Everyday applications and ubiquitous devices contribute data to the Internet of Things, oftentimes including sensitive information of people. This opens new challenges for protecting users' data from adversaries, who can perform different types of attacks using combinations
of private and publicly available information. In this work, we discuss some of the main challenges, especially regarding location-privacy, and a general approach for adaptively protecting this type of data. This approach considers the semantics of the user location, as well as the user's sensitivity preferences, and also builds an adversary model for estimating privacy levels.
2. Introduction
•Online Devices
•more infiltratingin dailylife
•online services & applications
•They are capable of sensing
their environment and context
GPS
Accelerometer
Barometer
Thermometer
2
3. PrivacyUnder Threat
•Honest but curious server
•Exploits all available data
•With limited computational power, tries to infer private information
Background knowledge on user history
User Events
Process according to objectives
Perform attack
Observed events
Privacy Protection Mechanism(s)
Application Server
3
4. Location Privacy
•Location data carries highly contextual information
•Activity tracking
•Inferring habits
•Physical assault
•Rich sensor environment and continuous connectivity
•A non-stop and unbalanced threat on privacy
4
6. Shortcomings of Existing Approaches
•Location information is multi- dimensional
•Semantics
•Not every location / semantic tagmight have the same importance in terms of privacy
•Home location
•Hospitals, restaurants
•Overprotection
•Service degradation
6
7. Smart Adversariesand Strategies
•Privacy has to be evaluated w.r.t. a real attack scenario
•Adaptive protection mechanisms on user device
•Move against each other in a strategic game
•Location Semantics
•User Mobility History
•Common-knowledge sensitivities
→Inference
•Location Semantics
•Adversary Modelling
•Sensitivity Profile
→Real-Time Adaptive Protection
User
Adversary
7
8. Adaptive Location Privacy Protection
8
Adaptive Privacy Protection Mechanisms
Privacy Estimation Module
Estimate
Candidate obfuscation area
Sensitivity Profile
Geographical& Semantic
User History
•Adaptive approach:Past behavior is considered before making a privacy decision
•Causality and physical feasibility between transitions
11. SemanticLocation Privacy
•Whatabout the privacyof the semantics?
•Location mightnot matteras long as the user activityisunknown
11
Cinema?
Pharmacy?
Hotel?
Hospital?
Bar?
12. EvaluatingPrivacy
•What is the adversary’s errorin inferring
•users’ geographical locations?
•the semantics of user locations?
•How confidentis the adversary?
•Probabilistic nature of inference
•What is the user’s desired privacy level (i.e., sensitivity) for
•his geographical location?
•the semantics of his location?
12
13. NextSteps& Future Work
•Model & implementinferenceconsideringlocation semanticsand user sensitivities
•Inferring user activity from a collection of location and semantic tag series
•Private attributes such as age, gender, occupation
•Reasoningabout causalityin the semanticlevel
•Goingto a cinemaafterhavingdinnerat a nearbyrestaurant
13
14. Future Work
14
Health-care
(x, y)coordinates
Geographical
Semantics
Visit
Interactions/
Relationships
Work
Treatment
Has sick friend
Attributes
Is Doctor
Is Nurse
Has
Broken Leg
Has Cancer
Work Place
Business
Has customer
User
Adversary