1 / 48

On the Optimal Placement of Mix Zones

On the Optimal Placement of Mix Zones. Julien Freudiger , Reza Shokri and Jean-Pierre Hubaux PETS, 2009. Wireless Trends. Phones Always on (Bluetooth, WiFi ) Background apps New hardware going wireless Cars, passports, keys, …. Peer-to-Peer Wireless Networks. 1. 2. Identifier.

lynch
Download Presentation

On the Optimal Placement of Mix Zones

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On the Optimal Placement of Mix Zones JulienFreudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009

  2. Wireless Trends • Phones • Always on (Bluetooth, WiFi) • Background apps • New hardware going wireless • Cars, passports, keys, …

  3. Peer-to-Peer Wireless Networks 1 2 Identifier Message

  4. Examples VANETs Social networks • Urban Sensing networks • Delay tolerant networks • Peer-to-peer file exchange

  5. Location Privacy Problem Monitor identifiers used in peer-to-peer communications a b c

  6. bluetoothtracking.org

  7. Previous Work Message Pseudonym • Pseudonymous location traces • Home/work location pairs are unique [1] • Re-identification of traces through data analysis [2,3,5] • Location traces without any pseudonyms • Re-identification of individual trace and home [4] • Attack:Spatio-Temporalcorrelation of traces Identifier Message [1] P. Golle and K. Partridge. On the Anonymity of Home/Work Location Pairs. Pervasive Computing, 2009 [2] A. Beresford and F. Stajano. Location Privacy in Pervasive Computing. IEEE Pervasive Computing, 2003 [3] B. Hoh et al. Enhancing Security & Privacy in Traffic Monitoring Systems. Pervasive Computing, 2006 [4] B. Hoh and M. Gruteser. Protecting location privacy through path confusion. SECURECOMM, 2005 [5] J. Krumm. Inference Attacks on Location Tracks. Pervasive Computing, 2007

  8. Location Privacy with Mix ZonesPrevent long term tracking ? b 1 1 1 a 2 2 Mix zone • Change identifier in mix zones [6,7] • Key used to sign messages is changed • MAC address is changed [6] A. Beresford and F. Stajano. Mix Zones: User Privacy in Location-aware Services. Pervasive Computing and Communications Workshop, 2004 [7] M. Gruteser and D. Grunwald. Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. Mobile Networks and Applications, 2005

  9. Mix networks vs Mix zones Alice home Mix network Mix Zones Mix node Mix node Alice work Bob Alice Mix node

  10. Where to place mix zones?

  11. Outline Shibuyu Crossing, Tokyo • Mix Zone Effectiveness • Placement of Mix Zones • Application Example

  12. Mobility Model • Nodes move according to flows [8] • A flow defines a trajectory in network • Nodes belong to a single flow • Several nodes share same flow [8] M.C. Gonzalez, C.A. Hidalgo, and A.-L. Barabasi. Understanding individual Human Mobility Patterns. Nature, 2008

  13. Mix Zones Model • Mix zones have • Set of entry/exit points • Traversed by mobile nodes • Mobility profile of a mix zone [6] • Trajectory • Sojourn time

  14. Trajectory 1/4 3/4 0 1/3 1/3 1/3 0 2/3 1/3 1/4 1/2 1/4

  15. Sojourn Time Pr(Δt) Δt

  16. Mix Zone EffectivenessEvent-Based Metric [6] T 1 2 Entering events t Exiting events t a b Pv is probability of assignment I = total number of assignments

  17. Event-Based Discussion • Precise • Measures attacker success • Requires installing eavesdropping stations at every mix zones • What if nodes are across various windows T • High complexity (compute all assignments) + –

  18. Mix Zone EffectivenessFlow-based Metric • Desired properties • Prior to network operation • Rely on general statistics of mobility • Efficient • Key idea • Consider average behavior in mix zones • Measure probability of error of adversary

  19. Decision Theory Model Choice under uncertainty • Assume 2 flows f1, f2 converge to same exit Mix zone 1 Any event x 2

  20. Bayes Decision Rule • Choose hypothesis with largest a posteriori probability • Minimizes probability of error is the a priori probability that an event belongs to fj is the conditional probability of observing x knowing that x belongs to fj

  21. Probability of Error pe

  22. Jensen-Shannon Divergence • Measure distance between probability distributions • Provides both lower and upper bounds for the probability of error

  23. Illustration of Metric Outline

  24. Outline • Mix Zone Effectiveness • Placement of Mix Zones • Application Example

  25. Description • Central authority decides offline where to deploy mix zones • Knows mobility model • Knows effectiveness of possible mix zones locations

  26. Distance to Confusion [9] • Between mix zones, adversary can track nodes • Mix zone = confusion point • Bound distance between mix zones Distance-to-confusion Mix zone 1 Mix zone 2 [9] B. Hoh et al.. Virtual Trip Lines for Distributed Privacy-Preserving Traffic Monitoring. MobiSys, 2008

  27. Cost of mix zones • Use pseudonyms • Must remain silent for a period of time • Bound cost for each node

  28. Placement Optimization • Use a subset of all possible mix zones Mix zone effectiveness Cost Distance to confusion where wi is cost of a mix zone Wmax is maximum cost Cmax is maximum distance-to-confusion

  29. Illustration of Algorithm 4 1 2 3

  30. Outline • Mix Zone Effectiveness • Placement of Mix Zones • Application Example

  31. Simulation Setup • Urban mobility simulator (SUMO) • Real (cropped) map • Flows • Attack Implementation (MOBIVACY) • Compute mobility profiles for each mix zone • Predict most probable assignment of entering/exiting nodes for each mix zone

  32. Map of New York City

  33. Metric & Configuration • Matching success of mix zone i • Tracking success • System parameters • dtc <= 2km • cost <= 3 mix zones

  34. Mix Zone Performance

  35. Mix Zone Placement (avg=0.48) (avg=1.56) (avg=1.55) (avg=3.56)

  36. Tracking Success for different deployments

  37. Performance of Deployment

  38. Tracking Success with different traffic conditions

  39. Conclusion • Construct a network of mix zones • Measure of mix zones effectiveness based on • Mobility profiles • Jensen-Shannon divergence • Optimization model • Results • Optimal algorithm prevents bad placement • 30% increase of location privacy compared to random julien.freudiger@epfl.ch

  40. Backup Slides

  41. Future Work • Real mobility traces • More realistic intersection model • Weight location in optimization • Some regions are more sensitive • Larger map • Other attacks

  42. How to obtain mix zones? • Silent mix zones • Turn off transceiver • Passive mix zones • Where adversary is absent • Before connecting to Wireless Access Points • Encrypt communications • With help of infrastructure • Distributed

  43. Event-based Metric • Assume adversary knows mobility profiles • Consider nodes entering/exiting mix zone i over T time steps Pv is probability of assignment I = total number of assignments • Average entropy:

  44. GeneralizationConsider average behavior Mix zone 1 1 x 2 2 2 2

  45. Mix Zone Placement • Average number of traversed mix zone = average cost • Optimal performs close to full at much lower cost

  46. Tracking Success for different adversary strength

  47. Tracking Success for different mix zone radius

  48. Average Tracking Success

More Related