privkit.attacks sub-package#

class privkit.attacks.Attack#

Bases: ABC

Attack is an abstract class for a generic attack. Defines methods common to all attacks. Provides a general function to execute the attack. Requires the definition of the ATTACK_ID, ATTACK_NAME, ATTACK_INFO, ATTACK_REF, DATA_TYPE_ID (of the data types this attack can be applied to), and METRIC_ID (of the metrics that can be used to assess this attack).

property ATTACK_ID: str#

Identifier of the attack

property ATTACK_INFO: str#

Information about the attack and how it works

property ATTACK_NAME: str#

Name of the attack

property ATTACK_REF: str#

Reference to the work that proposes this attack

property DATA_TYPE_ID: List[str]#

Identifiers of the data types that the attack is applied to

property METRIC_ID: List[str]#

Identifiers of the metrics that can be used to assess the attack

abstract execute(*args)#

Executes the attack mechanism. This is specific to the attack

class privkit.attacks.HW(epsilon: float)#

Bases: Attack

Class to execute the HW attack.

References

R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, “Protecting location privacy: optimal strategy against localization attacks,” in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 617–627, 2012.

ATTACK_ID = 'hw'#
ATTACK_INFO = 'HW is a mechanism that given the matrix f(z|...), multiplies it by the given mobility profileand then normalizes it, calculating the posterior. Then computes the geometric median with the posterior calculated returning the adversary estimation.'#
ATTACK_NAME = 'HW'#
ATTACK_REF = 'R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, “Protecting location privacy: optimal strategy against localization attacks,” in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 617–627, 2012.'#
DATA_TYPE_ID = ['location_data']#
METRIC_ID = ['adv_error']#
static compute_dist(geo_median_i: [<class 'float'>, <class 'float'>], grid_map_centers: [[<class 'float'>, <class 'float'>]])#

Computes distance

Parameters:

  • geo_median_i ([float, float]) – geometric median at the i-th iteration

  • grid_map_centers ([[float, float]]) – center coordinates of grid map cells

Returns:

distance between the geometric median with every cell center

compute_geometric_median(unfiltered_probabilities: [<class 'float'>], unfiltered_values: [[<class 'float'>, <class 'float'>]])#

Computes the geometric median, which will be the adversary estimation at a certain query

Parameters:

  • unfiltered_probabilities ([float]) – adversary priori knowledge about the user

  • unfiltered_values ([[float, float]]) – center coordinates of grid map cells

Returns:

geometric median

execute(location_data: ~privkit.data.location_data.LocationData, mobility_profile: [<class 'float'>])#

Executes the HW attack

Parameters:

  • location_data (privkit.LocationData) – data where OptimalHW will be performed

  • mobility_profile ([float]) – priori knowledge build with a portion of the dataset

Returns:

location data updated with adversary estimation

execute_attack(f: [<class 'float'>], mobility_profile: [<class 'float'>], grid: ~privkit.utils.discrete_utils.GridMap)#

Executes the HW attack at a point

Parameters:

  • f ([float]) – LPPM function

  • mobility_profile ([float]) – priori knowledge build with a portion of the dataset

  • grid (privkit.GridMap) – map discretization

Returns:

adversary estimation

class privkit.attacks.MapMatching(G: MultiDiGraph, sigma: float | None = None, measurement_errors: List | None = None, error_range: float | None = None, scalar: float = 4, lambda_y: float = 0.69, lambda_z: float = 13.35)#

Bases: Attack

Class to execute a Map-Matching attack based on papers [1,2].

References

[1] Newson, P., & Krumm, J. (2009, November). Hidden Markov map matching through noise andsparseness. In Proceedings of the 17th ACM SIGSPATIAL international conference on advances in geographic information systems (pp. 336-343). [2] Jagadeesh, G. R., & Srikanthan, T. (2017). Online map-matching of noisy and sparse location data with hidden Markov and route choice models. IEEE Transactions on Intelligent Transportation Systems, 18(9), 2423-2434.

ATTACK_ID = 'map_matching'#
ATTACK_INFO = 'Map-Matching is a mechanism that allows to continuously identify the position of a vehicle on a road network, given noisy location readings.'#
ATTACK_NAME = 'Map-Matching'#
ATTACK_REF = 'Jagadeesh, G. R., & Srikanthan, T. (2017). Online map-matching of noisy and sparse location data with hidden Markov and route choice models. IEEE Transactions on Intelligent Transportation Systems, 18(9), 2423-2434.'#
DATA_TYPE_ID = ['location_data']#
METRIC_ID = ['adv_error', 'f1_score_mm']#
compute_circuitousness(delta_t: float, previous_state: State, current_state: State, minimum_travel_time_path: List) float#

Computes the circuitousness for the optimal path between s_t-1,j and st_k

Parameters:

  • delta_t (float) – time interval between time steps t-1 and t (in seconds)

  • previous_state (State) – state of the time step t-1

  • current_state (State) – state of the time step t

  • minimum_travel_time_path (List) – minimum-travel-time path between the given states

Returns:

circuitousness value

compute_lambdas(observations: dict) [List[float], List[float]]#

Computes the circuitousness and temporal implausibility to estimate lambdas parameters

Parameters:

observations (dict) – Dict of the observations

Returns:

estimated lambda_y and lambda_z

static compute_temporal_implausibility(delta_t: float, free_flow_travel_time: float) float#

Computes the temporal implausibility for the optimal path between s_t-1,j and st_k

Parameters:

  • delta_t (float) – time interval between time steps t-1 and t (in seconds)

  • free_flow_travel_time (float) – free-flow travel time of the optimal path (in seconds)

Returns:

temporal implausibility (in seconds)

compute_transition_probability(previous_state: State, current_state: State) float#

Computes the transition probability between the previous state and the current state

Parameters:

  • previous_state (State) – state of the time step t-1

  • current_state (State) – state of the time step t

Returns:

transition probability value

execute(location_data: LocationData, estimation: bool = False, data_processing: bool = False)#

Executes the Map-Matching attack. If estimation is True, it executes the estimation of lambdas parameters

Parameters:

  • location_data (privkit.LocationData) – data where Map-Matching will be performed

  • estimation (bool) – boolean to specify if it executes the lambdas estimation. By default, estimation = False

  • data_processing (bool) – boolean to specify if it should be applied as a data processing mechanism. By default, it is False

Returns:

(if estimation is False) data updated with the MM estimation and MM state (if estimation is True) lambda_y and lambda_z are returned

static find_convergence_point(t: int, states: List, back_pointers: dict, time_of_convergence: int) [<class 'int'>, typing.List]#

Finds a convergence point

Parameters:

  • t (int) – represents the timestamp

  • states (List) – list of states

  • back_pointers (dict) – dictionary of back pointers

  • time_of_convergence (int) – current time of convergence

Returns:

timestamp and list of states

static lambdas_estimation(estimated_lambda_y: List[float], estimated_lambda_z: List[float]) [<class 'float'>, <class 'float'>]#

Computes the estimation of the lambdas parameters

Parameters:

  • estimated_lambda_y (List) – list of estimated lambda_y

  • estimated_lambda_z (List) – list of estimated lambda_z

Returns:

estimation of lambda_y and lambda_z

online_viterbi_decoder(t: int, states: List, back_pointers: dict, time_of_convergence: int, last: bool = False) [<class 'int'>, typing.List]#

Computes the online viterbi decoder

Parameters:

  • t (int) – represents the timestamp

  • states (List) – list of states

  • back_pointers (dict) – dictionary of back pointers

  • time_of_convergence (int) – current time of convergence

  • last (bool) – boolean that specifies if it is the last timestamp

Returns:

current time of convergence and current solution

static sigma_estimation(location_data: LocationData) [<class 'float'>, typing.List[float]]#

Estimates the sigma value given the location data with ground truth and test data

Parameters:

location_data (privkit.LocationData) – location data used as ground truth

Returns:

value of sigma and list of measurement errors between ground truth and test data

viterbi(t: int, observations: dict, back_pointers: dict, joint_probability: dict, time_of_convergence: int, number_of_observations: int) [<class 'int'>, typing.List]#

Computes the viterbi algorithm

Parameters:

  • t (int) – represents the timestamp

  • observations (dict) – dictionary of the observations

  • back_pointers (dict) – dictionary of back pointers

  • joint_probability (dict) – dictionary of joint probability

  • time_of_convergence (int) – current time of convergence

  • number_of_observations (int) – total number of observations

Returns:

current time of convergence and current solution

class privkit.attacks.OmniHW(epsilon: float)#

Bases: Attack

Class to execute the OmniHW attack.

References

R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, “Protecting location privacy: optimal strategy against localization attacks,” in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 617–627, 2012.

ATTACK_ID = 'omniHW'#
ATTACK_INFO = 'OmniHW is a mechanism that uses the HW attack using the mobility profile resulting from test data.'#
ATTACK_NAME = 'OmniHW'#
ATTACK_REF = 'R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, “Protecting location privacy: optimal strategy against localization attacks,” in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 617–627, 2012.'#
DATA_TYPE_ID = ['location_data']#
METRIC_ID = ['adv_error']#
execute(location_data: LocationData)#

Executes the OmniHW attack

Parameters:

location_data (privkit.LocationData) – data where OmniHW will be performed

Returns:

location data updated with adversary guess

class privkit.attacks.OptimalHW(epsilon: float)#

Bases: Attack

Class to execute the OptimalHW attack.

References

R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, “Protecting location privacy: optimal strategy against localization attacks,” in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 617–627, 2012.

ATTACK_ID = 'optHW'#
ATTACK_INFO = 'OptHW is a mechanism that uses the HW attack using the mobility profile resulting from train data.'#
ATTACK_NAME = 'OptHW'#
ATTACK_REF = 'R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, “Protecting location privacy: optimal strategy against localization attacks,” in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 617–627, 2012.'#
DATA_TYPE_ID = ['location_data']#
METRIC_ID = ['adv_error']#
execute(location_data: LocationData)#

Executes the OptimalHW attack

Parameters:

location_data (privkit.LocationData) – data where OptimalHW will be performed

Returns:

location data updated with adversary guess

class privkit.attacks.PEBA(epsilon: float, Niter_ML_max: int = 50, tolerance_ML: float = 0.005)#

Bases: Attack

Class to execute the PEBA attack.

References

S. Oya, C. Troncoso, and F. Pérez-González, “Rethinking location privacy for unknown mobility behaviors,” in 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 416–431, IEEE, 2019.

ATTACK_ID = 'peba'#
ATTACK_INFO = 'PEBA is a mechanism that first computes the Maximum Likelihood Estimator of the mobility profileusing all the f(z|...) collected and then uses OptimalHW to return the adversary estimation.'#
ATTACK_NAME = 'Profile-Estimation-Based-Attack'#
ATTACK_REF = 'S. Oya, C. Troncoso, and F. Pérez-González, “Rethinking location privacy for unknown mobility behaviors, in 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 416–431, IEEE, 2019. '#
DATA_TYPE_ID = ['location_data']#
METRIC_ID = ['adv_error', 'f1_score_mm']#
execute(location_data: LocationData)#

Executes the PEBA attack

Parameters:

location_data (privkit.LocationData) – data where OptimalHW will be performed

Returns:

location data updated with adversary guess

execute_attack(f: [[<class 'float'>]], mobility_profile: [<class 'float'>], grid: ~privkit.utils.discrete_utils.GridMap)#

Executes the PEBA attack at a point

Parameters:

  • f ([[float]]) – LPPM function

  • mobility_profile ([float]) – priori knowledge build with a portion of the dataset

  • grid (privkit.GridMap) – map discretization

Returns:

adversary estimation

get_profile_MLE(f: [[<class 'float'>]], mobility_profile: [<class 'float'>])#

Computes the Maximum Likelihood Estimator (MLE) of the mobility profile

Parameters:

  • f ([[float]]) – LPPM function

  • mobility_profile ([float]) – priori knowledge build with a portion of the dataset

Returns:

updated mobility profile

static update(f: [[<class 'float'>]], pi_MLE: [<class 'float'>])#

Updates the Maximum Likelihood Estimator of the mobility profile

Parameters:

  • f ([[float]]) – LPPM function

  • pi_MLE ([float]) – approximation of the Maximum Likelihood Estimator of the mobility profile

Returns:

updated Maximum Likelihood Estimator of the mobility profile

class privkit.attacks.TopN(N: int, over_grid: bool = False, over_ppm: bool = False, ordered: bool = True)#

Bases: Attack

The Top-N Attack is a re-identification attack, i.e, verifies if a user is re-identifiable considering the top locations. It first generates a map that associates users to their top locations, i.e. the N most visited locations. Then it verifies if the top locations for a given user is unique, i.e. a user is considered re-identifiable if no users share the same top.

References

H. Zang and J. Bolot, “Anonymization of location data does not work: A large-scale measurement study,” in Proceedings of the 17th annual international conference on Mobile computing and networking, pp. 145–156, 2011.

ATTACK_ID = 'topN'#
ATTACK_INFO = 'TopN is a mechanism that associates individuals to their Nth most visited locations and tries tore-identify them considering those locations.'#
ATTACK_NAME = 'TopN'#
ATTACK_REF = 'H. Zang and J. Bolot, “Anonymization of location data does not work: A large-scale measurement study, in Proceedings of the 17th annual international conference on Mobile computing and networking, pp. 145–156, 2011.'#
DATA_TYPE_ID = ['location_data']#
METRIC_ID = ['re-identification']#
build_top_map(location_data: LocationData, latitude_index: str, longitude_index: str)#

Computes the map that associates users to their top locations

Parameters:

  • location_data (privkit.LocationData) – location data where the attack is being applied

  • latitude_index (str) – ground-truth latitude index or obfuscated latitude index

  • longitude_index (str) – ground-truth longitude index or obfuscated longitude index

Returns:

dictionary that associates userIDs to their top locations

execute(location_data: LocationData)#

Executes the TopN attack

Parameters:

location_data (privkit.LocationData) – data where TopN will be performed

Returns:

dictionary that associates userIDs to boolean - whether the user was successfully re-identified or not