Results 1 - 10
of
32
Virtual Trip Lines for Distributed Privacy-Preserving Traffic Monitoring
, 2008
"... Automotive traffic monitoring using probe vehicles with Global Positioning System receivers promises significant improvements in cost, coverage, and accuracy. Current approaches, however, raise privacy concerns because they require participants to reveal their positions to an external traffic monito ..."
Abstract
-
Cited by 120 (28 self)
- Add to MetaCart
(Show Context)
Automotive traffic monitoring using probe vehicles with Global Positioning System receivers promises significant improvements in cost, coverage, and accuracy. Current approaches, however, raise privacy concerns because they require participants to reveal their positions to an external traffic monitoring server. To address this challenge, we propose a system based on virtual trip lines and an associated cloaking technique. Virtual trip lines are geographic markers that indicate where vehicles should provide location updates. These markers can be placed to avoid particularly privacy sensitive locations. They also allow aggregating and cloaking several location updates based on trip line identifiers, without knowing the actual geographic locations of these trip lines. Thus they facilitate the design of a distributed architecture, where no single entity has a complete knowledge of probe identities and fine-grained location information. We have implemented the system with GPS
Mobiscopes for human spaces
- IEEE Pervasive Computing
, 2007
"... The proliferation of affordable mobile devices with processing and sensing capabilities, together with the rapid growth in ubiquitous network connectivity, herald an era of Mobiscopes; networked sensing applications that rely on multiple mobile sensors to accomplish global tasks. These distributed s ..."
Abstract
-
Cited by 90 (11 self)
- Add to MetaCart
(Show Context)
The proliferation of affordable mobile devices with processing and sensing capabilities, together with the rapid growth in ubiquitous network connectivity, herald an era of Mobiscopes; networked sensing applications that rely on multiple mobile sensors to accomplish global tasks. These distributed sensing systems extend the model of traditional sensor networks, introducing challenges in data management, data integrity, privacy, and network system design. While several applications that fit the above description exist in prior literature, they provide tailored one-time solutions to what essentially is the same set of problems. It is time to work towards a general architecture that identifies common challenges and provides a generalizable methodology for the design of future Mobiscopes. Towards that end, this paper surveys a variety of current and emerging mobile, networked, sensing applications; articulates their common challenges; and provides architectural guidelines and design directions for this important
Preserving privacy in gps traces via uncertainty-aware path cloaking
- In Proceedings of ACM CCS 2007
, 2007
"... Motivated by a probe-vehicle based automotive traffic monitoring system, this paper considers the problem of guaranteed anonymity in a dataset of location traces while maintaining high data accuracy. We find through analysis of a set of GPS traces from 233 vehicles that known privacy algorithms cann ..."
Abstract
-
Cited by 60 (5 self)
- Add to MetaCart
(Show Context)
Motivated by a probe-vehicle based automotive traffic monitoring system, this paper considers the problem of guaranteed anonymity in a dataset of location traces while maintaining high data accuracy. We find through analysis of a set of GPS traces from 233 vehicles that known privacy algorithms cannot meet accuracy requirements or fail to provide privacy guarantees for drivers in low-density areas. To overcome these challenges, we develop a novel time-toconfusion criterion to characterize privacy in a location dataset and propose an uncertainty-aware path cloaking algorithm that hides location samples in a dataset to provide a time-to-confusion guarantee for all vehicles. We show that this approach effectively guarantees worst case tracking bounds, while achieving significant data accuracy improvements.
AMOEBA: Robust Location Privacy Scheme for VANET
- IEEE Journal on Selected Areas in Communications
, 2007
"... Abstract — Communication messages in vehicular ad hoc networks (VANET) can be used to locate and track vehicles. While tracking can be beneficial for vehicle navigation, it can also lead to threats on location privacy of vehicle user. In this paper, we address the problem of mitigating unauthorized ..."
Abstract
-
Cited by 41 (3 self)
- Add to MetaCart
(Show Context)
Abstract — Communication messages in vehicular ad hoc networks (VANET) can be used to locate and track vehicles. While tracking can be beneficial for vehicle navigation, it can also lead to threats on location privacy of vehicle user. In this paper, we address the problem of mitigating unauthorized tracking of vehicles based on their broadcast communications, to enhance the user location privacy in VANET. Compared to other mobile networks, VANET exhibits unique characteristics in terms of vehicular mobility constraints, application requirements such as a safety message broadcast period, and vehicular network connectivity. Based on the observed characteristics, we propose a scheme called AMOEBA, that provides location privacy by utilizing the group navigation of vehicles. By simulating vehicular mobility in freeways and streets, the performance of the proposed scheme is evaluated under VANET application constraints and two passive adversary models. We make use of vehicular groups for anonymous access to location based service applications in VANET, for user privacy protection. The robustness of the user privacy provided is considered under various attacks. I.
On the optimal placement of mix zones
- in Privacy Enhancing Technologies, 2009
"... Abstract. In mobile wireless networks, third parties can track the location of mobile nodes by monitoring the pseudonyms used for identification. A frequently proposed solution to protect the location privacy of mobile nodes suggests changing pseudonyms in regions called mix zones. In this paper, we ..."
Abstract
-
Cited by 37 (17 self)
- Add to MetaCart
(Show Context)
Abstract. In mobile wireless networks, third parties can track the location of mobile nodes by monitoring the pseudonyms used for identification. A frequently proposed solution to protect the location privacy of mobile nodes suggests changing pseudonyms in regions called mix zones. In this paper, we propose a novel metric based on the mobility profiles of mobile nodes in order to evaluate the mixing effectiveness of possible mix zone locations. Then, as the location privacy achieved with mix zones depends on their placement in the network, we analyze the optimal placement of mix zones with combinatorial optimization techniques. The proposed algorithm maximizes the achieved location privacy in the system and takes into account the cost induced by mix zones to mobile nodes. By means of simulations, we show that the placement recommended by our algorithm significantly reduces the tracking success of the adversary. 1
Pseudonym Changing at Social Spots: An Effective Strategy for Location Privacy in VANETs
"... in vehicular ad hoc networks (VANETs), location privacy is imperative for the full flourish of VANETs. Although frequent pseudonym changing provides a promising solution for location privacy in VANETs, if the pseudonyms are changed in an improper time or location, such a solution may become invalid. ..."
Abstract
-
Cited by 34 (15 self)
- Add to MetaCart
(Show Context)
in vehicular ad hoc networks (VANETs), location privacy is imperative for the full flourish of VANETs. Although frequent pseudonym changing provides a promising solution for location privacy in VANETs, if the pseudonyms are changed in an improper time or location, such a solution may become invalid. To cope with the issue, in this paper, we present an effective pseudonym changing at social spots (PCS) strategy to achieve the provable location privacy. Specifically, we first introduce the social spots where many vehicles may gather, e.g., a road intersection when the traffic light turns red or a free parking lot near a shopping mall. By taking the anonymity set size (ASS) as the location privacy metric, we then develop two anonymity set analytic models to quantitatively investigate the location privacy achieved by the PCS strategy. In addition, we use game theoretic techniques to prove the feasibility of PCS strategy in practice. Extensive performance evaluations are conducted to demonstrate that better location privacy can be achieved when a vehicle changes its pseudonyms at some highly social spots, and the proposed PCS strategy can assist vehicles to intelligently change their pseudonyms at the right moment and place.
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services
"... Abstract—Today’s location-sensitive service relies on user’s mobile device to determine its location and send the location to the application. This approach allows the user to cheat by having his device transmit a fake location, which might enable the user to access a restricted resource erroneously ..."
Abstract
-
Cited by 31 (8 self)
- Add to MetaCart
(Show Context)
Abstract—Today’s location-sensitive service relies on user’s mobile device to determine its location and send the location to the application. This approach allows the user to cheat by having his device transmit a fake location, which might enable the user to access a restricted resource erroneously or provide bogus alibis. To address this issue, we propose A Privacy-Preserving LocAtion proof Updating System (APPLAUS) in which co-located Bluetooth enabled mobile devices mutually generate location proofs, and update to a location proof server. Periodically changed pseudonyms are used by the mobile devices to protect source location privacy from each other, and from the untrusted location proof server. We also develop user-centric location privacy model in which individual users evaluate their location privacy levels in real-time and decide whether and when to accept a location proof exchange request based on their location privacy levels. APPLAUS can be implemented with the existing network infrastructure and the current mobile devices, and can be easily deployed in Bluetooth enabled mobile devices with little computation or power cost. Extensive experimental results show that our scheme, besides providing location proofs effectively, can significantly preserve the source location privacy. I.
A distortion-based metric for location privacy
- In ACM WPES
, 2009
"... We propose a novel framework for measuring and evaluating location privacy preserving mechanisms in mobile wireless networks. Within this framework, we first present a formal model of the system, which provides an efficient representation of the network users, the adversaries, the location privacy p ..."
Abstract
-
Cited by 28 (16 self)
- Add to MetaCart
(Show Context)
We propose a novel framework for measuring and evaluating location privacy preserving mechanisms in mobile wireless networks. Within this framework, we first present a formal model of the system, which provides an efficient representation of the network users, the adversaries, the location privacy preserving mechanisms and the resulting location privacy of the users. This model is general enough to accurately express and analyze a variety of location privacy metrics that were proposed earlier. By using the proposed model, we provide formal representations of four metrics among the most relevant categories of location privacy metrics. We also present a detailed comparative analysis of these metrics based on a set of criteria for location privacy measurement. Finally, we propose a novel and effective metric for measuring location privacy, called the distortion-based metric, which satisfies these criteria for privacy measurement and is capable of capturing the mobile users ’ location privacy more precisely than the existing metrics. Our metric estimates location privacy as the expected distortion in the reconstructed users ’ trajectories by an adversary.
A Unified Framework for Location Privacy
, 2010
"... Abstract. We introduce a novel framework that provides a logical structure for identifying, classifying and organizing fundamental components, assumptions, and concepts of location privacy. Our framework models mobile networks and applications, threats, location-privacy preserving mechanisms, and me ..."
Abstract
-
Cited by 17 (11 self)
- Add to MetaCart
(Show Context)
Abstract. We introduce a novel framework that provides a logical structure for identifying, classifying and organizing fundamental components, assumptions, and concepts of location privacy. Our framework models mobile networks and applications, threats, location-privacy preserving mechanisms, and metrics. The flow of information between these components links them together and explains their interdependencies. We demonstrate the relevance of our framework by showing how the existing achievements in the field of location privacy are embodied appropriately in the framework. Our framework provides “the big picture ” of research on location privacy and hence aims at paving the way for future research. 1
Search me if you can: privacy-preserving location query service
- in IEEE INFOCOM
, 2013
"... Abstract—Location-Based Service (LBS) becomes increasingly popular with the dramatic growth of smartphones and social network services (SNS), and its context-rich functionalities attract considerable users. Many LBS providers use users ’ location information to offer them convenience and useful func ..."
Abstract
-
Cited by 16 (10 self)
- Add to MetaCart
Abstract—Location-Based Service (LBS) becomes increasingly popular with the dramatic growth of smartphones and social network services (SNS), and its context-rich functionalities attract considerable users. Many LBS providers use users ’ location information to offer them convenience and useful functions. However, the LBS could greatly breach personal privacy because location itself contains much information. Hence, preserving location privacy while achieving utility from it is still an challeng-ing question now. This paper tackles this non-trivial challenge by designing a suite of novel fine-grained Privacy-preserving Location Query Protocol (PLQP). Our protocol allows different levels of location query on encrypted location information for different users, and it is efficient enough to be applied in mobile platforms. I.