Abstract
Using the plethora of apps on smartphones and tablets entails giving them access to different types of privacy sensitive information, including the device’s location. This can potentially compromise user privacy when app providers share
user data with third parties (e.g., advertisers) for monetization purposes. In this paper, we focus on the interface for data sharing between app providers and third parties, and devise an attack that can break the strongest form of the commonly used anonymization method for protecting the privacy of users.
More specifically, we develop a mechanism called Comber that given completely anonymized mobility data (without any pseudonyms) as input is able to identify different users and their respective paths in the data. Comber exploits the observation that the distribution of speeds is typically similar among
different users and incorporates a generic, empirically derived histogram of user speeds to identify the users and disentangle their paths. Comber also benefits from two optimizations that allow it to reduce the path inference time for large datasets. We use two real datasets with mobile user location traces (Mobile
Data Challenge and GeoLife) for evaluating the effectiveness of Comber and show that it can infer paths with greater than 90% accuracy with both these datasets.
user data with third parties (e.g., advertisers) for monetization purposes. In this paper, we focus on the interface for data sharing between app providers and third parties, and devise an attack that can break the strongest form of the commonly used anonymization method for protecting the privacy of users.
More specifically, we develop a mechanism called Comber that given completely anonymized mobility data (without any pseudonyms) as input is able to identify different users and their respective paths in the data. Comber exploits the observation that the distribution of speeds is typically similar among
different users and incorporates a generic, empirically derived histogram of user speeds to identify the users and disentangle their paths. Comber also benefits from two optimizations that allow it to reduce the path inference time for large datasets. We use two real datasets with mobile user location traces (Mobile
Data Challenge and GeoLife) for evaluating the effectiveness of Comber and show that it can infer paths with greater than 90% accuracy with both these datasets.
| Original language | English |
|---|---|
| Title of host publication | 2016 IEEE European Symposium on Security and Privacy (EuroS&P) |
| Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
| Pages | 199-213 |
| Number of pages | 15 |
| ISBN (Electronic) | 978-1-5090-1751-5 |
| ISBN (Print) | 978-1-5090-1751-5 |
| DOIs | |
| Publication status | Published - Mar 2016 |
| Event | 1st IEEE European Symposium on Security and Privacy 2016 - Congress Center Saar, Saarbrücken, Germany Duration: 21 Mar 2016 → 24 Mar 2016 https://www.ieee-security.org/TC/EuroSP2016/ |
Conference
| Conference | 1st IEEE European Symposium on Security and Privacy 2016 |
|---|---|
| Abbreviated title | IEEE Euro S and P 2016 |
| Country/Territory | Germany |
| City | Saarbrücken |
| Period | 21/03/16 → 24/03/16 |
| Internet address |