Optimizing the Location Obfuscation in Location-Based Mobile Systems

1. Optimizing the Location Obfuscation in Location-Based Mobile Systems Iris Safaka Professor: Jean-Pierre Hubaux Tutor: BerkerAgir Semester Project Security & Cooperation in Wireless Systems February 2012

2. Introduction • Widespread use of location-based services (LBS) • users reveal to a LBS provider personal location data • Concern for location privacy protection • unauthorized dissemination of location data • inference of sensitive information about user • Obfuscation: a common approach to protect privacy • reveal to LBS provider coarse location information

3. Problem Statement • Mobile user: reports set of locations between successive time instances • Privacy concern in the presence of a passive eavesdropper • Inspection of reported locations • Knowledge on geographical area, user’s mobility model • Processing of obfuscated traces -> tracking and localization attacks • How does the level of privacy gets affected? 1 2 3 4 5 6 7 8 12 9 10 11 13 14 15 16 Location obfuscation

4. Problem Statement Observation: the way we choose the reported locations at each time instance influences the level of location privacy at the next time instance because: • Existence of spatial correlation between the reported locations at time tiand those at time ti+1 • Transitions between locations are not equally probable • An adversary could reduce her uncertainty about user’s real location using Bayesian inference

5. Losing Privacy - Example timeline 1 2 1/2 1/2 t0 1/2 0 1/4 1/4 0 1/4 1/4 1/2 1 2 3 4 5 6 t1 1/2 1 0 1/2 5 6 7 8 1 Route: 2 -> 6 -> 7 7 8 t2 1 0

6. Project Objective • Design a heuristic location obfuscation algorithm so as the deterioration of location privacy level between successive time instances is minimum consider observations (1) and (2) • Intuition behind observations: • The linkability graph should stay a full graph • Select accessible and neighboring locations as fake ones • The selected fake locations should be plausible • Select locations that maximize

7. Mobility Predictor Which values to assign to the transitions between cells? • History-based mobility model Depends on the frequency of visiting next cell k starting from cell j during all past periods • Direction-based mobility model

8. Mobility Predictor • Combined mobility model where is the combination parameter • We assign values to transitions using the following where is the non-moving probability

9. The heuristic algorithm - Example {1,2,5,6} timeline 1 2 t0 1/2 1/2 {1,2,3,5,6,7} {1,2,5,6} {1,2,5,6} 2 6 t1 Pr(6 ,t1) 1 2 3 4 Pr(2,t1) {1,2,3,5,6,7} {1,2,3,5,6,7} 5 6 7 8 {1,2,3,5,6,7} 3 6 t2 Pr(3,t2) Pr(6,t2) Route: 1->2->3

10. Evaluation Framework Figure 1: Accessibility map and trace generators Figure 2: An example of a trace

11. Evaluation Framework Figure 3: Location obfuscation and location privacy measurement

12. Experimental Results • Setup parameters • 20 mobile users • 10 consecutive time instances • Location obfuscation parameter c=2 and c=3 Figure 4: Location privacy level for different mobility predictors

13. Experimental Results (a) For c=2 (b) For c=3 Figure 5: Comparison of effectiveness between heuristic and random algorithm

14. Conclusion Contribution • A heuristic algorithm for location obfuscation that aims to minimize deterioration of privacy level between successive time instances in a mobile setup • Implementation of an evaluation framework and experimentation Future Work • Identify and formally prove necessary and sufficient conditions • Extend heuristic for non-constant user speed and location obfuscation parameter • Experimentation on real-world traces