AnonySense: Opportunistic and Privacy-Preserving Context Collection
[kapadia:anonysense]Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Dan Peebles, and David Kotz. AnonySense: Opportunistic and Privacy-Preserving Context Collection. Proceedings of the International Conference on Pervasive Computing (Pervasive), volume 5013 in Lecture Notes in Computer Science, pages 280–297. Springer-Verlag, May 2008. doi:10.1007/978-3-540-79576-6_17. ©Copyright Springer-Verlag. Later revised as shin:anonytiles.
Opportunistic sensing allows applications to “task” mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street, or users’ mobile phones to locate (Bluetooth-enabled) objects in their neighborhood. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk---even if a report has been anonymized, the accompanying time and location can reveal sufficient information to deanonymize the user whose device sent the report.
We propose AnonySense, a general-purpose architecture for leveraging users’ mobile devices for measuring context, while maintaining the privacy of the users. AnonySense features multiple layers of privacy protection---a framework for nodes to receive tasks anonymously, a novel blurring mechanism based on tessellation and clustering to protect users’ privacy against the system while reporting context, and k-anonymous report aggregation to improve the users’ privacy against applications receiving the context. We outline the architecture and security properties of AnonySense, and focus on evaluating our tessellation and clustering algorithm against real mobility traces.
Citable with [BibTeX]
Keywords: [privacy] [security] [sensors]
Available from the publisher: [DOI]
Available from the author:
This pdf is the authors' near-final copy; the publisher does not allow us to post the final pdf.