Protecting Privacy in Crowd Monitoring: My Work on Attack Models

I’m excited to share some insights into a recent research project I’ve been involved in, focusing on privacy-aware crowd monitoring. Our work, titled “Privacy-aware Publication of Wi-Fi Sensor Data for Crowd Monitoring and Tourism Analytics,” was recently presented at the ACM SIGSPATIAL International Workshop on Geo-Privacy and Data Utility for Smart Societies (GeoPrivacy ’23). You can find the full paper here: https://dl.acm.org/doi/10.1145/3615889.3628513  

The Challenge of Privacy-Preserving Crowd Monitoring

Crowd monitoring is becoming increasingly important for various applications, such as managing urban spaces, optimizing traffic flow, and understanding tourism patterns. However, traditional methods like camera-based solutions or tracking mobile devices raise significant privacy concerns. Our project aimed to explore alternative approaches that could provide accurate crowd estimations without compromising individual privacy.  

My Focus: Understanding and Mitigating Attack Models

Within this project, I specifically focused on the identification and analysis of potential attack models that could exploit vulnerabilities in anonymized Wi-Fi probe data. By understanding how malicious actors might attempt to re-identify or track individuals, we could develop robust data protection strategies to mitigate these risks.  

Key Attack Models Investigated:

 

• • Device Fingerprinting: Even when MAC addresses are randomized or hashed, attackers can potentially identify devices based on unique characteristics present in probe requests.  

• • Preferred Network List (PNL) Exploitation: Probe requests often contain information about previously connected networks (SSIDs), which could reveal sensitive location data.  

Developing a Technical Data Protection Concept

Based on the identified attack models, I contributed to the development of a comprehensive Technical Data Protection Concept. This concept involved a two-stage approach:  

 

1. 1. Basic Measures: Implemented directly on the Wi-Fi sensors, these measures include hashing MAC addresses, avoiding collection of sensitive data like SSIDs, and strategic sensor placement to minimize tracking risks.  

1. 1. Application-Specific Anonymization: Further anonymization techniques are applied before data publication, such as removing static devices and filtering periods with low activity.