elastic distinguishability metrics for location privacy
play

Elastic distinguishability metrics for Location Privacy Marco - PowerPoint PPT Presentation

Elastic distinguishability metrics for Location Privacy Marco Stronati marco@stronati.org joint work with K. Chatzikokolakis and C. Palamidessi 1 / 14 Privacy for LBS Goal: limit semantic inference (not anonymity) Reasonable utility for


  1. Elastic distinguishability metrics for Location Privacy Marco Stronati marco@stronati.org joint work with K. Chatzikokolakis and C. Palamidessi 1 / 14

  2. Privacy for LBS Goal: limit semantic inference (not anonymity) Reasonable utility for LBS 2 / 14

  3. Obfuscation Mechanism − → M − → x z [Chatzikokolakis et. al: Broadening the Scope of Differential Privacy Using Metrics. PETS’13] 3 / 14

  4. Obfuscation Mechanism − → M − → x z [Chatzikokolakis et. al: Broadening the Scope of Differential Privacy Using Metrics. PETS’13] 3 / 14

  5. Obfuscation Mechanism − → M − → x z [Chatzikokolakis et. al: Broadening the Scope of Differential Privacy Using Metrics. PETS’13] 3 / 14

  6. Obfuscation Mechanism − → M − → x z [Chatzikokolakis et. al: Broadening the Scope of Differential Privacy Using Metrics. PETS’13] 3 / 14

  7. Obfuscation Mechanism − → M − → x z d X -privacy d P ( M ( x ) , M ( x ′ )) ≤ d X ( x , x ′ ) ∀ x , x ′ Distinguishability Metric on your set of secrets Apply noise according to the metric [Chatzikokolakis et. al: Broadening the Scope of Differential Privacy Using Metrics. PETS’13] 3 / 14

  8. Geo Indistinguishability d X ( x , x ′ ) = ǫ d E ( x , x ′ ) Space is privacy ǫ tunes how much Requirement I want to be indistinguishable from a certain amount of space. [Andr´ es et al: Geo-indistinguishability: differential privacy for location-based systems. CCS’13] 4 / 14

  9. Geo Indistinguishability d X ( x , x ′ ) = ǫ d E ( x , x ′ ) Space is privacy ǫ tunes how much Requirement I want to be indistinguishable from a certain amount of space. [Andr´ es et al: Geo-indistinguishability: differential privacy for location-based systems. CCS’13] 4 / 14

  10. Not adaptable 5 / 14

  11. Privacy Mass from OpenStreetMap 6 / 14

  12. Privacy Mass from OpenStreetMap 6 / 14

  13. Privacy Requirement I want to be indistinguishable from a certain amount of privacy mass . req ( l ) = mass 7 / 14

  14. Building an Elastic Metric Graph-based algo: start with a disconnetted graph interate over all nodes ◮ compute mass ◮ add an edge with l = req − 1 ( mass ) we stop at l ⊤ d X ( x , x ′ ) = shortest-path ( x , x ′ ) 8 / 14

  15. Building an Elastic Metric Graph-based algo: start with a disconnetted graph interate over all nodes ◮ compute mass ◮ add an edge with l = req − 1 ( mass ) we stop at l ⊤ d X ( x , x ′ ) = shortest-path ( x , x ′ ) 8 / 14

  16. Building an Elastic Metric Graph-based algo: start with a disconnetted graph interate over all nodes ◮ compute mass ◮ add an edge with l = req − 1 ( mass ) we stop at l ⊤ d X ( x , x ′ ) = shortest-path ( x , x ′ ) 8 / 14

  17. Building an Elastic Metric Graph-based algo: start with a disconnetted graph interate over all nodes ◮ compute mass ◮ add an edge with l = req − 1 ( mass ) we stop at l ⊤ d X ( x , x ′ ) = shortest-path ( x , x ′ ) 8 / 14

  18. Building an Elastic Metric Graph-based algo: start with a disconnetted graph interate over all nodes ◮ compute mass ◮ add an edge with l = req − 1 ( mass ) we stop at l ⊤ d X ( x , x ′ ) = shortest-path ( x , x ′ ) 8 / 14

  19. Building an Elastic Metric Graph-based algo: start with a disconnetted graph interate over all nodes ◮ compute mass ◮ add an edge with l = req − 1 ( mass ) we stop at l ⊤ d X ( x , x ′ ) = shortest-path ( x , x ′ ) 8 / 14

  20. Building an Elastic Metric Graph-based algo: start with a disconnetted graph interate over all nodes ◮ compute mass ◮ add an edge with l = req − 1 ( mass ) we stop at l ⊤ d X ( x , x ′ ) = shortest-path ( x , x ′ ) 8 / 14

  21. Building an Elastic Metric Graph-based algo: start with a disconnetted graph interate over all nodes ◮ compute mass ◮ add an edge with l = req − 1 ( mass ) we stop at l ⊤ d X ( x , x ′ ) = shortest-path ( x , x ′ ) 8 / 14

  22. Elastic Mechanism Elastic Mechanism = Elastic Metric + Exponential Mechanism 9 / 14

  23. Elastic Mechanism 9 / 14

  24. Elastic Mechanism 9 / 14

  25. Elastic Mechanism 9 / 14

  26. Evaluation EM vs PL City (Paris) vs Subsurb (Nanterre) Fixed Utility as Expected Error Compare Privacy as Adversarial Error Gowalla and Brightkite datasets [Shokri, Theodorakopoulos, Boudec, Hubaux. Quantifying location privacy. S&P’11] 10 / 14

  27. Evaluation 8000 1 PL 7000 0.95 6000 0.9 Expected Error (m) 5000 0.85 AdvError 4000 0.8 3000 0.75 2000 0.7 1000 0.65 0 0.6 EM city EM suburb EM city PL city EM suburb PL suburb 11 / 14

  28. Conclusion & Future Geoind is simple and efficient (Location Guard) Too rigid! Contributions: Elastic metric with privacy mass requirement Scalable algorithm Future Work: Include in privacy mass ideas from k-anonymity Lightweight version for Location Guard 12 / 14

  29. Thanks Don’t miss Location Guard tomorrow 13 / 14

  30. Fences linear growth of epsilon fences for recurrent places achieve “better privacy” consuming less ǫ x , x ′ /  d X ( x , x ′ ) ∈ F  x , x ′ ∈ F d F ( x , x ′ ) = 0 o . w . ∞  14 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend