Preserving Privacy in GPS Traces via Uncertainty-Aware Path Cloaking Baik Hoh, Marco Gruteser (WINLAB) Hui Xiong (Rutgers Univ.) and Ansaf Alrabady (General Motors Corp.) WINLAB Research Review May. 2007 1
Motivation: Traffic Monitoring Through Probe Vehicles Location Privacy Project 2
Location privacy challenges in traffic monitoring system Still insider attacks and Anonymous Trace remote break-ins possible log files Access Reidentification of Control traces through data analysis Tracking Algorithms Service Provider recover trace (Median trip time Encryption only 15min) Home Hospital Home Identification Bank Location Privacy Project 3
Objectives � Objectives � Strong anonymity: rotection against tracking and reidentification for all drivers, regardless of vehicle or building density � Maintain data accuracy sufficient for traffic monitoring � Assumptions: � Trustworthy privacy server available to execute centralized algorithm � Adversary has no prior information about the subjects being tracked Location Privacy Project 4
Prior Approaches � K-anonymity provides 3000 privacy guarantees but Number of probe vehicles = 2000 Number of probe vehicles = 5500 does not meet accuracy 2500 requirements � Best effort algorithms Mean location error [m] 2000 do allow outliers (long tracking), thus do not 1500 meet privacy requirements 1000 Subsampling � � Swing & Swap 500 Mix Zones � � Path Confusion 0 3 5 7 9 Anonymity level (k) Location Privacy Project 5
Approach: Guaranteed Time-to- confusion � Insight: Degree of privacy risk strongly depends on how long an adversary can follow a vehicle � Time to confusion (TTC) measures time between two points where a tracking uncertainty remains lower than a confusion threshold � Tracking Uncertainty can be define based on entropy and � Target tracking algorithm uses spatio- temporal correlation to choose the next location sample of an anonymous user Location Privacy Project 6
Algorithm: Uncertainty-aware Path Cloaking Confusion time update Confusion Timeout window (=5min) Uncertainty threshold Time Location Privacy Project 7
Evaluation � Data set: 24-hour GPS traces of 2000 probe vehicles on a 70km-by-70km area (built from ~200 actual vehicles) � Metrics: Tracking time and (relative) road coverage 6 x 10 4.74 4.73 4.72 4.71 y in UTM [m] 4.7 4.69 4.68 4.67 4.66 2.8 2.9 3 3.1 3.2 3.3 3.4 3.5 x in UTM [m] 5 x 10 Location Privacy Project 8
Evaluation: Protection against Target Tracking 55 Random sampling 50 Uncertainty−aware (Tout = 5min) 45 Maximum time to confusion [min] 40 35 30 25 20 15 10 0.99 0.9 0.4 5 0 80 85 90 95 100 Relative weighted road coverage [%] Location Privacy Project 9
Snapshot of privacy-preserved GPS traces: black dots are removed samples (5min,0.95) 6 x 10 4.74 4.73 4.72 4.71 4.7 4.69 4.68 4.67 2.8 2.9 3 3.1 3.2 3.3 3.4 3.5 5 x 10 Location Privacy Project 10
Summary � Time-to-confusion: can be widely used in analyzing a location privacy of location traces database � Guaranteeing Bounded Privacy: Uncertainty-Aware Path Cloaking, effectively suppresses tracking time outliers even in a sparse area � High data accuracy: Uncertainty-Aware Path Cloaking achieves data quality similar to original location traces (without privacy protection) � Further Work: � Map-based tracking model could be used in computing entropy in our proposed algorithm Inference attack with a priori knowledge on a selective individual needs to be analyzed � further Location Privacy Project 11
12 Location Privacy Project Questions?
Recommend
More recommend
