Dan Liao,Hui Li,Gang Sun,Vishal Anand

DOI: https://doi.org/10.1109/glocom.2015.7417512

2015-01-01

Abstract:Preserving user location and trajectory privacy while using location-based service (LBS) is an important issue. To address this problem, we first construct three kinds of attack models that can expose a user's trajectory or path while the user is sending continuous queries to a LBS server. Then we propose the k- anonymity trajectory (KAT) algorithm, which is suitable for both single query and continuous queries. Different from existing works, the KAT algorithm selects k-1 dummy locations using the sliding widow based k- anonymity mechanism when the user is making single queries and selects k-1 dummy trajectories using the trajectory selection mechanism for continuous queries. We evaluate and validate the effectiveness of our proposed algorithm by conducting simulations for the single and continuous query scenarios.

Kexin Zhou,Jian Wang

DOI: https://doi.org/10.23919/apnoms.2019.8893014

2019-09-01

Abstract:With the development of cloud computing technology in the Internet of Things (IoT), the trajectory privacy in location-based services (LBSs) has attracted much attention. Most of the existing work adopts point-to-point and centralized models, which will bring a heavy burden to the user and cause performance bottlenecks. Moreover, previous schemes did not consider both online and offline trajectory protection and ignored some hidden background information. Therefore, in this paper, we design a trajectory protection scheme based on fog computing and k-anonymity for real-time trajectory privacy protection in continuous queries and offline trajectory data protection in trajectory publication. Fog computing provides the user with local storage and mobility to ensure physical control, and k-anonymity constructs the cloaking region for each snapshot in terms of time-dependent query probability and transition probability. In this way, two k-anonymity-based dummy generation algorithms are proposed, which achieve the maximum entropy of online and offline trajectory protection. Security analysis and simulation results indicate that our scheme can realize trajectory protection effectively and efficiently.

LIN Xin,LI Shan-ping,YANG Zhao-hui

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.12.002

2009-01-01

Abstract:K-anonymization cannot effectively protect anonymity of continuous queries in location-based service (LBS). A continuous query issuing model aimed at the problem was proposed. The model incorpo-rated a query issuing interval model and a consecutive queries relationship model. An attacking algorithm aimed at the k-anonymization algorithm was presented based on the model. The algorithm associated a series of snapshots related to continuous queries in order to calculate the probability of each user in the an-onymity-set. Then the true query sender was identified by choosing the user with the highest probability. K-anonymized queries were re-identified with different continuity arguments and cardinalities of anonymity-set. Experiments demonstrate that the algorithm has high success rate (85%)in identifying query senders when the continuous queries have strong relationship, which is 1.5 times higher than the success rate without the attacking algorithm and severely undermines the anonymity of the queries.

Ren-Hung Hwang,Yu-Ling Hsueh,Hao-Wei Chung

DOI: https://doi.org/10.1109/tsc.2013.55

IF: 11.019

2014-04-01

IEEE Transactions on Services Computing

Abstract:Location-based services (LBS) which bring so much convenience to our daily life have been intensively studied over the years. Generally, an LBS query processing can be categorized into snapshot and continuous queries which access user location information and return search results to the users. An LBS has full control of the location information, causing user privacy concerns. If an LBS provider has a malicious intention to breach the user privacy by tracking the users' routes to their destinations, it incurs a serious threat. Most existing techniques have addressed privacy protection mainly for snapshot queries. However, providing privacy protection for continuous queries is of importance, since a malicious LBS can easily obtain complete user privacy information by observing a sequence of successive query requests. In this paper, we propose a comprehensive trajectory privacy technique and combine ambient conditions to cloak location information based on the user privacy profile to avoid a malicious LBS reconstructing a user trajectory. We first propose an r-anonymity mechanism which preprocesses a set of similar trajectories R to blur the actual trajectory of a service user. We then combine k-anonymity with s road segments to protect the user's privacy. We introduce a novel time-obfuscated technique which breaks the sequence of the query issuing time for a service user to confuse the LBS so it does not know the user trajectory, by sending a query randomly from a set of locations residing at the different trajectories in R. Despite the randomness incurred from the obfuscation process for providing strong trajectory privacy protection, the experimental results show that our trajectory privacy technique maintains the correctness of the query results at a competitive computational cost.

computer science, information systems, software engineering

Wanqing Wu,Wenlong Shang,Ruohe Lei,Xin Yang

DOI: https://doi.org/10.1155/2022/8635275

2022-07-05

Wireless Communications and Mobile Computing

Abstract:With the rapid development of mobile Internet and communication technology, location-based services (LBS) are widely used in our daily life. The server stores a large amount of user location data, and these location data constitute user trajectories. If trajectory information on the server is leaked, it will seriously endanger users’ privacy. Trajectory k -anonymity technology is one of the most important methods to protect the privacy of user trajectory. However, current trajectory k -anonymity methods have less discussion on the semantic of stop point when selecting dummy trajectory, which leads to the fact that attacker can still exclude the dummy trajectory from the k -anonymity set and infer the real trajectory by combining background knowledge with the semantic information of stop points. To address this problem, this paper decomposes the real trajectory into location pairs set; the set consists of start-end points and stop points. According to the similarity of location pairs, the similar location pairs in history trajectory set are used to generate dummy trajectory: firstly, extracting the start-end points and stop points from real trajectory and assigning semantic to them. Then, based on the semantic, temporal, and geographical attributes, eligible location pairs are selected from history trajectory set to construct equivalence class. Finally, according to the location pairs in equivalence class, k − 1 dummy trajectories are generated to form a k -anonymity set. We evaluate our method thoroughly with real dataset. The results show that our method achieve an effective data availability and higher privacy protection than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Weiqi Zhang,Guisheng Yin,Yuhai Sha,Jishen Yang

DOI: https://doi.org/10.1155/2021/6691975

2021-01-01

Wireless Communications and Mobile Computing

Abstract:The rapid development of the Global Positioning System (GPS) devices and location-based services (LBSs) facilitates the collection of huge amounts of personal information for the untrusted/unknown LBS providers. This phenomenon raises serious privacy concerns. However, most of the existing solutions aim at locating interference in the static scenes or in a single timestamp without considering the correlation between location transfer and time of moving users. In this way, the solutions are vulnerable to various inference attacks. Traditional privacy protection methods rely on trusted third-party service providers, but in reality, we are not sure whether the third party is trustable. In this paper, we propose a systematic solution to preserve location information. The protection provides a rigorous privacy guarantee without the assumption of the credibility of the third parties. The user’s historical trajectory information is used as the basis of the hidden Markov model prediction, and the user’s possible prospective location is used as the model output result to protect the user’s trajectory privacy. To formalize the privacy-protecting guarantee, we propose a new definition, L&A-location region, based on k-anonymity and differential privacy. Based on the proposed privacy definition, we design a novel mechanism to provide a privacy protection guarantee for the users’ identity trajectory. We simulate the proposed mechanism based on a dataset collected in real practice. The result of the simulation shows that the proposed algorithm can provide privacy protection to a high standard.

Zhiping Xu,Jing Zhang,Pei-Wei Tsai,Liwei Lin,Chao Zhuo

DOI: https://doi.org/10.3390/s21062021

2021-03-12

Abstract:Recent years have seen the wide application of Location-Based Services (LBSs) in our daily life. Although users can enjoy many conveniences from the LBSs, they may lose their trajectory privacy when their location data are collected. Therefore, it is urgent to protect the user's trajectory privacy while providing high quality services. Trajectory k-anonymity is one of the most important technologies to protect the user's trajectory privacy. However, the user's attributes are rarely considered when constructing the k-anonymity set. It results in that the user's trajectories are especially vulnerable. To solve the problem, in this paper, a Spatiotemporal Mobility (SM) measurement is defined for calculating the relationship between the user's attributes and the anonymity set. Furthermore, a trajectory graph is designed to model the relationship between trajectories. Based on the user's attributes and the trajectory graph, the SM based trajectory privacy-preserving algorithm (MTPPA) is proposed. The optimal k-anonymity set is obtained by the simulated annealing algorithm. The experimental results show that the privacy disclosure probability of the anonymity set obtained by MTPPA is about 40% lower than those obtained by the existing algorithms while the same quality of services can be provided.

Wang Yilei,Zhou Hao,Wu Yingjie,Sun Lan

2013-01-01

Abstract:To solve the possible privacy breach in the continuous queries of location based services,an algorithm for continuous queries privacy preservation based on history trajectories was proposed.It was found that the traditional greedy algorithm for anonymizing two trajectories cannot guarantee global minimal trajectory distortions.Therefore,a dynamic programming trajectories anonymization algorithm was firstly presented,which could find out the best pairing scheme with global optimal distortions between history trajectory and base trajectory.After that,an effective trajectories anonymization algorithm for continuous queries privacy preserving was put forward.Experimental analysis was designed by comparing the algorithm in this paper and the traditional algorithms on the data quality of released trajectories.Experimental results show that the proposed algorithm in this paper is effective and feasible.

Chi-Yin Chow,Mohamed F. Mokbel

DOI: https://doi.org/10.1145/2031331.2031335

2011-08-31

ACM SIGKDD Explorations Newsletter

Abstract:The ubiquity of mobile devices with global positioning functionality (e.g., GPS and AGPS) and Internet connectivity (e.g., 3G andWi-Fi) has resulted in widespread development of location-based services (LBS). Typical examples of LBS include local business search, e-marketing, social networking, and automotive traffic monitoring. Although LBS provide valuable services for mobile users, revealing their private locations to potentially untrusted LBS service providers pose privacy concerns. In general, there are two types of LBS, namely, snapshot and continuous LBS. For snapshot LBS, a mobile user only needs to report its current location to a service provider once to get its desired information. On the other hand, a mobile user has to report its location to a service provider in a periodic or on-demand manner to obtain its desired continuous LBS. Protecting user location privacy for continuous LBS is more challenging than snapshot LBS because adversaries may use the spatial and temporal correlations in the user's location samples to infer the user's location information with higher certainty. Such user location trajectories are also very important for many applications, e.g., business analysis, city planning, and intelligent transportation. However, publishing such location trajectories to the public or a third party for data analysis could pose serious privacy concerns. Privacy protection in continuous LBS and trajectory data publication has increasingly drawn attention from the research community and industry. In this survey, we give an overview of the state-of-the-art privacy-preserving techniques in these two problems.

Shiwen Zhang,Biao Hu,Wei Liang,Kuan-Ching Li,Al-Sakib Khan Pathan

DOI: https://doi.org/10.1109/jiot.2023.3308073

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the increasing integration of Location-Based Services (LBS) into various societal domains, location privacy preservation has emerged as a pivotal concern. In most continuous LBS privacy protection approaches, the user needs to send a query to an untrusted Location Service Provider (LSP) to request the corresponding query results, and these results are discarded immediately after being used. This leads to similar queries in the future having to be sent to the LSP again, which increases the risk of privacy leakage when facing the LSP. To solve these issues, caching techniques are typically used to provide answers to users’ future queries. However, minimizing the interaction with the LSP is a challenge. Here, we propose a trajectory privacy-preserving scheme based on a transition matrix and caching (TMC) scheme for continuous LBS in the Industrial Internet of Things (IIoT). It employs multi-level caching to reduce the risk of exposing sensitive information to untrusted entities. We designed a transition matrix to predict the user’s next query location and simplify the computation complexity. We designed a cloaking set generation algorithm by considering transition entropy, location prediction, data freshness, and cache contribution degree to enhance user location privacy and improve the cache hit rate. The security analysis demonstrates how the TMC scheme resists attacks from both internal and external entities and ensures robustness in trajectory privacy. The experimental results show that the proposed TMC scheme can provide a higher level of privacy protection and lower system overhead compared to several previous schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yuan Tian,Biao Song,Miada Murad,Najla AI-Nabhan

DOI: https://doi.org/10.1504/ijsnet.2022.120275

2022-01-01

International Journal of Sensor Networks

Abstract:With the high demand for using location-based services (LBSs) in our daily lives, the privacy protection of users' trajectories has become a major concern. When users utilise LBSs, their location and trajectory information may expose their identities in continuous LBSs. Using the spatial and temporal correspondences on users' trajectories, adversaries can easily gather their private information. Using collaboration between users instead of location service providers (LSPs) reduces the chance of revealing private information to adversaries. However, there is an assumption of a trusting relationship between peers. In this paper, we propose a trustworthy collaborative trajectory privacy (TCTP) scheme, which anonymises users' trajectories and resolves the untrustworthy relationship between users based on peer-to-region LBSs. Moreover, the TCTP scheme provides query content preservation based on a fake query concept in which we conceal the user's actual query among a set of queries. The results of several experiments with different conditions confirm that our proposed scheme can protect users' trajectory privacy successfully in a trustworthy and efficient manner.

Yuan Tian,Mariya M. Kaleemullah,Mznah A. Rodhaan,Biao Song,Abdullah Al-Dhelaan,Tinghuai Ma

DOI: https://doi.org/10.1016/j.jpdc.2018.09.005

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:The natural characteristics of Location Based Services (LBS) cause potential threats to location privacy. Users need to send their current locations to get the service, which may lead to the leakage of their location privacy. An effective way to protect user’s location privacy is to use an imprecise location and send this region to the Cloud-of-things system to replace his real location. When user moves and sends continuous queries, the user needs to transmit the region to the server continuously and an attacker is able to infer the real location from the overlapping regions. In this paper, we propose a novel location privacy pre-protection method for cloud-of things system to preserve user’s trajectory privacy. User’s moving behaviors are analyzed through Mobility Markov chain. The proposed location cloaking algorithm enlarges the small area to satisfy the user’s privacy requirements, so that the location trajectory privacy in the environment of cloud-of-things system is addressed efficiently. Experimental results show the performance of our method in terms of the number of moving steps, the cloaking threshold value, in addition to the user chosen anonymity value.

Qiong Wu,Hanxu Liu,Cui Zhang,Qiang Fan,Zhengquan Li,Kan Wang

DOI: https://doi.org/10.3390/electronics8020148

IF: 2.9

2019-01-31

Electronics

Abstract:With the proliferation of the Internet-of-Things (IoT), the users’ trajectory data containing privacy information in the IoT systems are easily exposed to the adversaries in continuous location-based services (LBSs) and trajectory publication. Existing trajectory protection schemes generate dummy trajectories without considering the user mobility pattern accurately. This would cause that the adversaries can easily exclude the dummy trajectories according to the obtained geographic feature information. In this paper, the continuous location entropy and the trajectory entropy are defined based on the gravity mobility model to measure the level of trajectory protection. Then, two trajectory protection schemes are proposed based on the defined entropy metrics to protect the trajectory data in continuous LBSs and trajectory publication, respectively. Experimental results demonstrate that the proposed schemes have a higher level than the enhanced dummy-location selection (enhance-DLS) scheme and the random scheme.

engineering, electrical & electronic,computer science, information systems,physics, applied

Zhigang Yang,Ruyan Wang,Honggang Wang,Dapeng Wu

DOI: https://doi.org/10.1109/mnet.012.2000384

IF: 10.294

2022-10-19

IEEE Network

Abstract:Location-based service (LBS), with its personalized, real time, and mobile features, is one of the more popular mobile applications (apps) in the world today. However, under the centralized LBS architecture, the high dimensional trajectory data collected from LBS users are directly exposed to the central server, which entails serious privacy risks. Although existing privacy protection technologies can protect the private user trajectories to a certain extent, they often ignore the reasonable data requirements of LBS providers (e.g., data required to maintain or improve services). Focusing on the weaknesses of centralized LBS and the shortcomings of existing solutions, this article proposes a cloud edge-client collaborative trajectory privacy protection system. The system migrates LBS from the cloud to the network edge and balances privacy and utility-including service utility and data utility-with anonymous authentication, dummy location, and privacy risk evaluation mechanisms. The theoretical analysis and simulation results show that the system can effectively protect trajectory privacy under the premise of high availability of services and data, which is a significant improvement over the current LBS system.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Ling Xing,Bing Li,Lulu Liu,Yuanhao Huang,Honghai Wu,Huahong Ma,Xiaohui Zhang

DOI: https://doi.org/10.1016/j.comnet.2024.110562

IF: 5.493

2024-06-09

Computer Networks

Abstract:As Location-Based Services (LBSs) proliferate within the Social Internet of Vehicles (SIoVs), the collection and utilization of vehicle trajectories, which are rich in spatio-temporal and semantic informations, have intensified. Publishing these trajectories without adequate privacy safeguards significantly threatens user semantic trajectory privacy. Current methodologies for protecting semantic trajectory privacy do not adequately consider the similarity in query probability between sensitive and alternative semantic locations, thus undermining the efficacy of privacy protection. To address this critical gap, we introduces a novel trajectory privacy protection method based on sensitive semantic location replacement (SSLR), which strategically replaces sensitive semantic locations. This method consists of three key steps: first, semantically annotating trajectory sampling locations to identify sensitive semantic points; second, employing a unique double semicircular area to define replacement regions and selecting replacement Points of Interests (PoIs) that align in semantic attributes and query probabilities; third, reconstructing and publishing the modified trajectories. Our simulation results confirm that SSLR advances the state of the art by delivering superior performance in average recognition rate, geographic similarity, and semantic similarity compared to existing methods. Crucially, by incorporating considerations of query probability similarities, this paper not only enhances the effect of trajectory privacy protection but also preserves its utility. This dual enhancement represents a groundbreaking approach to trajectory privacy, with significant implications for advancing privacy strategies in LBSs within SIoVs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Zhen Tu,Kai Zhao,Fengli Xu,Yong Li,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/tnsm.2018.2877790

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:Nowadays, human trajectories are widely collected and utilized for scientific research and business purpose. However, publishing trajectory data without proper handling might cause severe privacy leakage. A large body of works is dedicated to merging one's trajectory with others', so as to avoid any individual trajectory being re-identified. Yet their solutions do not provide enough protection since they cannot prevent semantic attack, which means the attackers are able to acquire individual's private information by using the semantics features of frequently visited locations in the trajectory even without re-identification. In this paper, we are the first to recognize the semantic attack, which is another severe privacy problem in publishing trajectory datasets. We propose an algorithm providing strong privacy protection against both the semantic and re-identification attack while reserving high data utility. Extensive evaluations based on two real-world datasets demonstrate that our solution improves the quality of privacy protection by three times, sacrificing only 36% and 10% of spatial and temporal resolution, respectively.

Tanzima Hashem,Lars Kulik,Rui Zhang

DOI: https://doi.org/10.48550/arXiv.1104.2756

2011-04-14

Databases

Abstract:We present a novel approach that protects trajectory privacy of users who access location-based services through a moving k nearest neighbor (MkNN) query. An MkNN query continuously returns the k nearest data objects for a moving user (query point). Simply updating a user's imprecise location such as a region instead of the exact position to a location-based service provider (LSP) cannot ensure privacy of the user for an MkNN query: continuous disclosure of regions enables the LSP to follow a user's trajectory. We identify the problem of trajectory privacy that arises from the overlap of consecutive regions while requesting an MkNN query and provide the first solution to this problem. Our approach allows a user to specify the confidence level that represents a bound of how much more the user may need to travel than the actual kth nearest data object. By hiding a user's required confidence level and the required number of nearest data objects from an LSP, we develop a technique to prevent the LSP from tracking the user's trajectory for MkNN queries. We propose an efficient algorithm for the LSP to find k nearest data objects for a region with a user's specified confidence level, which is an essential component to evaluate an MkNN query in a privacy preserving manner; this algorithm is at least two times faster than the state-of-the-art algorithm. Extensive experimental studies validate the effectiveness of our trajectory privacy protection technique and the efficiency of our algorithm.

Alin Deutsch,Richard Hull,Avinash Vyas,Kevin Keliang Zhao

DOI: https://doi.org/10.48550/arXiv.1202.6677

2012-03-01

Abstract:We consider Location-based Service (LBS) settings, where a LBS provider logs the requests sent by mobile device users over a period of time and later wants to publish/share these logs. Log sharing can be extremely valuable for advertising, data mining research and network management, but it poses a serious threat to the privacy of LBS users. Sender anonymity solutions prevent a malicious attacker from inferring the interests of LBS users by associating them with their service requests after gaining access to the anonymized logs. With the fast-increasing adoption of smartphones and the concern that historic user trajectories are becoming more accessible, it becomes necessary for any sender anonymity solution to protect against attackers that are trajectory-aware (i.e. have access to historic user trajectories) as well as policy-aware (i.e they know the log anonymization policy). We call such attackers TP-aware. This paper introduces a first privacy guarantee against TP-aware attackers, called TP-aware sender k-anonymity. It turns out that there are many possible TP-aware anonymizations for the same LBS log, each with a different utility to the consumer of the anonymized log. The problem of finding the optimal TP-aware anonymization is investigated. We show that trajectory-awareness renders the problem computationally harder than the trajectory-unaware variants found in the literature (NP-complete in the size of the log, versus PTIME). We describe a PTIME l-approximation algorithm for trajectories of length l and empirically show that it scales to large LBS logs (up to 2 million users).

Databases

Jiuyun Xu,Lele Liu,Ruru Zhang,Jin Xie,Qiang Duan,Leyi Shi

DOI: https://doi.org/10.1109/access.2021.3052169

IF: 3.9

2021-01-01

IEEE Access

Abstract:Privacy protection problem is one of the most concerning issues related to Location-Based Services (LBS) in our daily life. Privacy protection of LBS often requires anonymizing customer's trajectory data. Currently available methods for trajectory anonymity often assume an entire trajectory as one anonymous unit, which may lead to low anonymity efficiency due to the massive amount of trajectory data, especially for customers travel through a long road. Considering people's routine activities, the starting and ending locations of a trip often uncover the user's request intent, which may lead to exposure of user privacy. In order to address the problem of inefficient trajectory anonymity, we propose a location privacy protection method that is based on the initial and final trajectory segmentation (IFTS) in this paper. In the IFTS method, the road network structure is first transformed into an edge cluster model based on its location type. Then, the user trajectory is divided to segments according to the temporal sequence of the ingress and egress nodes. The initial and final trajectory segments are identified and divided into equivalence classes, which then are used for constructing a trajectory graph and the corresponding k-anonymous set. Our experimental results show that the proposed method can reduce the anonymous area, improve anonymity efficiency, and enhance trajectory data utilization compared to the existing methods for trajectory anonymity.

computer science, information systems,telecommunications,engineering, electrical & electronic