Zhen Tu,Kai Zhao,Fengli Xu,Yong Li,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/sahcn.2017.7964921

2017-01-01

Abstract:Nowadays, human trajectories are widely collected and utilized for scientific research and business purpose. However, publishing trajectory data without proper handling might cause severe privacy leakage. A large body of works are dedicated to merging one's trajectory with others', so as to avoid any individual trajectory being re-identified. Yet their solutions do not provide enough protection since they cannot prevent semantic attack, which means the attackers are able to acquire individual's private information by using the semantics features of frequently- visited locations in the trajectory even without re- identification. In this work, we are the first to recognize the semantic attack, which is another severe privacy problem in publishing trajectory datasets. We propose an algorithm providing strong privacy protection against both the semantic and re- identification attack while reserving high data utility. Extensive evaluations based on two real-world datasets demonstrate that our solution improves the quality of privacy protection by 3 times, sacrificing only 36% and 30% of spatial and temporal resolution, respectively.

Xinyue Zhang,Jingyi Wang,Minglei Shu,Yinglong Wang,Miao Pan,Zhu Han

DOI: https://doi.org/10.1109/access.2018.2884516

IF: 3.9

2018-01-01

IEEE Access

Abstract:The popularity of mobile devices with global positioning system (GPS) has boosted various wireless location-based services (LBSs). Certain honest-but-curious or even dishonest LBS servers may learn the users' trajectories from location trace files, and the users' privacy can be compromised. In this paper, we propose a quantitative approach to model trajectory inference attacks via tensor voting, which can be widely applied in computer vision and machine learning as a perceptual organization. To counter the tensor voting based attacks, we propose a novel trajectory privacy preservation TPP scheme, in which LBS users will intentionally generate dummy trajectories to obfuscate LBS servers. Meanwhile, the LBS users have the option to disclose their trajectories to trustworthy parties (e.g., users' parents) by sending those parties a few more encrypted locations. Considering the power constraint of hand-held mobile devices, we mathematically formulate the trajectory privacy preservation problem into a mixed integer linear programming optimization problem and propose the algorithms for optimizing solutions. Through simulations and analysis, we show that the proposed scheme can effectively preserve LBS users' trajectory privacy against tensor voting-based inference attacks with limited power consumption.

Yan Dai,Jie Shao,Chengbo Wei,Dongxiang Zhang,Heng Tao Shen

DOI: https://doi.org/10.1007/s11280-017-0489-2

2017-08-26

World Wide Web

Abstract:Trajectory data gathered by mobile positioning techniques and location-aware devices contain plenty of sensitive spatial-temporal and semantic information, and can support many applications through data analysing and mining. However, attribute-linkage and re-identification attacks on such data may cause privacy leakage, and lead to unexpected serious consequences. Existing privacy preserving techniques for trajectory data often ignore the different privacy requirements of different moving objects or largely scarify the availability of trajectory data. In view of these issues, we propose an effective personalized trajectory privacy preserving method which can strike a good balance between user-defined privacy requirement and data availability in off-line trajectory publishing scenario. The main idea is to firstly label semantic attributes of all sampling points on the trajectory and build a corresponding taxonomy tree, next extract sensitive stop points, then for different types of sensitive stop points, adopt different strategies to select the appropriate points of user interests to replace while considering user speed and avoiding reverse mutation, and finally publish the reconstructed trajectory. Besides, to make our method more realistic we further consider possible obstacles appeared in the user space environment. In the experiments, average identification possibility, trajectory semantic consistency and trajectory shape similarity are taken as evaluation criteria, and the performance of our method is comprehensively evaluated. The results show that our method can improve the user trajectory availability as much as possible, while effectively achieving the different trajectory privacy requirements.

Kai Zhao,Zhen Tu,Fengli Xu,Yong Li,Pengyu Zhang,Dan Pei,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/tnsm.2019.2907542

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:Trajectory data has been widely collected via mobile devices and publicly released for academic research and commercial purposes. One primary concern of publishing such a dataset is the privacy issue. Previous protection schemes mainly focus on preventing re-identification attack, which utilizes the uniqueness of trajectories. However, the correlation between trajectories, which has not been given much attention to before, could also give rise to serious privacy leakage. Recent studies have proved that it is possible to identify social relationship, de-anonymize trajectories or even infer user’s locations by analyzing the correlation between users’ trajectories. We identify the serious privacy problem of social relationship leakage caused by what we call social relationship attack and aim to protect social relationship information, which cannot be protected by existing algorithms. We contribute to the design of a new privacy model and an effective system to deal with social relationship attack and re-identification attack simultaneously while maintaining high data utility. We propose a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SlidingWindow</italic> algorithm to merge trajectories according to their <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">social-aware distance</italic> , which concerns both the spatiotemporal distance and social proximity. Evaluations of two trajectory datasets under different scenarios demonstrate that our system provides more than 1.84 times privacy protection at the cost of only 2.5% data utility loss.

Xumeng Wang,Tianlong Gu,Xiaonan Luo,Xiwen Cai,Tianyi Lao,Wenlong Chen,Yingcai Wu,Jinhui Yu,Wei Chen

DOI: https://doi.org/10.1109/tits.2018.2875021

IF: 8.5

2019-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Visual analysis is widely applied to study human mobility due to the ability of integrating contextual information from multiple data sources. Analyzing trajectory data through visualization improves the efficiency and accuracy of the analysis, yet it may induce exposure of the location privacy. To balance the location privacy and analysis effectiveness, this work focuses on the behaviors of different geo-based contexts in the process of trajectory interpretation. Three types of geo-based contexts are identified after surveying 94 related literatures. We further conduct experiments to investigate their capability by evaluating how they benefit the analysis, and whether they lead to location privacy exposure. Finally, we report and discuss interesting findings, and provide guidelines to the design of privacy-preserving analysis approaches for human periodic trajectories.

Yan Dai,Jie Shao

DOI: https://doi.org/10.1007/978-3-319-68542-7_19

2017-01-01

Abstract:Trajectory data of mobile users contain plenty of sensitive spatial and temporal information, and can support many applications through data analysing and mining. However, re-identification attack and inference attack on such data may cause serious personal privacy leakage. Existing privacy preserving techniques cannot protect trajectory privacy well or largely scarify data utility. In view of these issues, in this paper we propose an enhanced trajectory privacy preserving method which can protect the trajectory privacy preferably while maintaining a high utility of the trajectory in data publishing. A mechanism is proposed to protect the privacy through replacing stop points in the trajectory and an effective trajectory reconstruction algorithm is introduced to avoid the mutations of trajectory, and also deal with the possible presence of obstacles around trajectories. The performance of our proposal is comprehensively evaluated on a real trajectory dataset. The results show that our method achieves a high privacy level and improves the utility of trajectory data greatly, compared with the state-of-the-art method.

Wanshu Yu,Haonan Shi,Hongyun Xu

DOI: https://doi.org/10.48550/arXiv.2307.16849

2023-08-01

Abstract:As people's daily life becomes increasingly inseparable from various mobile electronic devices, relevant service application platforms and network operators can collect numerous individual information easily. When releasing these data for scientific research or commercial purposes, users' privacy will be in danger, especially in the publication of spatiotemporal trajectory datasets. Therefore, to avoid the leakage of users' privacy, it is necessary to anonymize the data before they are released. However, more than simply removing the unique identifiers of individuals is needed to protect the trajectory privacy, because some attackers may infer the identity of users by the connection with other databases. Much work has been devoted to merging multiple trajectories to avoid re-identification, but these solutions always require sacrificing data quality to achieve the anonymity requirement. In order to provide sufficient privacy protection for users' trajectory datasets, this paper develops a study on trajectory privacy against re-identification attacks, proposing a trajectory K-anonymity model based on Point Density and Partition (KPDP). Our approach improves the existing trajectory generalization anonymization techniques regarding trajectory set partition preprocessing and trajectory clustering algorithms. It successfully resists re-identification attacks and reduces the data utility loss of the k-anonymized dataset. A series of experiments on a real-world dataset show that the proposed model has significant advantages in terms of higher data utility and shorter algorithm execution time than other existing techniques.

Cryptography and Security,Machine Learning

Hua Shen,Yu Wang,Mingwu Zhang

DOI: https://doi.org/10.3390/s23249652

2023-12-06

Abstract:With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity methods just consider point similarity, which results in a large dummy trajectory space. Suppose there are n similar point sets, each consisting of m points. The size of the space is then mn. Furthermore, to choose suitable k- 1 dummy trajectories for a given real trajectory, these methods need to evaluate the similarity between each trajectory in the space and the real trajectory, leading to a large performance overhead. To address these challenges, this paper proposes a k-anonymity trajectory privacy protection method based on the similarity of sub-trajectories. This method not only considers the multidimensional similarity of points, but also synthetically considers the area between the historic sub-trajectories and the real sub-trajectories to more fully describe the similarity between sub-trajectories. By quantifying the area enclosed by sub-trajectories, we can more accurately capture the spatial relationship between trajectories. Finally, our approach generates k-1 dummy trajectories that are indistinguishable from real trajectories, effectively achieving k-anonymity for a given trajectory. Furthermore, our proposed method utilizes real historic sub-trajectories to generate dummy trajectories, making them more authentic and providing better privacy protection for real trajectories. In comparison to other frequently employed trajectory privacy protection methods, our method has a better privacy protection effect, higher data quality, and better performance.

Lu Qiwei,Wang Caimei,Xiong Yan,Xia Huihua,Huang Wenchao,Gong Xudong

DOI: https://doi.org/10.1049/cje.2017.01.024

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Due to the popularity of mobile Internet and location-aware devices, there is an explosion of location and trajectory data of moving objects. A few proposals have been proposed for privacy preserving trajectory data publishing, and most of them assume the attacks with the same adversarial background knowledge. In practice, different users have different privacy requirements. Such non-personalized privacy assumption does not meet the personalized privacy requirements, meanwhile, it looses the chance to achieve better utility by taking advantage of differences of users' privacy requirements. We study the personalized trajectory k-anonymity criterion for trajectory data publication. Specifically, we explore and propose an overall framework which provides privacy preserving services based on users' personal privacy requests, including trajectory clusteiing, editing and publication. We demonstrate the efficiency and effectiveness of our scheme through experiments on real world dataset.

Hua Wang

DOI: https://doi.org/10.48550/arXiv.2212.06600

2022-12-13

Cryptography and Security

Abstract:The current trajectory privacy protection technology only considers the temporal and spatial attributes of trajectory data, but ignores the social attributes. However, there is an intrinsic relationship between social attributes and human activity trajectories, which brings new challenges to trajectory privacy protection, making existing trajectory privacy protection technologies unable to resist trajectory privacy attacks based on social attributes. To this end, this paper first studies the social privacy attack in the trajectory data, builds a social privacy attack model based on the fusion of "space-time" features, and reveals the internal impact of the spatial and temporal features in the trajectory data on social privacy leaks. -Anonymous algorithm and trajectory release privacy protection provide theoretical support. On this basis, integrate social attributes into trajectory privacy protection technology, design trajectory k-anonymity algorithm based on "space-time-social" three-dimensional mobile model, and construct trajectory data based on "space-time-social-semantic" multi-dimensional correlation Publish privacy-preserving models.

Marco Gramaglia,Marco Fiore,Alberto Tarable,Albert Banchs

DOI: https://doi.org/10.48550/arXiv.1701.02243

2017-01-09

Computers and Society

Abstract:Mobile network operators can track subscribers via passive or active monitoring of device locations. The recorded trajectories offer an unprecedented outlook on the activities of large user populations, which enables developing new networking solutions and services, and scaling up studies across research disciplines. Yet, the disclosure of individual trajectories raises significant privacy concerns: thus, these data are often protected by restrictive non-disclosure agreements that limit their availability and impede potential usages. In this paper, we contribute to the development of technical solutions to the problem of privacy-preserving publishing of spatiotemporal trajectories of mobile subscribers. We propose an algorithm that generalizes the data so that they satisfy $k^{\tau,\epsilon}$-anonymity, an original privacy criterion that thwarts attacks on trajectories. Evaluations with real-world datasets demonstrate that our algorithm attains its objective while retaining a substantial level of accuracy in the data. Our work is a step forward in the direction of open, privacy-preserving datasets of spatiotemporal trajectories.

Wanqing Wu,Wenlong Shang,Ruohe Lei,Xin Yang

DOI: https://doi.org/10.1155/2022/8635275

2022-07-05

Wireless Communications and Mobile Computing

Abstract:With the rapid development of mobile Internet and communication technology, location-based services (LBS) are widely used in our daily life. The server stores a large amount of user location data, and these location data constitute user trajectories. If trajectory information on the server is leaked, it will seriously endanger users’ privacy. Trajectory k -anonymity technology is one of the most important methods to protect the privacy of user trajectory. However, current trajectory k -anonymity methods have less discussion on the semantic of stop point when selecting dummy trajectory, which leads to the fact that attacker can still exclude the dummy trajectory from the k -anonymity set and infer the real trajectory by combining background knowledge with the semantic information of stop points. To address this problem, this paper decomposes the real trajectory into location pairs set; the set consists of start-end points and stop points. According to the similarity of location pairs, the similar location pairs in history trajectory set are used to generate dummy trajectory: firstly, extracting the start-end points and stop points from real trajectory and assigning semantic to them. Then, based on the semantic, temporal, and geographical attributes, eligible location pairs are selected from history trajectory set to construct equivalence class. Finally, according to the location pairs in equivalence class, k − 1 dummy trajectories are generated to form a k -anonymity set. We evaluate our method thoroughly with real dataset. The results show that our method achieve an effective data availability and higher privacy protection than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhirun Zheng,Zhetao Li,Jie Li,Hongbo Jiang,Tong Li,Bin Guo

DOI: https://doi.org/10.1145/3495160

IF: 5

2022-05-11

ACM Transactions on Intelligent Systems and Technology

Abstract:For academic research and business intelligence, trajectory data has been widely collected and analyzed. Releasing trajectory data to a third party may lead to serious privacy leakage, which has spawned considerable researches on trajectory privacy protection technology. However, existing work suffers from several shortcomings. They either focus on point-based location privacy, ignoring the spatio-temporal correlations among locations within a trajectory, or they protect the privacy of each user separately without considering privacy leakage of the social relationship between trajectories of different users. Besides, they fail to balance privacy protection and data utility. Motivated by these limitations, in this article, we propose

computer science, information systems, artificial intelligence

Kaixin Sui,Youjian Zhao,Dapeng Liu,Minghua Ma,Lei Xu,Li Zimu,Dan Pei

DOI: https://doi.org/10.1109/iwqos.2016.7590444

2016-01-01

Abstract:The enterprise Wi-Fi networks enable the collection of large-scale users' mobility information at an indoor level. The collected trajectory data is very valuable for both research and commercial purposes, but the use of the trajectory data also raises serious privacy concerns. A large body of work tries to achieve k-anonymity (hiding each user in an anonymity set no smaller than k) as the first step to solve the privacy problem. Yet it has been qualitatively recognized that k-anonymity is still risky when the diversity of the sensitive information in the k-anonymity set is low. There, however, still lacks a study that provides a quantitative understanding of that risk in the trajectory dataset. In this work, we present a large-scale measurement based analysis of the low-diversity risk over four weeks of trajectory data collected from Tsinghua, a campus that covers an area of 4 km 2 , on which 2,670 access points are deployed in 111 buildings. Using this dataset, we highlight the high risk of the low diversity. For example, we find that even when 5-anonymity is satisfied, the sensitive attributes of 25% of individuals can be easily guessed. We also find that although a larger k increases the size of anonymity sets, the corresponding improvement on the diversity of anonymity sets is very limited (decayed exponentially). These results suggest that diversity-oriented solutions are necessary.

Ling Xing,Bing Li,Lulu Liu,Yuanhao Huang,Honghai Wu,Huahong Ma,Xiaohui Zhang

DOI: https://doi.org/10.1016/j.comnet.2024.110562

IF: 5.493

2024-06-09

Computer Networks

Abstract:As Location-Based Services (LBSs) proliferate within the Social Internet of Vehicles (SIoVs), the collection and utilization of vehicle trajectories, which are rich in spatio-temporal and semantic informations, have intensified. Publishing these trajectories without adequate privacy safeguards significantly threatens user semantic trajectory privacy. Current methodologies for protecting semantic trajectory privacy do not adequately consider the similarity in query probability between sensitive and alternative semantic locations, thus undermining the efficacy of privacy protection. To address this critical gap, we introduces a novel trajectory privacy protection method based on sensitive semantic location replacement (SSLR), which strategically replaces sensitive semantic locations. This method consists of three key steps: first, semantically annotating trajectory sampling locations to identify sensitive semantic points; second, employing a unique double semicircular area to define replacement regions and selecting replacement Points of Interests (PoIs) that align in semantic attributes and query probabilities; third, reconstructing and publishing the modified trajectories. Our simulation results confirm that SSLR advances the state of the art by delivering superior performance in average recognition rate, geographic similarity, and semantic similarity compared to existing methods. Crucially, by incorporating considerations of query probability similarities, this paper not only enhances the effect of trajectory privacy protection but also preserves its utility. This dual enhancement represents a groundbreaking approach to trajectory privacy, with significant implications for advancing privacy strategies in LBSs within SIoVs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Shan Chang,Chao Li,Hongzi Zhu,Ting Lu,Qiang Li

DOI: https://doi.org/10.1109/tvt.2018.2871745

IF: 6.8

2018-01-01

IEEE Transactions on Vehicular Technology

Abstract:The proliferation of various mobile devices equipped with GPS positioning modules makes the collection of trajectories more easier than ever before, and more and more trajectory datasets have been available for business applications or academic researches. Normally, published trajectories are often anonymized by replacing real identities of mobile objects with pseudonyms (e.g., random identifiers); however, privacy leaks can hardly be prevented. In this paper, we introduce a novel paradigm of deanonymization attack re-identifying trajectories of victims from anonymous trajectory datasets. Different from existing attacks, no background knowledge or side channel information about the target dataset is required. Instead, we claim that, for each moving object, there exist somemobility patterns that reflect the preference or usual behavior of the object, and will not change dramatically over a period of time. As long as those relatively stable patterns can be extracted from trajectories and be utilized as quasi-identifiers, trajectories can be linked to anonymous historical ones. To implement such kind of de-anonymization attacks, an adversary only needs to collect a few trajectory segments of a victim, the durations of which do not necessarily overlap with that of trajectories in the target dataset (in simple terms, those trajectory segments are not necessary sub-trajectories included in the target dataset). Since the movements of victims in public areas could be observed openly, an adversary can obtain traces or locations about the victims either by direct monitoring them (e.g., tracking) or fromthird parties (e.g., social-networks). Then, the adversary extracts useful patterns from both the historical trajectories in the accessible dataset and newly obtained trajectory segments of victims, the historical trajectory with most similar patterns to that of a victim is considered as belonging to the victim. In order to demonstrate the feasibility of such attacks, we conduct extensive trace-driven simulations. We extract road segment preferences and stop of interests from trajectories of vehicles, and construct feature vectors (mobility patterns) of vehicles according to them, used for trajectory comparisons. Simulation results show that the adversary could re-identify anonymous trajectories effectively.

Jing Zhang,Yanzi Li,Qian Ding,Liwei Lin,Xiucai Ye

DOI: https://doi.org/10.3390/e24091172

IF: 2.738

2022-08-24

Entropy

Abstract:The publication of trajectory data provides critical information for various location-based services, and it is critical to publish trajectory data safely while ensuring its availability. Differential privacy is a promising privacy protection technology for publishing trajectory data securely. Most of the existing trajectory privacy protection schemes do not take into account the user's preference for location and the influence of semantic location. Besides, differential privacy for trajectory protection still has the problem of balance between the privacy budget and service quality. In this paper, a semantics- and prediction-based differential privacy protection scheme for trajectory data is proposed. Firstly, trajectory data are transformed into a prefix tree structure to ensure that they satisfy differential privacy. Secondly, considering the influence of semantic location on trajectory, semantic sensitivity combined with location check-in frequency is used to calculate the sensitivity of each position in the trajectory. The privacy level of the position is classified by setting thresholds. Moreover, the corresponding privacy budget is allocated according to the location privacy level. Finally, a Markov chain is used to predict the attack probability of each position in the trajectory. On this basis, the allocation of the privacy budget is further adjusted and its utilization rate is improved. Thus, the problem of the balance between the privacy budget and service quality is solved. Experimental results show that the proposed scheme is able to ensure data availability while protecting data privacy.

physics, multidisciplinary

Dan Liao,Hui Li,Gang Sun,Vishal Anand

DOI: https://doi.org/10.1109/glocom.2015.7417512

2015-01-01

Abstract:Preserving user location and trajectory privacy while using location-based service (LBS) is an important issue. To address this problem, we first construct three kinds of attack models that can expose a user's trajectory or path while the user is sending continuous queries to a LBS server. Then we propose the k- anonymity trajectory (KAT) algorithm, which is suitable for both single query and continuous queries. Different from existing works, the KAT algorithm selects k-1 dummy locations using the sliding widow based k- anonymity mechanism when the user is making single queries and selects k-1 dummy trajectories using the trajectory selection mechanism for continuous queries. We evaluate and validate the effectiveness of our proposed algorithm by conducting simulations for the single and continuous query scenarios.

Haochen Han,Shuaiyu Yang,Jiaxin Ding,Luoyi Fu,Xinbing Wang,Chenghu Zhou

DOI: https://doi.org/10.1145/3678717.3691274

2024-01-01

Abstract:Human trajectories, representing sequences of location points over time, are extensively collected and analyzed for various real-world applications such as urban planning, transportation management, and personalized location-based services. Trajectory embedding transforms raw trajectories into vector representations, capturing the underlying patterns and structures in the data. However, the abstraction provided by vector representations introduces significant security and privacy risks. These embeddings, often shared between entities or organizations, can be exploited by adversaries to reconstruct original trajectories, thereby compromising individual privacy. In this paper, we investigate the privacy issues of trajectory embeddings from an adversary's perspective. We propose two types of attacks to reconstruct original trajectories using road network information, addressing scenarios where the adversary has varying degrees of access to the black-box representation model. The first attack assumes unrestricted access to the model, allowing the adversary to construct a large-scale dataset and train a neural network to predict the road sequence of the trajectories. The second attack considers limited access, where the adversary computes distance coordinates between selected trajectory landmarks and road segments to infer different parts of the trajectory. Our experiments on a real-world dataset demonstrate that the reconstructed trajectories outperform baseline methods, achieving substantially lower reconstruction errors and more accurate alignment with the original trajectories, highlighting the significant vulnerability of trajectory embeddings to privacy breaches. These findings underscore the need for robust privacy-preserving mechanisms in spatio-temporal data analysis.