Preserving Privacy in Location-Based Services

using Sudoku Structures

A Presentation for ICISS-2014

IDRBT, Hyderabad

Authors : Sumitra Biswal, Goutam Paul & Shashwat Raizada

OUTLINE

• Introduction – case study• Location Privacy : Concept and background• Limitations encountered• Objective of the paper• Proposed Mechanism• Preventive measures against adversarial

attacks• Experimentations and inference• ConclusionNOTE: The presentation contains instances and certain pictures referred from internet

Introduction : Case Study

• Location Based Services (LBS) offer services anytime and anywhere.– Automate multiple tasks.– Quicker and given refined

facilities.– Time saving.

• Services seek Location to provide “Intelligent” service.

• LBS dark aspects – profit oriented, no guaranteed proof of secure data handling.

Retrieved from http://www.navigadget.com/index.php/2006/03/23/location-based-services-without-a-gps-receiver

Retrieved from http://www.consumerreports.org/cro/news/2011/06/senate-introduces-mobile-location-privacy-bill/index.htm

LBS post user target ads using location and time of

visit details• LBS owing to new Privacy Bills claim

their concern for user privacy.• No guaranteed proof of data security and

privacy found yet.

INEVITABLE QUESTION

“If you aren't doing anything wrong, what do you have to hide?”

MUCH MORE INEVITABLE ANSWER

“If I'm not doing anything wrong, then you have no cause to watch me.”

- Ref. (“The value of Privacy” - Schneier on Security)

Consistently keeping track of records with a notion of suspicion is “Spying” and is objectionable.

Retrieved from http://www.adweek.com/news-gallery/technology/how-pg-unilever-and-campbells-are-targeting-foursquare-check-ads-154536#holiday-nog-2

Location Privacy: A growing concern among users

52% respondents express concern with sharing their location

49% would be comfortable if they can clearly manage who sees their location information

84% concerned about sharing information without consent and losing privacy thereafter.

Location Privacy : Concept and background

Retrieved from http://news.microsoft.com/2011/01/26/data-privacy-day-tackles-concerns-as-location-based-services-grow-in-popularity/

Almost one-quarter of respondents said their greatest privacy concern was having their information used for marketing purposes.

The same percentage of people named having strangers know too much about their activities as their top worry.

Retrieved from http://www.marketresearchworld.net/content/view/4867/48/

Google Play developer Content Policy (with effect from August 2014)

Retrieved from http://www.futureofprivacy.org/2014/01/15/a-cutting-edge-guide-to-privacy-for-not-so-cutting-edge-phones/

Users given privilege to opt out of Promotion based Ads.

LBS not allowed to link Ad Id with user device Identifiers.

In case of violation, services will be cast out.

Yet another creepy incident: Uber watching you using “God View ”

Retrieved from http://thehill.com/policy/technology/225071-uber-ignites-new-privacy-fight

2011 : Stalker view showing locations of 30 Uber users in NY, real time.

Half of the people were familiar.

Notified one of current whereabouts.

Concerned user / victim quits service

Retrieved from http://www.forbes.com/sites/kashmirhill/2014/10/03/god-view-uber-allegedly-stalked-users-for-party-goers-viewing-pleasure/

• Legal policies are not sufficient to counteract the issue. Law and Technology must go hand in hand.

• LBS no more just concern to users, but also for LBS developers and marketeers.

Retrieved from https://www.eff.org/wp/locational-privacy

Limitations Encountered

Pseudonyms. Cloaking- Location Perturbation.

K-Anonymity and Obfuscation.

L-Diversity Technique.

HashingAdding Random Noise.

Not sufficient to ensure privacy

Cannot serve varying

environments

3rd Party usage. Cannot be used unless K-

identical users available.

Entropy alone cannot provide risk levels of

adversary and inference attacks.

Might not help in trajectory mode

of privacy

Cannot cater to

non-uniform domains

Ref : From miscellaneous sources

Objective of the paper

• Address the challenges faced in the field of Pervasive Computing.

• To provide solution against adversarial location service providers.

• To not to use third party service providers for anonymisation and obfuscation purpose.

• To provide cost effective solution to the problems associated.

• To ensure it stands up to adversaries.

Proposed Mechanism

Major challenges exhibited in previous works

– Dependency on Third Parties

– Failure in dynamic environment• Aim : To develop a technique that renders uniformity

as well as preserves uniqueness.• SUDOKU : Principle of two U’s – Uniqueness and

Uniformity.• Level of Confidence degrades at Adversary level and

increases at Users’ end.• Covers Location ,Query and Trajectory Privacy.• Client- Server Architecture. NO Third Parties involved.

Sudoku and its hardness solving properties

• NP – complete problem• Total solutions to a 9X9 grid is approx. • Possess greater Shannon’s entropy than any

randomly generated matrix• Maximum Distance Separable (MDS) matrix• Uniform distribution

Preventive measures against adversarial attacks

• Man in the middle – adversary grabs the response of service provider to find user’s exact location.

• Tracking movement – Collating POIs of user to build profile

Man-in-the middle attack

Area of concern = X sq. Km

Grid order = N

Cellsize =C

Number of grids mapping the area, G = X / (N2 .C2)

Number of each kind of block available , U = G. N = X / (N .C2)

Each block represents user. User’s ubiquity measured by U

E is set of k entities, e1, e2 …ek for a query

di is the ith pairwise distance between entities.

Adversary’s objective : Break user’s ubiquity and nail down exact block of user’s presence.

Adversarial attack complexities

• Scattering of scarce entities:

di ≥ (C√2) i,

• Scattering of abundant amount of entities:

di < (C√2) i,

Using POIs along with time stamp to build profile of user violates trajectory privacy.

Server End :

Using block ID for providing navigation or routes

User End : • Querying source and destination in terms of block ID• Compute appropriate route at device level and navigate• Each navigational route equipped with mix zone

concept and delayed time stamp

Tracking Movement

Experimentations and inferenceIncreasing variability of entities ensures less ubiquity of blocks

Each block represents a user.

User may lose ubiquity with increasing variability

Variability if (Grid Order AND Cellsize )

BLOCK HOSPITALS RESTAURANTS ATM_COUNTERS

1 84 236 470

2 6 14 23

3 4 13 27

4 86 237 480

Grid Order 4 with No. of Entities=1680; Cellsize=500m.

Grid Order 4 with No. of Entities=1680; Cellsize=50m.

BLOCK HOSPITALS RESTAURANTS ATM_COUNTERS

1 49 124 227

2 51 113 251

3 35 135 252

4 45 128 250

Suppose n (i,j) is the number of entities of type j in block i, 1≤ i ≤N, 1 ≤ j ≤M.

To capture the variability amongst the entities within a block, we define the following.

Variability: Sum of Standard Deviation values computed for each kind of entity across the blocks.

Degree of Variability vs. Cellsize for Grid Order 4

Degree of Variability vs. Cellsize for Grid Order 9

Mechanism against Trajectory Privacy Attack . Availability of routes from server for given source and destination

The data records released from user device are sanitized using mix-zone concepts (pseudonym for every block covered), random delay of time recorded for every move and user location replaced with block numbers (anonymization).

Cost Complexity, Ubiquity And Comparisons of H.Kido et al Work and Sudoku - Based Query and Location Privacy

Techniques

Ubiquity and Message cost for Order 4

Ubiquity and Message cost for Order 9

Cellsize Vs. Ubiquity

Cellsize Vs. Answer Message Cost

Conclusion• The paper focuses on :

– Adversarial location service providers– Extracting service without third party involvement– Mitigates unauthorised access to user device data logs– Involves real time coordinates. Improvisation envisaged

using real time meta data.– Provides solution for LBS providers to gain clients’

trust

• Obfuscation + encryption = Enhanced privacy and security

• Thriving challenge to be answered in future:– Resolve trade-off amidst privacy, QoS and cost

Thank you for your attention