Xinyue Zhang,Jingyi Wang,Minglei Shu,Yinglong Wang,Miao Pan,Zhu Han

DOI: https://doi.org/10.1109/access.2018.2884516

IF: 3.9

2018-01-01

IEEE Access

Abstract:The popularity of mobile devices with global positioning system (GPS) has boosted various wireless location-based services (LBSs). Certain honest-but-curious or even dishonest LBS servers may learn the users' trajectories from location trace files, and the users' privacy can be compromised. In this paper, we propose a quantitative approach to model trajectory inference attacks via tensor voting, which can be widely applied in computer vision and machine learning as a perceptual organization. To counter the tensor voting based attacks, we propose a novel trajectory privacy preservation TPP scheme, in which LBS users will intentionally generate dummy trajectories to obfuscate LBS servers. Meanwhile, the LBS users have the option to disclose their trajectories to trustworthy parties (e.g., users' parents) by sending those parties a few more encrypted locations. Considering the power constraint of hand-held mobile devices, we mathematically formulate the trajectory privacy preservation problem into a mixed integer linear programming optimization problem and propose the algorithms for optimizing solutions. Through simulations and analysis, we show that the proposed scheme can effectively preserve LBS users' trajectory privacy against tensor voting-based inference attacks with limited power consumption.

Hua Shen,Yu Wang,Mingwu Zhang

DOI: https://doi.org/10.3390/s23249652

2023-12-06

Abstract:With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity methods just consider point similarity, which results in a large dummy trajectory space. Suppose there are n similar point sets, each consisting of m points. The size of the space is then mn. Furthermore, to choose suitable k- 1 dummy trajectories for a given real trajectory, these methods need to evaluate the similarity between each trajectory in the space and the real trajectory, leading to a large performance overhead. To address these challenges, this paper proposes a k-anonymity trajectory privacy protection method based on the similarity of sub-trajectories. This method not only considers the multidimensional similarity of points, but also synthetically considers the area between the historic sub-trajectories and the real sub-trajectories to more fully describe the similarity between sub-trajectories. By quantifying the area enclosed by sub-trajectories, we can more accurately capture the spatial relationship between trajectories. Finally, our approach generates k-1 dummy trajectories that are indistinguishable from real trajectories, effectively achieving k-anonymity for a given trajectory. Furthermore, our proposed method utilizes real historic sub-trajectories to generate dummy trajectories, making them more authentic and providing better privacy protection for real trajectories. In comparison to other frequently employed trajectory privacy protection methods, our method has a better privacy protection effect, higher data quality, and better performance.

Wanqing Wu,Wenlong Shang,Ruohe Lei,Xin Yang

DOI: https://doi.org/10.1155/2022/8635275

2022-07-05

Wireless Communications and Mobile Computing

Abstract:With the rapid development of mobile Internet and communication technology, location-based services (LBS) are widely used in our daily life. The server stores a large amount of user location data, and these location data constitute user trajectories. If trajectory information on the server is leaked, it will seriously endanger users’ privacy. Trajectory k -anonymity technology is one of the most important methods to protect the privacy of user trajectory. However, current trajectory k -anonymity methods have less discussion on the semantic of stop point when selecting dummy trajectory, which leads to the fact that attacker can still exclude the dummy trajectory from the k -anonymity set and infer the real trajectory by combining background knowledge with the semantic information of stop points. To address this problem, this paper decomposes the real trajectory into location pairs set; the set consists of start-end points and stop points. According to the similarity of location pairs, the similar location pairs in history trajectory set are used to generate dummy trajectory: firstly, extracting the start-end points and stop points from real trajectory and assigning semantic to them. Then, based on the semantic, temporal, and geographical attributes, eligible location pairs are selected from history trajectory set to construct equivalence class. Finally, according to the location pairs in equivalence class, k − 1 dummy trajectories are generated to form a k -anonymity set. We evaluate our method thoroughly with real dataset. The results show that our method achieve an effective data availability and higher privacy protection than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhen Tu,Kai Zhao,Fengli Xu,Yong Li,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/sahcn.2017.7964921

2017-01-01

Abstract:Nowadays, human trajectories are widely collected and utilized for scientific research and business purpose. However, publishing trajectory data without proper handling might cause severe privacy leakage. A large body of works are dedicated to merging one's trajectory with others', so as to avoid any individual trajectory being re-identified. Yet their solutions do not provide enough protection since they cannot prevent semantic attack, which means the attackers are able to acquire individual's private information by using the semantics features of frequently- visited locations in the trajectory even without re- identification. In this work, we are the first to recognize the semantic attack, which is another severe privacy problem in publishing trajectory datasets. We propose an algorithm providing strong privacy protection against both the semantic and re- identification attack while reserving high data utility. Extensive evaluations based on two real-world datasets demonstrate that our solution improves the quality of privacy protection by 3 times, sacrificing only 36% and 30% of spatial and temporal resolution, respectively.

Zhen Tu,Kai Zhao,Fengli Xu,Yong Li,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/tnsm.2018.2877790

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:Nowadays, human trajectories are widely collected and utilized for scientific research and business purpose. However, publishing trajectory data without proper handling might cause severe privacy leakage. A large body of works is dedicated to merging one's trajectory with others', so as to avoid any individual trajectory being re-identified. Yet their solutions do not provide enough protection since they cannot prevent semantic attack, which means the attackers are able to acquire individual's private information by using the semantics features of frequently visited locations in the trajectory even without re-identification. In this paper, we are the first to recognize the semantic attack, which is another severe privacy problem in publishing trajectory datasets. We propose an algorithm providing strong privacy protection against both the semantic and re-identification attack while reserving high data utility. Extensive evaluations based on two real-world datasets demonstrate that our solution improves the quality of privacy protection by three times, sacrificing only 36% and 10% of spatial and temporal resolution, respectively.

Zhiping Xu,Jing Zhang,Pei-Wei Tsai,Liwei Lin,Chao Zhuo

DOI: https://doi.org/10.3390/s21062021

2021-03-12

Abstract:Recent years have seen the wide application of Location-Based Services (LBSs) in our daily life. Although users can enjoy many conveniences from the LBSs, they may lose their trajectory privacy when their location data are collected. Therefore, it is urgent to protect the user's trajectory privacy while providing high quality services. Trajectory k-anonymity is one of the most important technologies to protect the user's trajectory privacy. However, the user's attributes are rarely considered when constructing the k-anonymity set. It results in that the user's trajectories are especially vulnerable. To solve the problem, in this paper, a Spatiotemporal Mobility (SM) measurement is defined for calculating the relationship between the user's attributes and the anonymity set. Furthermore, a trajectory graph is designed to model the relationship between trajectories. Based on the user's attributes and the trajectory graph, the SM based trajectory privacy-preserving algorithm (MTPPA) is proposed. The optimal k-anonymity set is obtained by the simulated annealing algorithm. The experimental results show that the privacy disclosure probability of the anonymity set obtained by MTPPA is about 40% lower than those obtained by the existing algorithms while the same quality of services can be provided.

Marco Gramaglia,Marco Fiore,Alberto Tarable,Albert Banchs

DOI: https://doi.org/10.48550/arXiv.1701.02243

2017-01-09

Computers and Society

Abstract:Mobile network operators can track subscribers via passive or active monitoring of device locations. The recorded trajectories offer an unprecedented outlook on the activities of large user populations, which enables developing new networking solutions and services, and scaling up studies across research disciplines. Yet, the disclosure of individual trajectories raises significant privacy concerns: thus, these data are often protected by restrictive non-disclosure agreements that limit their availability and impede potential usages. In this paper, we contribute to the development of technical solutions to the problem of privacy-preserving publishing of spatiotemporal trajectories of mobile subscribers. We propose an algorithm that generalizes the data so that they satisfy $k^{\tau,\epsilon}$-anonymity, an original privacy criterion that thwarts attacks on trajectories. Evaluations with real-world datasets demonstrate that our algorithm attains its objective while retaining a substantial level of accuracy in the data. Our work is a step forward in the direction of open, privacy-preserving datasets of spatiotemporal trajectories.

Xumeng Wang,Tianlong Gu,Xiaonan Luo,Xiwen Cai,Tianyi Lao,Wenlong Chen,Yingcai Wu,Jinhui Yu,Wei Chen

DOI: https://doi.org/10.1109/tits.2018.2875021

IF: 8.5

2019-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Visual analysis is widely applied to study human mobility due to the ability of integrating contextual information from multiple data sources. Analyzing trajectory data through visualization improves the efficiency and accuracy of the analysis, yet it may induce exposure of the location privacy. To balance the location privacy and analysis effectiveness, this work focuses on the behaviors of different geo-based contexts in the process of trajectory interpretation. Three types of geo-based contexts are identified after surveying 94 related literatures. We further conduct experiments to investigate their capability by evaluating how they benefit the analysis, and whether they lead to location privacy exposure. Finally, we report and discuss interesting findings, and provide guidelines to the design of privacy-preserving analysis approaches for human periodic trajectories.

Kaixin Sui,Youjian Zhao,Dapeng Liu,Minghua Ma,Lei Xu,Li Zimu,Dan Pei

DOI: https://doi.org/10.1109/iwqos.2016.7590444

2016-01-01

Abstract:The enterprise Wi-Fi networks enable the collection of large-scale users' mobility information at an indoor level. The collected trajectory data is very valuable for both research and commercial purposes, but the use of the trajectory data also raises serious privacy concerns. A large body of work tries to achieve k-anonymity (hiding each user in an anonymity set no smaller than k) as the first step to solve the privacy problem. Yet it has been qualitatively recognized that k-anonymity is still risky when the diversity of the sensitive information in the k-anonymity set is low. There, however, still lacks a study that provides a quantitative understanding of that risk in the trajectory dataset. In this work, we present a large-scale measurement based analysis of the low-diversity risk over four weeks of trajectory data collected from Tsinghua, a campus that covers an area of 4 km 2 , on which 2,670 access points are deployed in 111 buildings. Using this dataset, we highlight the high risk of the low diversity. For example, we find that even when 5-anonymity is satisfied, the sensitive attributes of 25% of individuals can be easily guessed. We also find that although a larger k increases the size of anonymity sets, the corresponding improvement on the diversity of anonymity sets is very limited (decayed exponentially). These results suggest that diversity-oriented solutions are necessary.

Huandong Wang,Yong Li,Chen Gao,Gang Wang,Xiaoming Tao,Depeng Jin

DOI: https://doi.org/10.1109/tmc.2019.2952774

IF: 6.075

2021-03-01

IEEE Transactions on Mobile Computing

Abstract:Human mobility trajectories are increasingly collected by ISPs to assist academic research and commercial applications. Meanwhile, there is a growing concern that individual trajectories can be de-anonymized when the data is shared, using information from external sources (e.g., online social networks). To understand this risk, prior works either estimate the theoretical privacy bound or simulate de-anonymization attacks on synthetically created datasets. However, it is not clear how well the theoretical estimations are preserved in practice. In this article, we collected a large-scale ground-truth trajectory dataset from 2,161,500 users of a cellular network, and two matched external trajectory datasets from a large social network (56,683 users) and a check-in/review service (45,790 users) on the same user population. The two sets of large ground-truth data provide a rare opportunity to extensively evaluate a variety of de-anonymization algorithms (nine in total). We find that their performance in the real-world dataset is far from the theoretical bound. Further analysis shows that most algorithms have under-estimated the impact of spatio-temporal mismatches between the data from different sources, and the high sparsity of user generated data also contributes to the under-performance. Based on these insights, we propose four new algorithms that are specially designed to tolerate spatial or temporal mismatches (or both) and model location contexts and time contexts. Extensive evaluations show that our algorithms achieve more than 17 percent performance gain over the best existing algorithms, confirming our insights. Further, we propose two new location-privacy preserving mechanisms utilizing the spatio-temporal mismatches to better protect users' privacy against the de-anonymization attack. Evaluation results show that our proposed mechanisms can reduce the performance of de-anonymization attacks by over 8.0 percent, demonstrating the effectivene-s of our insights.

computer science, information systems,telecommunications

Kai Zhao,Zhen Tu,Fengli Xu,Yong Li,Pengyu Zhang,Dan Pei,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/tnsm.2019.2907542

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:Trajectory data has been widely collected via mobile devices and publicly released for academic research and commercial purposes. One primary concern of publishing such a dataset is the privacy issue. Previous protection schemes mainly focus on preventing re-identification attack, which utilizes the uniqueness of trajectories. However, the correlation between trajectories, which has not been given much attention to before, could also give rise to serious privacy leakage. Recent studies have proved that it is possible to identify social relationship, de-anonymize trajectories or even infer user’s locations by analyzing the correlation between users’ trajectories. We identify the serious privacy problem of social relationship leakage caused by what we call social relationship attack and aim to protect social relationship information, which cannot be protected by existing algorithms. We contribute to the design of a new privacy model and an effective system to deal with social relationship attack and re-identification attack simultaneously while maintaining high data utility. We propose a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SlidingWindow</italic> algorithm to merge trajectories according to their <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">social-aware distance</italic> , which concerns both the spatiotemporal distance and social proximity. Evaluations of two trajectory datasets under different scenarios demonstrate that our system provides more than 1.84 times privacy protection at the cost of only 2.5% data utility loss.

Haiming Wang,Zhikun Zhang,Tianhao Wang,Shibo He,Michael Backes,Jiming Chen,Yang Zhang

DOI: https://doi.org/10.48550/arXiv.2210.00581

2023-01-01

Abstract:Publishing trajectory data (individual's movement information) is very useful, but it also raises privacy concerns. To handle the privacy concern, in this paper, we apply differential privacy, the standard technique for data privacy, together with Markov chain model, to generate synthetic trajectories. We notice that existing studies all use Markov chain model and thus propose a framework to analyze the usage of the Markov chain model in this problem. Based on the analysis, we come up with an effective algorithm PrivTrace that uses the first-order and second-order Markov model adaptively. We evaluate PrivTrace and existing methods on synthetic and real-world datasets to demonstrate the superiority of our method.

Hua Wang

DOI: https://doi.org/10.48550/arXiv.2212.06600

2022-12-13

Cryptography and Security

Abstract:The current trajectory privacy protection technology only considers the temporal and spatial attributes of trajectory data, but ignores the social attributes. However, there is an intrinsic relationship between social attributes and human activity trajectories, which brings new challenges to trajectory privacy protection, making existing trajectory privacy protection technologies unable to resist trajectory privacy attacks based on social attributes. To this end, this paper first studies the social privacy attack in the trajectory data, builds a social privacy attack model based on the fusion of "space-time" features, and reveals the internal impact of the spatial and temporal features in the trajectory data on social privacy leaks. -Anonymous algorithm and trajectory release privacy protection provide theoretical support. On this basis, integrate social attributes into trajectory privacy protection technology, design trajectory k-anonymity algorithm based on "space-time-social" three-dimensional mobile model, and construct trajectory data based on "space-time-social-semantic" multi-dimensional correlation Publish privacy-preserving models.

Qilong Han,Qianqian Chen,Kejia Zhang,Xiaojiang Du,Nadra Guizani

DOI: https://doi.org/10.48550/arXiv.1804.02052

2018-04-05

Cryptography and Security

Abstract:Collection of user's location and trajectory information that contains rich personal privacy in mobile social networks has become easier for attackers. Network traffic control is an important network system which can solve some security and privacy problems. In this paper, we consider a network traffic control system as a trusted third party and use differential privacy for protecting more personal trajectory data. We studied the influence of the high dimensionality and sparsity of trajectory data sets based on the availability of the published results. Based on similarity point aggregation reconstruction ideas and a prefix tree model, we proposed a hybrid publishing method of differential privacy spatiotemporal trajectory data sets APTB.

Tanzima Hashem,Lars Kulik,Rui Zhang

DOI: https://doi.org/10.48550/arXiv.1104.2756

2011-04-14

Databases

Abstract:We present a novel approach that protects trajectory privacy of users who access location-based services through a moving k nearest neighbor (MkNN) query. An MkNN query continuously returns the k nearest data objects for a moving user (query point). Simply updating a user's imprecise location such as a region instead of the exact position to a location-based service provider (LSP) cannot ensure privacy of the user for an MkNN query: continuous disclosure of regions enables the LSP to follow a user's trajectory. We identify the problem of trajectory privacy that arises from the overlap of consecutive regions while requesting an MkNN query and provide the first solution to this problem. Our approach allows a user to specify the confidence level that represents a bound of how much more the user may need to travel than the actual kth nearest data object. By hiding a user's required confidence level and the required number of nearest data objects from an LSP, we develop a technique to prevent the LSP from tracking the user's trajectory for MkNN queries. We propose an efficient algorithm for the LSP to find k nearest data objects for a region with a user's specified confidence level, which is an essential component to evaluate an MkNN query in a privacy preserving manner; this algorithm is at least two times faster than the state-of-the-art algorithm. Extensive experimental studies validate the effectiveness of our trajectory privacy protection technique and the efficiency of our algorithm.

Yan Dai,Jie Shao,Chengbo Wei,Dongxiang Zhang,Heng Tao Shen

DOI: https://doi.org/10.1007/s11280-017-0489-2

2017-08-26

World Wide Web

Abstract:Trajectory data gathered by mobile positioning techniques and location-aware devices contain plenty of sensitive spatial-temporal and semantic information, and can support many applications through data analysing and mining. However, attribute-linkage and re-identification attacks on such data may cause privacy leakage, and lead to unexpected serious consequences. Existing privacy preserving techniques for trajectory data often ignore the different privacy requirements of different moving objects or largely scarify the availability of trajectory data. In view of these issues, we propose an effective personalized trajectory privacy preserving method which can strike a good balance between user-defined privacy requirement and data availability in off-line trajectory publishing scenario. The main idea is to firstly label semantic attributes of all sampling points on the trajectory and build a corresponding taxonomy tree, next extract sensitive stop points, then for different types of sensitive stop points, adopt different strategies to select the appropriate points of user interests to replace while considering user speed and avoiding reverse mutation, and finally publish the reconstructed trajectory. Besides, to make our method more realistic we further consider possible obstacles appeared in the user space environment. In the experiments, average identification possibility, trajectory semantic consistency and trajectory shape similarity are taken as evaluation criteria, and the performance of our method is comprehensively evaluated. The results show that our method can improve the user trajectory availability as much as possible, while effectively achieving the different trajectory privacy requirements.

Xiaodong Zhao,Dechang Pi,Junfu Chen

DOI: https://doi.org/10.1016/j.eswa.2020.113241

IF: 8.5

2020-07-01

Expert Systems with Applications

Abstract:With the development of location-aware technology, a large amount of location data of users is collected by the trajectory database. If these trajectory data are directly used for data mining without being processed, it will pose a threat to the user's personal privacy. At the moment, differential privacy is favored by experts and scholars because of its strict mathematical rigor, but how to apply differential privacy technology to trajectory clustering analysis is a difficult problem. To solve the problems in which existing trajectory privacy-preserving models have poor data availability or difficulty to resist complex privacy attacks, we devise novel trajectory privacy-preserving method based on clustering using differential privacy. More specifically, Laplacian noise is added to the count of trajectory location in the cluster to resist the continuous query attack. Then, radius-constrained Laplacian noise is added to the trajectory location data in the cluster to avoid too much noise affecting the clustering effect. According to the noise location data and the count of noise location, the noise clustering center in the cluster is obtained. Finally, it is considered that the attacker can associate the user trajectory with other information to form secret reasoning attack, and secret reasoning attack model is proposed. And we use the differential privacy technology to give corresponding resistance. Experimental results using the open data show that the proposed algorithm can not only effectively protect the private information of the trajectory data, but also ensure the data availability in cluster analysis. And compared with other algorithms, our algorithm has good effect on some evaluation indicators.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Fengmei Jin,Wen Hua,Boyu Ruan,Xiaofang Zhou

DOI: https://doi.org/10.48550/arXiv.2207.03722

2022-07-08

Databases

Abstract:With the popularity of GPS-enabled devices, a huge amount of trajectory data has been continuously collected and a variety of location-based services have been developed that greatly benefit our daily life. However, the released trajectories also bring severe concern about personal privacy, and several recent studies have demonstrated the existence of personally-identifying information in spatial trajectories. Trajectory anonymization is nontrivial due to the trade-off between privacy protection and utility preservation. Furthermore, recovery attack has not been well studied in the current literature. To tackle these issues, we propose a frequency-based randomization model with a rigorous differential privacy guarantee for trajectory data publishing. In particular, we introduce two randomized mechanisms to perturb the local/global frequency distributions of significantly important locations in trajectories by injecting Laplace noise. We design a hierarchical indexing along with a novel search algorithm to support efficient trajectory modification, ensuring the modified trajectories satisfy the perturbed distributions without compromising privacy guarantee or data utility. Extensive experiments on a real-world trajectory dataset verify the effectiveness of our approaches in resisting individual re-identification and recovery attacks and meanwhile preserving desirable data utility as well as the feasibility in practice.

Qilong Han,Dan Lu,Kejia Zhang,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.48550/arXiv.1804.01818

2018-04-05

Cryptography and Security

Abstract:In recent years, with the continuous development of significant data industrialization, trajectory data have more and more critical analytical value for urban construction and environmental monitoring. However, the trajectory contains a lot of personal privacy, and rashly publishing trajectory data set will cause serious privacy leakage risk. At present, the privacy protection of trajectory data mainly uses the methods of data anonymity and generalization, without considering the background knowledge of attackers and ignores the risk of adjacent location points may leak sensitive location points. In this paper, based on the above problems, combined with the location correlation of trajectory data, we proposed a plausible replacement method. Firstly, the correlation of trajectory points is proposed to classify the individual trajectories containing sensitive points. Then, according to the relevance of location points and the randomized response mechanism, a reasonable candidate set is selected to replace the sensitive points in the trajectory to satisfy the local differential privacy. Theoretical and experimental results show that the proposed method not only protects the sensitive information of individuals, but also does not affect the overall data distribution.

Ren-Hung Hwang,Yu-Ling Hsueh,Hao-Wei Chung

DOI: https://doi.org/10.1109/tsc.2013.55

IF: 11.019

2014-04-01

IEEE Transactions on Services Computing

Abstract:Location-based services (LBS) which bring so much convenience to our daily life have been intensively studied over the years. Generally, an LBS query processing can be categorized into snapshot and continuous queries which access user location information and return search results to the users. An LBS has full control of the location information, causing user privacy concerns. If an LBS provider has a malicious intention to breach the user privacy by tracking the users&#x27; routes to their destinations, it incurs a serious threat. Most existing techniques have addressed privacy protection mainly for snapshot queries. However, providing privacy protection for continuous queries is of importance, since a malicious LBS can easily obtain complete user privacy information by observing a sequence of successive query requests. In this paper, we propose a comprehensive trajectory privacy technique and combine ambient conditions to cloak location information based on the user privacy profile to avoid a malicious LBS reconstructing a user trajectory. We first propose an r-anonymity mechanism which preprocesses a set of similar trajectories R to blur the actual trajectory of a service user. We then combine k-anonymity with s road segments to protect the user&#x27;s privacy. We introduce a novel time-obfuscated technique which breaks the sequence of the query issuing time for a service user to confuse the LBS so it does not know the user trajectory, by sending a query randomly from a set of locations residing at the different trajectories in R. Despite the randomness incurred from the obfuscation process for providing strong trajectory privacy protection, the experimental results show that our trajectory privacy technique maintains the correctness of the query results at a competitive computational cost.

computer science, information systems, software engineering