itis 3200 intro to security and privacy
DESCRIPTION
ITIS 3200 Intro to Security and Privacy. Dr. Weichao Wang. Inference Attacks on Location Tracks. Questions to Answer. Do anonymized location tracks reveal your identity? If so, how much data corruption will protect you?. Motivation – Why Send Your Location?. Congestion Pricing. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/1.jpg)
ITIS 3200 Intro to Security and Privacy
Dr. Weichao Wang
![Page 2: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/2.jpg)
2
Inference Attacks on Location Tracks
![Page 3: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/3.jpg)
3
Questions to Answer
• Do anonymized location tracks reveal your identity?
• If so, how much data corruption will protect you?
![Page 4: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/4.jpg)
4
Motivation – Why Send Your Location?
Congestion PricingLocation Based Services
Pay As You Drive (PAYD) Insurance
Collaborative Traffic Probes (DASH) Research (London OpenStreetMap)
![Page 5: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/5.jpg)
5
GPS DataMicrosoft Multiperson Location Survey (MSMLS)
55 GPS receivers226 subjects95,000 miles153,000 kilometers12,418 tripsHome addresses & demographic data
Greater Seattle Seattle Downtown Close-up
Garmin Geko 201$11510,000 point memorymedian recording interval
6 seconds63 meters
![Page 6: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/6.jpg)
6
People Don’t Care About Location Privacy
• 74 U. Cambridge CS students• Would accept £10 to reveal 28 days of measured locations (£20 for commercial use)
• 226 Microsoft employees• 14 days of GPS tracks in return for 1 in 100 chance for $200 MP3 player
• 62 Microsoft employees• Only 21% insisted on not sharing GPS data outside
• 11 with location-sensitive message service in Seattle• Privacy concerns fairly light
• 55 Finland interviews on location-aware services• “It did not occur to most of the interviewees that they could be located while using the service.”
![Page 7: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/7.jpg)
7
Documented Privacy Leaks
How Cell Phone Helped Cops Nail Key Murder Suspect – Secret “Pings” that Gave Bouncer Away New York, NY, March 15, 2006
Stalker Victims Should Check For GPS Milwaukee, WI, February 6, 2003
A Face Is Exposed for AOL Searcher No. 4417749New York, NY, August 9, 2006
Real time celebrity sightingshttp://www.gawker.com/stalker/
![Page 8: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/8.jpg)
8
Pseudonimity for Location Tracks
Pseudonimity• Replace owner name of each point with untraceable ID• One unique ID for each owner
Example• “Larry Page” → “yellow”• “Bill Gates” → “red”
![Page 9: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/9.jpg)
9
Attack Outline
![Page 10: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/10.jpg)
10
GPS Tracks → Home Location Algorithm 1
Last Destination – median of last destination before 3 a.m.
Median error = 60.7 meters
![Page 11: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/11.jpg)
11
GPS Tracks → Home Location Algorithm 2
Weighted Median – median of all points, weighted by time spent at point (no trip segmentation required)
Median error = 66.6 meters
![Page 12: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/12.jpg)
12
GPS Tracks → Home Location Algorithm 3
Largest Cluster – cluster points, take median of cluster with most points
Median error = 66.6 meters
![Page 13: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/13.jpg)
13
GPS Tracks → Home Location Algorithm 4
Best Time – location at time with maximum probability of being home
Median error = 2390.2 meters (!)
Relative Probability of Home vs. Time of Day
0
0.002
0.004
0.006
0.008
0.01
0.012
0.014
0.016
0.018
0.02
00:00
01:00
02:00
03:00
04:00
05:00
06:00
07:00
08:00
09:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
18:00
19:00
20:00
21:00
22:00
23:00
Time (24 hour clock)
Pro
bab
ilit
y
8 a.m. 6 p.m.
![Page 14: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/14.jpg)
14
Why Not More Accurate?• GPS interval – 6 seconds and 63 meters• GPS satellite acquisition -- ≈45 seconds on cold start, time to
drive 300 meters at 15 mph• Covered parking – no GPS signal• Distant parking – far from home
covered parking distant parking
![Page 15: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/15.jpg)
15
GPS Tracks → Identity?
Windows Live Search reverse white pages lookupwww.whitepages.com
![Page 16: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/16.jpg)
16
Identification
MapPoint Web Service reverse geocoding
Windows Live Search reverse
white pages
Algorithm Correct out of 172
Percent Correct
Last Destination
8 4.7%
Weighted Median
9 5.2%
Largest Cluster
9 5.2%
Best Time 2 1.2%
![Page 17: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/17.jpg)
17
Why Not Better?
• Multiunit buildings
• Outdated white pages
• Poor geocoding
![Page 18: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/18.jpg)
18
Similar StudyHoh, Gruteser, Xiong, Alrabady, Enhancing Security and Privacy in Traffic-Monitoring Systems, in IEEE Pervasive Computing. 2006. p. 38-46.
• 219 volunteer drivers in Detroit, MI area• Cluster destinations to find home location
• arrive 4 p.m. to midnight• must be in residential area
• Manual inspection on home location (no knowledge of drivers’ actual home address)• 85% of homes found
![Page 19: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/19.jpg)
19
Easy Way to Fix Privacy Leak?
Location Privacy Protection Methods1. Regulatory strategies – based on rules2. Privacy policies – based on trust3. Anonymity – e.g. pseudonymity4. Obfuscation – obscure the data
Duckham, M. and L. Kulik, Location Privacy and Location-Aware Computing, in Dynamic & Mobile GIS: Investigating Change in Space and Time, J. Drummond, et al., Editors. 2006, CRC Press: Boca Raton, FL.
![Page 20: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/20.jpg)
20
Obfuscation Techniques(Duckham and Kulik, 2006)
• Spatial Cloaking – confuse with other people• Noise – add noise to measurements• Rounding – discretize measurements• Vagueness – “home”, “work”, “school”, “mall”• Dropped Samples – skip measurements
![Page 21: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/21.jpg)
21
Countermeasure: Add Noise
original σ= 50 meters noise added
Effect of added noise on address-finding rate
![Page 22: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/22.jpg)
22
Countermeasure: Discretize
original snap to 50 meter grid
Effect of discretization on address-finding rate
![Page 23: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/23.jpg)
23
Countermeasure: Cloak Home
1. Pick a random circle center within “r” meters of home2. Delete all points in circle with radius “R”
r
actual home
location
R
random point in
small circle
data inside large circle
deleted
![Page 24: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/24.jpg)
24
Conclusions• Privacy Leak from Location Data
– Can infer identity: GPS → Home → Identity– Best was 5%– 5% is lower bound, evil geniuses will do better
• Obfuscation Countermeasures– Need lots of corruption to approach zero risk
![Page 25: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/25.jpg)
25
Next Steps
How does data corruption affect applications?
![Page 26: ITIS 3200 Intro to Security and Privacy](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814cf6550346895db9ff17/html5/thumbnails/26.jpg)
26
End
original noise
discretize cloak
reverse white pages