Papers by Sergio Mascetti
Preserving k-anonymity in spatio-temporal datasets and location-based services
Modern technologies make it relatively easy and inexpensive to collect a large amount of personal... more Modern technologies make it relatively easy and inexpensive to collect a large amount of personal information. Several organizations are asked, for very dierent reasons, to release the personal data they have acquired. While in some cases it is acceptable to release information in a statistical form, hence easily avoiding privacy violation, in many others it is really necessary to release specific data (also called microdata). In recent years, anonymization techniques have received great attention as a tool to distribute microdata without endangering users' privacy. In particular, k-anonymization is a technique introduced in (6, 7) to protect the anonymity of data from so called external linking attacks. Indeed, it is not sucient to hide data that explicitly identifies an individual, but attention should be paid to release values of attributes that could be found in external sources associated with other data that could lead to the identification. As an example, it is not sucien...
Definizione di granularita temporali periodiche mediante rappresentazione simbolica: studio teorico e implementazione di un servizio web
Privacy is recognized as a fundamental issue for the provi- sion of context-aware services. In th... more Privacy is recognized as a fundamental issue for the provi- sion of context-aware services. In this paper we present work in progress regarding the deflnition of a comprehensive framework for supporting context-aware services while protecting users' privacy. Our proposal is based on a combination of mechanisms for enforcing context-aware pri- vacy policies and k-anonymity. Moreover, our proposed technique in- volves
Privacy and Anonymity in Location Data Management
Chapman & Hall/CRC Data Mining and Knowledge Discovery Series, 2010
ABSTRACT
International Conference on Information and Knowledge Management, 2010
Online social networks often involve very large numbers of users who share very large volumes of ... more Online social networks often involve very large numbers of users who share very large volumes of content. This content is increasingly being tagged with geo-spatial and temporal coordinates that may then be used in services. For example, a service may retrieve photos taken in a certain region. The resulting geo-aware social networks (GeoSNs) pose privacy threats beyond those found in
12th International Symposium on Temporal Representation and Reasoning (TIME'05), 2005
This paper addresses the technical problem of efficiently reducingtheperiodicrepresentationofatim... more This paper addresses the technical problem of efficiently reducingtheperiodicrepresentationofatime granularityto its minimal form. The minimization algorithm presented in the paper has an immediate practical application: it allows users to intuitively definegranularities(andmore generally, recurring events) with algebraic expressions that are then internally translated to mathematical characterizations in terms of minimal periodic sets. Minimality plays a crucial role, since the value of
Thirteenth International Symposium on Temporal Representation and Reasoning (TIME'06), 2006
In this paper we extend the notion of k-anonymity in the context of databases with timestamped in... more In this paper we extend the notion of k-anonymity in the context of databases with timestamped information in order to naturally define k-anonymous views of temporal data. We also investigate the problem of obtaining these views. We show that known generalization techniques, despite being applicable under certain conditions, have some limitations, and propose a new generalization algorithm based on the hierarchy of time granularities.
Location privacy attacks based on distance and density information
Proceedings of the 20th International Conference on Advances in Geographic Information Systems - SIGSPATIAL '12, 2012
ABSTRACT Proximity services alert users about the presence of other users or moving objects based... more ABSTRACT Proximity services alert users about the presence of other users or moving objects based on their distance. Distance preserving transformations are among the techniques that may be used to avoid revealing the actual position of users while still effectively providing these services. Some of the proposed transformations have been shown to actually guarantee location privacy with the assumption that users are uniformly distributed in the considered geographical region, which is unrealistic assumption when the region extends to a county, a state or a country. In this paper we describe a location privacy attack that, only using partial information about the distances between users and public knowledge on the average density of population, can discover the approximate position of users on a map, independently on the fake or hidden position assigned to them by a privacy preserving algorithm. We implement this attack with an algorithm and we experimentally evaluate it showing that it is practically feasible and that partial distance information like the one exchanged in common friend-finder services can be sufficient to violate users' privacy.
A Practical Location Privacy Attack in Proximity Services
2013 IEEE 14th International Conference on Mobile Data Management, 2013
ABSTRACT The aim of proximity services is to raise alerts based on the distance between moving ob... more ABSTRACT The aim of proximity services is to raise alerts based on the distance between moving objects. While distance can be easily computed from the objects' geographical locations, privacy concerns in revealing these locations exist, especially when proximity among users is being computed. Distance pre- serving transformations have been proposed to solve this problem by enabling the service provider to acquire pairwise distances while not acquiring the actual objects positions. It is known that distance preserving transformations do not provide formal privacy guarantees in presence of certain background knowledge but it is still unclear which are the practical conditions that make distance preserving transformations "vulnerable". We study these conditions by designing and testing an attack based on public density information and on partial knowledge of distances between users. A clustering-based technique first discovers the approximate position of users located in the largest cities. Then a technique based on trilateration reduces this approximation and discovers the approximate position of the other users. Our experimental results show that partial distance information, like the one exchanged in a friend-finder service, can be sufficient to locate up to 60% of the users in an area smaller than a city.
A Comparison of Spatial Generalization Algorithms for LBS Privacy Preservation
2007 International Conference on Mobile Data Management, 2007
... Sergio Mascetti Claudio Bettini DICo, University of Milan, Italy ... In the following, we cal... more ... Sergio Mascetti Claudio Bettini DICo, University of Milan, Italy ... In the following, we call ΓI -safe the algo-rithms that achieve anonymity even in the case this ad-ditional knowledge is considered, and ΓI -unsafe those that only assume the availability of location knowledge. ...
Gonio, Aequus and Incognitus: three spatial granularities for privacy-aware systems
SafeBox: adaptable spatio-temporal generalization for location privacy protection
Proceedings. 11th International Symposium on Temporal Representation and Reasoning, 2004. TIME 2004., 2004
An effort has been devoted in the recent years to study and formalize the concept of time granula... more An effort has been devoted in the recent years to study and formalize the concept of time granularity and to design applications and services using the formalization. Among other proposals, a calendar algebra has been defined to facilitate the specification of new granularities and to perform conversions among them. This paper shows how granularities defined as algebraic calendar expressions can be represented as periodical sets of instants. More precisely, the paper shows how each algebraic operator changes the periodical structure of the granularities given as operands. These results have an immediate application enabling users to easily specify new granularities and using them in the only constraint solver supporting time granularities that is currently available.
MathMelodies: Inclusive Design of a Didactic Game to Practice Mathematics
Lecture Notes in Computer Science, 2014
Lecture Notes in Computer Science, 2012
In recent years, smartphones (e.g., Apple iPhone) are getting more and more widespread among visu... more In recent years, smartphones (e.g., Apple iPhone) are getting more and more widespread among visually impaired people. Indeed, thanks to natively available screen readers (e.g., VoiceOver) visually impaired persons can access most of the smartphone functionalities and applications. Nonetheless, there are still some operations that require long time or high mental workload to be completed by a visually impaired person. In particular, typing on the on-screen QWERTY keyboard turns out to be challenging in many typical contexts of use of mobile devices (e.g., while moving on a tramcar). In this paper we present the results of an experimental evaluation conducted with visually impaired people to compare the native iPhone on-screen QWERTY keyboard with TypeIn-Braille, a recently proposed typing technique based on Braille. The experimental evaluation, conducted in different contexts of use, highlights that TypeInBraille significantly improves typing efficiency and accuracy.
2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware, 2009
Abstract Proximity based services are location based services (LBS) in which the service adaptati... more Abstract Proximity based services are location based services (LBS) in which the service adaptation depends on the comparison between a given threshold value and the distance between a user and other (possibly moving) entities. While privacy preservation in LBS has lately received much attention, very limited work has been done on privacy-aware proximity based services. This paper describes the main privacy threats that the usage of these services can lead to, and proposes original privacy preservation techniques offering ...
2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware, 2009
ABSTRACT One of the privacy threats recognized in the use of LBS is represented by an adversary h... more ABSTRACT One of the privacy threats recognized in the use of LBS is represented by an adversary having information about the presence of individuals in certain locations, and using this information together with an (anonymous) LBS request to re-identify the issuer of the request associating her to the requested service. Several papers have proposed techniques to prevent this, assuming that the use of the service is considered sensitive. In this paper we investigate the more general case in which the adversary is also able to recognize traces of LBS requests by the same anonymous user, so that the identification of the issuer of one request can lead to the disclosure of the same user being in other possibly sensitive locations at different times or using sensitive ser- vices. Using the notion of "historical k-anonymity", this paper provides the first formalization of this class of privacy threats. Through extensive experiments based on realistic simulations, and runs of an optimal algorithm, we show some negative results for the defenses based on spatial generalization against these attacks under very conserva- tive assumptions. Under more realistic location knowledge assumptions, we propose two defense algorithms, based on a strategy of changing and reusing of pseudo-identifiers, whose correctness is formally proved. Our experiments show that, among all the proposed algorithms, the ProvidentHider algorithm is particularly effective in protecting privacy for reasonably long sequences of requests.
Anonymity and Historical-Anonymity in Location-Based Services
Lecture Notes in Computer Science, 2009
The problem of protecting user’s privacy in Location-Based Services (LBS) has been extensively st... more The problem of protecting user’s privacy in Location-Based Services (LBS) has been extensively studied recently and several defense techniques have been proposed. In this contribution, we first present a categorization of privacy attacks and related defenses. Then, we consider the class of defense techniques that aim at providing privacy through anonymity and in particular algorithms achieving “historical k- anonymity” in the case of the adversary obtaining a trace of requests recognized as being issued by the same (anonymous) user. Finally, we investigate the issues involved in the experimental evaluation of anonymity based defense techniques; we show that user movement simulations based on mostly random movements can lead to overestimate the privacy protection in some cases and to overprotective techniques in other cases. The above results are obtained by comparison to a more realistic simulation with an agent-based simulator, considering a specific deployment scenario.
Longitude: Centralized Privacy-Preserving Computation of Users’ Proximity
Lecture Notes in Computer Science, 2009
... Computation of Users' Proximity Sergio Mascetti, Claudio Bettini, and Dario Freni ... Fo... more ... Computation of Users' Proximity Sergio Mascetti, Claudio Bettini, and Dario Freni ... For example, Alice specifies that Bob should never be able to find out the specific building where Alice is within the campus, ie, the entire campus area is a minimal uncertainty region. ...
Pcube: A System to Evaluate and Test Privacy-Preserving Proximity Services
2010 Eleventh International Conference on Mobile Data Management, 2010
AbstractProximity services are a particular class of location-based services (LBS) in which a su... more AbstractProximity services are a particular class of location-based services (LBS) in which a subscriber is alerted when other participants (called buddies) are nearby. Existing works in the field of privacy preservation in LBS propose techniques specifically designed for this ...
Uploads
Papers by Sergio Mascetti