SlideShare a Scribd company logo

Conference talk: On the Privacy of Frequently Visited User Locations

Z
Zohaib Riaz

Slides for our work presented at IEEE Mobile Data Management Conference 2016 (http://mdmconferences.org/mdm2016/). Paper full text: ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/INPROC-2016-11/INPROC-2016-11.pdf In this paper, we identified the threat of inference of users' top visited locations that reveal their particular behavioral traits. We also proposed mechanisms for avoiding the leakage of these top locations from real-time sharing of location information in today's online social networks.

Mobile
1 of 31
Download to read offline
University of Stuttgart Institute of Parallel and Distributed Systems (IPVS) Universitätsstraße 38 D-70569 Stuttgart On the Privacy of Frequently Visited User Locations Zohaib Riaz, Frank Dürr, Kurt Rothermel International Conference on Mobile Data Management 2016 (MDM'16) 15th June 2016
University of Stuttgart IPVS Research Group “Distributed Systems” • Today’s Location-sharing apps exploit Location Semantics ◦ App Examples: Family locators, Friend finders, Geo-social networks ◦ Meaningful sharing: (48.778786, 9.177867)  Starbucks (Coffee Shop) ◦ Trivial to label any unlabeled trips (via Foursquare, Yelp etc.) Motivation 2 Church Bar Gym Supermarket
University of Stuttgart IPVS Research Group “Distributed Systems” • Today’s Location-sharing apps exploit Location Semantics ◦ App Examples: Family locators, Friend finders, Geo-social networks ◦ Meaningful sharing: (48.778786, 9.177867)  Starbucks (Coffee Shop) ◦ Trivial to label any unlabeled trips (via Foursquare, Yelp etc.) •Privacy threat: Prolonged location sharing reveals visit-frequency profile! ◦ “A person who knows all of another’s travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym,…— and not just one such fact about a person, but all such facts.” [United States v. Jones] Motivation 2 Church Bar Gym Supermarket Bar Church Gym Supermarket Frequency
University of Stuttgart IPVS Research Group “Distributed Systems” • Typical Location-sharing apps rely on backend Location Server Infrastructure ◦ LSs store and manage user positions ◦ Applications query user positions from LSs • Can the LSs provider be trusted for the security of users’ location data? Motivation 3 Location Server (LS) App 1 (Family Locator) App 2 (Friend Finder)
University of Stuttgart IPVS Research Group “Distributed Systems” • Typical Location-sharing apps rely on backend Location Server Infrastructure ◦ LSs store and manage user positions ◦ Applications query user positions from LSs • Can the LSs provider be trusted for the security of users’ location data?  No service provider can guarantee that personal information is safe! ◦ LS become single-point-of-failure w.r.t. privacy Motivation 3 Location Server (LS) App 1 (Family Locator) App 2 (Friend Finder) Database of 191 million U.S. voters exposed on Internet: researcher (2015) eBay asks 145 million users to change passwords after data breach (2014) Twitter: Passwords Leaked for Millions of Accounts (6 days ago!) "The alarming part is that the information is so concentrated,"
University of Stuttgart IPVS Research Group “Distributed Systems” • A study of real-world check-ins dataset to show that frequent locations pose a serious privacy threat (next 3 slides …) • An approach to protect frequent locations while avoiding a single- point-of-failure in the LS infrastructure • Evaluation of the approach for achieved Privacy and Quality-of-Service (QoS) for location-sharing apps. Contributions 4
University of Stuttgart IPVS Research Group “Distributed Systems” Study of Check-in Dataset: Preprocessing • Goal: Show that visit-frequency information poses a privacy threat • Dataset: 22,506,721 Geo-tagged tweets provided by Cheng et al. 2011 • Selected user Population: criteria ◦ >= 1 location check-in per day ◦ >= 30 days of reported location data ◦ 10,306 users selected • Venue information, e.g., category, retrieved using Foursquare’s free API 7 No. Category 1 Arts & Entertainment 2 Education 3 Food 4 Tea/Coffee/Juices 5 Nightlife 6 Outdoor & Recreation 7 Athletics & Sports 8 Professional Places 9 Professional Schools 10 Medical Center 11 Spiritual 12 Shop & Service 13 Financial Institutions 14 Fitness
University of Stuttgart IPVS Research Group “Distributed Systems” Percentile Ranks Output: Frequency rank-profile Visits per month Study of Check-in Dataset: Analysis 6 18 Step 1: Get frequency-profile Visits/Month Population’s Frequency Distribution (Food) Percentile Rank: 𝑃𝑅 18 = 80𝑡ℎ Step 2: Determine Significance of visit-frequency No. of users
University of Stuttgart IPVS Research Group “Distributed Systems” Percentile Ranks Output: Frequency rank-profile Visits per month Study of Check-in Dataset: Analysis 6 18 Step 1: Get frequency-profile 𝑡ℎ 𝑐𝑟𝑖𝑡𝑖𝑎𝑙𝑖𝑡𝑦 = 70 Critical locations: visited with critically high frequencies Visits/Month Population’s Frequency Distribution (Food) Percentile Rank: 𝑃𝑅 18 = 80𝑡ℎ Step 2: Determine Significance of visit-frequency No. of users
University of Stuttgart IPVS Research Group “Distributed Systems” Percentile Ranks Output: Frequency rank-profile Visits per month Study of Check-in Dataset: Analysis 6 18 Step 1: Get frequency-profile 𝑡ℎ 𝑐𝑟𝑖𝑡𝑖𝑎𝑙𝑖𝑡𝑦 = 70 Critical locations: visited with critically high frequencies Visits/Month Population’s Frequency Distribution (Food) Percentile Rank: 𝑃𝑅 18 = 80𝑡ℎ Step 2: Determine Significance of visit-frequency No. of users
University of Stuttgart IPVS Research Group “Distributed Systems” Percentile Ranks Output: Frequency rank-profile Visits per month Study of Check-in Dataset: Analysis 6 18 Step 1: Get frequency-profile 𝑡ℎ 𝑐𝑟𝑖𝑡𝑖𝑎𝑙𝑖𝑡𝑦 = 70 Critical locations: visited with critically high frequencies Visits/Month Population’s Frequency Distribution (Food) Percentile Rank: 𝑃𝑅 18 = 80𝑡ℎ Step 2: Determine Significance of visit-frequency No. of users
University of Stuttgart IPVS Research Group “Distributed Systems” Study of Check-in Dataset: Evidence of Privacy Threat! • Critical locations are prevalent! ◦ ~85% users have at least 1 critical location ◦ ~50% users have 2 or more critical locations • Visiting characteristics of locations ◦ Same percentile rank  different frequencies for diff. categories ◦ High percentile-rank  a reasonable measure of user interest 7 CumulativeDistributionofusers (Rank) VisitsperMonth CumulativeFrequency(%) NumberofUsers Number of Critical Locations
University of Stuttgart IPVS Research Group “Distributed Systems” Study of Check-in Dataset: Evidence of Privacy Threat! • Critical locations are prevalent! ◦ ~85% users have at least 1 critical location ◦ ~50% users have 2 or more critical locations • Visiting characteristics of locations ◦ Same percentile rank  different frequencies for diff. categories ◦ High percentile-rank  a reasonable measure of user interest 7 CumulativeDistributionofusers (Rank) CumulativeFrequency(%) NumberofUsers Number of Critical Locations  We assume that “Frequency  Rank” relationship is publicly known
University of Stuttgart IPVS Research Group “Distributed Systems” Problem Statement • Privacy-preferences: (Persona, App) pairs • User-Personas: Define location categories whose criticality may be revealed e.g.: ◦ “Friends”  {all} {Medical} ◦ “Colleagues”  {all} {Spiritual, Medical, Night-life} • Privacy Requirement: Implement privacy- preferences in location-sharing ◦ Reveal unshared critical locations such that they appear non-critical ◦ Avoid attacks to reveal critical locations ▪ Attacker know our algorithm + additional knowledge ▪ Baseline attack: random guess! 14 user-defined 𝛼 𝑟𝑎𝑛𝑑 = 1/8
University of Stuttgart IPVS Research Group “Distributed Systems” Architecture (1) • User’s device: a smart-phone ◦ Runs Location-Privacy service: ▪ Executes our privacy algorithm ▪ Performs location updates to LSs ◦ Assumption: Encrypted communication channel 9 Location-Privacy service Communication module Location Updates
University of Stuttgart IPVS Research Group “Distributed Systems” Architecture (2) • A set of Location Servers (LSs) ◦ from different third-party providers ▪ Example: Backendless, App42, Heroku etc. ◦ manage location updates ◦ implement Access-control mechanism • Location Based Applications (Apps) ◦ Get access authorization to LSs from users ◦ Access user location from LSs or subscribe for update notifications ◦ May aggregate frequency-profile of user ◦ User-profile’ precision ∝ no. of accessible LSs 10 Location-Privacy service Communication module AccessRights App 1 App 2
University of Stuttgart IPVS Research Group “Distributed Systems” Basic Privacy Algorithm (1) 1. On-device determination of critical locations: ◦ 𝑺 = {𝑠1, … , 𝑠14}, set of location categories ◦ 𝑓𝑢 = {𝑓𝑠1 , 𝑓𝑠2 , … , 𝑓𝑠14 ) and 𝑟𝑢 = {𝑟𝑠1 , 𝑟𝑠2 , … , 𝑟𝑠14 } ◦ Critical locations: 𝑪 𝑢 = 𝑠𝑖| 𝑟𝑠 𝑖 > 𝑡ℎ 𝑐𝑟𝑡𝑙 2. Determine desired ranks ◦ Deterministic new ranks  reversible by attacker ◦ Randomized selection of desired ranks ▪ Avoids advanced attacks! 17 Desired Rank Profile Actual Rank Profile
University of Stuttgart IPVS Research Group “Distributed Systems” Basic Privacy Algorithm (2) 3. Enforce desired ranks for all 𝒔𝒊 ∈ 𝑪 𝒖: ◦ Divide trips for 𝑠𝑖 among LSs ◦ 𝐿𝑆0 hosts a safe-profile of user 12 Shared with all Apps Shared as per Personas of Apps Location-Privacy service
University of Stuttgart IPVS Research Group “Distributed Systems” Basic Privacy Algorithm (2) 3. Enforce desired ranks for all 𝒔𝒊 ∈ 𝑪 𝒖: ◦ Divide trips for 𝑠𝑖 among LSs ◦ 𝐿𝑆0 hosts a safe-profile of user 12 Shared with all Apps Shared as per Personas of Apps Location-Privacy service User-aware Attacker: can monitor Network- traffic statistics  knows update timings!
University of Stuttgart IPVS Research Group “Distributed Systems” Basic Privacy Algorithm (2) 3. Enforce desired ranks for all 𝒔𝒊 ∈ 𝑪 𝒖: ◦ Divide trips for 𝑠𝑖 among LSs ◦ 𝐿𝑆0 hosts a safe-profile of user 12 Shared with all Apps Shared as per Personas of Apps Location-Privacy service User-aware Attacker: can monitor Network- traffic statistics  knows update timings! Population-aware Attacker: Also possesses location information from the other users
University of Stuttgart IPVS Research Group “Distributed Systems” Advanced Privacy Algorithm (1): Against user-aware Attacker • Attacker: has access to a few LSs ◦ Knows timings of inaccessible updates • Trail of location updates  Mobility Model 𝛀 • Attack inaccessible updates: Maximize 𝑃(𝑠𝑖|𝑡) for 𝑠𝑖 to predict visited location using 𝛀 • Bayes theorem: 𝑃 𝑠𝑖 𝑡 = 𝑃 𝑡 𝑠𝑖 𝑃 𝑠 𝑖 𝑃(𝑡) 21 𝑠𝑖 =? Inaccessible updates 𝑡 Attacker 𝑡1 𝑡2 𝑡3 𝑡4 … 𝑡150 𝑡151 𝑡152 𝑡153 … A F E N ? E A ? Normalizer: constant for all 𝑠𝑖 (unimportant) Prior: Changed by our algorithm (unreliable) Likelihood of visiting time 𝑠𝑖 at time 𝑡 over all possible times 𝑇
University of Stuttgart IPVS Research Group “Distributed Systems” Advanced Privacy Algorithm (2): Defense • Defense: Generate fake events for each location as if it were critical! ◦ Fake events  garbage data  discarded by LSs! ◦ Desired effect: Rank of all locations should “appear” equal • Algorithmic steps: 1. Keep track of temporal likelihood of each category 2. Accordingly schedule enough fake events to meet maximum rank in the rank-profile 22 High Low Visit Time Distribution for 𝑠1 Weekday Hour + fake/inaccessible updates “Attacker’s View”
University of Stuttgart IPVS Research Group “Distributed Systems” Evaluation: Population-aware Attacker Model • Attacker: Aims to find all critical locations 1. knows ‘𝑘’ out of ‘𝑛’ critical locations from authorized or compromised LSs 2. Knows correlations among visit-frequencies of different location categories (Acquired from the population) • Frequency-correlation attack ◦ Learn correlations using Machine Learning techniques ◦ Data: Frequency-profiles of 10,036 users 23 Classification Regression Nightlife
University of Stuttgart IPVS Research Group “Distributed Systems” Evaluation: Privacy results for Classification Attacks • Classifiers: Random Forest (RF) & Support-Vector Machine (SVM) • Training: ◦ On frequency-profiles with one critical location ◦ 10-fold cross-validation • Results: ◦ Low classification accuracy: 25% • Repeated experiment: ◦ Added frequency-profiles with no critical locations! ◦ Again, low accuracy for critical locations: 22% ◦ High accuracy for non-critical: 87% 24 non-critical profile (unaltered) Protected profile (altered)
University of Stuttgart IPVS Research Group “Distributed Systems” Low accuracy High Confusion Evaluation: Privacy results for Classification Attacks 17
University of Stuttgart IPVS Research Group “Distributed Systems” 𝑘 = known Critical Locations • Regression Models: RF, SVM and Gaussian Mixture Regression (GMR) ◦ Percentage prediction error: < 5% for each semantic location ◦ Attack performance on protected frequency-profiles: Evaluation: Privacy results for Regression Attacks 18 𝑃𝑎𝑡𝑡𝑎𝑐𝑘(𝑘) - probability of correct detection of a critical location when 𝑘 out of 𝑛 critical locations are already known
University of Stuttgart IPVS Research Group “Distributed Systems” 𝑘 = known Critical Locations • Regression Models: RF, SVM and Gaussian Mixture Regression (GMR) ◦ Percentage prediction error: < 5% for each semantic location ◦ Attack performance on protected frequency-profiles: Evaluation: Privacy results for Regression Attacks 18 Zero knowledge gain 𝛼 𝑟𝑎𝑛𝑑 𝑘 - probability of randomly selecting a critical location 𝑘 = known Critical Locations 𝑃𝑎𝑡𝑡𝑎𝑐𝑘(𝑘) - probability of correct detection of a critical location when 𝑘 out of 𝑛 critical locations are already known
University of Stuttgart IPVS Research Group “Distributed Systems” Evaluation: QoS and Communication Overhead • QoS = proportion of available location updates ◦ QoS is reasonably high given 60% population has 1 or 2 critical locations • Communication Cost = no. of fake message per day ◦ 1-2 messages a day for most users! 𝑘 = 1, 𝑄𝑜𝑆 ~ 80% 𝑘 = 2, 𝑄𝑜𝑆 ~ 70% 𝑘 = 3, 𝑄𝑜𝑆 ~ 60% 19 𝑛 =1 𝑛 =2 𝑛 =3 𝑛 =4 𝑘 = Number of LSs to which access is denied 1.0 0.8 0.6 0.4 0.2 0 𝑸𝒐𝑺 1 1 2 31 2 31 2 4
University of Stuttgart IPVS Research Group “Distributed Systems” Related Work • Semantic location obfuscation (PROBE framework by Damiani et al. 2010) + Cloak individual sensitive visits with neighboring non-sensitive venues − Sensitivity of location categories is not related to an individual’s visit-frequency • Venue Recommendation techniques (Riboni et al. 2014, Zhang et al. 2014) +Offline publishing of check-in history statistics in a differentially private manner −Require Trusted parties for implementing the privacy algorithm −Cannot be used for online location sharing • Distributed Location Management (Duerr et al. at Percom 2011) +No single-point-of-failure −For single locations without considering location semantics 20
University of Stuttgart IPVS Research Group “Distributed Systems” Conclusion & Future Work • Frequent locations naturally pose a privacy threat by revealing user interests • Distributing location information in LS infrastructure  promising privacy solution • Proposed an algorithm for controlled sharing of frequent locations ◦ Hides frequent locations from: ▪ User-aware attackers ▪ Population-aware attackers • Future Work ◦ Integrate existing single-location semantic obfuscation approaches for forming a comprehensive privacy mechanism 21
University of Stuttgart IPVS Research Group “Distributed Systems” Contact and Discussion www.priloc.de Zohaib Riaz Institute for Parallel and Distributed Systems, University of Stuttgart, Germany zohaib.riaz@ipvs.uni-stuttgart.de

Recommended

InSTEDD HISA Conference
InSTEDD HISA ConferenceInSTEDD HISA Conference
InSTEDD HISA ConferenceEduardo Jezierski
 
Behavioral Data Mining to Produce Novel and Serendipitous Friend Recommendati...
Behavioral Data Mining to Produce Novel and Serendipitous Friend Recommendati...Behavioral Data Mining to Produce Novel and Serendipitous Friend Recommendati...
Behavioral Data Mining to Produce Novel and Serendipitous Friend Recommendati...Matteo Manca
 
UCIAD overview
UCIAD overviewUCIAD overview
UCIAD overviewMathieu d'Aquin
 
Emotional Social Signals for Search Ranking
Emotional Social Signals for Search RankingEmotional Social Signals for Search Ranking
Emotional Social Signals for Search RankingIsmail BADACHE
 
Automatic generation of event summaries using microblog streams
Automatic generation of event summaries using microblog streamsAutomatic generation of event summaries using microblog streams
Automatic generation of event summaries using microblog streamsKaushalya Madhawa
 
Tweet analysis for real time event detection and earthquake reporting system ...
Tweet analysis for real time event detection and earthquake reporting system ...Tweet analysis for real time event detection and earthquake reporting system ...
Tweet analysis for real time event detection and earthquake reporting system ...JPINFOTECH JAYAPRAKASH
 
Prometheus: User-Controlled P2P Social Data Management for Socially-aware App...
Prometheus: User-Controlled P2P Social Data Management for Socially-aware App...Prometheus: User-Controlled P2P Social Data Management for Socially-aware App...
Prometheus: User-Controlled P2P Social Data Management for Socially-aware App...Nicolas Kourtellis
 
Databases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyDatabases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyYannick Pouliot
 

Recommended

InSTEDD HISA Conference
InSTEDD HISA ConferenceInSTEDD HISA Conference
InSTEDD HISA ConferenceEduardo Jezierski
 
Behavioral Data Mining to Produce Novel and Serendipitous Friend Recommendati...
Behavioral Data Mining to Produce Novel and Serendipitous Friend Recommendati...Behavioral Data Mining to Produce Novel and Serendipitous Friend Recommendati...
Behavioral Data Mining to Produce Novel and Serendipitous Friend Recommendati...Matteo Manca
 
UCIAD overview
UCIAD overviewUCIAD overview
UCIAD overviewMathieu d'Aquin
 
Emotional Social Signals for Search Ranking
Emotional Social Signals for Search RankingEmotional Social Signals for Search Ranking
Emotional Social Signals for Search RankingIsmail BADACHE
 
Automatic generation of event summaries using microblog streams
Automatic generation of event summaries using microblog streamsAutomatic generation of event summaries using microblog streams
Automatic generation of event summaries using microblog streamsKaushalya Madhawa
 
Tweet analysis for real time event detection and earthquake reporting system ...
Tweet analysis for real time event detection and earthquake reporting system ...Tweet analysis for real time event detection and earthquake reporting system ...
Tweet analysis for real time event detection and earthquake reporting system ...JPINFOTECH JAYAPRAKASH
 
Prometheus: User-Controlled P2P Social Data Management for Socially-aware App...
Prometheus: User-Controlled P2P Social Data Management for Socially-aware App...Prometheus: User-Controlled P2P Social Data Management for Socially-aware App...
Prometheus: User-Controlled P2P Social Data Management for Socially-aware App...Nicolas Kourtellis
 
Databases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyDatabases, Web Services and Tools For Systems Immunology
Databases, Web Services and Tools For Systems ImmunologyYannick Pouliot
 
Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...
Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...
Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...Zohaib Riaz
 
Conference talk: Optimized Location Update Protocols for Secure and Efficient...
Conference talk: Optimized Location Update Protocols for Secure and Efficient...Conference talk: Optimized Location Update Protocols for Secure and Efficient...
Conference talk: Optimized Location Update Protocols for Secure and Efficient...Zohaib Riaz
 
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004Jason Hong
 
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...Krishnaram Kenthapadi
 
Narrative Mind Week 5 H4D Stanford 2016
Narrative Mind Week 5 H4D Stanford 2016Narrative Mind Week 5 H4D Stanford 2016
Narrative Mind Week 5 H4D Stanford 2016Stanford University
 
ODSC East 2017: Data Science Models For Good
ODSC East 2017: Data Science Models For GoodODSC East 2017: Data Science Models For Good
ODSC East 2017: Data Science Models For GoodKarry Lu
 
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...Paolo Nesi
 
What's up at Kno.e.sis?
What's up at Kno.e.sis? What's up at Kno.e.sis?
What's up at Kno.e.sis? Amit Sheth
 
InSTEDD: Collaboration in Disease Surveillance & Response
InSTEDD: Collaboration in Disease Surveillance & ResponseInSTEDD: Collaboration in Disease Surveillance & Response
InSTEDD: Collaboration in Disease Surveillance & ResponseInSTEDD
 
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...benaam
 
Learning to Classify Users in Online Interaction Networks
Learning to Classify Users in Online Interaction NetworksLearning to Classify Users in Online Interaction Networks
Learning to Classify Users in Online Interaction NetworksSymeon Papadopoulos
 
An empirical assessment of global covid 19 contact tracing applications icse2021
An empirical assessment of global covid 19 contact tracing applications icse2021An empirical assessment of global covid 19 contact tracing applications icse2021
An empirical assessment of global covid 19 contact tracing applications icse2021RuoxiSun7
 
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...Kevin Moran
 
From context aware to socially awareness computing - IEEE Pervasive Computing...
From context aware to socially awareness computing - IEEE Pervasive Computing...From context aware to socially awareness computing - IEEE Pervasive Computing...
From context aware to socially awareness computing - IEEE Pervasive Computing...Fread Mzee
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaMaribel García Arenas
 
Burton - Security, Privacy and Trust
Burton - Security, Privacy and TrustBurton - Security, Privacy and Trust
Burton - Security, Privacy and TrustNational Information Standards Organization (NISO)
 
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus Poster
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus PosterNIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus Poster
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus PosterGlobus
 
Narrative Mind Week 4 H4D Stanford 2016
Narrative Mind Week 4 H4D Stanford 2016Narrative Mind Week 4 H4D Stanford 2016
Narrative Mind Week 4 H4D Stanford 2016Stanford University
 
Science Gateway Canvas
Science Gateway CanvasScience Gateway Canvas
Science Gateway CanvasShayan Shahand
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 

More Related Content

Similar to Conference talk: On the Privacy of Frequently Visited User Locations

Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...
Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...
Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...Zohaib Riaz
 
Conference talk: Optimized Location Update Protocols for Secure and Efficient...
Conference talk: Optimized Location Update Protocols for Secure and Efficient...Conference talk: Optimized Location Update Protocols for Secure and Efficient...
Conference talk: Optimized Location Update Protocols for Secure and Efficient...Zohaib Riaz
 
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004Jason Hong
 
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...Krishnaram Kenthapadi
 
Narrative Mind Week 5 H4D Stanford 2016
Narrative Mind Week 5 H4D Stanford 2016Narrative Mind Week 5 H4D Stanford 2016
Narrative Mind Week 5 H4D Stanford 2016Stanford University
 
ODSC East 2017: Data Science Models For Good
ODSC East 2017: Data Science Models For GoodODSC East 2017: Data Science Models For Good
ODSC East 2017: Data Science Models For GoodKarry Lu
 
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...Paolo Nesi
 
What's up at Kno.e.sis?
What's up at Kno.e.sis? What's up at Kno.e.sis?
What's up at Kno.e.sis? Amit Sheth
 
InSTEDD: Collaboration in Disease Surveillance & Response
InSTEDD: Collaboration in Disease Surveillance & ResponseInSTEDD: Collaboration in Disease Surveillance & Response
InSTEDD: Collaboration in Disease Surveillance & ResponseInSTEDD
 
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...benaam
 
Learning to Classify Users in Online Interaction Networks
Learning to Classify Users in Online Interaction NetworksLearning to Classify Users in Online Interaction Networks
Learning to Classify Users in Online Interaction NetworksSymeon Papadopoulos
 
An empirical assessment of global covid 19 contact tracing applications icse2021
An empirical assessment of global covid 19 contact tracing applications icse2021An empirical assessment of global covid 19 contact tracing applications icse2021
An empirical assessment of global covid 19 contact tracing applications icse2021RuoxiSun7
 
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...Kevin Moran
 
From context aware to socially awareness computing - IEEE Pervasive Computing...
From context aware to socially awareness computing - IEEE Pervasive Computing...From context aware to socially awareness computing - IEEE Pervasive Computing...
From context aware to socially awareness computing - IEEE Pervasive Computing...Fread Mzee
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaMaribel García Arenas
 
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus Poster
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus PosterNIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus Poster
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus PosterGlobus
 
Narrative Mind Week 4 H4D Stanford 2016
Narrative Mind Week 4 H4D Stanford 2016Narrative Mind Week 4 H4D Stanford 2016
Narrative Mind Week 4 H4D Stanford 2016Stanford University
 
Science Gateway Canvas
Science Gateway CanvasScience Gateway Canvas
Science Gateway CanvasShayan Shahand
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 

Similar to Conference talk: On the Privacy of Frequently Visited User Locations (20)

Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...
Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...
Conference talk: Understanding Vulnerabilities of Location Privacy Mechanisms...
 
Conference talk: Optimized Location Update Protocols for Secure and Efficient...
Conference talk: Optimized Location Update Protocols for Secure and Efficient...Conference talk: Optimized Location Update Protocols for Secure and Efficient...
Conference talk: Optimized Location Update Protocols for Secure and Efficient...
 
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004
An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004
 
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
 
Narrative Mind Week 5 H4D Stanford 2016
Narrative Mind Week 5 H4D Stanford 2016Narrative Mind Week 5 H4D Stanford 2016
Narrative Mind Week 5 H4D Stanford 2016
 
ODSC East 2017: Data Science Models For Good
ODSC East 2017: Data Science Models For GoodODSC East 2017: Data Science Models For Good
ODSC East 2017: Data Science Models For Good
 
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...
Twitter Vigilance: a Multi-User platform for Cross-Domain Twitter Data Analyt...
 
What's up at Kno.e.sis?
What's up at Kno.e.sis? What's up at Kno.e.sis?
What's up at Kno.e.sis?
 
InSTEDD: Collaboration in Disease Surveillance & Response
InSTEDD: Collaboration in Disease Surveillance & ResponseInSTEDD: Collaboration in Disease Surveillance & Response
InSTEDD: Collaboration in Disease Surveillance & Response
 
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
 
Learning to Classify Users in Online Interaction Networks
Learning to Classify Users in Online Interaction NetworksLearning to Classify Users in Online Interaction Networks
Learning to Classify Users in Online Interaction Networks
 
An empirical assessment of global covid 19 contact tracing applications icse2021
An empirical assessment of global covid 19 contact tracing applications icse2021An empirical assessment of global covid 19 contact tracing applications icse2021
An empirical assessment of global covid 19 contact tracing applications icse2021
 
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using...
 
From context aware to socially awareness computing - IEEE Pervasive Computing...
From context aware to socially awareness computing - IEEE Pervasive Computing...From context aware to socially awareness computing - IEEE Pervasive Computing...
From context aware to socially awareness computing - IEEE Pervasive Computing...
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far Alqatawna
 
Burton - Security, Privacy and Trust
Burton - Security, Privacy and TrustBurton - Security, Privacy and Trust
Burton - Security, Privacy and Trust
 
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus Poster
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus PosterNIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus Poster
NIH NCI Childhood Cancer Data Initiative (CCDI) Symposium Globus Poster
 
Narrative Mind Week 4 H4D Stanford 2016
Narrative Mind Week 4 H4D Stanford 2016Narrative Mind Week 4 H4D Stanford 2016
Narrative Mind Week 4 H4D Stanford 2016
 
Science Gateway Canvas
Science Gateway CanvasScience Gateway Canvas
Science Gateway Canvas
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
 

Conference talk: On the Privacy of Frequently Visited User Locations

  • 1. University of Stuttgart Institute of Parallel and Distributed Systems (IPVS) Universitätsstraße 38 D-70569 Stuttgart On the Privacy of Frequently Visited User Locations Zohaib Riaz, Frank Dürr, Kurt Rothermel International Conference on Mobile Data Management 2016 (MDM'16) 15th June 2016
  • 2. University of Stuttgart IPVS Research Group “Distributed Systems” • Today’s Location-sharing apps exploit Location Semantics ◦ App Examples: Family locators, Friend finders, Geo-social networks ◦ Meaningful sharing: (48.778786, 9.177867)  Starbucks (Coffee Shop) ◦ Trivial to label any unlabeled trips (via Foursquare, Yelp etc.) Motivation 2 Church Bar Gym Supermarket
  • 3. University of Stuttgart IPVS Research Group “Distributed Systems” • Today’s Location-sharing apps exploit Location Semantics ◦ App Examples: Family locators, Friend finders, Geo-social networks ◦ Meaningful sharing: (48.778786, 9.177867)  Starbucks (Coffee Shop) ◦ Trivial to label any unlabeled trips (via Foursquare, Yelp etc.) •Privacy threat: Prolonged location sharing reveals visit-frequency profile! ◦ “A person who knows all of another’s travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym,…— and not just one such fact about a person, but all such facts.” [United States v. Jones] Motivation 2 Church Bar Gym Supermarket Bar Church Gym Supermarket Frequency
  • 4. University of Stuttgart IPVS Research Group “Distributed Systems” • Typical Location-sharing apps rely on backend Location Server Infrastructure ◦ LSs store and manage user positions ◦ Applications query user positions from LSs • Can the LSs provider be trusted for the security of users’ location data? Motivation 3 Location Server (LS) App 1 (Family Locator) App 2 (Friend Finder)
  • 5. University of Stuttgart IPVS Research Group “Distributed Systems” • Typical Location-sharing apps rely on backend Location Server Infrastructure ◦ LSs store and manage user positions ◦ Applications query user positions from LSs • Can the LSs provider be trusted for the security of users’ location data?  No service provider can guarantee that personal information is safe! ◦ LS become single-point-of-failure w.r.t. privacy Motivation 3 Location Server (LS) App 1 (Family Locator) App 2 (Friend Finder) Database of 191 million U.S. voters exposed on Internet: researcher (2015) eBay asks 145 million users to change passwords after data breach (2014) Twitter: Passwords Leaked for Millions of Accounts (6 days ago!) "The alarming part is that the information is so concentrated,"
  • 6. University of Stuttgart IPVS Research Group “Distributed Systems” • A study of real-world check-ins dataset to show that frequent locations pose a serious privacy threat (next 3 slides …) • An approach to protect frequent locations while avoiding a single- point-of-failure in the LS infrastructure • Evaluation of the approach for achieved Privacy and Quality-of-Service (QoS) for location-sharing apps. Contributions 4
  • 7. University of Stuttgart IPVS Research Group “Distributed Systems” Study of Check-in Dataset: Preprocessing • Goal: Show that visit-frequency information poses a privacy threat • Dataset: 22,506,721 Geo-tagged tweets provided by Cheng et al. 2011 • Selected user Population: criteria ◦ >= 1 location check-in per day ◦ >= 30 days of reported location data ◦ 10,306 users selected • Venue information, e.g., category, retrieved using Foursquare’s free API 7 No. Category 1 Arts & Entertainment 2 Education 3 Food 4 Tea/Coffee/Juices 5 Nightlife 6 Outdoor & Recreation 7 Athletics & Sports 8 Professional Places 9 Professional Schools 10 Medical Center 11 Spiritual 12 Shop & Service 13 Financial Institutions 14 Fitness
  • 8. University of Stuttgart IPVS Research Group “Distributed Systems” Percentile Ranks Output: Frequency rank-profile Visits per month Study of Check-in Dataset: Analysis 6 18 Step 1: Get frequency-profile Visits/Month Population’s Frequency Distribution (Food) Percentile Rank: 𝑃𝑅 18 = 80𝑡ℎ Step 2: Determine Significance of visit-frequency No. of users
  • 9. University of Stuttgart IPVS Research Group “Distributed Systems” Percentile Ranks Output: Frequency rank-profile Visits per month Study of Check-in Dataset: Analysis 6 18 Step 1: Get frequency-profile 𝑡ℎ 𝑐𝑟𝑖𝑡𝑖𝑎𝑙𝑖𝑡𝑦 = 70 Critical locations: visited with critically high frequencies Visits/Month Population’s Frequency Distribution (Food) Percentile Rank: 𝑃𝑅 18 = 80𝑡ℎ Step 2: Determine Significance of visit-frequency No. of users
  • 10. University of Stuttgart IPVS Research Group “Distributed Systems” Percentile Ranks Output: Frequency rank-profile Visits per month Study of Check-in Dataset: Analysis 6 18 Step 1: Get frequency-profile 𝑡ℎ 𝑐𝑟𝑖𝑡𝑖𝑎𝑙𝑖𝑡𝑦 = 70 Critical locations: visited with critically high frequencies Visits/Month Population’s Frequency Distribution (Food) Percentile Rank: 𝑃𝑅 18 = 80𝑡ℎ Step 2: Determine Significance of visit-frequency No. of users
  • 11. University of Stuttgart IPVS Research Group “Distributed Systems” Percentile Ranks Output: Frequency rank-profile Visits per month Study of Check-in Dataset: Analysis 6 18 Step 1: Get frequency-profile 𝑡ℎ 𝑐𝑟𝑖𝑡𝑖𝑎𝑙𝑖𝑡𝑦 = 70 Critical locations: visited with critically high frequencies Visits/Month Population’s Frequency Distribution (Food) Percentile Rank: 𝑃𝑅 18 = 80𝑡ℎ Step 2: Determine Significance of visit-frequency No. of users
  • 12. University of Stuttgart IPVS Research Group “Distributed Systems” Study of Check-in Dataset: Evidence of Privacy Threat! • Critical locations are prevalent! ◦ ~85% users have at least 1 critical location ◦ ~50% users have 2 or more critical locations • Visiting characteristics of locations ◦ Same percentile rank  different frequencies for diff. categories ◦ High percentile-rank  a reasonable measure of user interest 7 CumulativeDistributionofusers (Rank) VisitsperMonth CumulativeFrequency(%) NumberofUsers Number of Critical Locations
  • 13. University of Stuttgart IPVS Research Group “Distributed Systems” Study of Check-in Dataset: Evidence of Privacy Threat! • Critical locations are prevalent! ◦ ~85% users have at least 1 critical location ◦ ~50% users have 2 or more critical locations • Visiting characteristics of locations ◦ Same percentile rank  different frequencies for diff. categories ◦ High percentile-rank  a reasonable measure of user interest 7 CumulativeDistributionofusers (Rank) CumulativeFrequency(%) NumberofUsers Number of Critical Locations  We assume that “Frequency  Rank” relationship is publicly known
  • 14. University of Stuttgart IPVS Research Group “Distributed Systems” Problem Statement • Privacy-preferences: (Persona, App) pairs • User-Personas: Define location categories whose criticality may be revealed e.g.: ◦ “Friends”  {all} {Medical} ◦ “Colleagues”  {all} {Spiritual, Medical, Night-life} • Privacy Requirement: Implement privacy- preferences in location-sharing ◦ Reveal unshared critical locations such that they appear non-critical ◦ Avoid attacks to reveal critical locations ▪ Attacker know our algorithm + additional knowledge ▪ Baseline attack: random guess! 14 user-defined 𝛼 𝑟𝑎𝑛𝑑 = 1/8
  • 15. University of Stuttgart IPVS Research Group “Distributed Systems” Architecture (1) • User’s device: a smart-phone ◦ Runs Location-Privacy service: ▪ Executes our privacy algorithm ▪ Performs location updates to LSs ◦ Assumption: Encrypted communication channel 9 Location-Privacy service Communication module Location Updates
  • 16. University of Stuttgart IPVS Research Group “Distributed Systems” Architecture (2) • A set of Location Servers (LSs) ◦ from different third-party providers ▪ Example: Backendless, App42, Heroku etc. ◦ manage location updates ◦ implement Access-control mechanism • Location Based Applications (Apps) ◦ Get access authorization to LSs from users ◦ Access user location from LSs or subscribe for update notifications ◦ May aggregate frequency-profile of user ◦ User-profile’ precision ∝ no. of accessible LSs 10 Location-Privacy service Communication module AccessRights App 1 App 2
  • 17. University of Stuttgart IPVS Research Group “Distributed Systems” Basic Privacy Algorithm (1) 1. On-device determination of critical locations: ◦ 𝑺 = {𝑠1, … , 𝑠14}, set of location categories ◦ 𝑓𝑢 = {𝑓𝑠1 , 𝑓𝑠2 , … , 𝑓𝑠14 ) and 𝑟𝑢 = {𝑟𝑠1 , 𝑟𝑠2 , … , 𝑟𝑠14 } ◦ Critical locations: 𝑪 𝑢 = 𝑠𝑖| 𝑟𝑠 𝑖 > 𝑡ℎ 𝑐𝑟𝑡𝑙 2. Determine desired ranks ◦ Deterministic new ranks  reversible by attacker ◦ Randomized selection of desired ranks ▪ Avoids advanced attacks! 17 Desired Rank Profile Actual Rank Profile
  • 18. University of Stuttgart IPVS Research Group “Distributed Systems” Basic Privacy Algorithm (2) 3. Enforce desired ranks for all 𝒔𝒊 ∈ 𝑪 𝒖: ◦ Divide trips for 𝑠𝑖 among LSs ◦ 𝐿𝑆0 hosts a safe-profile of user 12 Shared with all Apps Shared as per Personas of Apps Location-Privacy service
  • 19. University of Stuttgart IPVS Research Group “Distributed Systems” Basic Privacy Algorithm (2) 3. Enforce desired ranks for all 𝒔𝒊 ∈ 𝑪 𝒖: ◦ Divide trips for 𝑠𝑖 among LSs ◦ 𝐿𝑆0 hosts a safe-profile of user 12 Shared with all Apps Shared as per Personas of Apps Location-Privacy service User-aware Attacker: can monitor Network- traffic statistics  knows update timings!
  • 20. University of Stuttgart IPVS Research Group “Distributed Systems” Basic Privacy Algorithm (2) 3. Enforce desired ranks for all 𝒔𝒊 ∈ 𝑪 𝒖: ◦ Divide trips for 𝑠𝑖 among LSs ◦ 𝐿𝑆0 hosts a safe-profile of user 12 Shared with all Apps Shared as per Personas of Apps Location-Privacy service User-aware Attacker: can monitor Network- traffic statistics  knows update timings! Population-aware Attacker: Also possesses location information from the other users
  • 21. University of Stuttgart IPVS Research Group “Distributed Systems” Advanced Privacy Algorithm (1): Against user-aware Attacker • Attacker: has access to a few LSs ◦ Knows timings of inaccessible updates • Trail of location updates  Mobility Model 𝛀 • Attack inaccessible updates: Maximize 𝑃(𝑠𝑖|𝑡) for 𝑠𝑖 to predict visited location using 𝛀 • Bayes theorem: 𝑃 𝑠𝑖 𝑡 = 𝑃 𝑡 𝑠𝑖 𝑃 𝑠 𝑖 𝑃(𝑡) 21 𝑠𝑖 =? Inaccessible updates 𝑡 Attacker 𝑡1 𝑡2 𝑡3 𝑡4 … 𝑡150 𝑡151 𝑡152 𝑡153 … A F E N ? E A ? Normalizer: constant for all 𝑠𝑖 (unimportant) Prior: Changed by our algorithm (unreliable) Likelihood of visiting time 𝑠𝑖 at time 𝑡 over all possible times 𝑇
  • 22. University of Stuttgart IPVS Research Group “Distributed Systems” Advanced Privacy Algorithm (2): Defense • Defense: Generate fake events for each location as if it were critical! ◦ Fake events  garbage data  discarded by LSs! ◦ Desired effect: Rank of all locations should “appear” equal • Algorithmic steps: 1. Keep track of temporal likelihood of each category 2. Accordingly schedule enough fake events to meet maximum rank in the rank-profile 22 High Low Visit Time Distribution for 𝑠1 Weekday Hour + fake/inaccessible updates “Attacker’s View”
  • 23. University of Stuttgart IPVS Research Group “Distributed Systems” Evaluation: Population-aware Attacker Model • Attacker: Aims to find all critical locations 1. knows ‘𝑘’ out of ‘𝑛’ critical locations from authorized or compromised LSs 2. Knows correlations among visit-frequencies of different location categories (Acquired from the population) • Frequency-correlation attack ◦ Learn correlations using Machine Learning techniques ◦ Data: Frequency-profiles of 10,036 users 23 Classification Regression Nightlife
  • 24. University of Stuttgart IPVS Research Group “Distributed Systems” Evaluation: Privacy results for Classification Attacks • Classifiers: Random Forest (RF) & Support-Vector Machine (SVM) • Training: ◦ On frequency-profiles with one critical location ◦ 10-fold cross-validation • Results: ◦ Low classification accuracy: 25% • Repeated experiment: ◦ Added frequency-profiles with no critical locations! ◦ Again, low accuracy for critical locations: 22% ◦ High accuracy for non-critical: 87% 24 non-critical profile (unaltered) Protected profile (altered)
  • 25. University of Stuttgart IPVS Research Group “Distributed Systems” Low accuracy High Confusion Evaluation: Privacy results for Classification Attacks 17
  • 26. University of Stuttgart IPVS Research Group “Distributed Systems” 𝑘 = known Critical Locations • Regression Models: RF, SVM and Gaussian Mixture Regression (GMR) ◦ Percentage prediction error: < 5% for each semantic location ◦ Attack performance on protected frequency-profiles: Evaluation: Privacy results for Regression Attacks 18 𝑃𝑎𝑡𝑡𝑎𝑐𝑘(𝑘) - probability of correct detection of a critical location when 𝑘 out of 𝑛 critical locations are already known
  • 27. University of Stuttgart IPVS Research Group “Distributed Systems” 𝑘 = known Critical Locations • Regression Models: RF, SVM and Gaussian Mixture Regression (GMR) ◦ Percentage prediction error: < 5% for each semantic location ◦ Attack performance on protected frequency-profiles: Evaluation: Privacy results for Regression Attacks 18 Zero knowledge gain 𝛼 𝑟𝑎𝑛𝑑 𝑘 - probability of randomly selecting a critical location 𝑘 = known Critical Locations 𝑃𝑎𝑡𝑡𝑎𝑐𝑘(𝑘) - probability of correct detection of a critical location when 𝑘 out of 𝑛 critical locations are already known
  • 28. University of Stuttgart IPVS Research Group “Distributed Systems” Evaluation: QoS and Communication Overhead • QoS = proportion of available location updates ◦ QoS is reasonably high given 60% population has 1 or 2 critical locations • Communication Cost = no. of fake message per day ◦ 1-2 messages a day for most users! 𝑘 = 1, 𝑄𝑜𝑆 ~ 80% 𝑘 = 2, 𝑄𝑜𝑆 ~ 70% 𝑘 = 3, 𝑄𝑜𝑆 ~ 60% 19 𝑛 =1 𝑛 =2 𝑛 =3 𝑛 =4 𝑘 = Number of LSs to which access is denied 1.0 0.8 0.6 0.4 0.2 0 𝑸𝒐𝑺 1 1 2 31 2 31 2 4
  • 29. University of Stuttgart IPVS Research Group “Distributed Systems” Related Work • Semantic location obfuscation (PROBE framework by Damiani et al. 2010) + Cloak individual sensitive visits with neighboring non-sensitive venues − Sensitivity of location categories is not related to an individual’s visit-frequency • Venue Recommendation techniques (Riboni et al. 2014, Zhang et al. 2014) +Offline publishing of check-in history statistics in a differentially private manner −Require Trusted parties for implementing the privacy algorithm −Cannot be used for online location sharing • Distributed Location Management (Duerr et al. at Percom 2011) +No single-point-of-failure −For single locations without considering location semantics 20
  • 30. University of Stuttgart IPVS Research Group “Distributed Systems” Conclusion & Future Work • Frequent locations naturally pose a privacy threat by revealing user interests • Distributing location information in LS infrastructure  promising privacy solution • Proposed an algorithm for controlled sharing of frequent locations ◦ Hides frequent locations from: ▪ User-aware attackers ▪ Population-aware attackers • Future Work ◦ Integrate existing single-location semantic obfuscation approaches for forming a comprehensive privacy mechanism 21
  • 31. University of Stuttgart IPVS Research Group “Distributed Systems” Contact and Discussion www.priloc.de Zohaib Riaz Institute for Parallel and Distributed Systems, University of Stuttgart, Germany zohaib.riaz@ipvs.uni-stuttgart.de