Privacy-preserving Wi-Fi Analytics

Alaggan, Mohammad; Cunche, Mathieu; Gambs, Sébastien

doi:10.1515/popets-2018-0010

Cited by 31 publications

(14 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Each BLIP stores the users' ID, and in the end, each bit is flipped with a given probability to guarantee DP for each user. Afterward, in [2], authors proposed an upgraded version of BLIP namely Pan-Private BLIP (PP-BLIP), which guarantees privacy protection to the internal state while the BLIP is being built as well as to its output. The authors applied PP-BLIP to human mobility modeling via wi-fi connections while highlighting its extension to CDR-based data.…”

Section: Related Workmentioning

confidence: 99%

Longitudinal Collection and Analysis of Mobile Phone Data with Local Differential Privacy

Arcolezi¹,

Couchot²,

Bouna³

et al. 2021

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Longitudinal studies of human mobility could allow an understanding of human behavior on a vast scale. Mobile phone data call detail records (CDRs) have emerged as a prospective data source for such an important task. Nevertheless, there are significant risks when it comes to collecting this type of data, as human mobility has proven to be quite unique. Because CDRs are produced through the connection of mobile phones with mobile network operators' (MNOs) antennas, it means that users cannot sanitize their data. Once MNOs intend to use such a data source for human mobility analysis, data protection authorities such as the CNIL (in France) recommends that data be sanitized on the fly instead of collecting raw data and publishing private output at the end of the analysis. Local differential privacy (LDP) mechanisms are currently applied during the process of data collection to preserve the privacy of users. In this paper, we propose an efficient privacy-preserving LDP-based methodology to collect and analyze multi-dimensional data longitudinally through mobile connections. In our proposal, rather than regarding users as unique IDs, we propose a generic scenario where one directly collects users' sensitive data with LDP. The intuition behind this is collecting generic values, which can be generated by many users (e.g., gender), allowing a longitudinal study. As we show in the results, our methodology is very appropriate for this scenario, achieving accurate frequency estimation in a multi-dimensional setting while respecting some major recommendations of data protection authorities such as the GDPR and CNIL. This work was supported by the Region of Bourgogne Franche-Comté CADRAN Project and by the EIPHI-BFC Graduate School (contract "ANR-17-EURE-0002"). The authors would also like to thank the Orange Application for Business team for their useful feedback and comments. Computations have been performed on the supercomputer facilities of "Mésocentre de Calcul de Franche-Comté".

show abstract

Section: Related Workmentioning

confidence: 99%

Longitudinal Collection and Analysis of Mobile Phone Data with Local Differential Privacy

Arcolezi¹,

Couchot²,

Bouna³

et al. 2021

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…The multi-party extension of cardinality estimation could be easily dealt with if each party shared its HLL with all other parties or with some central authority; however it is known that HLLs are subject to leaking the presence of individual records and have the potential to leak an unbounded amount of negative information (i.e., records that are not in the set) [25]. Given these privacy concerns, new approaches to estimating multi-party cardinality are needed, for which ads measurement is just one of many possible use cases that include healthcare [62] and WiFi analytics [3]. Frequency, while being economically useful to the advertising ecosystem, also poses new and interesting technical challenges.…”

Section: Related Work and Alternativesmentioning

confidence: 99%

“…The noise ξ has mean zero and variance being the σ 2 υ in equation ( 8). The cardinality is estimated as n = E −1 (X/m), with E given in (3).…”

Section: A3 Privacy Proof For Collusion With Aggregatormentioning

confidence: 99%

Multiparty Reach and Frequency Histogram: Private, Secure, and Practical

Ghazi

Kreuter

Kumar

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Consider the setting where multiple parties each hold a multiset of users and the task is to estimate the reach (i.e., the number of distinct users appearing across all parties) and the frequency histogram (i.e., fraction of users appearing a given number of times across all parties). In this work we introduce a new sketch for this task, based on an exponentially distributed counting Bloom filter. We combine this sketch with a communication-efficient multi-party protocol to solve the task in the multi-worker setting. Our protocol exhibits both differential privacy and security guarantees in the honest-but-curious model and in the presence of large subsets of colluding workers; furthermore, its reach and frequency histogram estimates have a provably small error. Finally, we show the practicality of the protocol by evaluating it on internet-scale audiences.

show abstract

“…Many before us have proposed designs for privacypreserving data collection in networks [7,13,15,22,23,26]. Among them, SEPIA [13] uses secure multiparty computation (MPC) [37], which allows learning of aggregate network statistics without disclosing local input data, but assumes that learning is secure in itself.…”

Section: Related Workmentioning

confidence: 99%

“…However, as seen earlier in this paper (Section 5.4), PrivCount is far from providing the report utility we seek. In the same vein, Pan-Private BLIP [7] provides theoretical privacy guarantees ( -differential pan privacy [21]) and collects data over long periods of time (e.g. on a daily basis).…”

Section: Related Workmentioning

confidence: 99%

MorphIT: Morphing Packet Reports for Internet Transparency

Fragkouli

Argyraki

Ford

2019

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Can we improve Internet transparency without worsening user anonymity? For a long time, researchers have been proposing transparency systems, where traffic reports produced at strategic network points help assess network behavior and verify service-level agreements or neutrality compliance. However, such reports necessarily reveal when certain traffic appeared at a certain network point, and this information could, in principle, be used to compromise low-latency anonymity networks like Tor. In this paper, we examine whether more Internet transparency necessarily means less anonymity. We start from the information that a basic transparency solution would publish about a network and study how that would impact the anonymity of the network’s users. Then we study how to change, in real time, the time granularity of traffic reports in order to preserve both user anonymity and report utility. We evaluate with real and synthetic data and show that our algorithm can offer a good anonymity/utility balance, even in adversarial scenarios where aggregates consist of very few flows.

show abstract

Privacy-preserving Wi-Fi Analytics

Cited by 31 publications

References 35 publications

Longitudinal Collection and Analysis of Mobile Phone Data with Local Differential Privacy

Longitudinal Collection and Analysis of Mobile Phone Data with Local Differential Privacy

Multiparty Reach and Frequency Histogram: Private, Secure, and Practical

MorphIT: Morphing Packet Reports for Internet Transparency

Contact Info

Product

Resources

About