quantifying privacy loss of human mobility graph topology
play

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th - PowerPoint PPT Presentation

Dec 14, 2022 •299 likes •758 views

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 2427, 2018 Dionysis Manousakas , Cecilia Mascolo , , Alastair R. Beresford , Dennis Chan , Nikhil Sharma

  1. Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 24–27, 2018 Dionysis Manousakas ∗ , Cecilia Mascolo ∗ , † , Alastair R. Beresford ∗ , Dennis Chan ∗ , Nikhil Sharma ‡ ∗ University of Cambridge † The Alan Turing Institute ‡ UCL

  2. Mobility data privacy vs. utility analytics PETS’18 Background 2 • Information sharing for data-driven customization and large-scale • context-awareness • transportation management, health studies, urban development • Utility -preserving anonymized data representations • timestamped GPS, CDR, etc. measurements • histograms • heatmaps • graphs • How privacy conscientious they are? • often poorly understood, leading to privacy breaches

  3. Mobility data privacy vs. utility analytics PETS’18 Background 2 • Information sharing for data-driven customization and large-scale • context-awareness • transportation management, health studies, urban development • Utility -preserving anonymized data representations • timestamped GPS, CDR, etc. measurements • histograms • heatmaps • graphs • How privacy conscientious they are? • often poorly understood, leading to privacy breaches

  4. Mobility data privacy vs. utility analytics PETS’18 Background 2 • Information sharing for data-driven customization and large-scale • context-awareness • transportation management, health studies, urban development • Utility -preserving anonymized data representations • timestamped GPS, CDR, etc. measurements • histograms • heatmaps • graphs • How privacy conscientious they are? • often poorly understood, leading to privacy breaches

  5. Mobility data privacy vs. utility analytics PETS’18 Background 2 • Information sharing for data-driven customization and large-scale • context-awareness • transportation management, health studies, urban development • Utility -preserving anonymized data representations • timestamped GPS, CDR, etc. measurements • histograms • heatmaps • graphs • How privacy conscientious they are? • often poorly understood, leading to privacy breaches

  6. Deanonymizing mobility Raw mobility data Inference on individual traces information 1 Sparsity and regularity-based [Zang and Bolot, 2011] [de Montjoye et al., 2013] [Naini et al., 2016] PETS’18 Background 3 • ”top- N ” location attacks • unicity of spatio-temporal points • matching of individual mobility histograms

  7. Deanonymizing mobility Raw mobility data Inference on individual traces information [De Mulder et al., 2008] PETS’18 Background 4 2 Probabilistic models • Markovian mobility models • Mobility Markov chains [Gambs et al., 2014]

  8. Deanonymizing mobility Raw mobility data Inference on population statistics aggregated mobility data [Xu et al., 2017] location time-series [Pyrgelis et al., 2017] PETS’18 Background 5 3 On aggregate information • Individual trajectory recovery from • Probabilistic inference on aggregated

  9. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  10. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  11. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  12. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  13. Mobility representations raw mobility data sequences of pseudonymised regions of interest e.g. MDC research track, Device Analyzer storage cost utility inference diffjculty privacy loss ? PETS’18 Motivation 6

  14. Motivation Let’s remove – What is the privacy leakage of this representation? – Does topology still bear identifjable information? – Can an adversary exploit it in a deanonymization attack? PETS’18 Motivation 7 • temporal (except from ordering of states) • geographic, and • cross-referencing information

  15. Motivation Let’s remove – What is the privacy leakage of this representation? – Does topology still bear identifjable information? – Can an adversary exploit it in a deanonymization attack? PETS’18 Motivation 7 • temporal (except from ordering of states) • geographic, and • cross-referencing information

  16. Mobility information fmow Removal of Geographic-Temporal Information Mobility Data Graph Topology Sparsity Recurrence Privacy Loss PETS’18 Overview 8

  17. Mobility information fmow Removal of Geographic-Temporal Information Mobility Data Graph Topology Sparsity Recurrence Privacy Loss PETS’18 Overview 8

  18. Mobility information fmow Removal of Geographic-Temporal Information Mobility Data Graph Topology Sparsity Recurrence Privacy Loss PETS’18 Overview 8

  19. Mobility information fmow Removal of Geographic-Temporal Information Mobility Data Graph Topology Sparsity Recurrence Privacy Loss PETS’18 Overview 8

  20. Difgerences of our approach Mobility deanonymization Overview PETS’18 information Sharad and Danezis, 2014] [Narayanan and Shmatikov, 2008, node matching entire graph : No need for Privacy on graphs [Lin et al., 2015] ) information (as opposed to locations 9 • Each user ’s information is an • No cross-referencing between • No fjne-grained temporal • No social network

  21. Data information, cellular and wireless location PETS’18 Overview 10 • Device Analyzer : global dataset from mobile devices with system • 1500 users with the most cid location datapoints • average of 430 days of observation, • 200 regions of interest • cids pseudonymized per handset

  22. Mobility networks Graphs with nodes corresponding to ROIs and edges to recorded transitions between ROIs data [Scholtes, 2017] visited regions in user’s routine PETS’18 Overview 11 • Network Order Selection via Markov chain modeling of sequential • Node attributes with no temporal/geographic information • Edge weights corresponding to frequency of transitions • Location pruning to top − N networks by keeping the most frequently

  23. Empirical statistics Graphs with: PETS’18 Overview 12 • heavy-tailed degree distributions • large number of rarely repeated transitions • small number of frequent transitions • high recurrence rate

  24. Privacy framework is the minimum cardinality of isomorphism classes within a population of graphs [Sweeney, 2002] PETS’18 Method 13 k − anonymity via graph isomorphism Graph k − anonymity

  25. directed undirected undirected networks PETS’18 Method 14 Identifjability of top − N mobility networks • 15 and 19 locations suffjce to form uniquely identifjable directed and • 5 and 8 are the corresponding theoretical upper bounds

  26. directed and undirected networks respectively PETS’18 Method 15 Anonymity size of top − N mobility networks • small isomorphism clusters for even very few locations • median anonymity becomes one for network sizes of 5 and 8 in

  27. Recurring patterns in typical user’s mobility 1st half of the observation period 2nd half of the observation period observation window PETS’18 Method 16 shown edges correspond to the 10 % most frequent transitions in the respective

  28. Threat Model PETS’18 Method 17

  29. Threat Model DISCLOSED IDs UNDISCLOSED IDs PETS’18 Method 18 G train G test • closed-world • partition point for each user randomly ∈ (0 . 3 , 0 . 7) of total obs. period • state frequency information

  30. Threat Model PETS’18 Method 19

  31. Attacks: Uninformed Adversary P for every G i PETS’18 Method 20 ( ) l G ′ = l G i = 1/ |L| , ∈ G train expected rank = |L| / 2

  32. Attacks: Informed Adversary P Method PETS’18 f : non-decreasing K : graph similarity metric, , 21 K ( G i , G ′ ) ( l G ′ = l G i ) ( ) |G train , K ∝ f for every G i ∈ G train

  33. Attacks: Informed Adversary PL Method PETS’18 true P 22 P • Posterior probability K ( G i , G ′ ) ( ) ( ) l G ′ = l G i |G train , K ∝ f , for every G i ∈ G train • Privacy Loss ( ) l G ′ = l G ′ true |G train , K G ′ ; G train , K ( ) = P − 1 ( ) l G ′ = l G ′

  34. Graph Similarity Functions Graph Kernels Method PETS’18 G 23 Express similarity as inner product of vectors with graph statistics [Vishwanathan et al., 2010] subtrees) • on Atomic Substructures (e.g. Shortest-Paths, Weisfeiler-Lehman ⟨ ⟩ φ ( G ′ ) φ ( G ) K ( G , G ′ ) = || φ ( G ) || , || φ ( G ′ ) || • Deep Kernels [Yanardag and Vishwanathan, 2015] K ( G , G ′ ) = φ G ′ ) ( ) T M φ ( M : encodes similarities between substructures

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in

Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in

Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in Human Health Risk/Safety Assessment Ralph L. Kodell, Ph.D. Department of Biostatistics University of Arkansas for Medical Sciences Little Rock,

600 views • 33 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
More mobility options, more data: Transportation and privacy issues in shared-mobility data use

More mobility options, more data: Transportation and privacy issues in shared-mobility data use

More mobility options, more data: Transportation and privacy issues in shared-mobility data use Tuesday, February 25, 2020 1:30pm California Legislature Information Hearing State Capitol, Room 4203 Senate Transportation & Judiciary

315 views • 14 slides
Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1

Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1

Using&Risk&Management&to&Improve& Privacy&in&Informa7on&Systems 1 Poten7al&Problems&for&Individuals Loss&of&Autonomy Exclusion Loss&of&Self& Loss&of&Liberty

538 views • 19 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Body Weight Dynamics Kevin D. Hall, Ph.D. NIDDK May 2, 2013 The Old Math of Weight Loss 3500

Body Weight Dynamics Kevin D. Hall, Ph.D. NIDDK May 2, 2013 The Old Math of Weight Loss 3500

The Calculus of Calories Quantifying Human Body Weight Dynamics Kevin D. Hall, Ph.D. NIDDK May 2, 2013 The Old Math of Weight Loss 3500 kcal per pound Practical Guide to the Identification, Evaluation, and Treatment of Overweight and

900 views • 37 slides
Social and economic mobility: are destinies diverging? Anna Ludwinek Research Manager European

Social and economic mobility: are destinies diverging? Anna Ludwinek Research Manager European

Social and economic mobility: are destinies diverging? Anna Ludwinek Research Manager European Foundation For the Improvement of Living and Working Conditions LSE, June 14th, 2017 Why does social mobility matter? Economic loss of human

299 views • 14 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
3.6 GRAPH THEORY APPROACH Graph theory is basically a branch of topology. Geometric structure of a

3.6 GRAPH THEORY APPROACH Graph theory is basically a branch of topology. Geometric structure of a

CE -751, SLD, Class Notes, Fall 2006, IIT Bombay Where Y = the average assigned volumes Y =The trips assigned to the links during the ith iteration of the linear i graph procedure including iterations n= the number of linear graph iterations

745 views • 48 slides
The Connected Mobility Global Forecast Quantifying future connected car services April 2016 -

The Connected Mobility Global Forecast Quantifying future connected car services April 2016 -

PTOLEMUS Consulting Group The Connected Mobility Global Forecast Quantifying future connected car services April 2016 - PTOLEMUS intellectual property PTOLEMUS in a nutshell The consulting & research firm for the connected world Our

869 views • 19 slides
in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

Open Charging Cloud Security and Privacy in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network Architecture e-Mobility Energy Provider 1 Provider Charging (Mobile) Station Charging Internet

563 views • 39 slides
Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas

Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas

Graph Perturbation as Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas Data Privacy Management Luxembourg, 26 September 2019 Outline 1. Introduction Motivations and objectives Random graph

355 views • 20 slides
Graph-theoretic methods in combinatorial (algebraic) topology Micha l Adamaszek Universit

Graph-theoretic methods in combinatorial (algebraic) topology Micha l Adamaszek Universit

Graph-theoretic methods in combinatorial (algebraic) topology Micha l Adamaszek Universit at Bremen Joint work with Jan Hladk y and Juraj Stacho Micha l Adamaszek Graph-theoretic methods 1 / Combinatorial (algebraic)

272 views • 16 slides
Crowdsourcing and HCI 2: Privacy and Latency Crowdsourcing and Human Computation Instructor:

Crowdsourcing and HCI 2: Privacy and Latency Crowdsourcing and Human Computation Instructor:

Crowdsourcing and HCI 2: Privacy and Latency Crowdsourcing and Human Computation Instructor: Chris Callison-Burch Website: crowdsourcing-class.org Privacy Would you let crowd workers read your email? Problems with email as a task management

786 views • 59 slides
Deep Topology Classifica0on: A New Approach for Massive Graph Classifica0on Stephen Bonner, John

Deep Topology Classifica0on: A New Approach for Massive Graph Classifica0on Stephen Bonner, John

Deep Topology Classifica0on: A New Approach for Massive Graph Classifica0on Stephen Bonner, John Brennan, Georgios Theodoropoulos, Ibad Kureshi and Andrew Stephen McGough School of Engineering and Computing Sciences Durham University, Durham,

300 views • 16 slides
Income inequality in Ireland The distribution of individual earnings Outline Historical

Income inequality in Ireland The distribution of individual earnings Outline Historical

Income inequality in Ireland The distribution of individual earnings Outline Historical trends in income inequality Inequality of labour income in EU comparison Causes of inequality Problem of structure vs problem of pay?

246 views • 7 slides
Logic-Flow Analysis of Higher-Order Programs Matt Might http://matt.might.net/ POPL 2007 1

Logic-Flow Analysis of Higher-Order Programs Matt Might http://matt.might.net/ POPL 2007 1

Logic-Flow Analysis of Higher-Order Programs Matt Might http://matt.might.net/ POPL 2007 1 Why? Tim Sweeney, POPL 2006 Static array-bounds checking. Example ... a[i] ... Will 0 i < a.length always hold? 2 Why? Tim Sweeney, POPL

1.36k views • 123 slides
Bayes-Nash Price of Anarchy for GSP Renato Paes Leme va Tardos Cornell University Keyword

Bayes-Nash Price of Anarchy for GSP Renato Paes Leme va Tardos Cornell University Keyword

Bayes-Nash Price of Anarchy for GSP Renato Paes Leme va Tardos Cornell University Keyword Auctions sponsored search links organic search results Keyword Auctions Keyword Auctions Auction Model $$$ b 1 $$$ b 3 b 2 $$ b 4 b 5 $$ $ b

742 views • 29 slides
Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro

Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro

CSE 312 Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro tessaro@cs.washington.edu 1 Setting Data mining Statistical queries Medical data Query logs Social network data 2 Setting

1.03k views • 21 slides
MA111: Contemporary mathematics . Jack Schmidt University of Kentucky November 14, 2012

MA111: Contemporary mathematics . Jack Schmidt University of Kentucky November 14, 2012

. MA111: Contemporary mathematics . Jack Schmidt University of Kentucky November 14, 2012 Entrance Slip (due 5 min past the hour): Two people own a house together, but no longer want to live together. One thinks the house is worth $100k, one

383 views • 7 slides
Trade, Market Imperfections and Labour Share Dibyendu Maiti Delhi School of Economics

Trade, Market Imperfections and Labour Share Dibyendu Maiti Delhi School of Economics

Trade, Market Imperfections and Labour Share Dibyendu Maiti Delhi School of Economics dibyendu@econdse.org 11-13 September 2019 WIDER Conference, UN ESCAP 11-13 September 2019 WIDER Conference, UN Dibyendu Maiti (DSE) Trade, Market

938 views • 45 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides
Overview: More Harm Than Good? Authors: Sarah L Bruce Advisor: Alexis Hickman Bateman, Edgar

Overview: More Harm Than Good? Authors: Sarah L Bruce Advisor: Alexis Hickman Bateman, Edgar

Ethanol Supply Chain and Industry Overview: More Harm Than Good? Authors: Sarah L Bruce Advisor: Alexis Hickman Bateman, Edgar Blanco Sponsor: Yossi Sheffi MIT SCM ResearchFest May 23-24, 2012 Ethanol Topics What is Ethanol? Thesis

366 views • 22 slides

More recommend