90 research outputs found
Towards new methods for mobility data gathering: content, sources, incentives
Over the past decade, huge amounts of work has been done in mobile and opportunistic networking research. Unfortunately, much of this has had little impact as the results have not been applicable to reality, due to incorrect assumptions and models used in the design and evaluation of the systems.
In this paper, we outline some of the problems of the assumptions of early research in the field, and provide a survey of some initial work that has started to take place to alleviate this through more realistic modelling and measurements of real systems. We do note that there is still much work to be done in this area, and then go on to identify some important properties of the network that must be studied further. We identify the types of data that are important to measure, and also give some guidelines on finding existing and potentially new sources for such data and incentivizing the holders of the data to share it
9 Squares: Framing Data Privacy Issues
open access articleIn order to frame discussions on data privacy in varied contexts, this paper introduces a categorisation of personal data along two dimensions. Each of the nine resulting categories offers a significantly different flavour of issues in data privacy. Some issues can also be perceived as a tension along a boundary between different categories.
The first dimension is data ownership: who holds or publishes the data. The three possibilities are âmeâ, i.e. the data subject; âusâ, where the data subject is part of a community; and âthemâ, where the data subject is indeed a subject only. The middle category contains social networks as the most interesting instance. The amount of control for the data subject moves from complete control in the âmeâ category to very little at all in the âthemâ square â but the other dimension also plays a role in that.
The second dimension has three possibilities, too, focusing on the type of personal data recorded: âattributesâ are what would traditionally be found in databases, and what one might think of first for âdata protectionâ. The second type of data is âstoriesâ, which is personal data (explicitly) produced by the data subjects, such as emails, pictures, and social network posts. The final type is âbehavioursâ, which is (implicitly) generated personal data, such as locations and browsing histories. The data subject has very little control over this data, even in the âusâ category. This lack of control, which is closely related to the business models of the âusâ category, is likely the major data privacy problem of our time
Privacy in Inter-Vehicular Networks: Why simple pseudonym change is not enough
Inter-vehicle communication (IVC) systems disclose rich location information about vehicles. State-of-the-art security architectures are aware of the problem and provide privacy enhancing mechanisms, notably pseudonymous authentication. However, the granularity and the amount of location information IVC protocols divulge, enable an adversary that eavesdrops all traffic throughout an area, to reconstruct long traces of the whereabouts of the majority of vehicles within the same area. Our analysis in this paper confirms the existence of this kind of threat. As a result, it is questionable if strong location privacy is achievable in IVC systems against a powerful adversary.\u
Time Distortion Anonymization for the Publication of Mobility Data with High Utility
An increasing amount of mobility data is being collected every day by
different means, such as mobile applications or crowd-sensing campaigns. This
data is sometimes published after the application of simple anonymization
techniques (e.g., putting an identifier instead of the users' names), which
might lead to severe threats to the privacy of the participating users.
Literature contains more sophisticated anonymization techniques, often based on
adding noise to the spatial data. However, these techniques either compromise
the privacy if the added noise is too little or the utility of the data if the
added noise is too strong. We investigate in this paper an alternative
solution, which builds on time distortion instead of spatial distortion.
Specifically, our contribution lies in (1) the introduction of the concept of
time distortion to anonymize mobility datasets (2) Promesse, a protection
mechanism implementing this concept (3) a practical study of Promesse compared
to two representative spatial distortion mechanisms, namely Wait For Me, which
enforces k-anonymity, and Geo-Indistinguishability, which enforces differential
privacy. We evaluate our mechanism practically using three real-life datasets.
Our results show that time distortion reduces the number of points of interest
that can be retrieved by an adversary to under 3 %, while the introduced
spatial error is almost null and the distortion introduced on the results of
range queries is kept under 13 % on average.Comment: in 14th IEEE International Conference on Trust, Security and Privacy
in Computing and Communications, Aug 2015, Helsinki, Finlan
Link Prediction by De-anonymization: How We Won the Kaggle Social Network Challenge
This paper describes the winning entry to the IJCNN 2011 Social Network
Challenge run by Kaggle.com. The goal of the contest was to promote research on
real-world link prediction, and the dataset was a graph obtained by crawling
the popular Flickr social photo sharing website, with user identities scrubbed.
By de-anonymizing much of the competition test set using our own Flickr crawl,
we were able to effectively game the competition. Our attack represents a new
application of de-anonymization to gaming machine learning contests, suggesting
changes in how future competitions should be run.
We introduce a new simulated annealing-based weighted graph matching
algorithm for the seeding step of de-anonymization. We also show how to combine
de-anonymization with link prediction---the latter is required to achieve good
performance on the portion of the test set not de-anonymized---for example by
training the predictor on the de-anonymized portion of the test set, and
combining probabilistic predictions from de-anonymization and link prediction.Comment: 11 pages, 13 figures; submitted to IJCNN'201
Spatio-Temporal Techniques for User Identification by means of GPS Mobility Data
One of the greatest concerns related to the popularity of GPS-enabled devices
and applications is the increasing availability of the personal location
information generated by them and shared with application and service
providers. Moreover, people tend to have regular routines and be characterized
by a set of "significant places", thus making it possible to identify a user
from his/her mobility data.
In this paper we present a series of techniques for identifying individuals
from their GPS movements. More specifically, we study the uniqueness of GPS
information for three popular datasets, and we provide a detailed analysis of
the discriminatory power of speed, direction and distance of travel. Most
importantly, we present a simple yet effective technique for the identification
of users from location information that are not included in the original
dataset used for training, thus raising important privacy concerns for the
management of location datasets.Comment: 11 pages, 8 figure
Privacy-Friendly Mobility Analytics using Aggregate Location Data
Location data can be extremely useful to study commuting patterns and
disruptions, as well as to predict real-time traffic volumes. At the same time,
however, the fine-grained collection of user locations raises serious privacy
concerns, as this can reveal sensitive information about the users, such as,
life style, political and religious inclinations, or even identities. In this
paper, we study the feasibility of crowd-sourced mobility analytics over
aggregate location information: users periodically report their location, using
a privacy-preserving aggregation protocol, so that the server can only recover
aggregates -- i.e., how many, but not which, users are in a region at a given
time. We experiment with real-world mobility datasets obtained from the
Transport For London authority and the San Francisco Cabs network, and present
a novel methodology based on time series modeling that is geared to forecast
traffic volumes in regions of interest and to detect mobility anomalies in
them. In the presence of anomalies, we also make enhanced traffic volume
predictions by feeding our model with additional information from correlated
regions. Finally, we present and evaluate a mobile app prototype, called
Mobility Data Donors (MDD), in terms of computation, communication, and energy
overhead, demonstrating the real-world deployability of our techniques.Comment: Published at ACM SIGSPATIAL 201
Context-based Pseudonym Changing Scheme for Vehicular Adhoc Networks
Vehicular adhoc networks allow vehicles to share their information for safety
and traffic efficiency. However, sharing information may threaten the driver
privacy because it includes spatiotemporal information and is broadcast
publicly and periodically. In this paper, we propose a context-adaptive
pseudonym changing scheme which lets a vehicle decide autonomously when to
change its pseudonym and how long it should remain silent to ensure
unlinkability. This scheme adapts dynamically based on the density of the
surrounding traffic and the user privacy preferences. We employ a multi-target
tracking algorithm to measure privacy in terms of traceability in realistic
vehicle traces. We use Monte Carlo analysis to estimate the quality of service
(QoS) of a forward collision warning application when vehicles apply this
scheme. According to the experimental results, the proposed scheme provides a
better compromise between traceability and QoS than a random silent period
scheme.Comment: Extended version of a previous paper "K. Emara, W. Woerndl, and J.
Schlichter, "Poster: Context-Adaptive User-Centric Privacy Scheme for VANET,"
in Proceedings of the 11th EAI International Conference on Security and
Privacy in Communication Networks, SecureComm'15. Dallas, TX, USA: Springer,
June 2015.
Ideal Meeting Location According to User privacy
Outfitted with cutting edge Smartphone and cell phones, today's exceptionally interconnected urban populace is progressively reliant on these contraptions to sort out and arrangement their everyday lives. These applications frequently depend on current (or favored) areas of individual clients or a gathering of clients to give the sought administration, which imperils their security; clients would prefer essentially not to uncover their current (or preferred) locations to the administration supplier or to other, potentially untrusted, clients. In this paper, we propose protection saving calculations for deciding an ideal meeting area for a gathering of clients. We perform an intensive security assessment by formally measuring protection loss of the proposed methodologies. With a specific end goal to concentrate on the execution of our calculations in a genuine organization, we actualize and test their execution effectiveness. By method for a focused on client study, we endeavor to get an understanding into the protection familiarity with clients in area based administrations and the convenience of the proposed solutions.[1
- âŠ