Rongxing Lu,Xiaodong Lin,Zhiguo Shi,Jun Shao

DOI: https://doi.org/10.1109/infocom.2014.6848003

2014-01-01

Abstract:In this paper, we propose a privacy-preserving framework, called PLAM, for local-area mobile social networks. The proposed PLAM framework employs a privacy-preserving request aggregation protocol with k-Anonymity and l-Diversity properties while without involving a trusted anonymizer server to keep user preference privacy when querying location-based service (LBS), and integrates unlinkable pseudo-ID technique to achieve user identity privacy, location privacy. Moreover, the proposed PLAM framework also introduces the privacy-preserving and verifiable polynomial computation to keep LBS provider's functions private while preventing the provider from cheating in computation. Detailed security analysis shows that the proposed PLAM framework can not only achieve desirable privacy requirements but also resist outside attacks on source authentication, data integrity and availability. In addition, extensive simulations are also conducted, and simulation results guide us on how to set proper thresholds for k-anonymity, l-diversity to make a tradeoff between the desirable user preference privacy level and the request delay in different scenarios.

Sun Gang,Song Liangjun,Liao Dan,Yu Hongfang,Chang Victor

DOI: https://doi.org/10.1016/j.ins.2019.01.008

IF: 8.1

2019-01-01

Information Sciences

Abstract:•We present a novel privacy framework for LBSNs based on k-anonymity without the involvement of a trusted third-party server.•In our proposed framework, users can obtain “check-in” service rewards without revealing their locations.•The framework also allows access to all check-in records and searching based on a friend’s ID.•The performance of the framework is determined systematically via extensive simulations.

Xinxin Zhao,Lingjun Li,Guoliang Xue

DOI: https://doi.org/10.1109/INFCOM.2013.6567112

2013-01-01

Abstract:In current location based social networks (LBSNs), users expose their location when they check in at a venue or search a place. The release of location privacy could lead to a severe breach of other privacy, such as identity or health condition. In this paper, we propose a framework to safeguard users' location information as well as the check-in records. Considering the special demands in LBSNs, we design a novel index structure to provide a fast search for users when they check in at the same venue frequently. At the same time, our framework outsources the heavy cryptographic computations to the server to reduce the computational overhead for mobile clients. Due to the dynamic feature of LBSNs, our framework uses a lightweight approach to handle a user's revoked friends and new friends. We prove the security of our framework in the random oracle model and demonstrate its efficiency on a Motorola Droid phone.

Dingqi Yang,Daqing Zhang,Bingqing Qu,Philippe Cudre-Mauroux

DOI: https://doi.org/10.1145/2971648.2971685

2016-01-01

Abstract:With the widespread adoption of smartphones, we have observed an increasing popularity of Location-Based Services (LBSs) in the past decade. To improve user experience, LBSs often provide personalized recommendations to users by mining their activity (i.e., check-in) data from location-based social networks. However, releasing user check-in data makes users vulnerable to inference attacks, as private data (e.g., gender) can often be inferred from the users' check-in data. In this paper, we propose PrivCheck, a customizable and continuous privacy-preserving check-in data publishing framework providing users with continuous privacy protection against inference attacks. The key idea of PrivCheck is to obfuscate user check-in data such that the privacy leakage of user-specified private data is minimized under a given data distortion budget, which ensures the utility of the obfuscated data to empower personalized LBSs. Since users often give LBS providers access to both their historical check-in data and future check-in streams, we develop two data obfuscation methods for historical and online check-in publishing, respectively. An empirical evaluation on two real-world datasets shows that our framework can efficiently provide effective and continuous protection of user-specified private data, while still preserving the utility of the obfuscated data for personalized LBSs.

HUO Zheng,MENG Xiao-Feng,HUANG Yi

DOI: https://doi.org/10.3724/sp.j.1016.2013.00716

2013-01-01

Abstract:With the development of mobile devices and wireless networks,mobile social network services(MSNS) arise and develop fast.Check-in service as one of the most popular services in MSNS,has serious personal privacy leakage threats.In this paper,we propose a trajectory privacy-preserving method called PrivateCheckIn,which can protect trajectory privacy for pseudonym users in check-in services.At first,we buffer the check-in sequences of pseudonym users,and then we build prefix trees for buffered check-in sequences,prune and re-construct prefix trees to get the k-anonymized version.At last,we traverse the k-anonymized prefix tree to get k-anonymized check-in sequences,which can achieve a privacy guarantee of k-anonymity.We prove in this paper,PrivateCheckIn guarantees the number of lost check-in locations is minimized while satisfying users' privacy requirements.PrivateCheckIn also reduces the cost of finding trajectory k-anonymity set.At last,we run a set of comparative experiments with(k,δ)-anonymity on real-world datasets,the results show accuracy and effectiveness of PrivateCheckIn.

Zheng Huo,Xiaofeng Meng,Rui Zhang

DOI: https://doi.org/10.1007/978-3-642-37487-6_29

2013-01-01

Abstract:Check-in services, one of the most popular services in Geo-Social Networks (GeoSNs) may cause users’ personal location privacy leakage. Although users may avoid checking in places which they regard as sensitive, adversaries can still infer where a user has been through linkage of multiple background information. In this paper, we propose a new location privacy attack in GeoSNs, called hidden location inference attack, in which adversaries infer users’ location based on users’ check-in history as well as check-in history of her friends and similar users. Then we develop three inference models (baseline inference model, CF-based inference model and HMM-based inference model) to capture the hidden location privacy leakage probability. Moreover, we design a privacy alert framework to warn users the most probable leaked locations. At last, we conduct a comprehensive performance evaluation using two real-world datasets collected from Gowalla and Brightkite. Experiment results show the accuracy of our proposed inference models and the effectiveness of the privacy alert framework.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Hongji Zhang,Wenzhong Li,Sanglu Lu

DOI: https://doi.org/10.1007/s42045-018-0001-2

2018-01-01

CCF Transactions on Networking

Abstract:With the increasing adoption of location-based social network applications, a large number of location traces of human mobility have been collected and published for the purpose of assisting mobile system design and scientific research. Most mobility traces are processed to achieve anonymity before publishing by the way of replacing the true IDs and introducing noise interference. In this paper, we show that such anonymous mobility traces are vulnerable to asynchronous side information attack from the edge: if partial movement information is exposed to some compromised edge nodes even after the data collection period, the adversary is able to identify the participant from the anonymous mobility traces with high probability. Our method to identify participants is based on exploring the accumulative temporal and spatial characteristics of individual movement. We introduce \(\delta\)-partition to divide user locations into sub-areas, and \(\epsilon\)-partition to group user activities into time intervals. We illustrate that a mobility trace can be uniquely represented by a set of frequent locations together with their active time intervals. We further derive a similarity measurement to be used by the adversary for asynchronous side information attack. We develop theoretical analysis to prove that an anonymous participant can be correctly identified with high probability under certain condition. Extensive experiments are conducted on three typical mobility datasets corresponding to the movement of bus, taxi and human, which show that the identification success ratio achieves 99%, 45% and 72%, respectively.

Shan Chang,Yuting Tao,Hongzi Zhu,Bo Li

DOI: https://doi.org/10.1109/icdcs57875.2023.00028

2023-01-01

Abstract:Check-in data widely published in mobile social networks (MSNs) pose serious privacy threats to users. Existing inference attack methods show that pairwise social relationship could be estimated by analyzing check-in user records. However, the efficacy of such attacks heavily depends on the density of check-in data, which is often not present in practice. In this work, we propose a new inference attack scheme, which for the first time can effectively reveal hidden social friendship in both the real world and in cyberspace among users with only sparse check-in data. Our attack method enjoys two salient features. First, it requires no prior knowledge about social connections, instead it estimates users' social proximity by exploiting both physical presence and social proximities. Second, our attack scheme can automatically learn representative features based on the significance of various check-in records, rather than relying on heuristic features. We conduct extensive trace-driven simulations, and the results demonstrate that our inference attack method can improve the efficacy of the state-of-the-art learning-based schemes up to 40%. Moreover, our proposed attack method is also robust against common data obfuscation mechanisms.

Kunlin Cai,Jinghuai Zhang,Zhiqing Hong,Will Shand,Guang Wang,Desheng Zhang,Jianfeng Chi,Yuan Tian

DOI: https://doi.org/10.1145/3637528.3671758

2024-07-06

Abstract:As location-based services (LBS) have grown in popularity, more human mobility data has been collected. The collected data can be used to build machine learning (ML) models for LBS to enhance their performance and improve overall experience for users. However, the convenience comes with the risk of privacy leakage since this type of data might contain sensitive information related to user identities, such as home/work locations. Prior work focuses on protecting mobility data privacy during transmission or prior to release, lacking the privacy risk evaluation of mobility data-based ML models. To better understand and quantify the privacy leakage in mobility data-based ML models, we design a privacy attack suite containing data extraction and membership inference attacks tailored for point-of-interest (POI) recommendation models, one of the most widely used mobility data-based ML models. These attacks in our attack suite assume different adversary knowledge and aim to extract different types of sensitive information from mobility data, providing a holistic privacy risk assessment for POI recommendation models. Our experimental evaluation using two real-world mobility datasets demonstrates that current POI recommendation models are vulnerable to our attacks. We also present unique findings to understand what types of mobility data are more susceptible to privacy attacks. Finally, we evaluate defenses against these attacks and highlight future directions and challenges. Our attack suite is released at <a class="link-external link-https" href="https://github.com/KunlinChoi/POIPrivacy" rel="external noopener nofollow">this https URL</a>.

Machine Learning,Cryptography and Security

Zhikai Xu,Hongli Zhang,Xiangzhan Yu,Shen Su

DOI: https://doi.org/10.1587/transinf.2015inp0001

2016-01-01

IEICE Transactions on Information and Systems

Abstract:Location-based services (LBSs) are useful for many applications in internet of things(IoT). However, LBSs has raised serious concerns about users' location privacy. In this paper, we propose a new location privacy attack in LBSs called hidden location inference attack, in which the adversary infers users' hidden locations based on the users' check-in histories. We discover three factors that influence individual check-in behaviors: geographic information, human mobility patterns and user preferences. We first separately evaluate the effects of each of these three factors on users' check-in behaviors. Next, we propose a novel algorithm that integrates the above heterogeneous factors and captures the probability of hidden location privacy leakage. Then, we design a novel privacy alert framework to warn users when their sharing behavior does not match their sharing rules. Finally, we use our experimental results to demonstrate the validity and practicality of the proposed strategy.

Sha Zhao,Zhe Zhao,Yifan Zhao,Runhe Huang,Shijian Li,Gang Pan

DOI: https://doi.org/10.1109/UIC-ATC-ScalCom.2014.122

2014-01-01

Abstract:The prevalence of smart phones equipped with various sensors enables pervasive capturing users' mobility data (GPS, GSM network, WiFi, etc.), which contains approximate whereabouts of users. In order to protect users' privacy some mobility data is anonymized, which is challenging for discovering individual information implicated in the data. In this study, we are attempting to discover people's life patterns, which capture individual's life regularity and living style, from the anonymized WiFi scan lists. We transform the life pattern discovery problem into an unsupervised problem by extracting stay place, discovering trajectory patterns, etc. Particularly, we design a user feature space in which we use frequent trajectory patterns to represent each user as a feature vector. Thus, the life pattern discovery problem can be solved by finding clusters of users in the user feature space. The proposed approach is verified using the Device Analyzer data, which contains records of smart phone usage of more than 17,000 volunteering participants. Our work is a promising step towards automatically mining people's life patterns from anonymized mobility data of smart phones.

Fengli Xu,Guozhen Zhang,Zhilong Chen,Jiaxin Huang,Yong Li,Diyi Yang,Ben Y. Zhao,Fanchao Meng

DOI: https://doi.org/10.1145/3274457

2018-01-01

Proceedings of the ACM on Human-Computer Interaction

Abstract:Check-in data from social networks provide researchers a unique opportunity to model human dynamics at scale. However, it is unclear how indicative these check-in traces are of real human mobility. Prior work showed that significant amounts of Foursquare check-ins did not match with the physical mobility patterns of users, and suggested that misrepresented check-ins were incentivized by external rewards provided by the system. In this paper, our goal is to understand the root cause of inaccurate check-in data, by studying the validity of check-in traces in social media platforms without external rewards for check-ins. We conduct a data-driven analysis using an empirical check-in data trace of more than 276,000 users from WeChat Moments, with matching traces of their physical mobility. We develop a set of hypotheses on the underlying motivations behind people's inaccurate check-ins, and validate them using a detailed survey study. Our analysis reveals that there are surprisingly high amount of inaccurate check-ins even in the absence of rewards: 43% of total check-ins are inaccurate and 61% of survey participants report they have misrepresented their check-ins. We also find that inaccurate check-ins are often a result of user interface design as well as for convenience, self-advertisement and self-presentation.

Jiaxun Hua,Yu Liu,Yibin Shen,Xiuxia Tian,Yifeng Luo,Cheqing Jin

DOI: https://doi.org/10.1007/s11704-019-8300-4

IF: 2.6688

2020-01-01

Frontiers of Computer Science

Abstract:1 Introduction and main contributions Location-based services are springing up around us,while leakages of users' privacy are inevitable during services.Even worse,adversaries may analyze intercepted service data,and extract more privacy like health and property.Therefore,privacy preservation is an indispensable guarantee on LBS security. Among the previous approaches to privacy preservation,k-anonymity-based ones have drawn much research attention [1-3].However,some privacy concern will be aroused if these schemes are adopted directly.For instance,Ut issues a query "Find the nearest hotel around me" in such an area as Fig.1 (privacy profile k =4).DLS algorithm [2] constructs anonymity set A because these four cells have similar probabilities of being queried in the past.However,experienced adversaries can exclude some cells if they have learned rich contextual knowledge (side information) from historical data,such as features of each cell and LBS users.

Kai Zhao,Zhen Tu,Fengli Xu,Yong Li,Pengyu Zhang,Dan Pei,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/tnsm.2019.2907542

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:Trajectory data has been widely collected via mobile devices and publicly released for academic research and commercial purposes. One primary concern of publishing such a dataset is the privacy issue. Previous protection schemes mainly focus on preventing re-identification attack, which utilizes the uniqueness of trajectories. However, the correlation between trajectories, which has not been given much attention to before, could also give rise to serious privacy leakage. Recent studies have proved that it is possible to identify social relationship, de-anonymize trajectories or even infer user’s locations by analyzing the correlation between users’ trajectories. We identify the serious privacy problem of social relationship leakage caused by what we call social relationship attack and aim to protect social relationship information, which cannot be protected by existing algorithms. We contribute to the design of a new privacy model and an effective system to deal with social relationship attack and re-identification attack simultaneously while maintaining high data utility. We propose a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SlidingWindow</italic> algorithm to merge trajectories according to their <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">social-aware distance</italic> , which concerns both the spatiotemporal distance and social proximity. Evaluations of two trajectory datasets under different scenarios demonstrate that our system provides more than 1.84 times privacy protection at the cost of only 2.5% data utility loss.

Huandong Wang,Yong Li,Chen Gao,Gang Wang,Xiaoming Tao,Depeng Jin

DOI: https://doi.org/10.1109/tmc.2019.2952774

IF: 6.075

2021-03-01

IEEE Transactions on Mobile Computing

Abstract:Human mobility trajectories are increasingly collected by ISPs to assist academic research and commercial applications. Meanwhile, there is a growing concern that individual trajectories can be de-anonymized when the data is shared, using information from external sources (e.g., online social networks). To understand this risk, prior works either estimate the theoretical privacy bound or simulate de-anonymization attacks on synthetically created datasets. However, it is not clear how well the theoretical estimations are preserved in practice. In this article, we collected a large-scale ground-truth trajectory dataset from 2,161,500 users of a cellular network, and two matched external trajectory datasets from a large social network (56,683 users) and a check-in/review service (45,790 users) on the same user population. The two sets of large ground-truth data provide a rare opportunity to extensively evaluate a variety of de-anonymization algorithms (nine in total). We find that their performance in the real-world dataset is far from the theoretical bound. Further analysis shows that most algorithms have under-estimated the impact of spatio-temporal mismatches between the data from different sources, and the high sparsity of user generated data also contributes to the under-performance. Based on these insights, we propose four new algorithms that are specially designed to tolerate spatial or temporal mismatches (or both) and model location contexts and time contexts. Extensive evaluations show that our algorithms achieve more than 17 percent performance gain over the best existing algorithms, confirming our insights. Further, we propose two new location-privacy preserving mechanisms utilizing the spatio-temporal mismatches to better protect users' privacy against the de-anonymization attack. Evaluation results show that our proposed mechanisms can reduce the performance of de-anonymization attacks by over 8.0 percent, demonstrating the effectivene-s of our insights.

computer science, information systems,telecommunications

Lei Xu,Chunxiao Jiang,Nengqiang He,Yi Qian,Yong Ren,Jianhua Li

DOI: https://doi.org/10.1109/jiot.2018.2847302

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:With the growing popularity of mobile social networks, point-of-interest (POI) recommendation, which utilizes users' check-in data to suggest interesting places for users, has attracted much attention in recent years. The check-in data, containing time and location information, are closely related to the user's personal life. Due to privacy concerns, users are reluctant to share check-in data with the service provider (SP), which causes a negative effect on recommendations. It is important for the user to find a balance between privacy and recommendation quality. In this paper, we consider a POI recommendation scenario where an adversary can access the data that a user reports to the SP. The user sequentially decides whether to check in for the POI he has visited. A stochastic game model is proposed to analyze the interaction between the user and the adversary. To find a good policy for the user, two value iteration algorithms are applied. The proposed game has a large state set, which makes it difficult for policy learning. To deal with this problem, we use some tricks when implementing the minimax Q-learning algorithm, and a set of neural networks are trained to approximate the Q-functions. To evaluate the performance of the learning algorithms, we conduct a series of simulations by using real-world check-in data. Simulation results show that the proposed learning algorithms can help the user to make good decisions, in the sense that the user can get a high long-term return.

Minghui Li,Zhaobin Liu,Kang Dong

DOI: https://doi.org/10.1109/trustcom.2016.0244

2016-01-01

Abstract:Recently, privacy preservation in publishing social network has become one of the most notable challenges. Researchers have developed a variety of methods to protect individual's privacy while maintaining utility at the same time. There exists such a situation that an adversary may identify the privacy of a victim with the background knowledge of public neighborhoods. Unfortunately, most of previous researches only focus on unclassified neighborhood attacks and ignore that public neighborhoods whose information is completely open will bring greater risk than private neighborhoods. In view of the availability of users' information, we adopt k-anonymity which belongs to graph modification methods to protect private users from public neighborhood attacks. Although k-anonymity could defend users from re-identification, a group of nodes may share the same sensitive labels which may be exploited by attackers to speculate private information. So we adopt l-diversity to guard the sensitive labels. We conduct our experiments in some social networks, and the results show that our method is effective.

Luo Huiwen,Zhang Haoming,Long Shigong,Lin Yi

DOI: https://doi.org/10.1007/s11042-021-10789-0

IF: 2.577

2021-01-01

Multimedia Tools and Applications

Abstract:The increasing use of hand-held devices which have access to location information, has raised the risk of privacy disclosure. To implement privacy protection on the locations with plenty of check-ins, this thesis proposes a novel location perturbation method based on geo-indistinguishability, which has less quality loss and high privacy guarantee. In order to tackle the problem of how to preserve each person’s frequently occurring position points, we reformulate this issue with a three-step framework. First, the location set is classified by the density-based clustering algorithm, and the privacy budget allocation function is used to allocate the corresponding budget for each cluster. Second, the real location is disturbed according to geo-indistinguishability, and the spanner structure is introduced to increase the efficiency of noise addition and the availability of location data. Finally, we present a privacy metric approach derived from the information entropy to quantify the information leakage by the mechanism, which provides the basis for the analysis of information loss. The experiments are carried out in two real datasets: GeoLife and Taxi GPS reports. Our evaluation confirms that the performance of the proposed strategy is superior to the state-of-the-art solutions in terms of quality loss and privacy metric.

Huaxin Li,Haojin Zhu,Suguo Du,Xiaohui Liang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/tdsc.2016.2604383

2018-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Along with the popularity of mobile social networks (MSNs) is the increasing danger of privacy breaches due to user location exposures. In this work, we take an initial step towards quantifying location privacy leakage from MSNs by matching the users' shared locations with their real mobility traces. We conduct a three-week real-world experiment with 30 participants and discover that both direct location sharing (e.g., Weibo or Renren) and indirect location sharing (e.g., Wechat or Skout) can reveal a small percentage of users' real points of interests (POIs). We further propose a novel attack to allow an external adversary to infer the demographics (e.g., age, gender, education) after observing users' exposed location profiles. We implement such an attack in a large real-world dataset involving 22,843 mobile users. The experimental results show that the attacker can effectively predict demographic attributes about users with some shared locations. To resist such attacks, we propose SmartMask, a context-based system-level privacy protection solution, designed to automatically learn users' privacy preferences under different contexts and provide a transparent privacy control for MSN users. The effectiveness and efficiency of SmartMask have been well validated by extensive experiments.