Towards new methods for mobility data gathering: content, sources, incentives

Over the past decade, huge amounts of work has been done in mobile and opportunistic networking research. Unfortunately, much of this has had little impact as the results have not been applicable to reality, due to incorrect assumptions and models used in the design and evaluation of the systems. In this paper, we outline some of the problems of the assumptions of early research in the field, and provide a survey of some initial work that has started to take place to alleviate this through more realistic modelling and measurements of real systems. We do note that there is still much work to be done in this area, and then go on to identify some important properties of the network that must be studied further. We identify the types of data that are important to measure, and also give some guidelines on finding existing and potentially new sources for such data and incentivizing the holders of the data to share it

9 Squares: Framing Data Privacy Issues

open access articleIn order to frame discussions on data privacy in varied contexts, this paper introduces a categorisation of personal data along two dimensions. Each of the nine resulting categories offers a significantly different flavour of issues in data privacy. Some issues can also be perceived as a tension along a boundary between different categories. The first dimension is data ownership: who holds or publishes the data. The three possibilities are “me”, i.e. the data subject; “us”, where the data subject is part of a community; and “them”, where the data subject is indeed a subject only. The middle category contains social networks as the most interesting instance. The amount of control for the data subject moves from complete control in the “me” category to very little at all in the “them” square – but the other dimension also plays a role in that. The second dimension has three possibilities, too, focusing on the type of personal data recorded: “attributes” are what would traditionally be found in databases, and what one might think of first for “data protection”. The second type of data is “stories”, which is personal data (explicitly) produced by the data subjects, such as emails, pictures, and social network posts. The final type is “behaviours”, which is (implicitly) generated personal data, such as locations and browsing histories. The data subject has very little control over this data, even in the “us” category. This lack of control, which is closely related to the business models of the “us” category, is likely the major data privacy problem of our time

Privacy in Inter-Vehicular Networks: Why simple pseudonym change is not enough

Inter-vehicle communication (IVC) systems disclose rich location information about vehicles. State-of-the-art security architectures are aware of the problem and provide privacy enhancing mechanisms, notably pseudonymous authentication. However, the granularity and the amount of location information IVC protocols divulge, enable an adversary that eavesdrops all traffic throughout an area, to reconstruct long traces of the whereabouts of the majority of vehicles within the same area. Our analysis in this paper confirms the existence of this kind of threat. As a result, it is questionable if strong location privacy is achievable in IVC systems against a powerful adversary.\u

Time Distortion Anonymization for the Publication of Mobility Data with High Utility

An increasing amount of mobility data is being collected every day by different means, such as mobile applications or crowd-sensing campaigns. This data is sometimes published after the application of simple anonymization techniques (e.g., putting an identifier instead of the users' names), which might lead to severe threats to the privacy of the participating users. Literature contains more sophisticated anonymization techniques, often based on adding noise to the spatial data. However, these techniques either compromise the privacy if the added noise is too little or the utility of the data if the added noise is too strong. We investigate in this paper an alternative solution, which builds on time distortion instead of spatial distortion. Specifically, our contribution lies in (1) the introduction of the concept of time distortion to anonymize mobility datasets (2) Promesse, a protection mechanism implementing this concept (3) a practical study of Promesse compared to two representative spatial distortion mechanisms, namely Wait For Me, which enforces k-anonymity, and Geo-Indistinguishability, which enforces differential privacy. We evaluate our mechanism practically using three real-life datasets. Our results show that time distortion reduces the number of points of interest that can be retrieved by an adversary to under 3 %, while the introduced spatial error is almost null and the distortion introduced on the results of range queries is kept under 13 % on average.Comment: in 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Aug 2015, Helsinki, Finlan

Link Prediction by De-anonymization: How We Won the Kaggle Social Network Challenge

This paper describes the winning entry to the IJCNN 2011 Social Network Challenge run by Kaggle.com. The goal of the contest was to promote research on real-world link prediction, and the dataset was a graph obtained by crawling the popular Flickr social photo sharing website, with user identities scrubbed. By de-anonymizing much of the competition test set using our own Flickr crawl, we were able to effectively game the competition. Our attack represents a new application of de-anonymization to gaming machine learning contests, suggesting changes in how future competitions should be run. We introduce a new simulated annealing-based weighted graph matching algorithm for the seeding step of de-anonymization. We also show how to combine de-anonymization with link prediction---the latter is required to achieve good performance on the portion of the test set not de-anonymized---for example by training the predictor on the de-anonymized portion of the test set, and combining probabilistic predictions from de-anonymization and link prediction.Comment: 11 pages, 13 figures; submitted to IJCNN'201

Spatio-Temporal Techniques for User Identification by means of GPS Mobility Data

One of the greatest concerns related to the popularity of GPS-enabled devices and applications is the increasing availability of the personal location information generated by them and shared with application and service providers. Moreover, people tend to have regular routines and be characterized by a set of "significant places", thus making it possible to identify a user from his/her mobility data. In this paper we present a series of techniques for identifying individuals from their GPS movements. More specifically, we study the uniqueness of GPS information for three popular datasets, and we provide a detailed analysis of the discriminatory power of speed, direction and distance of travel. Most importantly, we present a simple yet effective technique for the identification of users from location information that are not included in the original dataset used for training, thus raising important privacy concerns for the management of location datasets.Comment: 11 pages, 8 figure

Privacy-Friendly Mobility Analytics using Aggregate Location Data

Location data can be extremely useful to study commuting patterns and disruptions, as well as to predict real-time traffic volumes. At the same time, however, the fine-grained collection of user locations raises serious privacy concerns, as this can reveal sensitive information about the users, such as, life style, political and religious inclinations, or even identities. In this paper, we study the feasibility of crowd-sourced mobility analytics over aggregate location information: users periodically report their location, using a privacy-preserving aggregation protocol, so that the server can only recover aggregates -- i.e., how many, but not which, users are in a region at a given time. We experiment with real-world mobility datasets obtained from the Transport For London authority and the San Francisco Cabs network, and present a novel methodology based on time series modeling that is geared to forecast traffic volumes in regions of interest and to detect mobility anomalies in them. In the presence of anomalies, we also make enhanced traffic volume predictions by feeding our model with additional information from correlated regions. Finally, we present and evaluate a mobile app prototype, called Mobility Data Donors (MDD), in terms of computation, communication, and energy overhead, demonstrating the real-world deployability of our techniques.Comment: Published at ACM SIGSPATIAL 201

Context-based Pseudonym Changing Scheme for Vehicular Adhoc Networks

Vehicular adhoc networks allow vehicles to share their information for safety and traffic efficiency. However, sharing information may threaten the driver privacy because it includes spatiotemporal information and is broadcast publicly and periodically. In this paper, we propose a context-adaptive pseudonym changing scheme which lets a vehicle decide autonomously when to change its pseudonym and how long it should remain silent to ensure unlinkability. This scheme adapts dynamically based on the density of the surrounding traffic and the user privacy preferences. We employ a multi-target tracking algorithm to measure privacy in terms of traceability in realistic vehicle traces. We use Monte Carlo analysis to estimate the quality of service (QoS) of a forward collision warning application when vehicles apply this scheme. According to the experimental results, the proposed scheme provides a better compromise between traceability and QoS than a random silent period scheme.Comment: Extended version of a previous paper "K. Emara, W. Woerndl, and J. Schlichter, "Poster: Context-Adaptive User-Centric Privacy Scheme for VANET," in Proceedings of the 11th EAI International Conference on Security and Privacy in Communication Networks, SecureComm'15. Dallas, TX, USA: Springer, June 2015.

Ideal Meeting Location According to User privacy

Outfitted with cutting edge Smartphone and cell phones, today's exceptionally interconnected urban populace is progressively reliant on these contraptions to sort out and arrangement their everyday lives. These applications frequently depend on current (or favored) areas of individual clients or a gathering of clients to give the sought administration, which imperils their security; clients would prefer essentially not to uncover their current (or preferred) locations to the administration supplier or to other, potentially untrusted, clients. In this paper, we propose protection saving calculations for deciding an ideal meeting area for a gathering of clients. We perform an intensive security assessment by formally measuring protection loss of the proposed methodologies. With a specific end goal to concentrate on the execution of our calculations in a genuine organization, we actualize and test their execution effectiveness. By method for a focused on client study, we endeavor to get an understanding into the protection familiarity with clients in area based administrations and the convenience of the proposed solutions.[1