Anonymous and Privacy-Sensitive Collection of Sensed Data in Location-Based Applications Presenter: Jen Chen

Outline Introduction Use hitchhiking Discussion Conclusion

Introduction

Use hitchhiking

Discussion

Conclusion

Introduction Use ZipDash approach http://www .google .com /gmm /index.html Use hitchhiking http://labs .google .com /ridefinder Hitchhiking danger

Use ZipDash approach http://www .google .com /gmm /index.html

Use hitchhiking http://labs .google .com /ridefinder

Hitchhiking danger

Use Hitchhiking The Hitchhiking Approach Hitchhiking approach has seven requirements

The Hitchhiking Approach

Hitchhiking approach has seven requirements

The Hitchhiking Approach Existing commodity devices, including notebook and mobile-phones. Use GPS Application: Traffic flow model

Existing commodity devices, including notebook and mobile-phones.

Use GPS

Application: Traffic flow model

S even requirements Location is computed on the client. Only the client device is trusted. Each person must approve reporting from a location. Physical constraints prevent location spoofing.

Location is computed on the client.

Only the client device is trusted.

Each person must approve reporting from a location.

Physical constraints prevent location spoofing.

S even requirements (continue) Location identifiers are based in the physical location. Location identifiers are generated by the client . Sensed identifiers are not reported to a server .

Location identifiers are based in the physical location.

Location identifiers are generated by the client .

Sensed identifiers are not reported to a server .

Location is computed on the client Client use GPS Server only know device’s location

Client use GPS

Server only know device’s location

Only the client device is trusted Design Client is easy Server must higher standard

Design Client is easy

Server must higher standard

Each person must approve reporting from a location. No approve reporting, No application Applications can’t reveal identity

No approve reporting, No application

Applications can’t reveal identity

Physical constraints prevent location spoofing Request location must be approved Malicious server may be request the sensitive location. YES or NO

Request location must be approved

Malicious server may be request the sensitive location.

Location identifiers are based in the physical location. ID and GPS (or WiFi access points ) identify together If only use the ID, it may be danger

ID and GPS (or WiFi access points ) identify together

If only use the ID, it may be danger

Location identifiers are generated by the client Use GPS to provide location identifier Server only provide state about location of interest

Use GPS to provide location identifier

Server only provide state about location of interest

Sensed identifiers are not reported to a server . No report the sensed identifier Malicious operator may be track by sensed identifiers

No report the sensed identifier

Malicious operator may be track by sensed identifiers

Discussion What is hot Share location is currently busy Letting others join the party

What is hot

Share location is currently busy

Letting others join the party

Conclusion Danger and convenience is contradictory Make laws to protect privacy

Danger and convenience is contradictory

Make laws to protect privacy