic PrivacyFrom Location Privacy to Genomic Privacy • On Privacy Protection • Location Privacy • Genomic Privacy

  13. Location-Based Services Users upload location episodically through WiFi or cellular networks Query, Location, Time

  14. Why Reveal Your Location? • To use service • Cellular connectivity • Location-based services • Local recommendations • Road toll payment • … • For socialbenefits • Find friends

  15. events ----------------------------------------------- Color: user identity Number: time-stamp Position on the map: location-stamp 01 01 01 02 03 01 02 04 03 17 04 17 05 06 18 05 07 08 09 18 10 16 11 12 16 13 06 14 15 13 14 12 07 15 11 10 08 09 Can You Clean up Your Digital Trace?

  16. Threat The contextual information attached to a trace tells much about our habits, interests, activities, beliefs and relationships

  17. Quantification of Location Privacy • Many privacy-preserving mechanisms proposed • No unified formal framework in previous work • Various metrics for location privacy • How to compare different mechanisms? • Which metric to use?

  18. Time and Space • Consider discrete time and space • Attacker: service provider (``honest but curious´´)

  19. Quantifying Location Privacy • KC: KnowledgeConstructor • LPPM: Location Privacy Protection Mechanism: • deliberatelyimprecisecoordinate reports (e.g., drop some of the least significant bits) • Swap user identifiers

  20. Correctness The adversary’s estimation of x given the observed traces o

  21. Location-Privacy Preserving Mechanisms Implemented LPPMs:

  22. Location-Privacy Meter Open source software tool (C++) to quantify location privacy

  23. Location-Privacy Meter (LPM) • Some traces to learn the users’ mobility profiles (background knowledge) • Observed traces • Location privacy of users with respect to various attacks: Localization, Tracking, Meeting Disclosure, Aggregate Presence Disclosure,… LPM

  24. LPM: Example • N = 20 users • R = 40 regions • T = 96 time instants • Protection mechanism: • Hiding location • Precision reduction (dropping low-order bits from the x, y coordinates of the location)

  25. Attacks • LO-ATT: Localization Attack: For a given user u and time t, what is the location of u at t? • MD-ATT: Meeting Disclosure Attack: For a given pair of users u and v, what is the expected number of meetings between u and v? • AP-ATT: Aggregated Presence Attack: For a given region r and time t, what is the expected number of users present in r at t?

  26. Results

  27. Protecting Location Privacy:Optimal Strategy against Localization Attacks

  28. Adversary Knowledge:User’s “Location Access Profile” Data source: Location traces collected by Nokia Lausanne (Lausanne Data Collection Campaign)

  29. Location Obfuscation Mechanism Consequence: “Service Quality Loss”

  30. Location Inference Attack Estimation Error: “Location Privacy”

  31. Problem Statement

  32. Game Zero-sum Bayesian Stackelberg Game UserAdversary (leader) (follower) LBS message user gain / adversary loss

  33. Optimal Strategy for the User Proper probability distribution Respect service quality constraint

  34. Optimal Strategy for the Adversary Proper probability distribution Minimizing the user’s maximum privacy under the service quality constraint Shadow price of the service quality constraint . (exchange rate between service quality and privacy) Note: This is the dual of the previous optimization problem

  35. Evaluation: Obfuscation Function

  36. Output Visualization of Obfuscation Mechanisms Optimal Obfuscation Basic Obfuscation (k = 7)

  37. Conclusion on Location Privacy • Protecting location privacy is a major challenge • Quantification expressed as adversary’s expected estimation error (incorrectness) • Techniques to protect location privacy: introduce imprecision in the reported location, reduce location report frequency, make use of pseudonyms,… • Privacy (similarly to any security property) is adversary-dependent. Neglecting adversary’s strategy and knowledge limits the privacy protection • More information and pointers:http://lca.epfl.ch/projects/quantifyingprivacy

  38. Holistic PrivacyFrom Location Privacy to Genomic Privacy • On Privacy Protection • Location Privacy • Genomic Privacy

  39. On Convergence… • Digital medicine: • - Digital medical records • - Digital imaging • Medical online social networks • Genomesequencing • Other ´omics data • Wireless biosensors • … Computing Telecom ICT ``The last inch´´ …0100110100011… …CGTTAATTCCGTA…

  40. The Genomic Avalanche Is Coming…

  41. Genetic Sequencing

  42. GATTACA (1997 Movie)

  43. Basics of Genomics – 1 • A full genome sequence: • uniquely identifies each one of us • contains information about our ethnic heritage, disease predispositions, and many other phenotypic traits. • Human genome: 3 billion letters

  44. Basics of Genomics - 2 • The cell’s nucleus holds the genetic program that determines most of our physical characteristics. • This information is stored in chromosomes. • Billions of identical copies of the genetic program, one for each cell nucleus.

  45. Basics of Genomics – 3 • Chromosomes: molecules of a double-stranded chemical known as Deoxyribonucleic acid (DNA) • DNA consists of chemical units that hook together known as nucleotides

  46. Basics of Genomics – 4 • DNA has two strands and four nucleotides (A T G C): • A = Adenosine • T = Thymidine • G = Guanosine • C = Cytidine • The genetic information is stored in the exact sequence of nucleotides. Pairs: A-T and G-C

  47. Basics of Genomics – 5 Human Genome complete and ordered sequence of all 23 chromosomes

  48. Basics of Genomics - 6 • Human Genome identical in most places for all people. • SNP (Single NucleotidePolymorphism) positions where some people have one nucleotide pair while others have another.

  49. Basics of Genomics – 7 40 million SNPs • SNPs make up only 1.3% of the genome • The differences at these places make each of us unique … … … … Allele designates which nucleotide is present at a SNP.

  50. Summary of Key Concepts • Our genetic information is stored in the sequence of DNA in our chromosomes. • There are 23 chromosomes in a human genome. Men and women have slightly different sets of chromosomes. • SNPs are chromosome addresses. They are spots where some people have one nucleotide, while others have another. • SNPs have four possible alleles: A, T, G, and C. • Our collection of SNP alleles is what makes each of us unique. • Modern techniques make it possible to determine the status of large numbers of SNPs very efficiently.

More Related