Differentially private spatial crowdsourcing

In recent years, the popularity of mobile devices has transformed spatial crowdsourcing into a novel mode for performing complicated projects. Workers can perform tasks at specified locations in return for rewards offered by employers. Existing methods ensure the efficiency of their systems by submitting the workers’ exact locations to a centralized server for task assignment, which can lead to privacy violations. Thus, implementing crowsourcing applications while preserving the privacy of workers’ location is a key issue that needs to be tackled. During the process of task assigning and task reporting, workers and requesters are usually required to reveal their locations to potentially untrustworthy entities such as the SC-server, other workers and other requesters, or the server may collect and release the location data of workers and requesters for further analysis, leading to possible privacy breaches. In recent years there have been a number of proposals to provide the privacy preserving capability for SC applications, such as allowing the release of spatial datasets while preserving privacy. This chapter first surveys the current attempts to solve the location privacy problem in SC, and then presents a novel method for reward-based SC with a differential privacy guarantee. A reward allocation mechanism is proposed to adjust each piece of the reward for a task using the distribution of the workers’ locations. Through experimental results, it shows that an optimized-reward method is efficient for spatial crowdsourcing applications

Privacy preserving for tagging recommender systems

Tagging recommender systems offer users the possibility to annotate resources with personalized tags so as to enable users to easily find suitable tags for a resource. They combine the advantages of automation in traditional recommender systems and flexibility of tagging systems. A large collection of data has been generated by those social network web sites with tagging recommender systems during the last few years, and the issue of privacy in the recommender process has generally been overlooked. An adversary with background information may re-identify a particular user in a tagging dataset and obtain the user’s historical tagging records. Compared to general recommender systems, the privacy problem in tagging recommendation systems is more complicated due to its unique structure and semantic content. In this chapter, we will focus on the dataset releasing for tagging recommender systems and utilize differential privacy to prevent the leaking of private information when releasing the dataset. A private tagging release algorithm is presented in this chapter to provide comprehensive privacy-preserving capability for individuals and maximizing the utility of the released dataset. The algorithm offers a tailored differential privacy mechanism that optimizes the performance of recommendation with a fixed level of privacy

Differentially private applications: Where to start?

A lot of differentially private applications have been proposed nowadays. The various steps that can be followed when solving a privacy preservation problem for a particular application are shown in the first figure of this chapter. The dark boxes in the flowchart show the steps, and the orange boxes illustrate the possible choices. First, it is necessary to identify the scenarios: data publishing or data analysis. Data publishing aims to release answers to queries or entire datasets to public users; whereas, data analysis normally releases a private version of a model. Because private learning frameworks solve privacy preservation problems using optimization, an optimization objective normally has to be determined. The second step is identifying challenges in the application. Although differential privacy is considered to be a promising solution for privacy preservation issues, implementation in some applications still presents a number of challenges. These challenges, and their possible solutions, are introduced in the next subsection

Introduction

Over the past two decades, digital information collected by corporations, organizations and governments has resulted in huge number of datasets, and the speed of such data collection has increased dramatically over the last a few years. However, most of the collected datasets are personally related and contain private or sensitive information. Differential privacy is a solid privacy model that provides a provable privacy guarantee for individuals. Differential privacy theoretically proves that there is a low probability of the adversary figuring out the unknown record. Compared to the previous privacy models, differential privacy can successfully resist background attack and provide a provable privacy guarantee

Differentially private data publishing: Interactive setting

Interactive settings operate on various aspects of the input data, including transactions, histograms, streams and graph datasets. This chapter discusses publishing scenarios involving these types of input data. In interactive settings, the privacy mechanism receives a user’s query and replies with a noisy answer to preserve privacy. Traditional Laplace mechanisms can only answer sublinear of n queries, which is insufficient in many scenarios. Different mechanisms are discussed to fix this essential weakness

Differentially location privacy

The Global Positioning System (GPS) module has become a de-facto standard in cell phones and many mobile devices in recent years, hence the booming of location-based services (LBSs) which provide a variety of information services based on location data. As all the LBS providers require the collection and access permission to users’ personal location data, severe privacy concerns are raised at the same time. Therefore, effective privacy preservation is foremost for LBS applications. This chapter presents three methods that apply differential privacy to achieve location privacy for LBSs: the geo-indistinguishability method, the synthetic differentially private trajectory publishing method, and the hierarchical location data publishing method, with an emphasis on the last one. The core of the hierarchical location data publishing method is a private location release algorithm called PriLocation for privacy preserving in location data release. Three private operations, private location clustering, cluster weight perturbation and private location selection, are used by the algorithm to ensure that each individual in the releasing dataset cannot be re-identified by an adversary

Differential Privacy and Applications

Differential Privacy and Application

Differentially private social network data publishing

Online social networks provide an unprecedented opportunity for researchers to analysis various social phenomena. Data collected by these networks are normally represented as graphs, such as connections among friends, which contain many sensitive individual information. Publishing these graph data without a proper privacy model may violate users’ privacy. In this chapter, we present two ways to achieve private social network data publishing using differential privacy: Node differential privacy ensures the privacy of a query over two neighbouring graphs where two neighbouring graphs can differ up to all edges connected to one node. And edge differential privacy means adding or deleting a single edge between two nodes in the graph makes negligible difference to the result of the query. However, existing works on differentially private graph data publishing only work properly when the number of queries is limited, as a large volume of noise will be introduced when the number of queries increases. A method called graph update method is then presented in this chapter to solve this serious problem. The key idea of the method is to transfer the query release problem into an iteration process, and update a synthetic graph until all queries have been answered. Compared with existing works, the graph update method enhances the accuracy of query results, and the extensive experiment proves that it outperforms two state-of-the-art methods, the Laplace method and the correlated method, in terms of Mean Absolute Value, showing that the graph update method can retain more utility of the queries while preserving the privacy

Preliminary of differential privacy

This chapter presents the preliminary of differential privacy. It includes the basic concept of differential privacy, the notion of global sensitivity, local sensitivity, and principle mechanisms that can preserve differential privacy. To make the theory accessible, an example is proposed to illustrate these concepts. In addition, utility measurements are discussed in this chapter

Differentially private data publishing: Non-interactive setting

This chapter present the non-interactive setting in data publishing, including batch queries publishing, contingency table publishing and synthetic dataset publishing. Non-interactive settings mean all queries are given to the curator at one time. The key challenge for non-interactive publishing is the sensitivity measurement. Correlation between queries will dramatically increase the sensitivity. Two possible methods are proposed to fix this problem: one is decomposing the correlation between batch queries and another is publishing a synthetic dataset with the constraint of differential privacy to answer those proposed queries. Related methods are presented in the synthetic dataset publishing Sections