Abstract
Understanding pedestrian dynamics in crowded public spaces has shown to be important. Nowadays, there are widely deployed sensing infrastructures that detect Wi-Fi signals emitted by smartphones carried by people in crowds. Based on these detections, crowd-monitoring insights can be derived in the form of statistical counts, offering information such as the footfall in a location as well as crowd flows between several locations. Because detections of devices carried by individuals must be handled in the process, there are legitimate concerns regarding the privacy of those sensed individuals. There have been attempts to address these privacy concerns, but they proved to be insufficient, mostly because uniquely tracing back to individuals still remained possible.
We propose two new methods that protect the privacy-sensitive detections of individuals while still allowing the computation of statistical counts on crowds. The first method anonymizes detections on the fly, ensuring protection under what we call detection k-anonymity for all the collected data, no matter how the anonymized data is combined to address future queries. The second method relies on encoding detections into probabilistic data structures called Bloom filters (BFs), and then encrypting the resulting BFs with a homomorphic encryption (HE) scheme. As part of a multi-party cryptographic construction, HE allows performing the operations needed for computing the statistical counts directly on the encrypted data, without the ability to decrypt, revealing only the end result in the clear to the intended recipient. Furthermore, to enable granular decisions upon which detected devices are considered as part of the crowd and under the same privacy protection guarantees ensured by the combination of BFs with HE, we explore the possibility of separately counting nonstationary from stationary devices based on their frequency of detection.
We implement and extensively evaluate the proposed contributions using simulated, as well as real-world data. Our results demonstrate that highly accurate statistical counting for pedestrian dynamics is possible while privacy protection is guaranteed.
We propose two new methods that protect the privacy-sensitive detections of individuals while still allowing the computation of statistical counts on crowds. The first method anonymizes detections on the fly, ensuring protection under what we call detection k-anonymity for all the collected data, no matter how the anonymized data is combined to address future queries. The second method relies on encoding detections into probabilistic data structures called Bloom filters (BFs), and then encrypting the resulting BFs with a homomorphic encryption (HE) scheme. As part of a multi-party cryptographic construction, HE allows performing the operations needed for computing the statistical counts directly on the encrypted data, without the ability to decrypt, revealing only the end result in the clear to the intended recipient. Furthermore, to enable granular decisions upon which detected devices are considered as part of the crowd and under the same privacy protection guarantees ensured by the combination of BFs with HE, we explore the possibility of separately counting nonstationary from stationary devices based on their frequency of detection.
We implement and extensively evaluate the proposed contributions using simulated, as well as real-world data. Our results demonstrate that highly accurate statistical counting for pedestrian dynamics is possible while privacy protection is guaranteed.
Original language | English |
---|---|
Qualification | Doctor of Philosophy |
Awarding Institution |
|
Supervisors/Advisors |
|
Award date | 9 Dec 2022 |
Place of Publication | Enschede |
Publisher | |
Print ISBNs | 978-90-365-5491-6 |
DOIs | |
Publication status | Published - 9 Dec 2022 |