Emiliano De Cristofaro,Claudio Soriente

DOI: https://doi.org/10.48550/arXiv.1201.4376

2013-02-08

Abstract:Participatory Sensing is an emerging computing paradigm that enables the distributed collection of data by self-selected participants. It allows the increasing number of mobile phone users to share local knowledge acquired by their sensor-equipped devices, e.g., to monitor temperature, pollution level or consumer pricing information. While research initiatives and prototypes proliferate, their real-world impact is often bounded to comprehensive user participation. If users have no incentive, or feel that their privacy might be endangered, it is likely that they will not participate. In this article, we focus on privacy protection in Participatory Sensing and introduce a suitable privacy-enhanced infrastructure. First, we provide a set of definitions of privacy requirements for both data producers (i.e., users providing sensed information) and consumers (i.e., applications accessing the data). Then, we propose an efficient solution designed for mobile phone users, which incurs very low overhead. Finally, we discuss a number of open problems and possible research directions.

Cryptography and Security,Networking and Internet Architecture

Xi Chen,Xiaopei Wu,Xiang-Yang Li,Xiaoyu Ji,Yuan He,Yunhao Liu

DOI: https://doi.org/10.1109/tmc.2015.2421946

IF: 6.075

2015-01-01

IEEE Transactions on Mobile Computing

Abstract:Accurate maps are increasingly important with the growth of smart phones and the development of location-based services. Several crowdsourcing based map generation protocols that rely on users to provide their traces have been proposed. Being creative, however, those methods pose a significant threat to user privacy as the traces can easily imply user behavior patterns. On the flip side, crowdsourcing-based map generation method does need individual locations. To address the issue, we present a systematic participatory-sensing-based high-quality map generation scheme, PMG, that meets the privacy demand of individual users. To be specific, the individual users merely need to upload unorganized sparse location points to reduce the risk of exposing users' traces and utilize the Crust, a technique from computational geometry for curve reconstruction, to estimate the unobserved map as well as evaluate the degree of privacy leakage. Experiments show that our solution is able to generate high-quality maps for a real environment that is robust to noisy data. The difference between the ground-truth map and the produced map is less than 10 m, even when the collected locations are about 32 m apart after clustering for the purpose of removing noise.

Guang Yang,Shibo He,Junshan Zhang,Zhiguo Shi

DOI: https://doi.org/10.1109/tvt.2019.2950907

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:Crowdsensing has been recognized as a promising data collection paradigm, in which a platform outsources sensing tasks to a large number of users. However, requesting users to report raw data may give rise to many practical concerns, such as a significant overhead of communication and central processing, besides users' privacy concerns. In many scenarios (e.g, advertising and recommendation), the data collector directly benefits from statistical aggregation of raw data. Thus motivated, we consider the data collection problem based on user's local histograms, which is intimately related to the fundamental trade-off between the platform's accuracy and users' privacy. Because of users' social relationship, their data are often correlated, indicating that users' privacy may be leaked from others' data. To tackle this challenge, we first utilize Gaussian Markov random fields to model the correlation structure embedded in users' data. The data collection is modeled as a Stackelberg game where the platform decides its reward policy and users decide their noise levels while taking into account the social coupling among users. For the reward policy design, we first establish the relationship between users' Nash equilibrium and the payment mechanism, and then optimize the platform's accuracy under a budget constraint. Further, since the noise levels are users' private information, they may use falsified noise levels to achieve higher payoffs, which in turn impairs the crowdsensing performance. It turns out that with the insight into the correlation structure among users' data, the information asymmetry can be overcome based on peer prediction. We revisit the payment mechanism to guarantee dominant truthfulness of each user's strategy. Theoretical analysis and numerical results demonstrate the effectiveness of the proposed mechanism.

Lei Yang,Mengyuan Zhang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1145/3209582.3209598

2018-01-01

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for a sensing task. In this framework, the workers are allowed to report privacy-preserving versions of their data to protect their data privacy; and the platform selects workers based on their sensing capabilities, which aims to address the drawbacks of game-theoretic models that cannot ensure the accuracy level of the aggregated result, due to the existence of multiple Nash Equilibria. Observe that in this auction based framework, there exists externalities among workers' data privacy, because the data privacy of each worker depends on both her injected noise and the total noise in the aggregated result that is intimately related to which workers are selected to fulfill the task. To achieve a desirable accuracy level of the data aggregation in a cost-effective manner, we explicitly characterize the externalities, i.e., the impact of the noise added by each worker on both the data privacy and the accuracy of the aggregated result. Further, we explore the problem structure, characterize the hidden monotonicity property of the problem, and determine the critical bid of workers, which makes it possible to design a truthful, individually rational and computationally efficient incentive mechanism. The proposed incentive mechanism can recruit a set of workers to approximately minimize the cost of purchasing private sensing data from workers subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Pei Huang,Xiaonan Zhang,Linke Guo,Ming Li

DOI: https://doi.org/10.1109/tmc.2019.2946800

IF: 6.075

2021-02-01

IEEE Transactions on Mobile Computing

Abstract:Mobile crowd sensing is a technique where a crowd sensing server outsources sensing tasks to the crowd for mobile data collection. In mobile crowd sensing, some tasks require location information to achieve their objectives, such as road monitoring, indoor floor plan reconstruction, and smart transportation. This required information incurs severe concerns on location privacy leakage and threatens workers' properties as well as public safety. In some cases, even sensing data itself can be used as auxiliary information resulting in location privacy breaches. Many existing works apply differential privacy mechanisms for location privacy preservation to tackle this problem, but they cannot efficiently fulfill privacy goals because each worker only considers his own privacy. As a consequence, the accumulated privacy budget will lower down the composed privacy level of all the workers' locations. In addition, deploying differential privacy is costly for workers and it will degrade the quality of data required in crowd sensing tasks. How to balance the cost and provide accurate aggregated data while fulfilling privacy objectives becomes a challenging issue. In this paper, we propose a group-differentially-private game-theoretical solution, which addresses these limitations in a privacy-preserving and efficient way. Our scheme enables the indistinguishability of workers' locations and sensing data without the help of a trusted entity while meeting the accuracy demands of crowd sensing tasks. The effectiveness and efficiency of our scheme are thoroughly evaluated based on real-world datasets.

computer science, information systems,telecommunications

Mengyuan Zhang,Lei Yang,Shibo He,Ming Li,Junshan Zhang

DOI: https://doi.org/10.1109/tnet.2021.3056490

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:We develop an auction framework for privacy-preserving data aggregation in mobile crowdsensing, where the platform plays the role as an auctioneer to recruit workers for sensing tasks. The workers are allowed to report noisy versions of their data for privacy protection; and the platform selects workers by taking into account their sensing capabilities to ensure the accuracy level of the aggregated result. Observe that when moving the control of data privacy from the data aggregator to the workers, the data aggregator has limited market power in the sense that it can only partially control the noise by judiciously choosing a subset of workers based on workers' privacy preferences. This introduces externalities because the privacy of each worker depends on the total noise in the aggregated result that in turn relies on which workers are selected. Specifically, we first consider a privacy-passive scenario where workers participate if their privacy loss can be adequately compensated by the rewards. We explicitly characterize the externalities and the hidden monotonicity property of the problem, making it possible to design a truthful, individually rational and computationally efficient incentive mechanism. We then extend the results to a privacy-proactive scenario where workers have individual requirements for their perceivable data privacy levels. Our proposed mechanisms for both scenarios can select a subset of workers to (nearly) minimize the cost of purchasing their private sensing data subject to the accuracy requirement of the aggregated result. We validate the proposed scheme through theoretical analysis as well as extensive simulations.

Emiliano De Cristofaro,Claudio Soriente

DOI: https://doi.org/10.1109/tifs.2013.2287092

IF: 7.231

2013-12-01

IEEE Transactions on Information Forensics and Security

Abstract:Participatory sensing is emerging as an innovative computing paradigm that targets the ubiquity of always-connected mobile phones and their sensing capabilities. In this paper, a multitude of pioneering applications increasingly carry out pervasive collection and dissemination of information and environmental data, such as traffic conditions, pollution, temperature, and so on. Participants collect and report measurements from their mobile devices and entrust them to the cloud to be made available to applications and users. Naturally, due to the personal information associated to the reports (e.g., location, movements, etc.), a number of privacy concerns need to be considered prior to a large-scale deployment of these applications. Motivated by the need for privacy protection in participatory sensing, this paper presents a privacy-enhanced participatory sensing infrastructure. We explore realistic architectural assumptions and a minimal set of formal requirements aiming at protecting privacy of both data producers and consumers. We propose two instantiations that attain privacy guarantees with provable security at very low additional computational cost and almost no extra communication overhead.

computer science, theory & methods,engineering, electrical & electronic

Xuangou Wu,Panlong Yang,Shaojie Tang,Xiao Zheng,Yan Xiong

DOI: https://doi.org/10.1109/mwc.2015.7224726

IF: 12.777

2015-01-01

IEEE Wireless Communications

Abstract:Nowadays advanced mobile computing needs accurate RSS maps for effective AP deployment and mobile applications. Inspiringly, the emerging crowdsourcing paradigms provide an innovative and effective way for large-scale RSS gathering. However, existing methods need sampling data and location information from participants, which could be a serious threat to privacy. In dealing with this difficulty, we present a privacy preserving RSS map generation scheme for crowdsensing networks called PRESM. To protect the privacy of user traces, we exploit the compressive sensing technique to sample and compress RSS values along each road segment, which removes the temporal and concrete location information of each participant. Meanwhile, each smartphone user carefully selects a subset of road segments to send its compressed RSS data to a third party. The third party component provides better privacy protection by removing more road segments, and the central server is responsible for RSS map generation. Finally, we carry out our experiment on a campus of approximately 1.6 km2 . Experimental results demonstrate that an RSS map is generated relatively accurately without sacrificing users' trace privacy, and the coverage ratio of the geographic map is greater than 90 percent.

Bo Ma,W. Yan,E. Lai,Jingsong Wu

DOI: https://doi.org/10.1007/978-3-030-72073-5_1

2021-01-01

Abstract:Centralised machine learning brings in side effect pertaining to privacy preservation, most of machine learning methods prone to using the frameworks without privacy protection, as current methods for privacy preservation will slow down model training and testing. In order to resolve this problem, we develop a new noise generating method based on information entropy by using differential privacy for betterment the privacy protection which owns the architecture of federated machine learning. Our experiments unveil that this solution effectively preserves privacy in the vein of centralized federated learning. The gained accuracy is promising which has a room to be uplifted.

Haleh Hayati,Nathan van de Wouw,Carlos Murguia

2024-08-10

Abstract:Cloud computing enables users to process and store data remotely on high-performance computers and servers by sharing data over the Internet. However, transferring data to clouds causes unavoidable privacy concerns. Here, we present a synthesis framework to design coding mechanisms that allow sharing and processing data in a privacy-preserving manner without sacrificing data utility and algorithmic performance. We consider the setup where the user aims to run an algorithm in the cloud using private data. The cloud then returns some data utility back to the user (utility refers to the service that the algorithm provides, e.g., classification, prediction, AI models, etc.). To avoid privacy concerns, the proposed scheme provides tools to co-design: 1) coding mechanisms to distort the original data and guarantee a prescribed differential privacy level; 2) an equivalent-but-different algorithm (referred here to as the target algorithm) that runs on distorted data and produces distorted utility; and 3) a decoding function that extracts the true utility from the distorted one with a negligible error. Then, instead of sharing the original data and algorithm with the cloud, only the distorted data and target algorithm are disclosed, thereby avoiding privacy concerns. The proposed scheme is built on the synergy of differential privacy and system immersion tools from control theory. The key underlying idea is to design a higher-dimensional target algorithm that embeds all trajectories of the original algorithm and works on randomly encoded data to produce randomly encoded utility. We show that the proposed scheme can be designed to offer any level of differential privacy without degrading the algorithm's utility. We present two use cases to illustrate the performance of the developed tools: privacy in optimization/learning algorithms and a nonlinear networked control system.

Cryptography and Security

Chuan Zhang,Liehuang Zhu,Chang Xu,Jianbing Ni,Cheng Huang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/globecom42002.2020.9322483

2020-01-01

Abstract:Truth discovery is one of the key technologies to extract truthful information from unreliable sensory data collected by different mobile devices in mobile crowdsensing, but the sensory data and the outputs of truth discovery (i.e., truths and mobile devices’ weights) may contain sensitive information and cause serious privacy concerns. In this paper, we propose an efficient and privacy-preServing non-interActive Truth discovEry scheme (SATE) in mobile crowdsensing. Specifically, SATE is designed based on a two-cloud model. First, the sensory data is encoded into two parts (i.e., perturbed data and noises) at the mobile device, which are maintained by two clouds separately. Second, by utilizing an adapted distributed public key homomorphic cryptosystem, two clouds can co-operatively exchange the intermediate weights and truths in a privacy preserving manner and thus achieve privacy-preserving truth discovery without the participation of the mobile devices. Security analysis demonstrates that SATE can provide full privacy protection for sensory data, weights, and truths. Performance evaluation also shows that SATE can achieve high computational efficiency and low communication overhead on the mobile devices, since there is no time-consuming cryptographic operation involved.

Josh Joy,Mario Gerla

DOI: https://doi.org/10.48550/arXiv.1604.04892

2016-04-17

Cryptography and Security

Abstract:In today's digital world, personal data is being continuously collected and analyzed without data owners' consent and choice. As data owners constantly generate data on their personal devices, the tension of storing private data on their own devices yet allowing third party analysts to perform aggregate analytics yields an interesting dilemma. This paper introduces PAS-MC, the first practical privacy-preserving and anonymity stream analytics system. PAS-MC ensures that each data owner locally privatizes their sensitive data before responding to analysts' queries. PAS-MC also protects against traffic analysis attacks with minimal trust vulnerabilities.We evaluate the scheme over the California Transportation Dataset and show that we can privately and anonymously stream vehicular location updates yet preserve high accuracy.

Chenglin Miao,Wenjun Jiang,Lu Su,Yaliang Li,Suxin Guo,Zhan Qin,Houping Xiao,Jing Gao,Kui Ren

DOI: https://doi.org/10.1145/2809695.2809719

2015-01-01

Abstract:The recent proliferation of human-carried mobile devices has given rise to the crowd sensing systems. However, the sensory data provided by individual participants are usually not reliable. To identify truthful values from the crowd sensing data, the topic of truth discovery, whose goal is to estimate user quality and infer truths through quality-aware data aggregation, has drawn significant attention. Though able to improve aggregation accuracy, existing truth discovery approaches fail to take into consideration an important issue in their design, i.e., the protection of individual users' private information. In this paper, we propose a novel cloud-enabled privacy-preserving truth discovery (PPTD) framework for crowd sensing systems, which can achieve the protection of not only users' sensory data but also their reliability scores derived by the truth discovery approaches. The key idea of the proposed framework is to perform weighted aggregation on users' encrypted data using homomorphic cryptosystem. In order to deal with large-scale data, we also propose to parallelize PPTD with MapReduce framework. Through extensive experiments on not only synthetic data but also real world crowd sensing systems, we justify the guarantee of strong privacy and high accuracy of our proposed framework.

Ayshika Kapoor,Dheeraj Kumar

DOI: https://doi.org/10.1016/j.pmcj.2024.101875

IF: 3.848

2024-01-11

Pervasive and Mobile Computing

Abstract:Federated learning based participatory sensing has gained much attention lately for the vital task of urban sensing due to privacy and security issues in conventional machine learning. However, inference attacks by the honest-but-curious application server or a malicious adversary can leak the personal attributes of the participants, such as their home and workplace locations, routines, and habits. Approaches proposed in the literature to prevent such information leakage, such as secure multi-party computation and homomorphic encryption, are infeasible for urban sensing applications owing to high communication and computation costs due to multiple rounds of communication between the user and the server. Moreover, for effective modeling of urban sensing phenomenon, the application model needs to be updated frequently - every few minutes or hours, resulting in periodic data-intensive updates by the participants, which severely strains the already limited resources of their mobile devices. This paper proposes a novel low-cost privacy-preserving framework for enhanced protection against the inference of participants' personal and private attributes from the data leaked through inference attacks. We propose a novel approach of strategically leaking selected location traces by providing computation and communication-light direct (local) model updates, whereas the rest of the model updates (when the user is at sensitive locations) are provided using secure multi-party computation. We propose two new methods based on spatiotemporal entropy and Kullback–Leibler divergence for automatically deciding which model updates need to be sent through secure multi-party computation and which can be sent directly. The proposed approach significantly reduces the computation and communication overhead for participants compared to the fully secure multi-party computation protocols. It provides enhanced protection against the deduction of personal attributes from inferred location traces compared to the direct model updates by confusing the application server or malicious adversary while inferring personal attributes from location traces. Numerical experiments on the popular Geolife GPS trajectories dataset validate our proposed approach by reducing the computation and communication requirements by the participants significantly and, at the same time, enhancing privacy by decreasing the number of inferred sensitive and private locations of participants.

computer science, information systems,telecommunications

Hao Zhang,Nenghai Yu,Yonggang Wen

DOI: https://doi.org/10.1002/sec.1055

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:Location-Based Service (LBS) has become pervasive, riding along the trend of mobile application proliferation. Given its high utility value, LBS, however, present serious privacy concerns for cautious users. In this paper, we investigate privacy preserving for location-based information survey application, which calculates the geographic distribution of user's information. The design objective is twofold: i) calculate an information distribution for a pool of mobile users, and ii) protecting the location and value privacy of individual user, in the presence of malicious servers and possible corrupted users. Our proposed solution leverages a mobile cloud computing paradigm, in which each mobile device is replicated with a system-level clone in a proximate cloud environment. The computing of distribution function is distributed among the set of cloud clones, via a peer-to-peer (P2P) protocol. Compared to the approaches based on centralized server or aggregate proxy, our scheme is advantageous in avoiding single point of failure/attack, load balancing and overhead reduction. Simulation results verify these advantages and suggest that our proposed scheme is suitable for large scale applications.

Chenglin Miao,Wenjun Jiang,Lu Su,Yaliang Li,Suxin Guo,Zhan Qin,Houping Xiao,Jing Gao,Kui Ren

DOI: https://doi.org/10.1145/3277505

2019-02-21

ACM Transactions on Sensor Networks

Abstract:The recent proliferation of human-carried mobile devices has given rise to the crowd sensing systems. However, the sensory data provided by individual participants are usually not reliable. To better utilize such sensory data, the topic of truth discovery, whose goal is to estimate user quality and infer reliable aggregated results through quality-aware data aggregation, has drawn significant attention. Though able to improve aggregation accuracy, existing truth discovery approaches fail to address the privacy concerns of individual users. In this article, we propose a novel privacy-preserving truth discovery (PPTD) framework, which can protect not only users’ sensory data but also their reliability scores derived by the truth discovery approaches. The key idea of the proposed framework is to perform weighted aggregation on users’ encrypted data using a homomorphic cryptosystem, which can guarantee both high accuracy and strong privacy protection. In order to deal with large-scale data, we also propose to parallelize PPTD with MapReduce framework. Additionally, we design an incremental PPTD scheme for the scenarios where the sensory data are collected in a streaming manner. Extensive experiments based on two real-world crowd sensing systems demonstrate that the proposed framework can generate accurate aggregated results while protecting users’ private information.

computer science, information systems,telecommunications

Mohammed M. Dawoud,Changxin Liu,Amr Alanwar,Karl H. Johansson

2023-05-12

Abstract:For large-scale cyber-physical systems, the collaboration of spatially distributed sensors is often needed to perform the state estimation process. Privacy concerns naturally arise from disclosing sensitive measurement signals to a cloud estimator that predicts the system state. To solve this issue, we propose a differentially private set-based estimation protocol that preserves the privacy of the measurement signals. Compared to existing research, our approach achieves less privacy loss and utility loss using a numerically optimized truncated noise distribution. The proposed estimator is perturbed by weaker noise than the analytical approaches in the literature to guarantee the same level of privacy, therefore improving the estimation utility. Numerical and comparison experiments with truncated Laplace noise are presented to support our approach. Zonotopes, a less conservative form of set representation, are used to represent estimation sets, giving set operations a computational advantage. The privacy-preserving noise anonymizes the centers of these estimated zonotopes, concealing the precise positions of the estimated zonotopes.

Cryptography and Security,Systems and Control

Rajarshi Saha,Mohamed Seif,Michal Yemini,Andrea J. Goldsmith,H. Vincent Poor

2024-06-06

Abstract:We consider the problem of privately estimating the mean of vectors distributed across different nodes of an unreliable wireless network, where communications between nodes can fail intermittently. We adopt a semi-decentralized setup, wherein to mitigate the impact of intermittently connected links, nodes can collaborate with their neighbors to compute a local consensus, which they relay to a central server. In such a setting, the communications between any pair of nodes must ensure that the privacy of the nodes is rigorously maintained to prevent unauthorized information leakage. We study the tradeoff between collaborative relaying and privacy leakage due to the data sharing among nodes and, subsequently, propose PriCER: Private Collaborative Estimation via Relaying -- a differentially private collaborative algorithm for mean estimation to optimize this tradeoff. The privacy guarantees of PriCER arise (i) implicitly, by exploiting the inherent stochasticity of the flaky network connections, and (ii) explicitly, by adding Gaussian perturbations to the estimates exchanged by the nodes. Local and central privacy guarantees are provided against eavesdroppers who can observe different signals, such as the communications amongst nodes during local consensus and (possibly multiple) transmissions from the relays to the central server. We substantiate our theoretical findings with numerical simulations. Our implementation is available at <a class="link-external link-https" href="https://github.com/rajarshisaha95/private-collaborative-relaying" rel="external noopener nofollow">this https URL</a>.

Signal Processing,Distributed, Parallel, and Cluster Computing,Information Theory,Machine Learning,Systems and Control

Liang Zhao

DOI: https://doi.org/10.3390/s20216153

2020-10-29

Abstract:The Internet of Things (IoT) has evolved significantly with advances in gathering data that can be extracted to provide knowledge and facilitate decision-making processes. Currently, IoT data analytics encountered challenges such as growing data volumes collected by IoT devices and fast response requirements for time-sensitive applications in which traditional Cloud-based solution is unable to meet due to bandwidth and high latency limitations. In this paper, we develop a distributed analytics framework for fog-enabled IoT systems aiming to avoid raw data movement and reduce latency. The distributed framework leverages the computational capacities of all the participants such as edge devices and fog nodes and allows them to obtain the global optimal solution locally. To further enhance the privacy of data holders in the system, a privacy-preserving protocol is proposed using cryptographic schemes. Security analysis was conducted and it verified that exact private information about any edge device's raw data would not be inferred by an honest-but-curious neighbor in the proposed secure protocol. In addition, the accuracy of solution is unaffected in the secure protocol comparing to the proposed distributed algorithm without encryption. We further conducted experiments on three case studies: seismic imaging, diabetes progression prediction, and Enron email classification. On seismic imaging problem, the proposed algorithm can be up to one order of magnitude faster than the benchmarks in reaching the optimal solution. The evaluation results validate the effectiveness of the proposed methodology and demonstrate its potential to be a promising solution for data analytics in fog-enabled IoT systems.

xuyun zhang,Wan-Chun Dou,jian pei,surya nepal,chi yang,chang liu,jinjun chen

DOI: https://doi.org/10.1109/TC.2014.2360516

2015-01-01

Abstract:Cloud computing provides promising scalable IT infrastructure to support various processing of a variety of big data applications in sectors such as healthcare and business. Data sets like electronic health records in such applications often contain privacy-sensitive information, which brings about privacy concerns potentially if the information is released or shared to third-parties in cloud. A practical and widely-adopted technique for data privacy preservation is to anonymize data via generalization to satisfy a given privacy model. However, most existing privacy preserving approaches tailored to small-scale data sets often fall short when encountering big data, due to their insufficiency or poor scalability. In this paper, we investigate the local-recoding problem for big data anonymization against proximity privacy breaches and attempt to identify a scalable solution to this problem. Specifically, we present a proximity privacy model with allowing semantic proximity of sensitive values and multiple sensitive attributes, and model the problem of local recoding as a proximity-aware clustering problem. A scalable two-phase clustering approach consisting of a t-ancestors clustering (similar to k-means) algorithm and a proximity-aware agglomerative clustering algorithm is proposed to address the above problem. We design the algorithms with MapReduce to gain high scalability by performing data-parallel computation in cloud. Extensive experiments on real-life data sets demonstrate that our approach significantly improves the capability of defending the proximity privacy breaches, the scalability and the time-efficiency of local-recoding anonymization over existing approaches.