Dan Liao,Gang Sun,Hui Li,Hongfang Yu,Victor Chang

DOI: https://doi.org/10.1007/s10586-017-0986-1

2017-01-01

Cluster Computing

Abstract:Internet of things (IoT) based location-based services (LBS) are playing an increasingly important role in our daily lives. However, since the LBS server may be hacked, malicious or not credible, there is a good chance that interacting with the LBS server may result in loss of privacy.As per journal instruction, author photo and biography are mandatory for this article. Please provide. Thus, protecting user privacy such as the privacy of user location and trajectory is an important issue to be addressed while using LBS. To address this problem, we first construct three kinds of attack models that may expose a user’s trajectory or path while the user is sending continuous queries to a LBS server. Then we construct a novel LBS system model for preserving privacy, and propose the k -anonymity trajectory (KAT) algorithm which is suitable for both single query and continuous queries. Different from existing works, the KAT algorithm selects k-1 dummy locations using the sliding window based k -anonymity mechanism when the user is making single query, and selects k-1 dummy trajectories using the trajectory select mechanism for continuous queries. We evaluate the effectiveness of our proposed algorithm by conducting simulations for the single-query and continuous-query scenarios. The simulation results show that our proposed algorithm can protect privacy of users better than existing approaches, while incurring a lower time complexity than those approaches.

Qiong Wu,Hanxu Liu,Cui Zhang,Qiang Fan,Zhengquan Li,Kan Wang

DOI: https://doi.org/10.3390/electronics8020148

IF: 2.9

2019-01-31

Electronics

Abstract:With the proliferation of the Internet-of-Things (IoT), the users’ trajectory data containing privacy information in the IoT systems are easily exposed to the adversaries in continuous location-based services (LBSs) and trajectory publication. Existing trajectory protection schemes generate dummy trajectories without considering the user mobility pattern accurately. This would cause that the adversaries can easily exclude the dummy trajectories according to the obtained geographic feature information. In this paper, the continuous location entropy and the trajectory entropy are defined based on the gravity mobility model to measure the level of trajectory protection. Then, two trajectory protection schemes are proposed based on the defined entropy metrics to protect the trajectory data in continuous LBSs and trajectory publication, respectively. Experimental results demonstrate that the proposed schemes have a higher level than the enhanced dummy-location selection (enhance-DLS) scheme and the random scheme.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ren-Hung Hwang,Yu-Ling Hsueh,Hao-Wei Chung

DOI: https://doi.org/10.1109/tsc.2013.55

IF: 11.019

2014-04-01

IEEE Transactions on Services Computing

Abstract:Location-based services (LBS) which bring so much convenience to our daily life have been intensively studied over the years. Generally, an LBS query processing can be categorized into snapshot and continuous queries which access user location information and return search results to the users. An LBS has full control of the location information, causing user privacy concerns. If an LBS provider has a malicious intention to breach the user privacy by tracking the users' routes to their destinations, it incurs a serious threat. Most existing techniques have addressed privacy protection mainly for snapshot queries. However, providing privacy protection for continuous queries is of importance, since a malicious LBS can easily obtain complete user privacy information by observing a sequence of successive query requests. In this paper, we propose a comprehensive trajectory privacy technique and combine ambient conditions to cloak location information based on the user privacy profile to avoid a malicious LBS reconstructing a user trajectory. We first propose an r-anonymity mechanism which preprocesses a set of similar trajectories R to blur the actual trajectory of a service user. We then combine k-anonymity with s road segments to protect the user's privacy. We introduce a novel time-obfuscated technique which breaks the sequence of the query issuing time for a service user to confuse the LBS so it does not know the user trajectory, by sending a query randomly from a set of locations residing at the different trajectories in R. Despite the randomness incurred from the obfuscation process for providing strong trajectory privacy protection, the experimental results show that our trajectory privacy technique maintains the correctness of the query results at a competitive computational cost.

computer science, information systems, software engineering

Wanqing Wu,Wenlong Shang,Ruohe Lei,Xin Yang

DOI: https://doi.org/10.1155/2022/8635275

2022-07-05

Wireless Communications and Mobile Computing

Abstract:With the rapid development of mobile Internet and communication technology, location-based services (LBS) are widely used in our daily life. The server stores a large amount of user location data, and these location data constitute user trajectories. If trajectory information on the server is leaked, it will seriously endanger users’ privacy. Trajectory k -anonymity technology is one of the most important methods to protect the privacy of user trajectory. However, current trajectory k -anonymity methods have less discussion on the semantic of stop point when selecting dummy trajectory, which leads to the fact that attacker can still exclude the dummy trajectory from the k -anonymity set and infer the real trajectory by combining background knowledge with the semantic information of stop points. To address this problem, this paper decomposes the real trajectory into location pairs set; the set consists of start-end points and stop points. According to the similarity of location pairs, the similar location pairs in history trajectory set are used to generate dummy trajectory: firstly, extracting the start-end points and stop points from real trajectory and assigning semantic to them. Then, based on the semantic, temporal, and geographical attributes, eligible location pairs are selected from history trajectory set to construct equivalence class. Finally, according to the location pairs in equivalence class, k − 1 dummy trajectories are generated to form a k -anonymity set. We evaluate our method thoroughly with real dataset. The results show that our method achieve an effective data availability and higher privacy protection than other methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

LI Feng-hua,ZHANG Cui,NIU Ben,LI Hui,HUA Jia-feng,SHI Guo-zhen

DOI: https://doi.org/10.11959/j.issn.1000-436x.2015320

2015-01-01

Abstract:As one of the most important information in location-based services (LBS),the trajectory privacy for smart devices users has gained increasingly popularity over recent years.To address this problem,(k−1) dummy trajectories to achieve trajectory k-anonymity with comprehensively considering side information were generated,user's mobility pattern and the trajectory similarity etc.Without relying on the trusted third party,the scheme could provide trajectory k-anonymity against adversaries with side information by generating (k−1) realistic dummy trajectories.The evaluation results indicate its effectiveness and efficiency.

Dan Liao,Hui Li,Gang Sun,Vishal Anand

DOI: https://doi.org/10.1109/glocom.2015.7417512

2015-01-01

Abstract:Preserving user location and trajectory privacy while using location-based service (LBS) is an important issue. To address this problem, we first construct three kinds of attack models that can expose a user's trajectory or path while the user is sending continuous queries to a LBS server. Then we propose the k- anonymity trajectory (KAT) algorithm, which is suitable for both single query and continuous queries. Different from existing works, the KAT algorithm selects k-1 dummy locations using the sliding widow based k- anonymity mechanism when the user is making single queries and selects k-1 dummy trajectories using the trajectory selection mechanism for continuous queries. We evaluate and validate the effectiveness of our proposed algorithm by conducting simulations for the single and continuous query scenarios.

Shadan AlHamed,Mznah AlRodhaan,Yuan Tian

DOI: https://doi.org/10.1007/978-981-15-7530-3_38

2019-01-01

Abstract:Fog computing has been introduced for extending cloud computing to the edge of the network, which brings features and services closer to end-users. Despite all the benefits provided, fog computing still suffers from security and privacy issues. Location privacy has a critical issue since fog nodes collect sensitive data. The users continuously send queries to the Location-based service (LBS) server, which may cause vulnerabilities where an attacker may track users. Subsequently, location privacy is not adequate to preserve privacy and attackers can still deduce the movement pattern of the user. Therefore, trajectory privacy has been used to provide better protection for the whole trajectory of the user. Meanwhile, most of the existing researches did not protect the future location of the user, while attackers may predict or estimate the users’ next position if the geographical environment constraints are not considered and the historical data of the user not protected. To resolve the addressed issues and provide better privacy, we developed an approach for preserving the user’s future trajectory privacy by predicting the future location of the user using Extended Mobility Markov Chain (n-MMC) and then generating dummy trajectories by Dummy Rotation Algorithm. The results show that the system can achieve privacy preservation of the future trajectory of the user with an average accuracy of 60%.

Weiqi Zhang,Guisheng Yin,Yuhai Sha,Jishen Yang

DOI: https://doi.org/10.1155/2021/6691975

2021-01-01

Wireless Communications and Mobile Computing

Abstract:The rapid development of the Global Positioning System (GPS) devices and location-based services (LBSs) facilitates the collection of huge amounts of personal information for the untrusted/unknown LBS providers. This phenomenon raises serious privacy concerns. However, most of the existing solutions aim at locating interference in the static scenes or in a single timestamp without considering the correlation between location transfer and time of moving users. In this way, the solutions are vulnerable to various inference attacks. Traditional privacy protection methods rely on trusted third-party service providers, but in reality, we are not sure whether the third party is trustable. In this paper, we propose a systematic solution to preserve location information. The protection provides a rigorous privacy guarantee without the assumption of the credibility of the third parties. The user’s historical trajectory information is used as the basis of the hidden Markov model prediction, and the user’s possible prospective location is used as the model output result to protect the user’s trajectory privacy. To formalize the privacy-protecting guarantee, we propose a new definition, L&A-location region, based on k-anonymity and differential privacy. Based on the proposed privacy definition, we design a novel mechanism to provide a privacy protection guarantee for the users’ identity trajectory. We simulate the proposed mechanism based on a dataset collected in real practice. The result of the simulation shows that the proposed algorithm can provide privacy protection to a high standard.

Shiwen Zhang,Biao Hu,Wei Liang,Kuan-Ching Li,Al-Sakib Khan Pathan

DOI: https://doi.org/10.1109/jiot.2023.3308073

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the increasing integration of Location-Based Services (LBS) into various societal domains, location privacy preservation has emerged as a pivotal concern. In most continuous LBS privacy protection approaches, the user needs to send a query to an untrusted Location Service Provider (LSP) to request the corresponding query results, and these results are discarded immediately after being used. This leads to similar queries in the future having to be sent to the LSP again, which increases the risk of privacy leakage when facing the LSP. To solve these issues, caching techniques are typically used to provide answers to users’ future queries. However, minimizing the interaction with the LSP is a challenge. Here, we propose a trajectory privacy-preserving scheme based on a transition matrix and caching (TMC) scheme for continuous LBS in the Industrial Internet of Things (IIoT). It employs multi-level caching to reduce the risk of exposing sensitive information to untrusted entities. We designed a transition matrix to predict the user’s next query location and simplify the computation complexity. We designed a cloaking set generation algorithm by considering transition entropy, location prediction, data freshness, and cache contribution degree to enhance user location privacy and improve the cache hit rate. The security analysis demonstrates how the TMC scheme resists attacks from both internal and external entities and ensures robustness in trajectory privacy. The experimental results show that the proposed TMC scheme can provide a higher level of privacy protection and lower system overhead compared to several previous schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhen Tu,Kai Zhao,Fengli Xu,Yong Li,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/tnsm.2018.2877790

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:Nowadays, human trajectories are widely collected and utilized for scientific research and business purpose. However, publishing trajectory data without proper handling might cause severe privacy leakage. A large body of works is dedicated to merging one's trajectory with others', so as to avoid any individual trajectory being re-identified. Yet their solutions do not provide enough protection since they cannot prevent semantic attack, which means the attackers are able to acquire individual's private information by using the semantics features of frequently visited locations in the trajectory even without re-identification. In this paper, we are the first to recognize the semantic attack, which is another severe privacy problem in publishing trajectory datasets. We propose an algorithm providing strong privacy protection against both the semantic and re-identification attack while reserving high data utility. Extensive evaluations based on two real-world datasets demonstrate that our solution improves the quality of privacy protection by three times, sacrificing only 36% and 10% of spatial and temporal resolution, respectively.

Wanshu Yu,Haonan Shi,Hongyun Xu

DOI: https://doi.org/10.48550/arXiv.2307.16849

2023-08-01

Abstract:As people's daily life becomes increasingly inseparable from various mobile electronic devices, relevant service application platforms and network operators can collect numerous individual information easily. When releasing these data for scientific research or commercial purposes, users' privacy will be in danger, especially in the publication of spatiotemporal trajectory datasets. Therefore, to avoid the leakage of users' privacy, it is necessary to anonymize the data before they are released. However, more than simply removing the unique identifiers of individuals is needed to protect the trajectory privacy, because some attackers may infer the identity of users by the connection with other databases. Much work has been devoted to merging multiple trajectories to avoid re-identification, but these solutions always require sacrificing data quality to achieve the anonymity requirement. In order to provide sufficient privacy protection for users' trajectory datasets, this paper develops a study on trajectory privacy against re-identification attacks, proposing a trajectory K-anonymity model based on Point Density and Partition (KPDP). Our approach improves the existing trajectory generalization anonymization techniques regarding trajectory set partition preprocessing and trajectory clustering algorithms. It successfully resists re-identification attacks and reduces the data utility loss of the k-anonymized dataset. A series of experiments on a real-world dataset show that the proposed model has significant advantages in terms of higher data utility and shorter algorithm execution time than other existing techniques.

Cryptography and Security,Machine Learning

Lu Qiwei,Wang Caimei,Xiong Yan,Xia Huihua,Huang Wenchao,Gong Xudong

DOI: https://doi.org/10.1049/cje.2017.01.024

IF: 1.019

2017-01-01

Chinese Journal of Electronics

Abstract:Due to the popularity of mobile Internet and location-aware devices, there is an explosion of location and trajectory data of moving objects. A few proposals have been proposed for privacy preserving trajectory data publishing, and most of them assume the attacks with the same adversarial background knowledge. In practice, different users have different privacy requirements. Such non-personalized privacy assumption does not meet the personalized privacy requirements, meanwhile, it looses the chance to achieve better utility by taking advantage of differences of users' privacy requirements. We study the personalized trajectory k-anonymity criterion for trajectory data publication. Specifically, we explore and propose an overall framework which provides privacy preserving services based on users' personal privacy requests, including trajectory clusteiing, editing and publication. We demonstrate the efficiency and effectiveness of our scheme through experiments on real world dataset.

Zhigang Yang,Ruyan Wang,Dapeng Wu,Honggang Wang,Haina Song,Xinqiang Ma

DOI: https://doi.org/10.1109/tii.2021.3116529

IF: 12.3

2022-04-01

IEEE Transactions on Industrial Informatics

Abstract:The value of trajectory data lies mainly in the spatio-temporal correlation. However, the existing privacy protection methods ignore the spatio-temporal correlation of trajectory data, resulting in a large error in trajectory proportion estimation and Top-K classification. For the privacy of truck trajectory in intelligent logistics, the location and trajectory data perturbation method based on quadtree indexing is proposed, which leverages location generalization and local differential privacy techniques. Our proposed algorithms are suitable for datasets with a large sample space and can protect the trajectory privacy of truck drivers while preserving the strong correlation between adjacent spatio-temporal nodes in the trajectory. The results of simulation on a real trajectory dataset show that the proposed methods not only meet the trajectory privacy requirements of users but also have a good performance in trajectory proportion estimation and Top-K classification.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Hua Shen,Yu Wang,Mingwu Zhang

DOI: https://doi.org/10.3390/s23249652

2023-12-06

Abstract:With the popularity of location services and the widespread use of trajectory data, trajectory privacy protection has become a popular research area. k-anonymity technology is a common method for achieving privacy-preserved trajectory publishing. When constructing virtual trajectories, most existing trajectory k-anonymity methods just consider point similarity, which results in a large dummy trajectory space. Suppose there are n similar point sets, each consisting of m points. The size of the space is then mn. Furthermore, to choose suitable k- 1 dummy trajectories for a given real trajectory, these methods need to evaluate the similarity between each trajectory in the space and the real trajectory, leading to a large performance overhead. To address these challenges, this paper proposes a k-anonymity trajectory privacy protection method based on the similarity of sub-trajectories. This method not only considers the multidimensional similarity of points, but also synthetically considers the area between the historic sub-trajectories and the real sub-trajectories to more fully describe the similarity between sub-trajectories. By quantifying the area enclosed by sub-trajectories, we can more accurately capture the spatial relationship between trajectories. Finally, our approach generates k-1 dummy trajectories that are indistinguishable from real trajectories, effectively achieving k-anonymity for a given trajectory. Furthermore, our proposed method utilizes real historic sub-trajectories to generate dummy trajectories, making them more authentic and providing better privacy protection for real trajectories. In comparison to other frequently employed trajectory privacy protection methods, our method has a better privacy protection effect, higher data quality, and better performance.

Zhiping Xu,Jing Zhang,Pei-Wei Tsai,Liwei Lin,Chao Zhuo

DOI: https://doi.org/10.3390/s21062021

2021-03-12

Abstract:Recent years have seen the wide application of Location-Based Services (LBSs) in our daily life. Although users can enjoy many conveniences from the LBSs, they may lose their trajectory privacy when their location data are collected. Therefore, it is urgent to protect the user's trajectory privacy while providing high quality services. Trajectory k-anonymity is one of the most important technologies to protect the user's trajectory privacy. However, the user's attributes are rarely considered when constructing the k-anonymity set. It results in that the user's trajectories are especially vulnerable. To solve the problem, in this paper, a Spatiotemporal Mobility (SM) measurement is defined for calculating the relationship between the user's attributes and the anonymity set. Furthermore, a trajectory graph is designed to model the relationship between trajectories. Based on the user's attributes and the trajectory graph, the SM based trajectory privacy-preserving algorithm (MTPPA) is proposed. The optimal k-anonymity set is obtained by the simulated annealing algorithm. The experimental results show that the privacy disclosure probability of the anonymity set obtained by MTPPA is about 40% lower than those obtained by the existing algorithms while the same quality of services can be provided.

ZHANG Shao-bo,LIU Qin,LI Xiong,WANG Guo-jun

DOI: https://doi.org/10.3969/j.issn.1001-0548.2018.03.020

2018-01-01

Abstract:To address the intersecting region of the continuous range queries needs to repeat queries in the location-based service, this paper proposes a method of trajectory privacy protection based on caching candidate result set. The method utilizes two-level cache mechanism to cache user's candidate result set at client and anonymizer, and the next query point on the trajectory can obtain the answer from the cached data, which can reduce the interaction between the user and the server to reduce the risk of user's information exposed to the server. At the same time, we propose the k-anonymity of the mobile location prediction based on the Markov model, which can improve the hit ratio of cache and enhance the user's trajectory privacy. Security analysis shows that the method can effectively protect the user's trajectory privacy. Experiments show this method can reduce the computation and communication overhead of the server.

Zhigang Yang,Ruyan Wang,Honggang Wang,Dapeng Wu

DOI: https://doi.org/10.1109/mnet.012.2000384

IF: 10.294

2022-10-19

IEEE Network

Abstract:Location-based service (LBS), with its personalized, real time, and mobile features, is one of the more popular mobile applications (apps) in the world today. However, under the centralized LBS architecture, the high dimensional trajectory data collected from LBS users are directly exposed to the central server, which entails serious privacy risks. Although existing privacy protection technologies can protect the private user trajectories to a certain extent, they often ignore the reasonable data requirements of LBS providers (e.g., data required to maintain or improve services). Focusing on the weaknesses of centralized LBS and the shortcomings of existing solutions, this article proposes a cloud edge-client collaborative trajectory privacy protection system. The system migrates LBS from the cloud to the network edge and balances privacy and utility-including service utility and data utility-with anonymous authentication, dummy location, and privacy risk evaluation mechanisms. The theoretical analysis and simulation results show that the system can effectively protect trajectory privacy under the premise of high availability of services and data, which is a significant improvement over the current LBS system.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Zhe Xiao,Jing-Jing Yang,Ming Huang,Loganathan Ponnambalam,Xiuju Fu,Rick Siow Mong Goh

DOI: https://doi.org/10.1109/tmc.2017.2768360

IF: 6.075

2018-06-01

IEEE Transactions on Mobile Computing

Abstract:Participatory sensing, leveraging on the ubiquity of cheap sensors in mobile devices, enables various promising applications of great social benefit. However, its ubiquitous sampling and openness results in serious privacy concerns. People's activity trajectories may reveal their private information such as home and work place and thus requires proper protection. In this paper, we propose a novel design scheme, called query logics detached storage (QLDS), for trajectory privacy protection. The core idea of QLDS is to extract the query logics for personal trajectory retrieval and make actual trajectory tuples not clustered to any route-identity or user-identity at server end, which introduces fine-granularity anonymity. The QLDS design scheme stores the extracted query logics at users own client devices and the un-clustered location tuples at the backend server, guaranteeing trajectory reconstruction at client-end and privacy preservation at server-end. Besides, integration of QLDS with other privacy protection approaches can further enhance the protection strength and bring flexible configurations to meet individuals variable privacy concerns. The theoretical analytics is provided for the privacy and utility evaluation. The data retrieval performance of QLDS is experimentally evaluated in real-world internet environment.

computer science, information systems,telecommunications

Zhen Tu,Kai Zhao,Fengli Xu,Yong Li,Li Su,Depeng Jin

DOI: https://doi.org/10.1109/sahcn.2017.7964921

2017-01-01

Abstract:Nowadays, human trajectories are widely collected and utilized for scientific research and business purpose. However, publishing trajectory data without proper handling might cause severe privacy leakage. A large body of works are dedicated to merging one's trajectory with others', so as to avoid any individual trajectory being re-identified. Yet their solutions do not provide enough protection since they cannot prevent semantic attack, which means the attackers are able to acquire individual's private information by using the semantics features of frequently- visited locations in the trajectory even without re- identification. In this work, we are the first to recognize the semantic attack, which is another severe privacy problem in publishing trajectory datasets. We propose an algorithm providing strong privacy protection against both the semantic and re- identification attack while reserving high data utility. Extensive evaluations based on two real-world datasets demonstrate that our solution improves the quality of privacy protection by 3 times, sacrificing only 36% and 30% of spatial and temporal resolution, respectively.

Zheng Huo,Yi Huang,Xiaofeng Meng

DOI: https://doi.org/10.1145/2025876.2025891

2011-01-01

Abstract:ABSTRACTWith rapid development of positioning techniques and location based services (LBS), locations and traces of moving objects are collected by service providers, the data will then be published for novel applications. Although analyzing and mining trajectories is useful for mobility-related applications, new challenges of trajectory privacy leakage arise accordingly. Trajectories contain rich spatio-temporal history information that may expose users' whereabouts and other personal privacy. At present, trajectory k-anonymity which aims at anonymizing k trajectories together on all sample points is one of the most popular techniques to protect trajectory privacy. The challenge lies in how to find trajectory k-anonymity sets. In this paper, a trajectory graph is constructed to simulate spatial relations of trajectories, based on which we propose to find trajectory k-anonymity sets through graph partition, which is proven NP-complete. We then propose a greedy partition method to find trajectory k-anonymity sets, as well as yielding low information loss. We run a series of experiments on both real-world and synthetic datasets, the results show the effectiveness of our method.