Embed Size (px)
DESCRIPTION
Everyday applications and ubiquitous devices contribute data to the Internet of Things, oftentimes including sensitive information of people. This opens new challenges for protecting users' data from adversaries, who can perform different types of attacks using combinations of private and publicly available information. In this work, we discuss some of the main challenges, especially regarding location-privacy, and a general approach for adaptively protecting this type of data. This approach considers the semantics of the user location, as well as the user's sensitivity preferences, and also builds an adversary model for estimating privacy levels.
Citation preview
Semantic and Sensitivity Aware
Location-Privacy Protection for the
Internet of Things
Berker Ağır, Jean-Paul Calbimonte, Karl AbererWorkshop on Society, Privacy and the Semantic Web - Policy and
Technology 2014
20 October 2014
Introduction
• Online Devices
• more infiltrating in daily life
• online services & applications
• They are capable of sensing
their environment and context
GPS
Accelerometer
Barometer
Thermometer
2
Privacy Under Threat
• Honest but curious server
• Exploits all available data
• With limited computational
power, tries to infer private
information
Background
knowledge on
user history
User Events
Process according to
objectives
Perform
attack
Observed
events
Privacy
Protection
Mechanism(s)
Application Server
3
Location Privacy
• Location data carries highly contextual information
• Activity tracking
• Inferring habits
• Physical assault
• Rich sensor environment and continuous
connectivity
• A non-stop and unbalanced threat on privacy
4
Common Location-Privacy Protection
Approaches
?Obfuscation
Perturbation
Hiding
Anonymization
Actual location
Observed locations
5
Shortcomings of Existing Approaches
• Location information is multi-
dimensional
• Semantics
• Not every location / semantic
tag might have the same
importance in terms of privacy
• Home location
• Hospitals, restaurants
• Overprotection
• Service degradation
6
Smart Adversaries and Strategies
• Privacy has to be evaluated w.r.t. a real attack
scenario
• Adaptive protection mechanisms on user device
• Move against each other in a strategic game
• Location Semantics
• User Mobility History
• Common-knowledge sensitivities
→ Inference
• Location Semantics
• Adversary Modelling
• Sensitivity Profile
→ Real-Time Adaptive Protection
UserAdversary
7
Adaptive Location Privacy Protection
8
Adaptive Privacy Protection Mechanisms
Privacy
Estimation
Module
EstimateCandidate
obfuscation area
Sensitivity ProfileGeographical & Semantic
User History
• Adaptive approach: Past behavior is considered before making a privacy decision
• Causality and physical feasibility between transitions
Sensitivity Profile Configuration
Android application allowing to set semantic and geography based sensitivity levels
9
Adaptive Protection in Action
10
Low sensitivity - university High sensitivity - hospital
Semantic Location Privacy
• What about the privacy of the semantics?
• Location might not matter as long as the user activity is
unknown
11
Cinema?
Pharmacy?
Hotel?
Hospital?
Bar?
Evaluating Privacy
• What is the adversary’s error in inferring
• users’ geographical locations?
• the semantics of user locations?
• How confident is the adversary?
• Probabilistic nature of inference
• What is the user’s desired privacy level (i.e.,
sensitivity) for
• his geographical location?
• the semantics of his location?
12
Next Steps & Future Work
• Model & implement inference considering location
semantics and user sensitivities
• Inferring user activity from a collection of location
and semantic tag series
• Private attributes such as age, gender, occupation
• Reasoning about causality in the semantic level
• Going to a cinema after having dinner at a nearby
restaurant
13
Future Work
14
Health-care
(x, y) coordinatesGeographical
Semantics
VisitInteractions/
RelationshipsWork Treatment
Has sick
friendAttributes
Is Doctor
Is Nurse
Has
Broken Leg
Has
Cancer
Work PlaceBusiness
Has
customer
UserAdversary
