Quantifying Location Privacy
description
Transcript of Quantifying Location Privacy
Quantifying Location Privacy
Reza ShokriGeorge Theodorakopoulos
Jean-Yves Le BoudecJean-Pierre Hubaux
May 2011
2
3
The contextual information attached to a trace tells much about our habits, interests, activities, and relationships
A location trace is not only a set of positions on a map
4
envisioningdevelopment.net/map
5
6
Distort location information before exposing it to others
Location-Privacy Protection
7
original low accuracy low precision
Pictures from Krumm 2007
Location-Privacy Protection
• Anonymization (pseudonymization)– Replacing actual username with a random identity
• Location Obfuscation– Hiding location, Adding noise, Reducing precision
How to evaluate/compare various protection mechanisms?
Which metric to use?
A common formal framework is MISSING
Location Privacy:A Probabilistic Framework
9
ReconstructedTracesAttack
KC
Attacker Knowledge Construction
ri
rj
Pij
Users’ Mobility ProfilesMC Transition Matrices
uN
u1
uN
u1
Past Traces (vectors of noisy/missing events)
…
Location-Privacy Preserving Mechanism
u1
u2
uN
…
1 2 3 4 T
Users
Timeline:
Actual Traces (vectors of actual events)
1
…
1 2 3 4 T
Nyms
Timeline:
Observed Traces (vectors of observed events)
2
N
LPPMObfuscation Anonymization
10
Location-Privacy Preserving Mechanism
LPPMAlice
Alice
Alice
Alice
Alice
Alice
Alice Alice
Alice Alice
Location-Obfuscation Function:
Hiding, Reducing Precision, Adding Noise, Location Generalization,…
A Probabilistic Mapping of a Location to a Set of Locations
11
Location-Privacy Preserving Mechanism
Anonymization Function:
Replace Real Usernames with Random Pseudonyms (e.g., integer 1…N)
LPPMAlice
Charlie
Bob
3
2
1
A Random Permutation of Usernames
12
Location-Privacy Preserving Mechanism
Anonymization Location Obfuscation (for user u)
Observed trace of user u, with pseudonym u’
Actual trace of user u
Spatiotemporal Event: <Who, When, Where>
13
Adversary ModelObservation Knowledge
Anonymized and Obfuscated Traces Users’ mobility profiles
PDFanonymization
PDFobfuscation
LPPM
14
Learning Users’ Mobility Profiles((adversary knowledge construction))
KC
ri
rj
Pij
Users’ ProfilesMC Transition Matrices
uN
u1
uN
u1
Past Traces (vectors of noisy/missing past events)
…From prior knowledge, the Attacker creates a Mobility Profile for each user
Mobility Profile: Markov Chain on the set of locationsTask: Estimate MC transition probabilities Pu
15
Example – Simple Knowledge Construction
Day –100 12 7 14 20 …
Day –99 13 20 19 25 …
…
Day –1 12 13 12 19 …
TimeTime 8am8am 9am9am 10am10am 11am11am ……
Prior Knowledge for (this example: 100 Training Traces)
7 13 19
12 ⅓ ⅓ ⅓
Alice
Mobility Profile forAlice
How to consider noisy/partial traces?
e.g., knowing only the user’s location in the morning (her workplace),
and her location in the evening (her home)
16
Learning Users’ Mobility Profiles((adversary knowledge construction))
KC
ri
rj
Pij
Users’ ProfilesMC Transition Matrices
uN
u1
uN
u1
Past Traces (vectors of noisy/missing past events)
…From prior knowledge, the Attacker creates a Mobility Profile for each user
Mobility Profile: Markov Chain on the set of locationsTask: Estimate MC transition probabilities Pu
Our Solution: Using Monte-Carlo method: Gibbs Sampling to estimate the probability distribution of the users’ mobility profiles
17
Adversary ModelObservation Knowledge
Anonymized and Obfuscated Traces Users’ mobility profiles
PDFanonymization
PDFobfuscation
LPPM
Inference Attack Examples
Localization Attack: “Where was Alice at 8pm?”What is the probability distribution over the locations for user ‘Alice’ at time ‘8pm’?
Tracking Attack: “Where did Alice go yesterday?”What is the most probable trace (trajectory) for user ‘Alice’ for time period ‘yesterday’?
Meeting Disclosure Attack: “How many times did Alice and Bob meet?”
Aggregate Presence Disclosure: “How many users were present at restaurant x, at 9pm?”
18
Inference Attacks
Our Solution: Decoupling De-anonymization from De-obfuscation
Computationally infeasible: (anonymization permutation) can take N! values
19
De-anonymization1 - Compute the likelihood of observing trace ‘i’ from user ‘u’, for all ‘i’ and ‘u’, using HMP: Forward-Backward algorithm. O(R2N2T)
2 - Compute the most likely assignment using a Maximum Weight Assignment algorithm (e.g., Hungarian algorithm). O(N4)
u1
u2
uN
…
Users
1
…Nyms
2
N
20
De-obfuscation
Given the most likely assignment *, the localization probability can be computed using Hidden Markov Model: the Forward-Backward algorithm. O(R2T)
Tracking AttackGiven the most likely assignment *, the most likely trace for each user can be computed using Viterbi algorithm . O(R2T)
Localization Attack
Location-Privacy Metric
22
Assessment of Inference AttacksIn an inference attack, the adversary estimates the true value of some random variable ‘X’ (e.g., location of a user at a given time instant)
Three properties of the estimation’s performance:
How focused is the estimate on a single value?The Entropy of the estimated random variable
How accurate is the estimate? Confidence level and confidence interval
How close is the estimate to the true value (the real outcome)?
Let xc (unknown to the adversary) be the actual value of X
23
Location-Privacy Metric
The true outcome of a random variable is what users want to hide from the adversary
Hence, incorrectness of the adversary’s inference attack is the metric that defines the privacy of users
Location-Privacy of user ‘u’ at time ‘t’ with respect to the localization attack = Incorrectness of the adversary (the expected estimation error):
Location-Privacy Meter
A Tool to Quantify Location Privacy
http://lca.epfl.ch/projects/quantifyingprivacy
25
Location-Privacy Meter (LPM)
• You provide the tool with– Some traces to learn the users’ mobility profiles– The PDF associated with the protection mechanism– Some traces to run the tool on
• LPM provides you with– Location privacy of users with respect to various
attacks: Localization, Tracking, Meeting Disclosure, Aggregate Presence Disclosure,…
26
LPM: An ExampleCRAWDAD dataset• N = 20 users• R = 40 regions• T = 96 time instants
• Protection mechanism:– Anonymization– Location Obfuscation
• Hiding location• Precision reduction
(dropping low-order bits from the x, y coordinates of the location)
27
LPM: Results – Localization Attack
No obfuscation
28
Assessment of other Metrics
EntropyK-anonymity
29
Conclusion• A unified formal framework to describe and evaluate
a variety of location-privacy preserving mechanisms with respect to various inference attacks
• Modeling LPPM evaluation as an estimation problem– Throw attacks at the LPPM
• The right Metric: Expected Estimation Error
• An object-oriented tool (Location-Privacy Meter) to evaluate/compare location-privacy preserving mechanisms
http://people.epfl.ch/reza.shokri
30
31
Hidden Markov Model
Oi {11,12,13} {6,7,8} {14,15,16} {18,19,20} …
11
13
12
6
8
7
14
16
15
18
20
19
PAlice(116) PAlice(614)
PLPPM(6{6,7,8})
PAlice(11)
Alice