SLIDE 1
WINLAB Research Review May. 2007
1
Location Privacy Project
2
Preserving Privacy in GPS Traces via Uncertainty-Aware Path - - PowerPoint PPT Presentation
Preserving Privacy in GPS Traces via Uncertainty-Aware Path - - PowerPoint PPT Presentation
Preserving Privacy in GPS Traces via Uncertainty-Aware Path Cloaking Baik Hoh, Marco Gruteser (WINLAB) Hui Xiong (Rutgers Univ.) and Ansaf Alrabady (General Motors Corp.) WINLAB Research Review May. 2007 1 Motivation: Traffic Monitoring
SLIDE 2
SLIDE 3
Location Privacy Project
3
Location privacy challenges in traffic monitoring system
Still insider attacks and remote break-ins possible Anonymous Trace log files Home Bank Hospital Service Provider Tracking Algorithms recover trace (Median trip time
- nly 15min)
Access Control Encryption Home Identification Reidentification of traces through data analysis
SLIDE 4
Location Privacy Project
4
Objectives
Objectives
Strong anonymity: rotection against tracking and reidentification
for all drivers, regardless of vehicle or building density
Maintain data accuracy sufficient for traffic monitoring
Assumptions:
Trustworthy privacy server available to execute centralized
algorithm
Adversary has no prior information about the subjects being
tracked
SLIDE 5
Location Privacy Project
5
Prior Approaches
K-anonymity provides
privacy guarantees but does not meet accuracy requirements
Best effort algorithms
do allow outliers (long tracking), thus do not meet privacy requirements
- Subsampling
- Swing & Swap
- Mix Zones
- Path Confusion
3 5 7 9 500 1000 1500 2000 2500 3000 Anonymity level (k) Mean location error [m] Number of probe vehicles = 2000 Number of probe vehicles = 5500
SLIDE 6
Location Privacy Project
6
Approach: Guaranteed Time-to- confusion
Insight: Degree of privacy risk
strongly depends on how long an adversary can follow a vehicle
Time to confusion (TTC)
measures time between two points where a tracking uncertainty remains lower than a confusion threshold
Tracking Uncertainty can be
define based on entropy and
- Target tracking algorithm uses spatio-
temporal correlation to choose the next location sample of an anonymous user
SLIDE 7
Location Privacy Project
7
Algorithm: Uncertainty-aware Path Cloaking
Confusion Time Uncertainty threshold Timeout window (=5min) Confusion time update
SLIDE 8
Location Privacy Project
8
Evaluation
Data set: 24-hour GPS traces of 2000 probe vehicles on a
70km-by-70km area (built from ~200 actual vehicles)
Metrics: Tracking time and (relative) road coverage
2.8 2.9 3 3.1 3.2 3.3 3.4 3.5 x 10
5
4.66 4.67 4.68 4.69 4.7 4.71 4.72 4.73 4.74 x 10
6
x in UTM [m] y in UTM [m]
SLIDE 9
Location Privacy Project
9
Evaluation: Protection against Target Tracking
80 85 90 95 100 5 10 15 20 25 30 35 40 45 50 55 Relative weighted road coverage [%] Maximum time to confusion [min] 0.4 0.99 0.9 Random sampling Uncertainty−aware (Tout = 5min)
SLIDE 10
Location Privacy Project
10
2.8 2.9 3 3.1 3.2 3.3 3.4 3.5 x 10
5
4.67 4.68 4.69 4.7 4.71 4.72 4.73 4.74 x 10
6
Snapshot of privacy-preserved GPS traces: black dots are removed samples (5min,0.95)
SLIDE 11
Location Privacy Project
11
Summary
Time-to-confusion: can be widely used in analyzing a location
privacy of location traces database
Guaranteeing Bounded Privacy: Uncertainty-Aware Path Cloaking,
effectively suppresses tracking time outliers even in a sparse area
High data accuracy: Uncertainty-Aware Path Cloaking achieves data
quality similar to original location traces (without privacy protection)
Further Work:
- Map-based tracking model could be used in computing entropy in our proposed algorithm
- Inference attack with a priori knowledge on a selective individual needs to be analyzed
further
SLIDE 12
Location Privacy Project
12