Computational Location Privacy: Two Fundamental Problems Reza - - PowerPoint PPT Presentation

computational location privacy two fundamental problems
SMART_READER_LITE
LIVE PREVIEW

Computational Location Privacy: Two Fundamental Problems Reza - - PowerPoint PPT Presentation

Jan 07, 2023 277 likes •402 views

Computational Location Privacy: Two Fundamental Problems Reza Shokri ETH Zurich Department of Computer Science They Profile You! They Track You! Loc ocation on-base sed S d Services es NSA L NSA Locati tion T Tracking Programs

slide-1
SLIDE 1

Computational Location Privacy: Two Fundamental Problems

Reza Shokri

ETH Zurich Department of Computer Science

slide-2
SLIDE 2

Loc

  • cation
  • n-base

sed S d Services es Soc

  • cial N

Network

  • rks

They Profile You!

NSA collects 5 billion location records a day on cellphones

They Track You!

washingtonpost.com

  • Co-Traveler
  • HappyFoot

NSA NSA L Locati tion T Tracking Programs

slide-3
SLIDE 3

Different Approaches to Privacy

Behavioral Computational Legal

slide-4
SLIDE 4

Computational Privacy

Quantifying Privacy Protecting Privacy

slide-5
SLIDE 5

Location Traces and Location-based Services

Actual Traces

slide-6
SLIDE 6

User-Centric Protection Mechanisms

  • Anonymization
  • Location Obfuscation
  • Decrease Granularity (Location Cloaking)
  • Decrease Accuracy (Location Perturbation)
  • Fake Location

Observed Traces

slide-7
SLIDE 7

System

User

Personal Information (location) S Estimate of User’s Location

S ^

Privacy (as expected inference error): ∑ Pr(S |O,K ) . d(S ,S )

Inference Attack Obfuscation

S

Observation

O

Background Knowledge (Mobility Model)

K

  • R. Shokri, et al., “Quantifying Location Privacy,” IEEE S&P - Oakland, 2011.
  • R. Shokri, et al., “Quantifying Location Privacy: The Case of Sporadic Location Exposure,” PETS, 2011.

^ ^

^

(Location-based Service)

How to Consistently Quantify Location Privacy?

slide-8
SLIDE 8

Inference Attacks

  • Identification: Which trace does belong to Alice?
  • Localization: Where was Alice at 8:00?
  • Tracking: Where did Alice go yesterday?
  • Meeting Disclosure: How many times did Alice and Bob meet?
  • R. Shokri, PhD Dissertation, EPFL 2013
slide-9
SLIDE 9

System

User

Personal Information (location) Obfuscation Observation Service

Utility Requirements

There is a tradeoff between privacy and utilit ility

How to Optimally Protect Location Privacy using Obfuscation?

slide-10
SLIDE 10

Solution: Decision Theory ?

  • Minimize privacy loss
  • Satisfy utility constraints

Inference Algorithm Obfuscation Inference Algorithm Obfuscation Inference Algorithm

Privacy decision making must be interact ctive

slide-11
SLIDE 11

Attacker Has the Upper Hand

Defender

Obfuscation #1 Obfuscation #2

Anticipated Attacker

Optimal Attack #1 Optimal Attack #2

Obfuscation #k Optimal Attack #k

… …

Privacy

… …

  • Solve conflicting optimizations: Defense and Attack

MAX

Defender Must Anticipate the Inference Attack

Game Theory

  • R. Shokri, et al., “Protecting Location Privacy: Optimal Strategy against Localization Attacks,” in ACM CCS 2012.
slide-12
SLIDE 12

Conclusions

  • Defense against surveillance
  • Practical protection mechanisms with theoretical foundations
  • Intelligent obfuscation methods, considering user behavior
  • Computational privacy
  • Quantify privacy using statistical inference: measure adversary error
  • Protect privacy in a strategic decision making process: find the optimal

balance between privacy, utility, and computing budgets