Date post: | 19-Jun-2015 |
Category: |
Technology |
Upload: | berkeragir |
View: | 393 times |
Download: | 0 times |
Semantic and Sensitivity Aware
Location-Privacy Protection for the
Internet of Things
Berker Ağır, Jean-Paul Calbimonte, Karl AbererWorkshop on Society, Privacy and the Semantic Web - Policy and
Technology 2014
20 October 2014
Introduction
• Online Devices
• more infiltrating in daily life
• online services & applications
• They are capable of sensing
their environment and context
GPS
Accelerometer
Barometer
Thermometer
2
Privacy Under Threat
• Honest but curious server
• Exploits all available data
• With limited computational
power, tries to infer private
information
Background
knowledge on
user history
User Events
Process according to
objectives
Perform
attack
Observed
events
Privacy
Protection
Mechanism(s)
Application Server
3
Location Privacy
• Location data carries highly contextual information
• Activity tracking
• Inferring habits
• Physical assault
• Rich sensor environment and continuous
connectivity
• A non-stop and unbalanced threat on privacy
4
Common Location-Privacy Protection
Approaches
?Obfuscation
Perturbation
Hiding
Anonymization
Actual location
Observed locations
5
Shortcomings of Existing Approaches
• Location information is multi-
dimensional
• Semantics
• Not every location / semantic
tag might have the same
importance in terms of privacy
• Home location
• Hospitals, restaurants
• Overprotection
• Service degradation
6
Smart Adversaries and Strategies
• Privacy has to be evaluated w.r.t. a real attack
scenario
• Adaptive protection mechanisms on user device
• Move against each other in a strategic game
• Location Semantics
• User Mobility History
• Common-knowledge sensitivities
→ Inference
• Location Semantics
• Adversary Modelling
• Sensitivity Profile
→ Real-Time Adaptive Protection
UserAdversary
7
Adaptive Location Privacy Protection
8
Adaptive Privacy Protection Mechanisms
Privacy
Estimation
Module
EstimateCandidate
obfuscation area
Sensitivity ProfileGeographical & Semantic
User History
• Adaptive approach: Past behavior is considered before making a privacy decision
• Causality and physical feasibility between transitions
Sensitivity Profile Configuration
Android application allowing to set semantic and geography based sensitivity levels
9
Adaptive Protection in Action
10
Low sensitivity - university High sensitivity - hospital
Semantic Location Privacy
• What about the privacy of the semantics?
• Location might not matter as long as the user activity is
unknown
11
Cinema?
Pharmacy?
Hotel?
Hospital?
Bar?
Evaluating Privacy
• What is the adversary’s error in inferring
• users’ geographical locations?
• the semantics of user locations?
• How confident is the adversary?
• Probabilistic nature of inference
• What is the user’s desired privacy level (i.e.,
sensitivity) for
• his geographical location?
• the semantics of his location?
12
Next Steps & Future Work
• Model & implement inference considering location
semantics and user sensitivities
• Inferring user activity from a collection of location
and semantic tag series
• Private attributes such as age, gender, occupation
• Reasoning about causality in the semantic level
• Going to a cinema after having dinner at a nearby
restaurant
13
Future Work
14
Health-care
(x, y) coordinatesGeographical
Semantics
VisitInteractions/
RelationshipsWork Treatment
Has sick
friendAttributes
Is Doctor
Is Nurse
Has
Broken Leg
Has
Cancer
Work PlaceBusiness
Has
customer
UserAdversary