Yang Cao,Yonghui Xiao,Li Xiong,Liquan Bai,Masatoshi Yoshikawa

DOI: https://doi.org/10.1109/TKDE.2019.2963312

2020-05-16

Abstract:Location privacy-preserving mechanisms (LPPMs) have been extensively studied for protecting users' location privacy by releasing a perturbed location to third parties such as location-based service providers. However, when a user's perturbed locations are released continuously, existing LPPMs may not protect the sensitive information about the user's spatiotemporal activities, such as "visited hospital in the last week" or "regularly commuting between Address 1 and Address 2" (it is easy to infer that Addresses 1 and 2 may be home and office), which we call it \textit{spatiotemporal event}. In this paper, we first formally define {spatiotemporal event} as Boolean expressions between location and time predicates, and then we define $ \epsilon $-\textit{spatiotemporal event privacy} by extending the notion of differential privacy. Second, to understand how much spatiotemporal event privacy that existing LPPMs can provide, we design computationally efficient algorithms to quantify the privacy leakage of state-of-the-art LPPMs when an adversary has prior knowledge of the user's initial probability over possible locations. It turns out that the existing LPPMs cannot adequately protect spatiotemporal event privacy. Third, we propose a framework, PriSTE, to transform an existing LPPM into one protecting spatiotemporal event privacy against adversaries with \textit{any} prior knowledge. Our experiments on real-life and synthetic data verified that the proposed method is effective and efficient.

Databases,Cryptography and Security

Xinyue Zhang,Jingyi Wang,Minglei Shu,Yinglong Wang,Miao Pan,Zhu Han

DOI: https://doi.org/10.1109/access.2018.2884516

IF: 3.9

2018-01-01

IEEE Access

Abstract:The popularity of mobile devices with global positioning system (GPS) has boosted various wireless location-based services (LBSs). Certain honest-but-curious or even dishonest LBS servers may learn the users' trajectories from location trace files, and the users' privacy can be compromised. In this paper, we propose a quantitative approach to model trajectory inference attacks via tensor voting, which can be widely applied in computer vision and machine learning as a perceptual organization. To counter the tensor voting based attacks, we propose a novel trajectory privacy preservation TPP scheme, in which LBS users will intentionally generate dummy trajectories to obfuscate LBS servers. Meanwhile, the LBS users have the option to disclose their trajectories to trustworthy parties (e.g., users' parents) by sending those parties a few more encrypted locations. Considering the power constraint of hand-held mobile devices, we mathematically formulate the trajectory privacy preservation problem into a mixed integer linear programming optimization problem and propose the algorithms for optimizing solutions. Through simulations and analysis, we show that the proposed scheme can effectively preserve LBS users' trajectory privacy against tensor voting-based inference attacks with limited power consumption.

Xumeng Wang,Tianlong Gu,Xiaonan Luo,Xiwen Cai,Tianyi Lao,Wenlong Chen,Yingcai Wu,Jinhui Yu,Wei Chen

DOI: https://doi.org/10.1109/tits.2018.2875021

IF: 8.5

2019-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Visual analysis is widely applied to study human mobility due to the ability of integrating contextual information from multiple data sources. Analyzing trajectory data through visualization improves the efficiency and accuracy of the analysis, yet it may induce exposure of the location privacy. To balance the location privacy and analysis effectiveness, this work focuses on the behaviors of different geo-based contexts in the process of trajectory interpretation. Three types of geo-based contexts are identified after surveying 94 related literatures. We further conduct experiments to investigate their capability by evaluating how they benefit the analysis, and whether they lead to location privacy exposure. Finally, we report and discuss interesting findings, and provide guidelines to the design of privacy-preserving analysis approaches for human periodic trajectories.

Yanzhe Che,Qinming He,Xiaoyan Hong,Kevin Chiew

DOI: https://doi.org/10.1002/dac.2650

2013-01-01

International Journal of Communication Systems

Abstract:While enjoying various LBS location-based services, users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer-to-peer P2P networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x-region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x-region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x-region, together with three algorithms for generating an x-region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.

Sheng Gao,Jianfeng Ma,Weisong Shi,Guoxing Zhan

DOI: https://doi.org/10.1002/wcm.2324

2012-12-06

Wireless Communications and Mobile Computing

Abstract:The ubiquity of mobile devices has facilitated the prevalence of participatory sensing, whereby ordinary citizens use their private mobile devices to collect regional information and to share with participators. However, such applications may endanger the users' privacy by revealing their locations and trajectories information. Most of existing solutions, which hide a user's location information with a coarse region, are under k‐anonymity model. Yet, they may not be applicable in some participatory sensing applications that require precise location information. The goals are seemingly contradictory: to protect a user's location privacy while simultaneously providing precise location information for a high quality of service. In this paper, we propose a method to meet both goals. Through selecting a certain number of a user's partners, it can protect the user's location privacy while providing precise location information. The user's trajectory privacy can be protected by constructing several trajectories that are similar to the user's trajectory in an interval time T. Finally, we utilize a new metric, called slope ratio, to evaluate the partners' selection algorithm that we proposed. Then, we measure the privacy level that the location and trajectory privacy protection mechanism (LTPPM) can achieve. The analysis and simulation results show that LTPPM can protect the user's location and trajectory privacy effectively and also provide a high quality of service in participatory sensing. Copyright © 2012 John Wiley & Sons, Ltd. Location and trajectory privacy problems are the main obstacles to the success of participatory sensing. However, most of existing anonymous methods hide a user's location with a coarse region, which may reduce quality of services. Moreover, the disclosure of trajectory may also reveal the user's location. In this paper, subject to high quality of services, we propose to protect the user's location and trajectory privacy on the basis of equivalence classes formed by his or her partners and present a new metric, named slope ratio, to evaluate trajectory similarity.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rongxing Lu,Xiaodong Lin,Zhiguo Shi,Jun Shao

DOI: https://doi.org/10.1109/infocom.2014.6848003

2014-01-01

Abstract:In this paper, we propose a privacy-preserving framework, called PLAM, for local-area mobile social networks. The proposed PLAM framework employs a privacy-preserving request aggregation protocol with k-Anonymity and l-Diversity properties while without involving a trusted anonymizer server to keep user preference privacy when querying location-based service (LBS), and integrates unlinkable pseudo-ID technique to achieve user identity privacy, location privacy. Moreover, the proposed PLAM framework also introduces the privacy-preserving and verifiable polynomial computation to keep LBS provider's functions private while preventing the provider from cheating in computation. Detailed security analysis shows that the proposed PLAM framework can not only achieve desirable privacy requirements but also resist outside attacks on source authentication, data integrity and availability. In addition, extensive simulations are also conducted, and simulation results guide us on how to set proper thresholds for k-anonymity, l-diversity to make a tradeoff between the desirable user preference privacy level and the request delay in different scenarios.

Weiqi Zhang,Zhenzhen Xie,Akshita Maradapu Vera Venkata Sai,Qasim Zia,Zaobo He,Guisheng Yin

DOI: https://doi.org/10.26599/tst.2023.9010072

2024-04-01

Abstract:The widespread availability of GPS has opened up a whole new market that provides a plethora of location-based services. Location-based social networks have become very popular as they provide end users like us with several such services utilizing GPS through our devices. However, when users utilize these services, they inevitably expose personal information such as their ID and sensitive location to the servers. Due to untrustworthy servers and malicious attackers with colossal background knowledge, users' personal information is at risk on these servers. Unfortunately, many privacy-preserving solutions for protecting trajectories have significantly decreased utility after deployment. We have come up with a new trajectory privacy protection solution that contraposes the area of interest for users. Firstly, Staying Points Detection Method based on Temporal-Spatial Restrictions (SPDM-TSR) is an interest area mining method based on temporal-spatial restrictions, which can clearly distinguish between staying and moving points. Additionally, our privacy protection mechanism focuses on the user's areas of interest rather than the entire trajectory. Furthermore, our proposed mechanism does not rely on third-party service providers and the attackers' background knowledge settings. We test our models on real datasets, and the results indicate that our proposed algorithm can provide a high standard privacy guarantee as well as data availability.

computer science, information systems,engineering, electrical & electronic, software engineering

Zhiping Xu,Jing Zhang,Pei-Wei Tsai,Liwei Lin,Chao Zhuo

DOI: https://doi.org/10.3390/s21062021

2021-03-12

Abstract:Recent years have seen the wide application of Location-Based Services (LBSs) in our daily life. Although users can enjoy many conveniences from the LBSs, they may lose their trajectory privacy when their location data are collected. Therefore, it is urgent to protect the user's trajectory privacy while providing high quality services. Trajectory k-anonymity is one of the most important technologies to protect the user's trajectory privacy. However, the user's attributes are rarely considered when constructing the k-anonymity set. It results in that the user's trajectories are especially vulnerable. To solve the problem, in this paper, a Spatiotemporal Mobility (SM) measurement is defined for calculating the relationship between the user's attributes and the anonymity set. Furthermore, a trajectory graph is designed to model the relationship between trajectories. Based on the user's attributes and the trajectory graph, the SM based trajectory privacy-preserving algorithm (MTPPA) is proposed. The optimal k-anonymity set is obtained by the simulated annealing algorithm. The experimental results show that the privacy disclosure probability of the anonymity set obtained by MTPPA is about 40% lower than those obtained by the existing algorithms while the same quality of services can be provided.

Ning Wang,Jianping Zeng,Wenxing Hong,Shunzhi Zhu

DOI: https://doi.org/10.1007/s10619-020-07290-2

IF: 0.974

2020-04-24

Distributed and Parallel Databases

Abstract:Location-to-trajectory matching plays an important role in trajectory data management and analysis. In this paper, we propose and study a novel problem of privacy-preserving spatial keyword location-to-trajectory matching (PPSKLT Matching). Given a set O of locations with keywords, a set T of activity trajectories, a spatial matching threshold \(\theta _{\text{sp}}\), and a keyword matching threshold \(\theta _{\text{kw}}\), the PPSKLT matching finds all location-trajectory pairs from O and T while preserving the users' privacy. We believe that the PPSKLT matching may benefit many mobile applications such as trajectory activity analysis, event tracking, and so on. The PPSKLT matching is challenging due to three reasons: (1) how to define the spatial keyword similarity measure between locations and trajectories, (2) how to prune the search space effectively, and (3) how to preserve the users' privacy during query processing. To overcome these challenges and address the problem efficiently, we develop a novel network expansion algorithm (NEA). We define a pair of upper and lower bounds on the spatio-textual similarity to prune the search space. We also define a privacy-preserving mechanism to protect users' privacy. We conduct extensive experiments on spatio-textual data sets to verify the performance of the developed algorithms.

computer science, information systems, theory & methods

Hang Shen,Guangwei Bai,Mei Yang,Zhonghui Wang

DOI: https://doi.org/10.1016/j.jnca.2017.01.018

IF: 7.574

2017-03-01

Journal of Network and Computer Applications

Abstract:The existing evaluation methods for location privacy protection mechanism (LPPM) focus mainly on location privacy at the time of issuing a location-based query, and rarely consider trajectory privacy from where multiple successive queries are issued. This paper provides a user-centric analysis of trajectory privacy protection against tracking attacks in presence of quality-loss and energy constraints, focusing on impact of user query behavior within a certain period of time. We consider an attacker with adversarial knowledge on users’ activity and mobility profiles to run tracking attacks, against which users employ LPPMs that incorporate location semantic diversity to maximize trajectory privacy. The attack and defense problems are formalized as a Bayesian Stackelberg game for quantitative analysis. Real location traces are used to assess the LPPMs’ effectiveness, and to find optimal query strategy. The results confirm that query behavior has a significant impact on improving trajectory privacy. Despite increased number of queries to improve trajectory privacy, the effectiveness may be decreased with a longer observation time. At the same query rate, prolonging observation time is beneficial for privacy improvement. We also find that dummy-based LPPM often provides better protection with a stringent energy constraint, while precision-based LPPM performs better under a stringent quality-loss constraint or under a loose energy constraint. At optimal trajectory privacy, quality-loss of precision-based LPPM is lower than that of dummy-based LPPM, but there is an opposite result in terms of energy cost.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Alireza Partovi,Wei Zheng,Taeho Jung,Hai Lin

DOI: https://doi.org/10.48550/arXiv.2002.10055

2020-02-24

Abstract:In recent years, the widespread of mobile devices equipped with GPS and communication chips has led to the growing use of location-based services (LBS) in which a user receives a service based on his current location. The disclosure of user's location, however, can raise serious concerns about user privacy in general, and location privacy in particular which led to the development of various location privacy-preserving mechanisms aiming to enhance the location privacy while using LBS applications. In this paper, we propose to model the user mobility pattern and utility of the LBS as a Markov decision process (MDP), and inspired by probabilistic current state opacity notation, we introduce a new location privacy metric, namely $\epsilon-$privacy, that quantifies the adversary belief over the user's current location. We exploit this dynamic model to design a LPPM that while it ensures the utility of service is being fully utilized, independent of the adversary prior knowledge about the user, it can guarantee a user-specified privacy level can be achieved for an infinite time horizon. The overall privacy-preserving framework, including the construction of the user mobility model as a MDP, and design of the proposed LPPM, are demonstrated and validated with real-world experimental data.

Cryptography and Security

Mingge Cao,Haopeng Zhu,Minghui Min,Yulu Li,Shiyin Li,Hongliang Zhang,Zhu Han

2024-01-20

Abstract:Location-based services (LBSs) in vehicular ad hoc networks (VANETs) offer users numerous conveniences. However, the extensive use of LBSs raises concerns about the privacy of users' trajectories, as adversaries can exploit temporal correlations between different locations to extract personal information. Additionally, users have varying privacy requirements depending on the time and location. To address these issues, this paper proposes a personalized trajectory privacy protection mechanism (PTPPM). This mechanism first uses the temporal correlation between trajectory locations to determine the possible location set for each time instant. We identify a protection location set (PLS) for each location by employing the Hilbert curve-based minimum distance search algorithm. This approach incorporates the complementary features of geo-indistinguishability and distortion privacy. We put forth a novel Permute-and-Flip mechanism for location perturbation, which maps its initial application in data publishing privacy protection to a location perturbation mechanism. This mechanism generates fake locations with smaller perturbation distances while improving the balance between privacy and quality of service (QoS). Simulation results show that our mechanism outperforms the benchmark by providing enhanced privacy protection while meeting user's QoS requirements.

Cryptography and Security

Yu Wang,Dingbang Xu,Xiao He,Chao Zhang,Fan Li,Bin Xu

DOI: https://doi.org/10.1109/INFCOM.2012.6195577

2012-01-01

Abstract:Location privacy has been a serious concern for mobile users who use location-based services provided by the third-party provider via mobile networks. Recently, there have been tremendous efforts on developing new anonymity or obfuscation techniques to protect location privacy of mobile users. Though effective in certain scenarios, these existing techniques usually assume that a user has a constant privacy requirement along spatial and/or temporal dimensions, which may not be true in real-life scenarios. In this paper, we introduce a new location privacy problem: Location-aware Location Privacy Protection (L2P2) problem, where users can define dynamic and diverse privacy requirements for different locations. The goal of the L2P2 problem is to find the smallest cloaking area for each location request so that diverse privacy requirements over spatial and/or temporal dimensions are satisfied for each user. In this paper, we formalize two versions of the L2P2 problem, and propose several efficient heuristics to provide such location-aware location privacy protection for mobile users. Through multiple simulations on a large data set of trajectories for one thousand mobile users, we confirm the effectiveness and efficiency of the proposed L2P2 algorithms.

Ling Xing,Bing Li,Lulu Liu,Yuanhao Huang,Honghai Wu,Huahong Ma,Xiaohui Zhang

DOI: https://doi.org/10.1016/j.comnet.2024.110562

IF: 5.493

2024-06-09

Computer Networks

Abstract:As Location-Based Services (LBSs) proliferate within the Social Internet of Vehicles (SIoVs), the collection and utilization of vehicle trajectories, which are rich in spatio-temporal and semantic informations, have intensified. Publishing these trajectories without adequate privacy safeguards significantly threatens user semantic trajectory privacy. Current methodologies for protecting semantic trajectory privacy do not adequately consider the similarity in query probability between sensitive and alternative semantic locations, thus undermining the efficacy of privacy protection. To address this critical gap, we introduces a novel trajectory privacy protection method based on sensitive semantic location replacement (SSLR), which strategically replaces sensitive semantic locations. This method consists of three key steps: first, semantically annotating trajectory sampling locations to identify sensitive semantic points; second, employing a unique double semicircular area to define replacement regions and selecting replacement Points of Interests (PoIs) that align in semantic attributes and query probabilities; third, reconstructing and publishing the modified trajectories. Our simulation results confirm that SSLR advances the state of the art by delivering superior performance in average recognition rate, geographic similarity, and semantic similarity compared to existing methods. Crucially, by incorporating considerations of query probability similarities, this paper not only enhances the effect of trajectory privacy protection but also preserves its utility. This dual enhancement represents a groundbreaking approach to trajectory privacy, with significant implications for advancing privacy strategies in LBSs within SIoVs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yang Cao,Yonghui Xiao,Shun Takagi,Li Xiong,Masatoshi Yoshikawa,Yilin Shen,Jinfei Liu,Hongxia Jin,Xiaofeng Xu

DOI: https://doi.org/10.48550/arXiv.2005.01263

2020-07-15

Abstract:Location privacy has been extensively studied in the literature. However, existing location privacy models are either not rigorous or not customizable, which limits the trade-off between privacy and utility in many real-world applications. To address this issue, we propose a new location privacy notion called PGLP, i.e., \textit{Policy Graph based Location Privacy}, providing a rich interface to release private locations with customizable and rigorous privacy guarantee. First, we design the privacy metrics of PGLP by extending differential privacy. Specifically, we formalize a user's location privacy requirements using a \textit{location policy graph}, which is expressive and customizable. Second, we investigate how to satisfy an arbitrarily given location policy graph under adversarial knowledge. We find that a location policy graph may not always be viable and may suffer \textit{location exposure} when the attacker knows the user's mobility pattern. We propose efficient methods to detect location exposure and repair the policy graph with optimal utility. Third, we design a private location trace release framework that pipelines the detection of location exposure, policy graph repair, and private trajectory release with customizable and rigorous location privacy. Finally, we conduct experiments on real-world datasets to verify the effectiveness of the privacy-utility trade-off and the efficiency of the proposed algorithms.

Cryptography and Security,Computers and Society

Yan Zhu,Changjun Hu,Di Ma,Tin Li

DOI: https://doi.org/10.1109/3pgcic.2013.19

2013-01-01

Abstract:The increasing spread of location-based services (LBSs) has led to a renewed research interest in location-based security, especially location-based access control. It also raises a lot of concern on potential privacy violation due to the possibility of identifying the user who requests a given service based on her/his location information at the time of the request. To ensure the credibility and availability of LBSs, there is a pressing requirement for addressing security and privacy issues of LBSs in a synergistic way. In this paper, we propose an innovative access control mechanism for LBSs, enabling both fine-grained access control and effective privacy protection. Our proposed approach is based on the construction of cryptographic spatio-temporal predicates by means of efficient secure integer comparison. Our experimental results not only validate the effectiveness of our scheme, but also demonstrate that the proposed integer comparison scheme performs better than previous bit wise comparison scheme.

Bo Liu,Tianqing Zhu,Wanlei Zhou,Kun Wang,Haibo Zhou,Ming Ding

DOI: https://doi.org/10.1109/globecom38437.2019.9013262

2019-01-01

Abstract:The location privacy issue has become a critical research topic recently. The existing solutions do not solve one typical problem in practice: people may only want to protect certain privacy-sensitive locations among a group of temporal and spatial correlated points in a trajectory. As an effort towards this issue, we analyze the impact of space-time relationship on location privacy preservation. In addition, we propose new privacy definitions to better evaluate the privacy level and prove that the target location's privacy can be enhanced by randomizing its time and space related points. Moreover, under the constraint of the total noise power, the problem of obfuscating a location in a temporal and spatial correlated trajectory is formulated as finding the best noise allocation vector which can achieve the highest privacy level. This problem is solved by our proposed location privacy preserving method which applies differential privacy scheme on a series of points with noise budget allocation. Lastly, the performance of the proposed scheme is evaluated by simulations.

Ruowei Gui,Xingjun Zhang,Xiaolin Gui,Jinsong Han

DOI: https://doi.org/10.1109/jiot.2024.3457884

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the popularity of mobile terminals with GPS functions, location-based services are widely used, and all kinds of user information attached to the location are facing the risk of disclosure, and privacy protection is being challenged. In current researches, it is usually assumed that the locations of different users are independent of each other. However, in real world, the locations of different users have some certain internal correlation. Even if the locations of a single user are well protected, attackers can still mine user privacy through the correlation analysis of locations. To solve the above problems, this paper proposes a multiuser location-correlated differential privacy extension scheme under strict privacy budget. In this scheme, we firstly extract the user spatiotemporal characteristics by mining the stay points and stay areas from trajectories based on locations with timestamps, and then, we calculate the correlation degree among users using the Jaccard correlation coefficient according to the spatiotemporal characteristics, and further, we realize the adaptive differential privacy protection of different users by introducing the concept of individual correlation sensitivity, and finally, we design the differential privacy extension method to protect sensitive locations in the stay areas. Experimental results show that, compared with the existing methods, our proposed scheme not only can improve the usability of the trajectories after privacy protection, but also can enhance the privacy protection of the sensitive locations in the stay areas.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Xinyue Sun,Qingqing Ye,Haibo Hu,Jiawei Duan,Qiao Xue,Tianyu Wo,Weizhe Zhang,Jie Xu

DOI: https://doi.org/10.1109/tifs.2024.3480712

IF: 7.231

2024-10-30

IEEE Transactions on Information Forensics and Security

Abstract:Valuable information and knowledge can be learned from users' location traces and support various location-based applications such as intelligent traffic control, incident response, and COVID-19 contact tracing. However, due to privacy concerns, no authority could simply collect users' private location traces for mining or even publishing. To echo such concerns, local differential privacy (LDP) enables individual privacy by allowing each user to report a perturbed version of their data. Unfortunately, when applied to location traces, LDP cannot preserve the semantics in the context of location traces because it treats all locations (i.e., various points of interest) as equally sensitive. This results in a low utility of LDP mechanisms for collecting location traces. In this paper, we address the challenge of collecting and sharing location traces with valuable semantics while providing sufficient privacy protection for participating users. We first propose semantic-constrained local differential privacy (SLDP), a new privacy model to provide a provable mathematical privacy guarantee while preserving desirable semantics. Then, we design a location trace perturbation mechanism (LTPM) that users can use to perturb their traces in a way that satisfies SLDP. Finally, we propose a private location trace synthesis (PLTS) framework in which users use LTPM to perturb their traces before sending them to the collector, who aggregates the users' perturbed data to generate location traces with valuable semantics. Extensive experiments on three real-world datasets demonstrate that our PLTS outperforms existing state-of-the-art methods by at least 21% in a range of real-world applications, such as spatial visiting queries and frequent pattern mining, under the same privacy leakage.

computer science, theory & methods,engineering, electrical & electronic