Transcript Slide 1

Virtual Trip Lines for Distributed Privacy-Preserving
Traffic Monitoring
Baik Hoh, Marco Gruteser
WINLAB / ECE Dept., Rutgers University
Ryan Herring, Jeff Bana, Dan Work, Juan-Carlos Herrera,
Alexandre Bayen
Civil Engineering Dept., UC Berkeley
Murali Annavaram, Quinn Jacobson
Nokia Research Center
Presentation By: Saurabh Hukerikar
30th March 2009
Introduction
Virtual trip lines
 Geographic markers that indicate where vehicles should provide location updates
 Aggregating and cloaking several location updates based on trip line identifiers for
privacy by preventing updates from VTL’s deemed private.
 Distributed architecture
The Conventions
 Eye witness reports
 Traffic cameras
 Loop detectors
 Cellular base station hand-off
 In-Vehicle Transponders (IVTs) and License Plate
Readers (LPRs).
Privacy risks & threat model
www.privacyrights.org
Preserving privacy in GPS traces via uncertainty-aware path cloaking
[B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady]
 Spatio-temporal characteristics of the data allows tracking and reidentification of anonymous vehicles when user density is low.
Consecutive location samples from a vehicle exhibit temporal and
spatial correlation, paths of individual vehicles can be reconstructed
from a mix of anonymous samples belonging to several vehicles
Process can be formalized and automated through target tracking
algorithms
Algorithms generally predict the target position using the last
known speed and heading information and then decide which next
sample to link to the same vehicle through Maximum Likelihood
Detection
Privacy Metrics
Mean Time To Confusion (MTTC)
Mean Distance To Confusion (MDTC)
Tracking Uncertainity
Traffic Monitoring With Virtual Trip Lines
Virtual trip lines control disclosure of location by sampling in space
Handset
VTL generator
ID proxy server
Traffic
monitoring
service provider
Virtual trip line (VTL): [id; x1; y1; x2; y2; d]
VTL Placement: Minimum Spacing
Speed variation
Penetration & Speed – impact on
Minimum spacing
VTL Placement: Road Layout
If trip lines are placed immediately before or after intersections, an adversary may be
able to follow vehicles paths based on speed differences
VTL Placement: Minimum Spacing – Speed consideration
Experimental Evaluation
RMS error of about 80 seconds
Travel time of each link is computed with the length of a link and the mean speed that is obtained by averaging out speed readings from probe vehicles
during an aggregation interval.
Experimental Evaluation – Privacy v Accuracy Trade-Off
Distance-to-confusion with two different sets of anonymous flow updates from both
oThe evenly spaced VTLs (with exclusion area) and
oThe evenly spaced VTLs (without exclusion area)
o 1 – 2 % penetration
o 500 meters exclusion area
o Sets of equidistant trip lines with minimum spacing varying from 333 ft (100 meters)
to 1670 ft (500 meters)
o Uncertainty threshold of 0.2
Privacy v Accuracy Trade-Off
 Two successive anonymous updates that are
sampled longer than 800 feet apart experience high
tracking uncertainty.
 Existence of the exclusion area
The travel time estimation generally improves
with an increasing number of VTLs
Experimental Evaluation
Source: http://www.calccit.org/projects/PDF-2008/Mobile%20Century%20Fact%20Sheet.pdf
Critique
 Energy requirements
- dash board charger
 Processing and Communication overhead on Client phone
 Real time?
- Distributed architecture
 Exclusion of VTLs
- Generic exclusion risks undercoverage
- Individualized exclusion processing overhead or configuration
“The TomTom devices with HD Traffic all use a built-in receiver including a
SIM-card. Does this mean that I can be traced?
TomTom takes privacy of personal information very seriously, and the
information retreived is entirely anonymous. TomTom only uses information
about the speed and direction travelled of TomTom device users. We don't
know anything about the devices themselves, nor who owns them”
“Data generated from the mobile phones is completely anonymous. TomTom,
and has information about user direction and speed only - not the type of
device, nor the owner of the mobile phone.”
WEBLINK:
TomTom High Definition
Source: http://www.tomtom.com/services
WEBLINK:
Questions?
Thank-you