Dr. Reza Shokri and co-authors win IEEE Security and Privacy Test-of-Time Award

25 May 2021
The research team that won the award (from left): Assistant Professor Reza Shokri, Associate Professor George Theodorakopoulos from Cardiff University, Professor Jean-Yves Le Boudec and Professor Jean-Pierre Hubaux from École Polytechnique Fédérale de Lausanne (EPFL).

25 May 2021 – NUS Presidential Young Professor of Computer Science Reza Shokri and his co-authors have won the prestigious IEEE Security and Privacy (S&P) Test-of-Time Award 2021. The award recognises research papers that have made a broad and lasting impact on both research and practice in computer security and privacy.

Dr. Shokri and his co-authors received the award at the 42nd IEEE Symposium on Security and Privacy, the premier conference for computer security research, for their paper on “Quantifying Location Privacy”. The paper was first presented at the IEEE S&P 2011.

In the paper, the authors present a formal framework for quantifying the privacy risks of sharing location data, and evaluating the effectiveness of privacy-preserving algorithms. With the increasing usage of personal communication devices such as smartphones, various privacy threats were identified and many different protection mechanisms were introduced to mitigate the privacy risks of sharing location data.

“One of the major problems in data privacy is the quantification of privacy risk. We need a measure that enables us to assess the information leakage of a system, and a privacy test algorithm that can perform this measurement in a consistent way across a wide range of systems,” said Dr. Shokri, whose research interests include data privacy and trustworthy machine learning.

“There are many different ways in which data could be shared or exposed, and many different ways to obfuscate and protect data. So, having a unified way to quantify privacy, and a metric that correctly reflects this is undeniably very important.”

He added: “This is exactly what motivated our work, and this is the problem that this paper tries to solve for location data, which is among the most sensitive personal data with rich contextual information. It can be easily linked to your identity, it can leak information about your preferences, and your social network.”

Dr. Shokri and his co-authors – Associate Professor George Theodorakopoulos from Cardiff University, Professor Jean-Yves Le Boudec and Professor Jean-Pierre Hubaux from École Polytechnique Fédérale de Lausanne (EPFL), received the award at a virtual ceremony on 24 May.

“When we started working on this problem, there were a few proof of concept attacks showing location privacy vulnerabilities in wireless networks and some location-based services, and so many different approaches to protect location privacy, evaluated with different metrics,” explained Dr. Theodorakopoulos. “So, a major motivation for this paper was to compare all these privacy mechanisms that had been proposed. The paper presents an adversarial approach to this problem. By looking at disparate attacker objectives via a single lens, that of Bayesian inference, we were able to place them in context and notice deficiencies that some of them had. More importantly, we were able to construct a framework that can be used for the design and evaluation of new mechanisms.”

The team also developed an operational tool from their proposed framework, the Location-Privacy Meter. “Statistical inference and advanced machine learning algorithms can provide solid formal frameworks and very strong tools to apply to different settings and threat models, ranging from a distributed network to centralized architectures, in order to measure the risks of identification, data reconstruction, attribute inference, correlation, and more interestingly the combination of such attacks,” added Professor Le Boudec in the award acceptance video.

The authors explained that this framework was also applicable for risk analyses for other high-dimensional sensitive data, such as genomic and medical data.

“Protecting data privacy – location data privacy in particular – involves various computational and legal measures. We hope that our work and subsequent research can contribute to improving risk assessment procedures, for example the Data Protection Impact Assessment of the General Data Protection Regulation (GDPR),” said Professor Hubaux.

Trending Posts