Abstract: Opportunistic sensing allows applications to ``task'' mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street, or users' mobile phones to locate (Bluetooth-enabled) objects in their neighborhood. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk--even if a report has been anonymized, the accompanying time and location can reveal sufficient information to deanonymize the user whose device sent the report.
We propose AnonySense, a general-purpose architecture for leveraging users' mobile devices for measuring context, while maintaining the privacy of the users. AnonySense features multiple layers of privacy protection--a framework for nodes to receive tasks anonymously, a novel blurring mechanism based on tessellation and clustering to protect users' privacy against the system while reporting context, and $k$-anonymous report aggregation to improve the users' privacy against applications receiving the context. We outline the architecture and security properties of AnonySense, and focus on evaluating our tessellation and clustering algorithm against real mobility traces.
Keywords: mobile computing, ubicomp, privacy, security, sensors, anonymity, ubicomp
Copyright © 2008 by Springer-Verlag.The copy made available here is the authors' version; for a definitive copy see the publisher's version described above.
See also later version shin:anonytiles.