PrivacySensitivityInParticipatorySensing

advertisement
Preserving Privacy in
Participatory Sensing Systems
Authors: Kuan Lun Huang, Salil S. Kanhere (School of CS & Engg., The
University of New South Wales, Sydney, Australia),
Wen Hu (Autonomous Systems Lab, CSIRO ICT Centre, Australia)
Journal: Computer Communications (Vol 33 Issue 11, July ‘10)
Publisher: Butterworth-Heinemann Newton, MA, USA (Partly published at
PerSeNs ’09)
Presented by: Sara Gaffar
Contents






Introduction
A review of AnonySense
Related Work
System Model & Motivating example
Implementation & Evaluation
Important References
Two Major Attributes
This paper focuses on the spatial and
temporal privacy of users, the two universal
attributes expected to be included in user
reports for all participatory sensing
applications.
Assumptions


The adversary does not know true values of
time and location of user reports. However,
the adversary has means to find out the
temporal and spatial properties of his
victims.
The adversary is able to observe submitted
reports (eavesdropping).
AnonySense Architecture
Tessellation & Generalization
Perturbation Techniques


Microaggregation and VMDAV
Interpretation by Application Server by
Euclidean Distance: In the Euclidean plane,
if p = (p1, p2) and q = (q1, q2) then the
distance is given by:
d(p,q) = √(p1-q1)² + (p2-q2)²
Problems with k-anonymity



Tessellation & Generalization
Identity disclosure
Attribute disclosure




Background Knowledge Attack
Homogeneity Attack
The example of Bob
L-diversity
System Model
Anonymization Server (AS)
Petrolwatch



An application which allows users to collect,
contribute and share fuel pricing information
using camera phones.
Fuel prices are annotated with location
coordinates of the service station and the
time at which the capture takes place, and
uploaded to the application server.
Users can query the server to locate the
cheapest petrol station in their vicinity.
K-anonymous Privacy-Preserving
Schemes




Tessellation
Tessellation with tile center reporting
(TwTCR)
Location anonymization with
microaggregation - VMDAV
Location anonymization with Hybrid
microaggregation
VMDAV Pseudo code
Hybrid Microaggregation


VMDAV enables an application to make
better decisions when user distributions
across different areas are relatively
consistent
On the contrary, in areas with dense
distribution of users, TwTCR performs
better
Gaussian Input Perturbation


Why trust the AS?
Perturbation Scheme – Artificially distort a
user’s location prior to updating the AS.
L-Diversity


Spatial AND temporal privacy
Homogeneity and background knowledge
attack
Eg.: 3-Anonymous Petrolwatch
Example of 2-Diversity in terms
of location
Two Issues


Semantic relationship between locations
Timing accuracy
LD-VMDAV
1st Step:
2nd Step:
Evaluation
Metrics

Application accuracy: Positive
Identification Percentage (PIP)

Errors introduced by anonymization –
Information Loss (IL)
Hybrid-VMDAV

Improves percentage of positive
identifications made by an application
server by up to 100% and decreases amount
of information loss by about 40%
LD-VMDAV Vs k-anonymity
References


Cory Cornelius , Apu Kapadia , David Kotz , Dan Peebles , Minho Shin ,
Nikos Triandopoulos, Anonysense: privacy-aware people-centric sensing,
Proceeding of the 6th international conference on Mobile systems,
applications, and services, June 17-20, 2008, Breckenridge, CO, USA
A. Solanas, A Martinez-Baellest. V-MDAV: a multivariate microaggregation
with variable group size, in: 17th COMPSTAT Symposium of the IASC,
Rome, 2006.
Download