1 / 44

CacheCloak: Privacy-preserving Location-based Applications

CacheCloak is a system that provides spatial accuracy, real-time updates, and privacy guarantees for location-based applications, even in sparse populations. It predicts user paths and partially hides locations until users intersect, ensuring privacy without sacrificing quality of localization.

ljacobsen
Download Presentation

CacheCloak: Privacy-preserving Location-based Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hiding Stars with Fireworks:Location Privacy through CamouflageJoseph Meyerowitz Romit Roy ChoudhuryECE and Physics Dept. of ECE and CS

  2. Context Better localization technology + Pervasive wireless connectivity = Location-based applications

  3. Location-Based Apps • For Example: • GeoLife shows grocery list near WalMart • Micro-Blog allows location scoped querying • Location-based ad: Coffee coupon at Starbucks • … • Location expresses context of user • Facilitating content delivery Its as if Location is the IP address for content

  4. Double-Edged Sword While location drives this new class of applications, it also violates user’s privacy Sharper the location, richer the app, deeper the violation

  5. Double-Edged Sword While location drives this new class of applications, it also violates user’s privacy Sharper the location, richer the app, deeper the violation Moreover, range of apps are PUSH based. Require continuous location information Phone detected at Starbucks, PUSH a coffee coupon Phone located on highway, query traffic congestion

  6. Location Privacy • Problem: • Research: Continuous location exposure a serious threat to privacy Preserve privacy without sacrificing the quality of continuous loc. based apps

  7. Just Call Yourself ``Freddy” • Pseudonymns [Gruteser04] • Effective only when infrequent location exposure • Else, spatio-temporal patterns enough to deanonymize … think breadcrumbs Leslie Jack John Susan Alex Romit’s Office

  8. Add Noise • K-anonymity[Gedic05] • Convert location to a space-time bounding box • Ensure K users in the box • Location Apps reply to boxed region • Issues • Poor quality of location • Degrades in sparse regions • Not real-time Bounding Box You K=4

  9. Confuse Via Mixing • Path intersections is an opportunity for privacy • If users intersect in space-time, cannot say who is who later

  10. ? ? Unfortunately, users may not intersect in both space and time Confuse Via Mixing • Path intersections is an opportunity for privacy • If users intersect in space-time, cannot say who is who later Hospital Airport

  11. Hiding Until Mixed • Partially hide locations until users mixed [Gruteser07] • Expose after a delay Hospital Airport

  12. Hiding Until Mixed • Partially hide locations until users mixed [Gruteser07] • Expose after a delay Hospital Airport But delays unacceptable to real-time apps

  13. Existing solutions seem to suggest: Privacy and Quality of Localization (QoL) is a zero sum game Need to sacrifice one to gain the other

  14. Our Goal Break away from this tradeoff Target: Spatial accuracy Real-time updates Privacy guarantees Even in sparse populations We design: CacheCloak

  15. The Intuition • Predict until paths intersect Hospital Airport

  16. The Intuition • Predict until paths intersect Hospital Predict Airport Predict

  17. The Intuition • Predict until paths intersect • Expose predicted intersection to application Hospital Predict Airport Predict Cache the information on each predicted location

  18. CacheCloak System Design and Evaluation

  19. Architecture • Assume trusted privacy provider • Reveal location to CacheCloak • CacheCloak exposes anonymized location to Loc. App Loc. App1 Loc. App2 Loc. App3 Loc. App4 CacheCloak

  20. In Steady State … Location Based Application CacheCloak

  21. Prediction Location Based Application Backward prediction Forward prediction CacheCloak

  22. Prediction Location Based Application CacheCloak

  23. Predicted Intersection Location Based Application Predicted Path CacheCloak

  24. Query Location Based Application Predicted Path CacheCloak

  25. Query Location Based Application ? ? ? ? CacheCloak

  26. LBA Responds Location Based Application Array of responses CacheCloak

  27. Cached Location Based Application Cached Responses CacheCloak Location based Information

  28. Cached Response Location Based Application Cached Responses CacheCloak Location based Information

  29. Cached Response Location Based Application Cached Responses CacheCloak Location based Information

  30. Cached Response Location Based Application Cached Responses CacheCloak

  31. Cached Response Location Based Application Predicted Path CacheCloak

  32. Predicted Path Benefits • Real-time • Response ready when user arrives at predicted location • High QoL • Responses can be specific to location • Overhead on the wired backbone (caching helps) • Entropy guarantees • Entropy increases at traffic intersections • Sparse population • Can be handled with dummy users, false branching

  33. Quantifying Privacy • City converted into grid of small sqaures (pixels) • Users are located at a pixel at a given time • Each pixel associated with 8x8 matrix • Element (x, y) = probability that user enters x and exits y • Probabilities diffuse • At intersections • Over time • Privacy = entropy y x pixel

  34. Diffusion • Probability of user’s presence diffuses • Diffusion gradient computed based on history • i.e., what fraction of users take right turn at this intersection Time t1 Time t2 Time t3 Road Intersection

  35. Evaluation • Trace based simulation • VanetMobiSim + US Census Bureau trace data • Durham map with traffic lights, speed limits, etc. • Vehicles follow Google map paths • Performs collision avoidance 6km x 6km 10m x 10m pixel 1000 cars

  36. Results • High average entropy • Quite insensitive to user density (good for sparse regions) • Minimum entropy reasonably high Max. Bits of Mean Entropy Min. Time (Minutes) Number of Users (N)

  37. Results • Peak Counting • # of places where attacker’s confidence is > Threshold Mean # of Peaks Time (Seconds) Time (Seconds)

  38. Results • Peak Counting • # of places where attacker’s confidence is > Threshold Mean # of Peaks Number of Users (N)

  39. Limitations, Discussions … • CacheCloak overhead • Application replies to lot of queries • However, overhead on wired infrastructure • Caching reduces this overhead significantly • CacheCloak assumes same, indistinguishable query • Different queries can deanonymize • Possible through query combination … future work • Per-user privacy guarantee not yet supported • Adaptive branching & dummy users • CacheCloak - a central trusted entity • Distributed version proposed in the paper

  40. Closing Thoughts Two nodes may intersect in space but not in time Mixing not possible, without sacrificing timeliness Mobility prediction creates space-time intersections Enables virtual mixing in future

  41. Closing Thoughts CacheCloak Implements the prediction and caching function High entropy possible even under sparse population Spatio-temporal accuracy remains uncompromised

  42. Thank You For more related work, visit: http://synrg.ee.duke.edu

More Related