1 / 29

MobiHide: A Secure Peer-to-Peer System for Location Privacy

MobiHide is a peer-to-peer system ensuring secure, anonymous location-based queries for mobile users in need of privacy. It employs innovative techniques like Hilbert transformation and scalable DHT infrastructure for enhanced data protection.

twilken
Download Presentation

MobiHide: A Secure Peer-to-Peer System for Location Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore and University of Peloponnese, Greece

  2. Location-Based Services • LBS users • Mobile devices with GPS capabilities • NN and Range Queries • Location server is NOT trusted • Google Maps, Mapquest, Microsoft Live, etc. • Privacy? Anonymity? “Find closest hospital to my present location”

  3. Problem Statement • Hide IP address and username • But user location may disclose identity • Triangulation of device signal • Publicly available databases • Physical surveillance • How to preserve query source anonymity? • Even when exact user locations are known

  4. K-Anonymity [Swe02] Quasi-identifier (a) Microdata (b) Voting Registration List (public) [Swe02] L. Sweeney. k-Anonymity: A Model for Protecting Privacy. Int. J. of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557-570, 2002.

  5. K-Anonymity (cont.) • 2-anonymous microdata (b) Voting Registration List (public)

  6. Anonymizing Spatial Region • Identification probability ≤1/K

  7. Centralized Anonymizer • Intermediate tier between users and LBS Bottleneck and single point of attack/failure

  8. MobiHide – Fully Distributed

  9. Existing Work: CloakP2P [Chow06] • Find K-1 NN of query source • Source likely to be closest to ASR center • Vulnerable to “center-of-ASR” attack NOT SECURE !!! uq 5-ASR [Chow06] – Chow et al, A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location-based Services, ACM GIS ’06

  10. Existing Work: PRIVE [GKS07] Aq has the reciprocity property iff • |AS| ≥ K •  ui,uj  AS, ui  ASj uj  ASi [GKS07] – PRIVÉ: Anonymous Location-based Queries in Distributed Mobile Systems , WWW ‘07

  11. PRIVE (cont.) • Based on Hilbert space-filling curve • index users by Hilbert value of location • partition Hilbert sequence into “K-buckets”

  12. PRIVE (cont.) Start End • Based on Hilbert space-filling curve • index users by Hilbert value of location • partition Hilbert sequence into “K-buckets”

  13. PRIVÉ Hierarchical Architecture • But requires “global knowledge” • Global rank of query source required • PRIVÉ employs an annotated tree index

  14. Motivation More secure Faster PRIVE MobiHide CloakP2P

  15. MobiHide • Uses Hilbert transformation • Key Idea • Remove the need for global knowledge • Allow random group formation • Scalable DHT infrastructure employed • Chord DHT

  16. MobiHide: Group Formation K

  17. MobiHide: Example

  18. MobiHide: Privacy • MobiHide is not reciprocal • Privacy guaranty for uniform query distribution only • But offers strong privacy features in practice, even for skewed distribution

  19. Correlation Attack (K = 4) U6 U8 U5 U7 U4 U9 U3 • 4-anonymity not achieved • However: Difficult attack in practice U10 U1 U2

  20. MobiHide Implementation • Two-layer Chord DHT • Each Chord node is a cluster of users • Bounded cluster size [,3)

  21. User Join/Cluster Split

  22. Load Balancing & Fault Tolerance • Load Balancing • Cluster head rotation mechanism • Fault Tolerance • Chord Periodic Stabilization Protocol • Leader election protocol • In case of cluster head failure

  23. Experimental Setup • San Francisco Bay Area road network • Network-based Generator of Moving Objects* • Up to 10000 users • Velocities from 18 to 68 km/h • Uniform and skewed query distribution * T. Brinkhoff. A Framework for Generating Network-Based Moving Objects. Geoinformatica, 6(2):153–180, 2002.

  24. “Center-of-ASR” Attack

  25. Correlation Attack

  26. ASR Formation Latency Response Time (sec)

  27. Points to Remember • LBS Privacy an important concern • Existing solutions are either not secure … • … or not scalable • MobiHide • Privacy guaranty for uniform query workload • Good best-effort privacy for skewed workload • Excellent scalability inherited from Chord DHT

  28. Bibliography on LBS Privacy http://anonym.comp.nus.edu.sg ?

  29. Bibliography • [Chow06] – Mokbel et al, A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location-based Services, ACM GIS ’06 • [Gru03] - Gruteser et al, Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking, MobiSys 2003 • [GKS07] – Ghinita G., Kalnis P., Skiadopoulos S., PRIVÉ: Anony-mous Location-based Queries in Distributed Mobile Systems, WWW 2007 • [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006

More Related