A Mobile Terminal Based
Trajectory Preserving Strategy for
Continuous Querying LBS Users
Yunxia Feng,
Peng Liu,
Jianhui Zhang
May 16 - 18, 2012 Hangzhou, China
IEEE DCOSS '12
———
Introduction
Problem Description and Assumptions
Overview of Virtual Avatar (VAvatar)
Performance Evaluation
Conclusion
Contents
Privacy Threats in Location-based Services
Introduction
In order to enjoy location based services (LBS), messages sent
by a user should include his current location information.
Without safeguards, query messages pose a severe privacy risk
exposing users to constant identification and tracking
throughout the day.
For LBS users:
Real-time anonymity of
location/trajectory is essential
Introduction
Central;
Complicated;
Can not be implemented on mobile terminals;
Need a third party server to implement.
Shortcomings of Current Approaches
Typical Architecture of Current Resolutions
Location-based Database Server
Location Anonymization Server
End Users
Complicated;
Third part
Introduction
Problem Description and Assumptions
Overview of Virtual Avatar (VAvatar)
Performance Evaluation
Conclusion
Contents
Problem Description and Assumptions
Our purpose: protect users from being tracked by
linking the user with his trajectory information.
The problem of mobile terminal based trajectory
preserving for continuous query users in LBS systems.
Problem Description
Architecture of the LBS system
Components of the system: LBS server
Routers/Wireless Access Points (APs)
Mobile Terminals
Problem Description and Assumptions
There is no third part server to provide privacy anonymity;Users send location-related queries periodically to LBS servers;Communications (queries/replies) are relayed by AP & routers.Communication links (both wireless and wired links) are safe.LBS server has a map, which precision is fine enough to
accurately locate any place queried by users. The attacker
Can only access data from the LBS server consistently. Can achieve all communication records from the LBS
server. Can deduce location/trajectory of users by analyzing spatial-
time relationships between communication records.
Assumptions:
Introduction
Problem Description and Assumptions
Overview of Virtual Avatar (VAvatar)
Performance Evaluation
Conclusion
Contents
Basic Idea of VAvator
Users sends both true and fake queries to the
LBS server.
Fake queries are selected and scheduled carefully
so that multiple reliable trajectories are achieved
from the view point of a third part.
An Example
The Corresponding Map taken in this example:
Possible paths established by the attacker in each phase
Phase 1 Phase 2 Phase 3 Phase 4
1, 2 5, 3, 7 4, 9, 6 D1, D, 5, 8, D2
Queries are sent in each phases (time period):
Basic Idea of VAvator
Suppose that the trajectory of the user is: S 3 6 5 9 D
Reasons Attacker may distinguish noisy data from true position data if
they are chosen arbitrary by analyzing spatio-temporal relationships among communication records.
The trajectory is affected by multiple factors, such as type of
the, the trip purpose, real-time traffic condition and etc.
Problems that Vavatar should resolve Interrupt spatial temporal relationships among locations
(included in both true queries and fake queries). Consider impacts of several factors such as type of query time,
the vehicle, the trip purpose, real-time traffic condition of the
specific road, and etc.
Challenges Vavatar Faces
Resolutions Vavatar Adopts
A. Noisy Location Selection Strategy(Rules)
(a) Public Locations Near (Within) Markable Places
(b) Independent Selection
(c) Places with Real-time Traffic Information
(d) Redundant Inquiries
Metrics: real and reachable
Resolutions Vavatar Adopts (cont.)
(a) The Normal Scheduling Strategy
B. Query Scheduling Strategy
ϵ : a small positive number, which is decided by both V and v. μ : a positive number, which value is: ϵ < μ < p∙v.P: a positive pure decimal fraction. Δt: an experiential parameter to denote impacts of other factors (eg: trip goal and the location type)Both ϵ and μ are used here to adjust the value of v.
d: distance between two noisy locations;V: upper velocity;v: the real-time velocity of the path δt: possible additional traveling time.
Meanings of Inputs:
T: time period between two fake queries.
Meanings of Outputs
Values of other Parameters:
(b) The Disordered Scheduling Strategy
It is especially suitable when
virtual paths have intersections with true path.
path segments near intersections where there are
multiple entrances and exits of alternative paths.
The query sequence is disordered purposely to interrupt
spatio-temporal relationships between communication
data.
Resolutions Vavatar Adopts (cont.)
B. Query Scheduling Strategy
Introduction
Problem Description and Assumptions
Overview of Virtual Avatar (VAvatar)
Performance Evaluation
Conclusion
Contents
Performance Evaluation
A. Analysis of Trajectory Preservation Degree
TPD (Trajectory Preservation Degree): the number of feasible paths achieved from the viewpoint of attacker.
NC (NC > 1) : the total number of distinct candidate paths at that time.
pr(0 ≤ pr ≤ 1): the trajectory risk possibility faced by the user at time tc.
δ (0 ≤ δ ≤ 1): an empirical parameter. The more the spatial-time complexity of nodes is, the larger the value of δ will be.
Evaluation Matric:
Performance Evaluation
B. Experiments & Results
Consider the scenario where users keep moving. Select candidate paths of true paths and virtual paths from a
digital map from a publicly accessible portal. Every user uses 3-5 virtual paths independently.
Implement two modes: All virtual paths start at the same time; Starting time of virtual paths are independent from each other.
Users are divided into two groups Users in the first group do not adopts VAvatar;
Data are used as metrics to find candidate paths for attackers. Users in the second group adopts Vavatar.
Performance Evaluation
All candidate paths taken by 3 users in the experiments:
Performance Evaluation
TABLE Detailed Paths Information of 3 Users:
Results and Analysis
Results achieved by user 1
Candidate trajectories analysisRelationships between time and distance
The starting time of users impacts the average velocity of the same road. This makes it more difficult for the attacker to distinguish true trajectory from false paths.
Results and Analysis:
Energy consumption under different scheduling strategies (n=4) n : the ratio between true queries and false queries
random_i and syn_i (i = 1, 2) denotes the average energy consumption results of user i when he adopts distinct and continuous scheduling strategy, respectively.
Introduction
Problem Description and Assumptions
Overview of Virtual Avatar (VAvatar)
Performance Evaluation
Conclusions
Contents
Conclusions
Proposed a trajectory preservation scheme
Does not need additional third part servers.
Can be implemented on the smart mobile terminals.
Does not need multiple number of users.
Achieves efficient location & trajectory protection
with endurable overheads.
Thanks Q&A ?