Upload
rachel-cain
View
220
Download
0
Embed Size (px)
DESCRIPTION
Motivation
Citation preview
Preserving Privacy GPS Traces via Uncertainty-Aware Path Cloaking
Baik Hoh, Marco Gruteser, Hui Xiong, Ansaf Alrabady
Presenter:Yao Lu
ECE 256, Spring 11Duke University
2
Overview
Introduction Problem Statement Previous work Proposed method Evaluation Discussion
Motivation
Motivation
Motivation
Adversary Model
• Use successive location samples from a vehicle to reconstruct its path mix of various samples belonging to several vehicles.
• Predict the target position using the last known speed and heading information and then decide which next sample to link to the same vehicle.
• If multiple candidate samples exist, choose the one with the highest a posteriori probability based on a probability model of distance and time deviations from the prediction.
• If several of these samples appear similar to each other, no decision with high certainty is possible and tracking stops.
Problem Statement
• Objective1. Privacy Protection: Guarantee strong anonymity in high
and low density areas2. Data quality: Provide sufficient information for traffic
monitoring
• Assumptions1. Trustworthy server to execute centralized algorithm2. Adversary has no priori information of the tracking
subject
When two paths cross
Existing privacy algorithms
K-anonymity: to generalize a data record until it is indistinguishable from
the records of at least k-1 other individuals
Existing privacy algorithms Subsampling
Privacy Metrics
• Mean Time To Confusion (MTTC)• Tracking Uncertainty
ii ppH log
Uncertainty calculation 1
ii ppH log.3id
i ep
ˆ.1
i
ii p
ppˆ
ˆ.2
41.0H
Uncertainty calculation 2
ii ppH log.3id
i ep
ˆ.1
i
ii p
ppˆ
ˆ.2
56.0H
Path Privacy-Preserving Mechanism
• Only reveal locations samples when (1)time since the last point of confusion is
less than the maximum time to confusion
(2)at the current time tracking uncertainty is above the uncertainty threshold
Reacquisition Tracking Model• Time Window w=10Minutes.
• After the confusion Timeout expires: Each released sample need to maintainconfusion from the last released positions within the window
• Before the confusion Timeout expires:Each released sample need to maintain confusion to any released samples within the windows
Evaluation: Data Set
• week-long GPS traces of 233 probe vehicles on a 70km-by-70km area
• 1 minute sampling period
• Overlay it into day-long traces of 2000 vehicles
• Metrics: Tracking time and (relative) weighted road coverage
• Baseline algorithm: random sampling with probability p
Evaluation: Protection Against Target Tracking-
Bounded Tracking Time without Reacquisition
• Uncertainty-aware privacy algorithm limits time to confusion to 5 min while random sampling algorithm’s TTC is a lot longer
• Uncertainty-aware privacy algorithm can release up to 92.5% of the original location samples while random sampling has to remove more samples
Evaluation: Protection Against Target Tracking-
Dependence on Reacquisition and Density
• TTC of uncertainty-aware privacy algorithm is shorter than subsampling algorithm
Evaluation: Protection Against Target Tracking
• In very low density scenarios, uncertainty-aware privacy algorithm preserves
maximum TTC guarantee of 5 min by removing more samples while subsampling allows a longer maximum TTC
Evaluation: Quality of Service Analysis
• Achieves a relative weighted road coverage similar to that of original location traces
Conclusion & Future Work• Conclusion:1. Proposed time-to-confusion metric to characterize location privacy2. Uncertainty-aware Path Cloaking outperforms existing algorithm
in privacy protection in low density areas with good data quality
• Future Work1. Adversary with a priori knowledge2. Without a trustworthy location server3. Track vehicles by speed information4. Group of vehicles with the same starting point, destination and move together
Questions & Thoughts