preserving privacy in participatory sensing systems authors: kuan lun huang, salil s. kanhere...
TRANSCRIPT
Preserving Privacy in Participatory Sensing Systems
Authors: Kuan Lun Huang, Salil S. Kanhere (School of CS & Engg., The University of New South Wales, Sydney, Australia),
Wen Hu (Autonomous Systems Lab, CSIRO ICT Centre, Australia)Journal: Computer Communications (Vol 33 Issue 11, July ‘10)
Publisher: Butterworth-Heinemann Newton, MA, USA (Partly published at PerSeNs ’09)
Presented by: Sara Gaffar
Contents
Introduction A review of AnonySense Related Work System Model & Motivating example Implementation & Evaluation Important References
Two Major Attributes
This paper focuses on the spatial and temporal privacy of users, the two universal attributes expected to be included in user reports for all participatory sensing applications.
Assumptions
The adversary does not know true values of time and location of user reports. However, the adversary has means to find out the temporal and spatial properties of his victims.
The adversary is able to observe submitted reports (eavesdropping).
AnonySense Architecture
Tessellation & Generalization
Perturbation Techniques
Microaggregation and VMDAV Interpretation by Application Server by
Euclidean Distance: In the Euclidean plane, if p = (p1, p2) and q = (q1, q2) then the distance is given by:
d(p,q) = √(p1-q1)² + (p2-q2)²
Problems with k-anonymity
Tessellation & Generalization Identity disclosure Attribute disclosure
Background Knowledge Attack Homogeneity Attack
The example of Bob L-diversity
System Model
Anonymization Server (AS)
Petrolwatch
An application which allows users to collect, contribute and share fuel pricing information using camera phones.
Fuel prices are annotated with location coordinates of the service station and the time at which the capture takes place, and uploaded to the application server.
Users can query the server to locate the cheapest petrol station in their vicinity.
K-anonymous Privacy-Preserving Schemes
Tessellation Tessellation with tile center reporting
(TwTCR) Location anonymization with
microaggregation - VMDAV Location anonymization with
Hybrid microaggregation
VMDAV Pseudo code
Hybrid Microaggregation
VMDAV enables an application to make better decisions when user distributions across different areas are relatively consistent
On the contrary, in areas with dense distribution of users, TwTCR performs better
Gaussian Input Perturbation
Why trust the AS? Perturbation Scheme – Artificially distort a
user’s location prior to updating the AS.
L-Diversity
Spatial AND temporal privacy Homogeneity and background knowledge
attack
Eg.: 3-Anonymous Petrolwatch
Example of 2-Diversity in terms of location
Two Issues
Semantic relationship between locations
Timing accuracy
LD-VMDAV
1st Step:
2nd Step:
Evaluation
Metrics
Application accuracy: Positive Identification Percentage (PIP)
Errors introduced by anonymization – Information Loss (IL)
Hybrid-VMDAV
Improves percentage of positive identifications made by an application server by up to 100% and decreases amount of information loss by about 40%
LD-VMDAV Vs k-anonymity
References Cory Cornelius , Apu Kapadia , David Kotz , Dan Peebles , Minho Shin ,
Nikos Triandopoulos, Anonysense: privacy-aware people-centric sensing, Proceeding of the 6th international conference on Mobile systems, applications, and services, June 17-20, 2008, Breckenridge, CO, USA
A. Solanas, A Martinez-Baellest. V-MDAV: a multivariate microaggregation with variable group size, in: 17th COMPSTAT Symposium of the IASC, Rome, 2006.