Baik Hoh

Protecting Location Privacy Through Path Confusion

We present a path perturbation algorithm which can maximize users’ location privacy given a quality of service constraint. This work concentrates on a class of applications that continuously collect location samples from a large group of users, where just removing user identifiers from all samples is insufficient because an adversary could use trajectory information to track paths and follow users’ footsteps home. The key idea underlying the perturbation algorithm is to cross paths in areas where at least two users meet. This increases the chances that an adversary would confuse the paths of different users. We first formulate this privacy problem as a constrained optimization problem and then develop heuristics for an efficient privacy algorithm. Using simulations with randomized movement models we verify that the algorithm improves privacy while minimizing the perturbation of location samples.

Virtual trip lines for distributed privacy-preserving traffic monitoring

Automotive traffic monitoring using probe vehicles with Global Positioning System receivers promises significant improvements in cost, coverage, and accuracy. Current approaches, however, raise privacy concerns because they require participants to reveal their positions to an external traffic monitoring server. To address this challenge, we propose a system based on virtual trip lines and an associated cloaking technique. Virtual trip lines are geographic markers that indicate where vehicles should provide location updates. These markers can be placed to avoid particularly privacy sensitive locations. They also allow aggregating and cloaking several location updates based on trip line identifiers, without knowing the actual geographic locations of these trip lines. Thus they facilitate the design of a distributed architecture, where no single entity has a complete knowledge of probe identities and fine-grained location information. We have implemented the system with GPS smartphone clients and conducted a controlled experiment with 20 phone-equipped drivers circling a highway segment. Results show that even with this low number of probe vehicles, travel time estimates can be provided with less than 15% error, and applying the cloaking techniques reduces travel time estimation accuracy by less than 5% compared to a standard periodic sampling approach.

Preserving privacy in gps traces via uncertainty-aware path cloaking

Motivated by a probe-vehicle based automotive traffic monitoring system, this paper considers the problem of guaranteed anonymity in a dataset of location traces while maintaining high data accuracy. We find through analysis of a set of GPS traces from 233 vehicles that known privacy algorithms cannot meet accuracy requirements or fail to provide privacy guarantees for drivers in low-density areas. To overcome these challenges, we develop a novel time-to-confusion criterion to characterize privacy in a location dataset and propose an uncertainty-aware path cloaking algorithm that hides location samples in a dataset to provide a time-to-confusion guarantee for all vehicles. We show that this approach effectively guarantees worst case tracking bounds, while achieving significant data accuracy improvements.

Enhancing Security and Privacy in Traffic-Monitoring Systems

Intelligent transportation systems increasingly depend on probe vehicles to monitor traffic: they can automatically report position, travel time, traffic incidents, and road surface problems to a telematics service provider. This kind of traffic-monitoring system could provide good coverage and timely information on many more roadways than is possible with a fixed infrastructure such as cameras and loop detectors. This approach also promises significant reductions in infrastructure cost because the system can exploit the sensing, computing, and communications devices already installed in many modern vehicles. This architecture separates data from identities by splitting communication from data analysis. Data suppression techniques can help prevent data mining algorithms from reconstructing private information from anonymous database samples

On the anonymity of periodic location samples

As Global Positioning System (GPS) receivers become a common feature in cell phones, personal digital assistants, and automobiles, there is a growing interest in tracking larger user populations, rather than individual users. Unfortunately, anonymous location samples do not fully solve the privacy problem. An adversary could link multiple samples (i.e., follow the footsteps) to accumulate path information and eventually identify a user. This paper reports on our ongoing work to analyze privacy risks in such applications. We observe that linking anonymous location samples is related to the data association problem in tracking systems. We then propose to use such tracking algorithms to characterize the level of privacy and to derive disclosure control algorithms.

Enhancing Privacy and Accuracy in Probe Vehicle-Based Traffic Monitoring via Virtual Trip Lines

Traffic monitoring using probe vehicles with GPS receivers promises significant improvements in cost, coverage, and accuracy over dedicated infrastructure systems. Current approaches, however, raise privacy concerns because they require participants to reveal their positions to an external traffic monitoring server. To address this challenge, we describe a system based on virtual trip lines and an associated cloaking technique, followed by another system design in which we relax the privacy requirements to maximize the accuracy of real-time traffic estimation. We introduce virtual trip lines which are geographic markers that indicate where vehicles should provide speed updates. These markers are placed to avoid specific privacy sensitive locations. They also allow aggregating and cloaking several location updates based on trip line identifiers, without knowing the actual geographic locations of these trip lines. Thus, they facilitate the design of a distributed architecture, in which no single entity has a complete knowledge of probe identities and fine-grained location information. We have implemented the system with GPS smartphone clients and conducted a controlled experiment with 100 phone-equipped drivers circling a highway segment, which was later extended into a year-long public deployment.

TruCentive: A game-theoretic incentive platform for trustworthy mobile crowdsourcing parking services

The shortage of parking in crowded urban areas causes severe societal problems such as traffic congestion, environmental pollution, and many others. Recently, crowdsourced parking, where smartphone users are exploited to collect realtime parking availability information, has attracted significant attention. However, existing crowdsourced parking information systems suffer from low user participation rate and data quality due to the lack of carefully designed incentive schemes. In this paper, we address the incentive problem of trustworthy crowdsourced parking information systems by presenting an incentive platform named TruCentive, where high utility parking data can be obtained from unreliable crowds of mobile users. Our contribution is three-fold. First, we provide hierarchical incentives to stimulate the participation of mobile users for contributing parking information. Second, by introducing utility-related incentives, our platform encourages participants to contribute high utility data and thereby enhances the quality of collected data. Third, our active confirmation scheme validates the parking information utility by game-theoretically formulated incentive protocols. The active confirming not only validates the utility of contributed data but re-sells the high utility data as well. Our evaluation through user study on Amazon Mechanical Turk and simulation study demonstrate the feasibility and stability of TruCentive incentive platform.

Computer Ecology: Responding to Mobile Worms with Location-Based Quarantine Boundaries

The emerging malware that can spread through local wireless networks among mobile devices has so far received less attention than computer worms in the Internet. The local wireless links provide an alternative propagation path that circumvents intrusion detection at the service provider gateways. On the mobile nodes, conventional intrusion detection and intrusion response techniques such as address blacklisting and content filtering are more difficult to deploy due to the lack of central entities and the resource constraints of mobile nodes. We propose a new architecture for an intrusion response system that takes advantage of an infrastructure network (e.g., cell phone network) to manage security of the mobile nodes. Infection patterns in ad hoc networks are highly correlated with geographic proximity. Thus an ecologically inspired diffusion-reaction and advection models can provide estimates for the current spread of the worm. These estimates allow the service provider to precisely target a containment re-

Enhancing Privacy Preservation of Anonymous Location Sampling Techniques in Traffic Monitoring Systems

Automotive traffic monitoring belongs to a class of applications that collect aggregate statistics from the location traces of a large number of users. A widely-accepted belief is that anonymization of individual records can address the privacy problem which such aggregate statistics might pose. However, in this paper, we show that data mining techniques, such as clustering, can reconstruct private information from such anonymous traces. To meet this new challenge, we propose enhanced privacy-preserving algorithm to control the release of location traces near origins/destinations and evaluate it using real-world GPS location traces