290 likes | 307 Views
MobiHide is a peer-to-peer system ensuring secure, anonymous location-based queries for mobile users in need of privacy. It employs innovative techniques like Hilbert transformation and scalable DHT infrastructure for enhanced data protection.
E N D
MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries Gabriel Ghinita, Panos Kalnis, Spiros Skiadopoulos National University of Singapore and University of Peloponnese, Greece
Location-Based Services • LBS users • Mobile devices with GPS capabilities • NN and Range Queries • Location server is NOT trusted • Google Maps, Mapquest, Microsoft Live, etc. • Privacy? Anonymity? “Find closest hospital to my present location”
Problem Statement • Hide IP address and username • But user location may disclose identity • Triangulation of device signal • Publicly available databases • Physical surveillance • How to preserve query source anonymity? • Even when exact user locations are known
K-Anonymity [Swe02] Quasi-identifier (a) Microdata (b) Voting Registration List (public) [Swe02] L. Sweeney. k-Anonymity: A Model for Protecting Privacy. Int. J. of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557-570, 2002.
K-Anonymity (cont.) • 2-anonymous microdata (b) Voting Registration List (public)
Anonymizing Spatial Region • Identification probability ≤1/K
Centralized Anonymizer • Intermediate tier between users and LBS Bottleneck and single point of attack/failure
Existing Work: CloakP2P [Chow06] • Find K-1 NN of query source • Source likely to be closest to ASR center • Vulnerable to “center-of-ASR” attack NOT SECURE !!! uq 5-ASR [Chow06] – Chow et al, A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location-based Services, ACM GIS ’06
Existing Work: PRIVE [GKS07] Aq has the reciprocity property iff • |AS| ≥ K • ui,uj AS, ui ASj uj ASi [GKS07] – PRIVÉ: Anonymous Location-based Queries in Distributed Mobile Systems , WWW ‘07
PRIVE (cont.) • Based on Hilbert space-filling curve • index users by Hilbert value of location • partition Hilbert sequence into “K-buckets”
PRIVE (cont.) Start End • Based on Hilbert space-filling curve • index users by Hilbert value of location • partition Hilbert sequence into “K-buckets”
PRIVÉ Hierarchical Architecture • But requires “global knowledge” • Global rank of query source required • PRIVÉ employs an annotated tree index
Motivation More secure Faster PRIVE MobiHide CloakP2P
MobiHide • Uses Hilbert transformation • Key Idea • Remove the need for global knowledge • Allow random group formation • Scalable DHT infrastructure employed • Chord DHT
MobiHide: Privacy • MobiHide is not reciprocal • Privacy guaranty for uniform query distribution only • But offers strong privacy features in practice, even for skewed distribution
Correlation Attack (K = 4) U6 U8 U5 U7 U4 U9 U3 • 4-anonymity not achieved • However: Difficult attack in practice U10 U1 U2
MobiHide Implementation • Two-layer Chord DHT • Each Chord node is a cluster of users • Bounded cluster size [,3)
Load Balancing & Fault Tolerance • Load Balancing • Cluster head rotation mechanism • Fault Tolerance • Chord Periodic Stabilization Protocol • Leader election protocol • In case of cluster head failure
Experimental Setup • San Francisco Bay Area road network • Network-based Generator of Moving Objects* • Up to 10000 users • Velocities from 18 to 68 km/h • Uniform and skewed query distribution * T. Brinkhoff. A Framework for Generating Network-Based Moving Objects. Geoinformatica, 6(2):153–180, 2002.
ASR Formation Latency Response Time (sec)
Points to Remember • LBS Privacy an important concern • Existing solutions are either not secure … • … or not scalable • MobiHide • Privacy guaranty for uniform query workload • Good best-effort privacy for skewed workload • Excellent scalability inherited from Chord DHT
Bibliography on LBS Privacy http://anonym.comp.nus.edu.sg ?
Bibliography • [Chow06] – Mokbel et al, A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location-based Services, ACM GIS ’06 • [Gru03] - Gruteser et al, Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking, MobiSys 2003 • [GKS07] – Ghinita G., Kalnis P., Skiadopoulos S., PRIVÉ: Anony-mous Location-based Queries in Distributed Mobile Systems, WWW 2007 • [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006