An official website of the United States government
We consider the problem of population density estimation based on location data crowdsourced from mobile devices, using kernel density estimation (KDE). In a conventional, centralized setting, KDE requires mobile users to upload their location data to a server, thus raising privacy concerns. Here, we propose a Federated KDE framework for estimating the user population density, which not only keeps location data on the devices but also provides probabilistic privacy guarantees against a malicious server that tries to infer users' location. Our approach Federated random Fourier feature (RFF) KDE leverages a random feature representation of the KDE solution, in which each user's information is irreversibly projected onto a small number of spatially delocalized basis functions, making precise localization impossible while still allowing population density estimation. We evaluate our method on both synthetic and real-world datasets, and we show that it achieves a better utility (estimation performance)-vs-privacy (distance between inferred and true locations) tradeoff, compared to state-of-the-art baselines (e.g., GeoInd). We also vary the number of basis functions per user, to further improve the privacy-utility trade-off, and we provide analytical bounds on localization as a function of areal unit size and kernel bandwidth.
more »
« less
Location-specific public broadcasts
This demonstration presents the Location-Specific Public Broadcast system, in which localization and wireless broadcasts are combined to deliver a scalable, privacy preserving, and generic solution to location-based services. Other interactive location-based systems either preload information on the user devices, which are usually bulky, difficult to update and have to be custom-made for each venue, or fetch information from cloud based on location, which sacrifices user privacy. In our system, a wireless access point continuously broadcasts information tagged by locations of interest, and the mobile devices performing passive localization select and display the information pertinent to themselves. In this case, the location-specific information is stored only on the WiFi AP, and the phone app would be ultra lightweight with only the location calculation and information filtering functionalities, which can be used in any space. We envision our solution being adopted in public places, such as museums, aquariums, etc., for location-specific information delivery purposes, like enhancing interactive experience for visitors.
more »
« less
- Award ID(s):
- 2145278
- PAR ID:
- 10409072
- Date Published:
- Journal Name:
- MobiSys '22: Proceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services
- Page Range / eLocation ID:
- 624 to 625
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Recently, the ubiquity of mobile devices leads to an increasing demand of public network services, e.g., WiFi hot spots. As a part of this trend, modern transportation systems are equipped with public WiFi devices to provide Internet access for passengers as people spend a large amount of time on public transportation in their daily life. However, one of the key issues in public WiFi spots is the privacy concern due to its open access nature. Existing works either studied location privacy risk in human traces or privacy leakage in private networks such as cellular networks based on the data from cellular carriers. To the best of our knowledge, none of these work has been focused on bus WiFi privacy based on large-scale real-world data. In this paper, to explore the privacy risk in bus WiFi systems, we focus on two key questions how likely bus WiFi users can be uniquely re-identified if partial usage information is leaked and how we can protect users from the leaked information. To understand the above questions, we conduct a case study in a large-scale bus WiFi system, which contains 20 million connection records and 78 million location records from 770 thousand bus WiFi users during a two-month period. Technically, we design two models for our uniqueness analyses and protection, i.e., a PB-FIND model to identify the probability a user can be uniquely re-identified from leaked information; a PB-HIDE model to protect users from potentially leaked information. Specifically, we systematically measure the user uniqueness on users' finger traces (i.e., connection URL and domain), foot traces (i.e., locations), and hybrid traces (i.e., both finger and foot traces). Our measurement results reveal (i) 97.8% users can be uniquely re-identified by 4 random domain records of their finger traces and 96.2% users can be uniquely re-identified by 5 random locations on buses; (ii) 98.1% users can be uniquely re-identified by only 2 random records if both their connection records and locations are leaked to attackers. Moreover, the evaluation results show our PB-HIDE algorithm protects more than 95% users from the potentially leaked information by inserting only 1.5% synthetic records in the original dataset to preserve their data utility.more » « less
-
null (Ed.)The increasing ubiquity of low-cost wireless sensors has enabled users to easily deploy systems to remotely monitor and control their environments. However, this raises privacy concerns for third-party occupants, such as a hotel room guest who may be unaware of deployed clandestine sensors. Previous methods focused on specific modalities such as detecting cameras but do not provide a generalized and comprehensive method to capture arbitrary sensors which may be "spying" on a user. In this work, we propose SnoopDog, a framework to not only detect common Wi-Fi-based wireless sensors that are actively monitoring a user, but also classify and localize each device. SnoopDog works by establishing causality between patterns in observable wireless traffic and a trusted sensor in the same space, e.g., an inertial measurement unit (IMU) that captures a user's movement. Once causality is established, SnoopDog performs packet inspection to inform the user about the monitoring device. Finally, SnoopDog localizes the clandestine device in a 2D plane using a novel trial-based localization technique. We evaluated SnoopDog across several devices and various modalities and were able to detect causality for snooping devices 95.2% of the time and localize devices to a sufficiently reduced sub-space.more » « less
-
Enabling reliable indoor localization can facilitate several new applications akin to how outdoor localization systems, such as GPS, have facilitated. Currently, a few key hurdles remain that prevent indoor localization from reaching the same stature. These hurdles include complicated deployment, tight time synchronization requirements from time difference of arrival protocols, and a lack of mechanism to allow a pan-building seamless solution. This work explores ways in which these key hurdles can be overcome to enable a more pervasive use of indoor localization. We propose a novel passive ranging scheme where clients overhear ongoing two-way ranging wireless communication between a few infrastructure nodes, and compute their own relative location without transmitting any signals (preserving user privacy). Our approach of performing two-way ranging between infrastructure nodes removes a crucial timing requirement in traditional time-difference-of-arrival methods thereby relaxing the synchronization requirements imposed by previous techniques. We use ultra-wideband wireless (UWB) radios that can easily penetrate building materials so that spanning an entire floor of a large building with just a few infrastructure nodes is possible. We build working prototypes, including the necessary hardware, and demonstrate the plug-and-play nature of our proposed solution. Our evaluation in three indoor spaces shows 1–2 meter-level localization accuracy with areas as large as 2241sq.m. We expect our explorations to re-trigger interest in novel applications for indoor spaces based on fine-grained indoor location knowledge.more » « less
-
Internet-of-things (IoT) devices (e.g., micro camera and microphone) are usually small form factor, low-cost, and low-power, which makes them easy to conceal and deploy in the indoor environment to spy on people for human private information such as location and indoor activities. As a result, these IoT devices introduce a great privacy and ethical threat. Therefore, it is important to reveal these concealed IoT devices in the indoor environment for human privacy protection. This paper presents RFScan, a system that can passively detect, fingerprint, and localize diverse concealed IoT devices in the indoor environment by sensing their unintentional electromagnetic emanations. However, sensing these emanations is challenging due to the weak emanation strength and the interference from the ambient wireless communication signals. To this end, we boost the emanation strength through the non-coherent averaging based on the emanation signal's characteristics and design a novel suppression algorithm to mitigate interference from the wireless communication signals. We further profile emanations across frequency and time that act as the emanation source's unique signature and customize a deep neural network architecture to fingerprint the emanation sources. Furthermore, we can localize the emanation source with an angle-of-arrival (AoA) based triangulation approach. Our experimental results demonstrate the efficiency of the IoT devices' detection, fingerprinting, and localization across different indoor environments.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1145/3498361.3538666
