Lin Yao,Chi Lin,Xiangwei Kong,Feng Xia,Guowei Wu

DOI: https://doi.org/10.1109/GreenCom-CPSCom.2010.109

2010-01-01

Abstract:In pervasive computing environments, Location-Based Services (LBSs) are becoming increasingly important due to continuous advances in mobile networks and positioning technologies. Nevertheless, the wide deployment of LBSs can jeopardize the location privacy of mobile users. Consequently, providing safeguards for location privacy of mobile users against being attacked is an important research issue. In this paper a new scheme for safeguarding location privacy is proposed. Our approach supports location K-anonymity for a wide range of mobile users with their own desired anonymity levels by clustering. The whole area of all users is divided into clusters recursively in order to get the Minimum Bounding Rectangle (MBR). The exact location information of a user is replaced by his MBR. Privacy analysis shows that our approach can achieve high resilience to location privacy threats and provide more privacy than users expect. Complexity analysis shows clusters can be adjusted in real time as mobile users join or leave. Moreover, the clustering algorithms possess strong robustness.

Wanqing Wu,Wenlong Shang,Ruohe Lei,Xin Yang

DOI: https://doi.org/10.1155/2022/8635275

2022-07-05

Wireless Communications and Mobile Computing

Abstract:With the rapid development of mobile Internet and communication technology, location-based services (LBS) are widely used in our daily life. The server stores a large amount of user location data, and these location data constitute user trajectories. If trajectory information on the server is leaked, it will seriously endanger users’ privacy. Trajectory k -anonymity technology is one of the most important methods to protect the privacy of user trajectory. However, current trajectory k -anonymity methods have less discussion on the semantic of stop point when selecting dummy trajectory, which leads to the fact that attacker can still exclude the dummy trajectory from the k -anonymity set and infer the real trajectory by combining background knowledge with the semantic information of stop points. To address this problem, this paper decomposes the real trajectory into location pairs set; the set consists of start-end points and stop points. According to the similarity of location pairs, the similar location pairs in history trajectory set are used to generate dummy trajectory: firstly, extracting the start-end points and stop points from real trajectory and assigning semantic to them. Then, based on the semantic, temporal, and geographical attributes, eligible location pairs are selected from history trajectory set to construct equivalence class. Finally, according to the location pairs in equivalence class, k − 1 dummy trajectories are generated to form a k -anonymity set. We evaluate our method thoroughly with real dataset. The results show that our method achieve an effective data availability and higher privacy protection than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

LIN Xin,LI Shan-ping,YANG Zhao-hui

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.12.002

2009-01-01

Abstract:K-anonymization cannot effectively protect anonymity of continuous queries in location-based service (LBS). A continuous query issuing model aimed at the problem was proposed. The model incorpo-rated a query issuing interval model and a consecutive queries relationship model. An attacking algorithm aimed at the k-anonymization algorithm was presented based on the model. The algorithm associated a series of snapshots related to continuous queries in order to calculate the probability of each user in the an-onymity-set. Then the true query sender was identified by choosing the user with the highest probability. K-anonymized queries were re-identified with different continuity arguments and cardinalities of anonymity-set. Experiments demonstrate that the algorithm has high success rate (85%)in identifying query senders when the continuous queries have strong relationship, which is 1.5 times higher than the success rate without the attacking algorithm and severely undermines the anonymity of the queries.

Ren-Hung Hwang,Yu-Ling Hsueh,Hao-Wei Chung

DOI: https://doi.org/10.1109/tsc.2013.55

IF: 11.019

2014-04-01

IEEE Transactions on Services Computing

Abstract:Location-based services (LBS) which bring so much convenience to our daily life have been intensively studied over the years. Generally, an LBS query processing can be categorized into snapshot and continuous queries which access user location information and return search results to the users. An LBS has full control of the location information, causing user privacy concerns. If an LBS provider has a malicious intention to breach the user privacy by tracking the users' routes to their destinations, it incurs a serious threat. Most existing techniques have addressed privacy protection mainly for snapshot queries. However, providing privacy protection for continuous queries is of importance, since a malicious LBS can easily obtain complete user privacy information by observing a sequence of successive query requests. In this paper, we propose a comprehensive trajectory privacy technique and combine ambient conditions to cloak location information based on the user privacy profile to avoid a malicious LBS reconstructing a user trajectory. We first propose an r-anonymity mechanism which preprocesses a set of similar trajectories R to blur the actual trajectory of a service user. We then combine k-anonymity with s road segments to protect the user's privacy. We introduce a novel time-obfuscated technique which breaks the sequence of the query issuing time for a service user to confuse the LBS so it does not know the user trajectory, by sending a query randomly from a set of locations residing at the different trajectories in R. Despite the randomness incurred from the obfuscation process for providing strong trajectory privacy protection, the experimental results show that our trajectory privacy technique maintains the correctness of the query results at a competitive computational cost.

computer science, information systems, software engineering

Zhiping Xu,Jing Zhang,Pei-Wei Tsai,Liwei Lin,Chao Zhuo

DOI: https://doi.org/10.3390/s21062021

2021-03-12

Abstract:Recent years have seen the wide application of Location-Based Services (LBSs) in our daily life. Although users can enjoy many conveniences from the LBSs, they may lose their trajectory privacy when their location data are collected. Therefore, it is urgent to protect the user's trajectory privacy while providing high quality services. Trajectory k-anonymity is one of the most important technologies to protect the user's trajectory privacy. However, the user's attributes are rarely considered when constructing the k-anonymity set. It results in that the user's trajectories are especially vulnerable. To solve the problem, in this paper, a Spatiotemporal Mobility (SM) measurement is defined for calculating the relationship between the user's attributes and the anonymity set. Furthermore, a trajectory graph is designed to model the relationship between trajectories. Based on the user's attributes and the trajectory graph, the SM based trajectory privacy-preserving algorithm (MTPPA) is proposed. The optimal k-anonymity set is obtained by the simulated annealing algorithm. The experimental results show that the privacy disclosure probability of the anonymity set obtained by MTPPA is about 40% lower than those obtained by the existing algorithms while the same quality of services can be provided.

Alin Deutsch,Richard Hull,Avinash Vyas,Kevin Keliang Zhao

DOI: https://doi.org/10.48550/arXiv.1202.6677

2012-03-01

Abstract:We consider Location-based Service (LBS) settings, where a LBS provider logs the requests sent by mobile device users over a period of time and later wants to publish/share these logs. Log sharing can be extremely valuable for advertising, data mining research and network management, but it poses a serious threat to the privacy of LBS users. Sender anonymity solutions prevent a malicious attacker from inferring the interests of LBS users by associating them with their service requests after gaining access to the anonymized logs. With the fast-increasing adoption of smartphones and the concern that historic user trajectories are becoming more accessible, it becomes necessary for any sender anonymity solution to protect against attackers that are trajectory-aware (i.e. have access to historic user trajectories) as well as policy-aware (i.e they know the log anonymization policy). We call such attackers TP-aware. This paper introduces a first privacy guarantee against TP-aware attackers, called TP-aware sender k-anonymity. It turns out that there are many possible TP-aware anonymizations for the same LBS log, each with a different utility to the consumer of the anonymized log. The problem of finding the optimal TP-aware anonymization is investigated. We show that trajectory-awareness renders the problem computationally harder than the trajectory-unaware variants found in the literature (NP-complete in the size of the log, versus PTIME). We describe a PTIME l-approximation algorithm for trajectories of length l and empirically show that it scales to large LBS logs (up to 2 million users).

Databases

Wang Yilei,Zhou Hao,Wu Yingjie,Sun Lan

2013-01-01

Abstract:To solve the possible privacy breach in the continuous queries of location based services,an algorithm for continuous queries privacy preservation based on history trajectories was proposed.It was found that the traditional greedy algorithm for anonymizing two trajectories cannot guarantee global minimal trajectory distortions.Therefore,a dynamic programming trajectories anonymization algorithm was firstly presented,which could find out the best pairing scheme with global optimal distortions between history trajectory and base trajectory.After that,an effective trajectories anonymization algorithm for continuous queries privacy preserving was put forward.Experimental analysis was designed by comparing the algorithm in this paper and the traditional algorithms on the data quality of released trajectories.Experimental results show that the proposed algorithm in this paper is effective and feasible.

Kexin Zhou,Jian Wang

DOI: https://doi.org/10.23919/apnoms.2019.8893014

2019-09-01

Abstract:With the development of cloud computing technology in the Internet of Things (IoT), the trajectory privacy in location-based services (LBSs) has attracted much attention. Most of the existing work adopts point-to-point and centralized models, which will bring a heavy burden to the user and cause performance bottlenecks. Moreover, previous schemes did not consider both online and offline trajectory protection and ignored some hidden background information. Therefore, in this paper, we design a trajectory protection scheme based on fog computing and k-anonymity for real-time trajectory privacy protection in continuous queries and offline trajectory data protection in trajectory publication. Fog computing provides the user with local storage and mobility to ensure physical control, and k-anonymity constructs the cloaking region for each snapshot in terms of time-dependent query probability and transition probability. In this way, two k-anonymity-based dummy generation algorithms are proposed, which achieve the maximum entropy of online and offline trajectory protection. Security analysis and simulation results indicate that our scheme can realize trajectory protection effectively and efficiently.

Zhenpeng Liu,Dewei Miao,Ruilin Li,Yi Liu,Xiaofei Li

DOI: https://doi.org/10.3390/e25020201

2023-01-19

Abstract:Users who initiate continuous location queries are prone to trajectory information leakage, and the obtained query information is not effectively utilized. To address these problems, we propose a continuous location query protection scheme based on caching and an adaptive variable-order Markov model. When a user initiates a query request, we first query the cache information to obtain the required data. When the local cache cannot satisfy the user's demand, we use a variable-order Markov model to predict the user's future query location and generate a k-anonymous set based on the predicted location and cache contribution. We perturb the location set using differential privacy, then send the perturbed location set to the location service provider to obtain the service. We cache the query results returned by the service provider to the local device and update the local cache results according to time. By comparing the experiment with other schemes, the proposed scheme in this paper reduces the number of interactions with location providers, improves the local cache hit rate, and effectively ensures the security of the users' location privacy.

Xiaoyan Zhu,Haotian Chi,Shunrong Jiang,Xiaosan Lei,Hui Li

DOI: https://doi.org/10.1109/ICC.2014.6883667

2014-01-01

Abstract:Location-based services (LBSs) are attracting more and more attentions with the increasing popularity of mobile devices and online social networking. In LBSs, users can conveniently obtain their interested information by sending queries to the LBS server. However, users' queries include their identities, locations, interests, etc, which may result in the leakage of users' trajectory and other sensitive information. Although the existing obfuscation and location anonymization techniques along with a long-term pseudonym can protect users' location privacy to some extent, users' real identities and moving trajectories can still be deduced through long-term observation and side information aided inference attacks. To address these problems, we propose a dynamic pseudo-ID system, where unlinkable pseudo-IDs are used by users to completely hide their identities in the queries, in order to break the link between users' identities and their locations. Moreover, we employ certificates to ensure the verifiability and traceability of the dynamic pseudo-IDs. Security analysis and evaluation results show that the proposed scheme can enhance user' privacy and is feasible to implement into mobile devices.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Hua Shen,Yu Wang,Mingwu Zhang

DOI: https://doi.org/10.3390/s23249652

2023-12-06

Abstract:With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity methods just consider point similarity, which results in a large dummy trajectory space. Suppose there are n similar point sets, each consisting of m points. The size of the space is then mn. Furthermore, to choose suitable k- 1 dummy trajectories for a given real trajectory, these methods need to evaluate the similarity between each trajectory in the space and the real trajectory, leading to a large performance overhead. To address these challenges, this paper proposes a k-anonymity trajectory privacy protection method based on the similarity of sub-trajectories. This method not only considers the multidimensional similarity of points, but also synthetically considers the area between the historic sub-trajectories and the real sub-trajectories to more fully describe the similarity between sub-trajectories. By quantifying the area enclosed by sub-trajectories, we can more accurately capture the spatial relationship between trajectories. Finally, our approach generates k-1 dummy trajectories that are indistinguishable from real trajectories, effectively achieving k-anonymity for a given trajectory. Furthermore, our proposed method utilizes real historic sub-trajectories to generate dummy trajectories, making them more authentic and providing better privacy protection for real trajectories. In comparison to other frequently employed trajectory privacy protection methods, our method has a better privacy protection effect, higher data quality, and better performance.

Chi-Yin Chow,Mohamed F. Mokbel

DOI: https://doi.org/10.1145/2031331.2031335

2011-08-31

ACM SIGKDD Explorations Newsletter

Abstract:The ubiquity of mobile devices with global positioning functionality (e.g., GPS and AGPS) and Internet connectivity (e.g., 3G andWi-Fi) has resulted in widespread development of location-based services (LBS). Typical examples of LBS include local business search, e-marketing, social networking, and automotive traffic monitoring. Although LBS provide valuable services for mobile users, revealing their private locations to potentially untrusted LBS service providers pose privacy concerns. In general, there are two types of LBS, namely, snapshot and continuous LBS. For snapshot LBS, a mobile user only needs to report its current location to a service provider once to get its desired information. On the other hand, a mobile user has to report its location to a service provider in a periodic or on-demand manner to obtain its desired continuous LBS. Protecting user location privacy for continuous LBS is more challenging than snapshot LBS because adversaries may use the spatial and temporal correlations in the user's location samples to infer the user's location information with higher certainty. Such user location trajectories are also very important for many applications, e.g., business analysis, city planning, and intelligent transportation. However, publishing such location trajectories to the public or a third party for data analysis could pose serious privacy concerns. Privacy protection in continuous LBS and trajectory data publication has increasingly drawn attention from the research community and industry. In this survey, we give an overview of the state-of-the-art privacy-preserving techniques in these two problems.

Zhe Xiao,Jing-Jing Yang,Ming Huang,Loganathan Ponnambalam,Xiuju Fu,Rick Siow Mong Goh

DOI: https://doi.org/10.1109/tmc.2017.2768360

IF: 6.075

2018-06-01

IEEE Transactions on Mobile Computing

Abstract:Participatory sensing, leveraging on the ubiquity of cheap sensors in mobile devices, enables various promising applications of great social benefit. However, its ubiquitous sampling and openness results in serious privacy concerns. People's activity trajectories may reveal their private information such as home and work place and thus requires proper protection. In this paper, we propose a novel design scheme, called query logics detached storage (QLDS), for trajectory privacy protection. The core idea of QLDS is to extract the query logics for personal trajectory retrieval and make actual trajectory tuples not clustered to any route-identity or user-identity at server end, which introduces fine-granularity anonymity. The QLDS design scheme stores the extracted query logics at users own client devices and the un-clustered location tuples at the backend server, guaranteeing trajectory reconstruction at client-end and privacy preservation at server-end. Besides, integration of QLDS with other privacy protection approaches can further enhance the protection strength and bring flexible configurations to meet individuals variable privacy concerns. The theoretical analytics is provided for the privacy and utility evaluation. The data retrieval performance of QLDS is experimentally evaluated in real-world internet environment.

computer science, information systems,telecommunications

Wanshu Yu,Haonan Shi,Hongyun Xu

DOI: https://doi.org/10.48550/arXiv.2307.16849

2023-08-01

Abstract:As people's daily life becomes increasingly inseparable from various mobile electronic devices, relevant service application platforms and network operators can collect numerous individual information easily. When releasing these data for scientific research or commercial purposes, users' privacy will be in danger, especially in the publication of spatiotemporal trajectory datasets. Therefore, to avoid the leakage of users' privacy, it is necessary to anonymize the data before they are released. However, more than simply removing the unique identifiers of individuals is needed to protect the trajectory privacy, because some attackers may infer the identity of users by the connection with other databases. Much work has been devoted to merging multiple trajectories to avoid re-identification, but these solutions always require sacrificing data quality to achieve the anonymity requirement. In order to provide sufficient privacy protection for users' trajectory datasets, this paper develops a study on trajectory privacy against re-identification attacks, proposing a trajectory K-anonymity model based on Point Density and Partition (KPDP). Our approach improves the existing trajectory generalization anonymization techniques regarding trajectory set partition preprocessing and trajectory clustering algorithms. It successfully resists re-identification attacks and reduces the data utility loss of the k-anonymized dataset. A series of experiments on a real-world dataset show that the proposed model has significant advantages in terms of higher data utility and shorter algorithm execution time than other existing techniques.

Cryptography and Security,Machine Learning

Sheng Gao,Jianfeng Ma,Weisong Shi,Guoxing Zhan

DOI: https://doi.org/10.1002/wcm.2324

2012-12-06

Wireless Communications and Mobile Computing

Abstract:The ubiquity of mobile devices has facilitated the prevalence of participatory sensing, whereby ordinary citizens use their private mobile devices to collect regional information and to share with participators. However, such applications may endanger the users' privacy by revealing their locations and trajectories information. Most of existing solutions, which hide a user's location information with a coarse region, are under k‐anonymity model. Yet, they may not be applicable in some participatory sensing applications that require precise location information. The goals are seemingly contradictory: to protect a user's location privacy while simultaneously providing precise location information for a high quality of service. In this paper, we propose a method to meet both goals. Through selecting a certain number of a user's partners, it can protect the user's location privacy while providing precise location information. The user's trajectory privacy can be protected by constructing several trajectories that are similar to the user's trajectory in an interval time T. Finally, we utilize a new metric, called slope ratio, to evaluate the partners' selection algorithm that we proposed. Then, we measure the privacy level that the location and trajectory privacy protection mechanism (LTPPM) can achieve. The analysis and simulation results show that LTPPM can protect the user's location and trajectory privacy effectively and also provide a high quality of service in participatory sensing. Copyright © 2012 John Wiley & Sons, Ltd. Location and trajectory privacy problems are the main obstacles to the success of participatory sensing. However, most of existing anonymous methods hide a user's location with a coarse region, which may reduce quality of services. Moreover, the disclosure of trajectory may also reveal the user's location. In this paper, subject to high quality of services, we propose to protect the user's location and trajectory privacy on the basis of equivalence classes formed by his or her partners and present a new metric, named slope ratio, to evaluate trajectory similarity.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tanzima Hashem,Lars Kulik,Rui Zhang

DOI: https://doi.org/10.48550/arXiv.1104.2756

2011-04-14

Databases

Abstract:We present a novel approach that protects trajectory privacy of users who access location-based services through a moving k nearest neighbor (MkNN) query. An MkNN query continuously returns the k nearest data objects for a moving user (query point). Simply updating a user's imprecise location such as a region instead of the exact position to a location-based service provider (LSP) cannot ensure privacy of the user for an MkNN query: continuous disclosure of regions enables the LSP to follow a user's trajectory. We identify the problem of trajectory privacy that arises from the overlap of consecutive regions while requesting an MkNN query and provide the first solution to this problem. Our approach allows a user to specify the confidence level that represents a bound of how much more the user may need to travel than the actual kth nearest data object. By hiding a user's required confidence level and the required number of nearest data objects from an LSP, we develop a technique to prevent the LSP from tracking the user's trajectory for MkNN queries. We propose an efficient algorithm for the LSP to find k nearest data objects for a region with a user's specified confidence level, which is an essential component to evaluate an MkNN query in a privacy preserving manner; this algorithm is at least two times faster than the state-of-the-art algorithm. Extensive experimental studies validate the effectiveness of our trajectory privacy protection technique and the efficiency of our algorithm.

Fan Fei,Shu Li,Haipeng Dai,Chunhua Hu,Wanchun Dou,Qiang Ni

DOI: https://doi.org/10.1109/tsusc.2017.2733018

2017-01-01

IEEE Transactions on Sustainable Computing

Abstract:In recent years, with the development of mobile devices, the location based services (LBSs) have become more and more prevailing and most applications installed on these devices call for location information. Yet, the untrusted LBS provider can collect this location information, which may potentially threaten users' location privacy. In view of this challenge, we propose a two-tier schema for the privacy preservation based on k-anonymity principle meanwhile reducing the cost for privacy protection. Concretely, we divide the users into groups in order to maximize the privacy level and in each group one proxy is selected to generate dummy locations and share the returned results from LBS provider; then, on each group, an auction mechanism is proposed to determine the payment of each user to the proxy as the compensation, which satisfies budget balance and incentive compatibility. To evalue the performance of the proposed schema, a simulated experiment is conducted.

Weiqi Zhang,Zhenzhen Xie,Akshita Maradapu Vera Venkata Sai,Qasim Zia,Zaobo He,Guisheng Yin

DOI: https://doi.org/10.26599/tst.2023.9010072

2024-04-01

Abstract:The widespread availability of GPS has opened up a whole new market that provides a plethora of location-based services. Location-based social networks have become very popular as they provide end users like us with several such services utilizing GPS through our devices. However, when users utilize these services, they inevitably expose personal information such as their ID and sensitive location to the servers. Due to untrustworthy servers and malicious attackers with colossal background knowledge, users' personal information is at risk on these servers. Unfortunately, many privacy-preserving solutions for protecting trajectories have significantly decreased utility after deployment. We have come up with a new trajectory privacy protection solution that contraposes the area of interest for users. Firstly, Staying Points Detection Method based on Temporal-Spatial Restrictions (SPDM-TSR) is an interest area mining method based on temporal-spatial restrictions, which can clearly distinguish between staying and moving points. Additionally, our privacy protection mechanism focuses on the user's areas of interest rather than the entire trajectory. Furthermore, our proposed mechanism does not rely on third-party service providers and the attackers' background knowledge settings. We test our models on real datasets, and the results indicate that our proposed algorithm can provide a high standard privacy guarantee as well as data availability.

computer science, information systems,engineering, electrical & electronic, software engineering

Ben Niu,Xiaoyan Zhu,Weihao Li,Hui Li,Yingjuan Wang,Zongqing Lu

DOI: https://doi.org/10.1109/iccnc.2015.7069322

2015-01-01

Abstract:The ubiquity of modern mobile devices with GPS modules and Internet connectivity such as 3G/4G techniques have resulted in rapid development of Location-Based Services (LBSs). However, users enjoy the convenience provided by the untrusted LBS server at the cost of their privacy. To protect user's sensitive information against adversaries with side information, we design a personalized spatial cloaking scheme, termed TTcloak, which provides k-anonymity for user's location privacy, 1-diversity for query privacy and desired size of cloaking region for mobile users in LBSs, simultaneously. TTcloak uses Dummy Query Determining (DQD) algorithm and Dummy Location Determining (DLD) algorithm to find out a set of realistic cells as candidates, and employs a CR-refinement Module (CRM) to guarantee that dummy users are assigned into the cloaking region with desired size. Finally, thorough security analysis and empirical evaluation results verify our proposed TTcloak.