3,780 research outputs found
A survey on privacy in human mobility
In the last years we have witnessed a pervasive use of location-aware technologies such as vehicular GPS-enabled devices, RFID based tools, mobile phones, etc which generate collection and storing of a large amount of human mobility data. The powerful of this data has been recognized by both the scientific community and the industrial worlds. Human mobility data can be used for different scopes such as urban traffic management, urban planning, urban pollution estimation, etc. Unfortunately, data describing human mobility is sensitive, because people's whereabouts may allow re-identification of individuals in a de-identified database and the access to the places visited by indi-viduals may enable the inference of sensitive information such as religious belief, sexual preferences, health conditions, and so on. The literature reports many approaches aimed at overcoming privacy issues in mobility data, thus in this survey we discuss the advancements on privacy-preserving mo-bility data publishing. We first describe the adversarial attack and privacy models typically taken into consideration for mobility data, then we present frameworks for the privacy risk assessment and finally, we discuss three main categories of privacy-preserving strategies: methods based on anonymization of mobility data, methods based on the differential privacy models and methods which protect privacy by exploiting generative models for synthetic trajectory generation
DP-LTOD: Differential Privacy Latent Trajectory Community Discovering Services over Location-Based Social Networks
IEEE Community detection for Location-based Social Networks (LBSNs) has been received great attention mainly in the field of large-scale Wireless Communication Networks. In this paper, we present a Differential Privacy Latent Trajectory cOmmunity Discovering (DP-LTOD) scheme, which obfuscates original trajectory sequences into differential privacy-guaranteed trajectory sequences for trajectory privacy-preserving, and discovers latent trajectory communities through clustering the uploaded trajectory sequences. Different with traditional trajectory privacy-preserving methods, we first partition original trajectory sequence into different segments. Then, the suitable locations and segments are selected to constitute obfuscated trajectory sequence. Specifically, we formulate the trajectory obfuscation problem to select an optimal trajectory sequence which has the smallest difference with original trajectory sequence. In order to prevent privacy leakage, we add Laplace noise and exponential noise to the outputs during the stages of location obfuscation matrix generation and trajectory sequence function generation, respectively. Through formal privacy analysis,we prove that DP-LTOD scheme can guarantee \epsilon-differential private. Moreover, we develop a trajectory clustering algorithm to classify the trajectories into different kinds of clusters according to semantic distance and geographical distance. Extensive experiments on two real-world datasets illustrate that our DP-LTOD scheme can not only discover latent trajectory communities, but also protect user privacy from leaking
Quantifying Differential Privacy under Temporal Correlations
Differential Privacy (DP) has received increased attention as a rigorous
privacy framework. Existing studies employ traditional DP mechanisms (e.g., the
Laplace mechanism) as primitives, which assume that the data are independent,
or that adversaries do not have knowledge of the data correlations. However,
continuously generated data in the real world tend to be temporally correlated,
and such correlations can be acquired by adversaries. In this paper, we
investigate the potential privacy loss of a traditional DP mechanism under
temporal correlations in the context of continuous data release. First, we
model the temporal correlations using Markov model and analyze the privacy
leakage of a DP mechanism when adversaries have knowledge of such temporal
correlations. Our analysis reveals that the privacy leakage of a DP mechanism
may accumulate and increase over time. We call it temporal privacy leakage.
Second, to measure such privacy leakage, we design an efficient algorithm for
calculating it in polynomial time. Although the temporal privacy leakage may
increase over time, we also show that its supremum may exist in some cases.
Third, to bound the privacy loss, we propose mechanisms that convert any
existing DP mechanism into one against temporal privacy leakage. Experiments
with synthetic data confirm that our approach is efficient and effective.Comment: appears at ICDE 201
Decentralized Collaborative Learning Framework for Next POI Recommendation
Next Point-of-Interest (POI) recommendation has become an indispensable
functionality in Location-based Social Networks (LBSNs) due to its
effectiveness in helping people decide the next POI to visit. However, accurate
recommendation requires a vast amount of historical check-in data, thus
threatening user privacy as the location-sensitive data needs to be handled by
cloud servers. Although there have been several on-device frameworks for
privacy-preserving POI recommendations, they are still resource-intensive when
it comes to storage and computation, and show limited robustness to the high
sparsity of user-POI interactions. On this basis, we propose a novel
decentralized collaborative learning framework for POI recommendation (DCLR),
which allows users to train their personalized models locally in a
collaborative manner. DCLR significantly reduces the local models' dependence
on the cloud for training, and can be used to expand arbitrary centralized
recommendation models. To counteract the sparsity of on-device user data when
learning each local model, we design two self-supervision signals to pretrain
the POI representations on the server with geographical and categorical
correlations of POIs. To facilitate collaborative learning, we innovatively
propose to incorporate knowledge from either geographically or semantically
similar users into each local model with attentive aggregation and mutual
information maximization. The collaborative learning process makes use of
communications between devices while requiring only minor engagement from the
central server for identifying user groups, and is compatible with common
privacy preservation mechanisms like differential privacy. We evaluate DCLR
with two real-world datasets, where the results show that DCLR outperforms
state-of-the-art on-device frameworks and yields competitive results compared
with centralized counterparts.Comment: 21 Pages, 3 figures, 4 table
Trajectory Data Collection with Local Differential Privacy
Trajectory data collection is a common task with many applications in our
daily lives. Analyzing trajectory data enables service providers to enhance
their services, which ultimately benefits users. However, directly collecting
trajectory data may give rise to privacy-related issues that cannot be ignored.
Local differential privacy (LDP), as the de facto privacy protection standard
in a decentralized setting, enables users to perturb their trajectories locally
and provides a provable privacy guarantee. Existing approaches to private
trajectory data collection in a local setting typically use relaxed versions of
LDP, which cannot provide a strict privacy guarantee, or require some external
knowledge that is impractical to obtain and update in a timely manner. To
tackle these problems, we propose a novel trajectory perturbation mechanism
that relies solely on an underlying location set and satisfies pure
-LDP to provide a stringent privacy guarantee. In the proposed
mechanism, each point's adjacent direction information in the trajectory is
used in its perturbation process. Such information serves as an effective clue
to connect neighboring points and can be used to restrict the possible region
of a perturbed point in order to enhance utility. To the best of our knowledge,
our study is the first to use direction information for trajectory perturbation
under LDP. Furthermore, based on this mechanism, we present an anchor-based
method that adaptively restricts the region of each perturbed trajectory,
thereby significantly boosting performance without violating the privacy
constraint. Extensive experiments on both real-world and synthetic datasets
demonstrate the effectiveness of the proposed mechanisms.Comment: Accepted by VLDB 202
Quantifying Differential Privacy in Continuous Data Release under Temporal Correlations
Differential Privacy (DP) has received increasing attention as a rigorous
privacy framework. Many existing studies employ traditional DP mechanisms
(e.g., the Laplace mechanism) as primitives to continuously release private
data for protecting privacy at each time point (i.e., event-level privacy),
which assume that the data at different time points are independent, or that
adversaries do not have knowledge of correlation between data. However,
continuously generated data tend to be temporally correlated, and such
correlations can be acquired by adversaries. In this paper, we investigate the
potential privacy loss of a traditional DP mechanism under temporal
correlations. First, we analyze the privacy leakage of a DP mechanism under
temporal correlation that can be modeled using Markov Chain. Our analysis
reveals that, the event-level privacy loss of a DP mechanism may
\textit{increase over time}. We call the unexpected privacy loss
\textit{temporal privacy leakage} (TPL). Although TPL may increase over time,
we find that its supremum may exist in some cases. Second, we design efficient
algorithms for calculating TPL. Third, we propose data releasing mechanisms
that convert any existing DP mechanism into one against TPL. Experiments
confirm that our approach is efficient and effective.Comment: accepted in TKDE special issue "Best of ICDE 2017". arXiv admin note:
substantial text overlap with arXiv:1610.0754
- …