1 / 23

Anonymous Communication Technique using Dummies for Location-based Services

Anonymous Communication Technique using Dummies for Location-based Services. Hidetoshi Kido 1 , Yutaka Yanagisawa 2 , Tetsuji Satoh 1,2 1) Osaka University, Japan 2) NTT Corporation, Japan. Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions.

latanya
Download Presentation

Anonymous Communication Technique using Dummies for Location-based Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anonymous Communication Technique using Dummies for Location-based Services Hidetoshi Kido1, Yutaka Yanagisawa2, Tetsuji Satoh1,2 1)Osaka University, Japan 2) NTT Corporation, Japan

  2. Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Background • We can use highly accurate positioning devices such as GPS. • Various types of location-based services (LBS) are currently provided. • e.g. Restaurant search, Road navigation… • Protecting location privacy is crucial. • Person’s position data are significant personal data. GPS receiver ICPS 2005

  3. Location-based Service (LBS) 1. User device obtains position data as shown in red area by GPS and sends it to service provider. Service provider handles the position data of users. Users can get necessary data of their position from service providers. Restaurant Search A user Position data A Service provider A query Reply messages Restaurants DB 3. Service provider replies with information to user. 2. Service provider retrieves restaurant information from database using received position data. Serious invasion of user’s privacy! ICPS 2005

  4. Location Privacy Invasion Service provider Hospital Search Hospitals Caches Service provider can continuously grasp user location in detail. Home Finding - User route - Hospital visited by user Position data allows invasion of user privacy. ICPS 2005

  5. Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Goal and Approach • Our goal • Protection of user location privacy in location-based services • Our approach • Anonymous communication technique using false position data (dummies) mixed with true position data ICPS 2005

  6. Dummies Our Anonymous Communication Technique for LBS 2. Device sends dummies with true position data to a service provider. 4. Service provider sends all retrieved information to user. Each user sends several dummieswith true position data. Restaurant Search User Position data Service provider A query Restaurants DB Reply messages 3. Service provider retrieves restaurant information from database using all received position data. 5. User only selects necessary data using true position data. 1. User device obtains position data and generates dummies. Service provider cannot distinguish true position data from all received data. ICPS 2005

  7. Features and Issues True position Dummies • Features • Dummies can be generated at any position. • Dummies move in various directions. • Issues • Realistic dummy movements • Dummies should not be distinguished from true position data. • Reduction of communication costs • Dummies should not interfere with LBS communication. Based on dummies, observers can’t easily trace true position. Dummy generation Dummy generation algorithms Cost reduction technique ICPS 2005

  8. Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Dummy Generation Algorithms • Dummy generation • Dummies must behave like true users. • Focus on velocity of moving users. • Ex. People walk at less than 4 km/h. • Our proposed algorithms • Moving in Neighborhoods (MN) • Moving in Limited Neighborhoods (MLN) These algorithms allow dummies to behave like true position data. ICPS 2005

  9. Moving in Neighborhoods (MN) Area limitation where dummies can move - Future position of a dummy is decided using its previous position. 1. Ranges of dummy movement are decided. Dummies 2. Dummies are generated within the ranges. Moving in Neighborhoods • A quite simple algorithm • Dummies tend to move randomly ICPS 2005

  10. Moving in Limited Neighborhoods (MLN) Limitation of number of dummies included in a region • Future position of a dummy is decided using its previous position. • Maximum number of users included in a region is limited. True position Dummies Dummies are generated in a region where few users are More users than other regions Moving in Limited Neighborhoods • More complicated algorithm than MN • Dummies move more uniformly. ICPS 2005

  11. Example of Movements Normal with MN algorithm Dummies camouflage their true position data. Time ICPS 2005

  12. Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Evaluations of Anonymity • Anonymity Set • How is location anonymity enhanced? • Two requirements • Indicators based-on Anonymity Set • Experiments Ubiquity Congestion F P, Shift(P) ICPS 2005

  13. Enhanced Anonymity Set A: set of subjects i: information about position related to A Anonymity Set “a set of possible subjects” [Pfitzmann 2000] We define the following two functions: ASF(i) returns regions specified by i. ASP(i) returns persons specified by i. Set of all subjects determined by position information Extended AS(i): set of subjects determined by i Formalization Users Scale: 1 When the number of subjects is large, anonymity is high. Information i: I’m in the region where an arrow points. Information i: I’m in the blue regions. |ASF(i)| = 9 |ASP(i)| = 3 |ASF(i)| = 16 ICPS 2005

  14. Regions in which data exist All regions F = Ubiquity Ubiquity For every user • Users stay in an entire area. • Observers must check many regions to find specific users • An indicator: F • Scale of all regions where users are All position data exist widelyin an entire area. All position data exist only in a part of an area. F = {|ASF(i)| | i = (multiple regions)} F = 2/16 F= 13/16 (%) High Ubiquity Low Ubiquity ICPS 2005

  15. Congestion Congestion For local users • Large number of users are in a region. • It is difficult to distinguish one user from many users in the same region. • Indicator: P Low Congestion 1 1 4 P = {|ASP(i)| | i = (a specific region)} P = Number of users in a specific region P=5 High Congestion Extended for moving users ICPS 2005

  16. |0-4| |6-2| 4 2 4 4 |1-1| |2-3| 1 3 0 1 |1-2| |3-1| 2 1 1 2 Shift(P) True position Dummies • A difference of P in each region from time t to t+1 • While dummies are generated unnaturally, Shift(P) is high. 0 6 1 2 Shift(P) is high. 1 3 Dummies seem to move unnaturally. Time: t Time: t + 1 A matrix of Shift(P) Relationships between Shift(P) and dummy generation While Shift(P) in each region is low, location anonymity is enhanced. ICPS 2005

  17. Experiments • Simulation system implementation • Settings • Number of dummies: 0 ~ 10 • Number of regions: 8x8, 10x10, and 12x12 • Dummy generation algorithms: Random, MN, and MLN • Trajectory data for evaluations • 39 trajectories of rickshaws working in Nara Our simulation system Rickshaws Sample trajectory ICPS 2005

  18. Relationship between Location Anonymity and Ubiquity: F Observers can easily trace user movement. Location anonymity is high enough to protect the location privacy of the user. F: 50% F: 80% F: 10% Users in a region F > 80%: high location anonymity ICPS 2005

  19. Comparison of Number of Dummies and Ubiquity: F Ubiquity: F (%) To enhance location anonymity at degree of F > 80(%): regions 64(8x8): three dummies regions 100(10x10): four dummies regions 144(12x12): six dummies Number of dummies ICPS 2005

  20. Comparison of Dummy Generation Algorithms and Shift(P) Number of dummies: 3 Number of regions: 10x10 0.1 1.6 3.8 0.2 Shift(P) 0 (best) 1,2 (good) 3,4,5 6 or more (bad) 8.9 27.9 47.9 46.1 52.3 48.1 63.1 Unit: % Random MN MLN When Shift(P) in each region is low, location anonymity is enhanced. Enhancement of location anonymity: MN > MLN >>Random ICPS 2005

  21. Communication costs Requiring message cost (S) Answering message cost (R) Cost Reduction Techniques Users send position data which consists of sets of X and Y. True position data Dummies Return address Point of true data Dummies Previous S = (u,(Xr,Yr),(X1,Y1),(X2,Y2)) Y1 Yr (sets of X), (sets of Y) New S = (u,(Xr, X1,X2),(Yr,Y1,Y2)) Y2 Service provider believes that total combinations of Xs and Ys are position data. Xr X1 X2 Previous technique New technique ICPS 2005

  22. Cost Comparisons for Requiring Messages Even if the number of position data is 10,000, the message size is less than one Kbyte. ICPS 2005

  23. Background Our goal and approach Dummy generation algorithms Evaluations of anonymity Conclusions Conclusions • We proposed an anonymous communication technique for location-based services. • Findings • Our technique protects location privacy of LBS users. • Our technique can be applied in practical LBS. • Future work • Improvement of dummy generation algorithms for natural movement. ICPS 2005

More Related