Limits...
Location Privacy for Mobile Crowd Sensing through Population Mapping.

Shin M, Cornelius C, Kapadia A, Triandopoulos N, Kotz D - Sensors (Basel) (2015)

Bottom Line: For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street or users' mobile phones to locate (Bluetooth-enabled) objects in their vicinity.In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk: even if identifying information has been removed from a report, the accompanying time and location can reveal sufficient information to de-anonymize the user whose device sent the report.The proposed scheme can control the degree of certainty in location privacy and the quality of reports through a system parameter.

View Article: PubMed Central - PubMed

Affiliation: Myongji University, Myongjiro 116, Yongin 449-728, Korea. mhshin@mju.ac.kr.

ABSTRACT
Opportunistic sensing allows applications to "task" mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street or users' mobile phones to locate (Bluetooth-enabled) objects in their vicinity. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk: even if identifying information has been removed from a report, the accompanying time and location can reveal sufficient information to de-anonymize the user whose device sent the report. We propose and evaluate a novel spatiotemporal blurring mechanism based on tessellation and clustering to protect users' privacy against the system while reporting context. Our technique employs a notion of probabilistic k-anonymity; it allows users to perform local blurring of reports efficiently without an online anonymization server before the data are sent to the system. The proposed scheme can control the degree of certainty in location privacy and the quality of reports through a system parameter. We outline the architecture and security properties of our approach and evaluate our tessellation and clustering algorithm against real mobility traces.

No MeSH data available.


Related in: MedlinePlus

A histogram of association counts for every minute of our dataset.
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC4541831&req=5

f2-sensors-15-15285: A histogram of association counts for every minute of our dataset.

Mentions: We make the following assumptions in our system. We assume that there is a mechanism for each MN to periodically submit a presence report, indicating its location to the map server, and each presence report can be anonymously authenticated, so that the server can build a population map [38]. See Section 6.3 for more detail. We assume that the MNs (and their carriers) trust the map server to properly construct the maps. We assume that the coverage of an access point is large enough to cover some public area in which anyone can possibly appear; otherwise, it may be trivial to link a presence in a certain location to a specific user. Our probabilistic k-anonymity scheme assumes that the population pattern during the training period (e.g., based on the past several days for some time of day) remains similar to the population pattern at the same time when the MN uses the map [39]. Our evaluation on real access point (AP)-association data (see Figure 2) shows that it is indeed a reasonable assumption that population patterns repeat everyday.


Location Privacy for Mobile Crowd Sensing through Population Mapping.

Shin M, Cornelius C, Kapadia A, Triandopoulos N, Kotz D - Sensors (Basel) (2015)

A histogram of association counts for every minute of our dataset.
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC4541831&req=5

f2-sensors-15-15285: A histogram of association counts for every minute of our dataset.
Mentions: We make the following assumptions in our system. We assume that there is a mechanism for each MN to periodically submit a presence report, indicating its location to the map server, and each presence report can be anonymously authenticated, so that the server can build a population map [38]. See Section 6.3 for more detail. We assume that the MNs (and their carriers) trust the map server to properly construct the maps. We assume that the coverage of an access point is large enough to cover some public area in which anyone can possibly appear; otherwise, it may be trivial to link a presence in a certain location to a specific user. Our probabilistic k-anonymity scheme assumes that the population pattern during the training period (e.g., based on the past several days for some time of day) remains similar to the population pattern at the same time when the MN uses the map [39]. Our evaluation on real access point (AP)-association data (see Figure 2) shows that it is indeed a reasonable assumption that population patterns repeat everyday.

Bottom Line: For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street or users' mobile phones to locate (Bluetooth-enabled) objects in their vicinity.In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk: even if identifying information has been removed from a report, the accompanying time and location can reveal sufficient information to de-anonymize the user whose device sent the report.The proposed scheme can control the degree of certainty in location privacy and the quality of reports through a system parameter.

View Article: PubMed Central - PubMed

Affiliation: Myongji University, Myongjiro 116, Yongin 449-728, Korea. mhshin@mju.ac.kr.

ABSTRACT
Opportunistic sensing allows applications to "task" mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street or users' mobile phones to locate (Bluetooth-enabled) objects in their vicinity. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk: even if identifying information has been removed from a report, the accompanying time and location can reveal sufficient information to de-anonymize the user whose device sent the report. We propose and evaluate a novel spatiotemporal blurring mechanism based on tessellation and clustering to protect users' privacy against the system while reporting context. Our technique employs a notion of probabilistic k-anonymity; it allows users to perform local blurring of reports efficiently without an online anonymization server before the data are sent to the system. The proposed scheme can control the degree of certainty in location privacy and the quality of reports through a system parameter. We outline the architecture and security properties of our approach and evaluate our tessellation and clustering algorithm against real mobility traces.

No MeSH data available.


Related in: MedlinePlus