nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

Quantifying Location Privacy Leakage from Transaction Prices

verfasst von : Arthur Gervais, Hubert Ritzdorf, Mario Lucic, Vincent Lenders, Srdjan Capkun

Erschienen in: Computer Security – ESORICS 2016

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are difficult to foresee. In this paper we study the impact that the prices from consumers’ purchase histories have on the consumers’ location privacy. We show that using a small set of low-priced product prices from the consumers’ purchase histories, an adversary can determine the country, city, and local retail store where the transaction occurred with high confidence. Our paper demonstrates that even when the product category, precise time of purchase, and currency are removed from the consumers’ purchase history (e.g., for privacy reasons), information about the consumers’ location is leaked. The results are based on three independent datasets containing thousands of low-priced and frequently-bought consumer products. The results show the existence of location privacy risks when releasing consumer purchase histories. As such, the results highlight the need for systems that hide transaction details in consumer purchase histories.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Information Control by Policy-Based Relational Weakening Templates

Nächstes Kapitel A Formal Treatment of Privacy in Video Data

Nur mit Berechtigung zugänglich

The area of the attacker’s interest can be restricted, e.g., when the adversary knows that its victim is somewhere in that restricted area.

For example, by only considering the locations of previous purchases.

The intermediate steps are given in the Appendix A.

We currently use a single product basket for all locations.

In the following we refer to the merchant category as merchant.

Defined as the complement of the fraction of conditional entropy over the location entropy.

\(price < 25^{th}\text {percentile} - 3 \cdot \text {interquartile range}\), and \( price > 75^{th}\text {percentile} + 3 \cdot \text {interquartile range}\).

A Face Is Exposed for AOL Searcher No. 4417749 (2006). http://www.nytimes.com/2006/08/09/technology/09aol.html

Ikea Billy Bookshelf Index, Bloomberg (2009). http://www.bloomberg.com/apps/news?pid=newsarchive&sid=a.K4T4ypP9ko

NIST/SEMATECH e-Handbook of Statistical Methods (2013). http://www.itl.nist.gov/div898/handbook/

Anonymized for review (2015)

Big Mac Index, The Economist (2015). http://www.economist.com/content/big-mac-index

Consumer panel data and retail scanner data across the United States (2015). http://research.chicagobooth.edu/nielsen/

Kaggle, Acquire Valued Shoppers Challenge (2015). https://www.kaggle.com/c/acquire-valued-shoppers-challenge

More (or Less) Brew for your Buck, Starbucks coffee price (2015). http://online.wsj.com/news/articles/SB10001424127887324048904578319783080709860

Numbeo, database of user contributed data about cities and countries worldwide (2015). http://www.numbeo.com

10.

Ripple, cryptocurrency (2015). https://ripple.com/

11.

Store-level scanner data collected at Dominick’s Finer Foods (2015). http://research.chicagobooth.edu/kilts/marketing-databases/dominicks/dataset

12.

World Population, The world bank (2015). http://data.worldbank.org/indicator/SP.POP.TOTL?order=wbapi_data_value_2009+wbapi_data_value+wbapi_data_value-first&sort=asc

13.

Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). http://eprint.iacr.org/2012/596.pdf CrossRef

14.

Androulaki, E., Karame, G.O.: Hiding transaction amounts and balances in bitcoin. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 161–178. Springer, Heidelberg (2014)

15.

Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP). IEEE (2014)

16.

Blumberg, A.J., Eckersley, P.: On locational privacy, and how to avoid losing it forever. EEF (2009)

17.

Bonneau, J., Miller, A., Clark, J., Naryanan, A., Kroll, J.A., Felten, E.W.: SoK: bitcoin and second-generation cryptocurrencies. In: IEEE Security and Privacy, May 2015

18.

Cover, T.M., Thomas, J.A.: Elements of Information Theory. John Wiley and Sons, Hoboken (2012)MATH

19.

de Montjoye, Y.-A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3 (2013)

20.

Dutta, S., Bergen, M., Levy, D.: Price flexibility in channels of distribution: evidence from scanner data. J. Econ. Dyn. control 26(11), 1845–1900 (2002)CrossRefMATH

21.

Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC 2013, pp. 127–140. ACM, New York (2013)

22.

Gervais, A., Karame, G., Capkun, S., Capkun, V.: Is bitcoin a decentralized currency? IEEE Secur. Priv. Mag. 12, 54–60 (2014)CrossRef

23.

Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, pp. 31–42. ACM (2003)

24.

Herrmann, R., Möser, A.: Price variability or rigidity in the food-retailing sector? theoretical analysis and evidence from german scanner data. Technical report (2003)

25.

Hosken, D., Reiffen, D.: Patterns of retail price variation. RAND J. Econ., 128–146 (2004)

26.

Manning, C.D., Raghavan, P., Schütze, H.: Introduction to Information Retrieval, vol. 1. Cambridge University Press, Cambridge (2008)CrossRefMATH

27.

Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)

28.

Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy, SP 2008. IEEE (2008)

29.

Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing

30.

Pass, G., Chowdhury, A., Torgeson, C.: A picture of search. In: Proceedings of the 1st International Conference on Scalable Information Systems, InfoScale 2006. ACM, New York (2006)

31.

Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system

32.

Ron, D., Shamir, A.: Quantitative analysis of the full bitcoin transaction graph (2013). http://eprint.iacr.org/2012/584.pdf

33.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009)

34.

Shokri, R., Theodorakopoulos, G., Danezis, G., Hubaux, J.-P., Le Boudec, J.-Y.: Quantifying location privacy: the case of sporadic location exposure. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 57–76. Springer, Heidelberg (2011)CrossRef

35.

Sokolova, M., Lapalme, G.: A systematic analysis of performance measures for classification tasks. Inf. Process. Manag. 45(4), 427–437 (2009)CrossRef

36.

Sweeney, L.: Simple demographics often identify people uniquely. Health (San Francisco) 671, 1–34 (2000)

37.

U.S. Census Bureau, Population Division. Annual Estimates of the Resident Population for Incorporated Places of 50,000 or More, Ranked by July 1, 2013 (2014)

38.

Voulodimos, A.S., Patrikakis, C.Z.: Quantifying privacy in terms of entropy for context aware services. Identity Inf. Soc. 2(2), 155–169 (2009)CrossRef

39.

Singh, V.K., Pentland, A.S., de Montjoye, Y.-A., Radaelli, L.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347, 536–539 (2015)CrossRef

Titel: Quantifying Location Privacy Leakage from Transaction Prices
verfasst von: Arthur Gervais
Hubert Ritzdorf
Mario Lucic
Vincent Lenders
Srdjan Capkun
Verlag: Springer International Publishing
Buch: Computer Security – ESORICS 2016
Print ISBN: 978-3-319-45740-6

Electronic ISBN: 978-3-319-45741-3

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-319-45741-3_20

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner