15 research outputs found
Protecting Locations with Differential Privacy under Temporal Correlations
Concerns on location privacy frequently arise with the rapid development of
GPS enabled devices and location-based applications. While spatial
transformation techniques such as location perturbation or generalization have
been studied extensively, most techniques rely on syntactic privacy models
without rigorous privacy guarantee. Many of them only consider static scenarios
or perturb the location at single timestamps without considering temporal
correlations of a moving user's locations, and hence are vulnerable to various
inference attacks. While differential privacy has been accepted as a standard
for privacy protection, applying differential privacy in location based
applications presents new challenges, as the protection needs to be enforced on
the fly for a single user and needs to incorporate temporal correlations
between a user's locations.
In this paper, we propose a systematic solution to preserve location privacy
with rigorous privacy guarantee. First, we propose a new definition,
"-location set" based differential privacy, to account for the temporal
correlations in location data. Second, we show that the well known
-norm sensitivity fails to capture the geometric sensitivity in
multidimensional space and propose a new notion, sensitivity hull, based on
which the error of differential privacy is bounded. Third, to obtain the
optimal utility we present a planar isotropic mechanism (PIM) for location
perturbation, which is the first mechanism achieving the lower bound of
differential privacy. Experiments on real-world datasets also demonstrate that
PIM significantly outperforms baseline approaches in data utility.Comment: Final version Nov-04-201
LDP-IDS: Local Differential Privacy for Infinite Data Streams
Streaming data collection is essential to real-time data analytics in various
IoTs and mobile device-based systems, which, however, may expose end users'
privacy. Local differential privacy (LDP) is a promising solution to
privacy-preserving data collection and analysis. However, existing few LDP
studies over streams are either applicable to finite streams only or suffering
from insufficient protection. This paper investigates this problem by proposing
LDP-IDS, a novel -event LDP paradigm to provide practical privacy guarantee
for infinite streams at users end, and adapting the popular budget division
framework in centralized differential privacy (CDP). By constructing a unified
error analysi for LDP, we first develop two adatpive budget division-based LDP
methods for LDP-IDS that can enhance data utility via leveraging the
non-deterministic sparsity in streams. Beyond that, we further propose a novel
population division framework that can not only avoid the high sensitivity of
LDP noise to budget division but also require significantly less communication.
Based on the framework, we also present two adaptive population division
methods for LDP-IDS with theoretical analysis. We conduct extensive experiments
on synthetic and real-world datasets to evaluate the effectiveness and
efficiency pf our proposed frameworks and methods. Experimental results
demonstrate that, despite the effectiveness of the adaptive budget division
methods, the proposed population division framework and methods can further
achieve much higher effectiveness and efficiency.Comment: accepted to SIGMOD'2
A novel temporal perturbation based privacy-preserving scheme for real-time monitoring systems
In real-time monitoring systems, participant’s privacy could be easily exposed when the time-series of sensing measurements are obtained accurately by adversaries. To address privacy issues, a number of privacy-preserving schemes have been designed for various monitoring applications. However, these schemes either lack considerations for temporal privacy or have less resistance to filtering attacks, or cause time delay with low utility. In this paper, we introduce a lightweight temporal perturbation based scheme, where sensor readings are buffered and disordered to obfuscate the temporal information of the original sensor measurement stream with differential privacy. Besides, we design the operations on the system server side to exploit the data utility in measurements from large number of sensors. We evaluate the performance of the proposed scheme through both rigorous theoretical analysis and extensive simulation experiments in comparison with related existing schemes. Evaluation results show that the proposed scheme manages to preserve both the temporal privacy and measurement privacy with filter-resistance, and achieves better performance in terms of computational overhead, data utility of real-time aggregation, and individual accumulation
A novel temporal perturbation based privacy-preserving scheme for real-time monitoring systems
In real-time monitoring systems, participant's privacy could be easily exposed when the time-series of sensing measurements are obtained accurately by adversaries. To address privacy issues, a number of privacy-preserving schemes have been designed for various monitoring applications. However, these schemes either lack considerations for temporal privacy or have less resistance to filtering attacks, or cause time delay with low utility. In this paper, we introduce a lightweight temporal perturbation based scheme, where sensor readings are buffered and disordered to obfuscate the temporal information of the original sensor measurement stream with differential privacy. Besides, we design the operations on the system server side to exploit the data utility in measurements from large number of sensors. We evaluate the performance of the proposed scheme through both rigorous theoretical analysis and extensive simulation experiments in comparison with related existing schemes. Evaluation results show that the proposed scheme manages to preserve both the temporal privacy and measurement privacy with filter-resistance, and achieves better performance in terms of computational overhead, data utility of real-time aggregation, and individual accumulation
A novel temporal perturbation based privacy-preserving scheme for real-time monitoring systems
In real-time monitoring systems, participant’s privacy could be easily exposed when the time-series of sensing measurements are obtained accurately by adversaries. To address privacy issues, a number of privacy-preserving schemes have been designed for various monitoring applications. However, these schemes either lack considerations for temporal privacy or have less resistance to filtering attacks, or cause time delay with low utility. In this paper, we introduce a lightweight temporal perturbation based scheme, where sensor readings are buffered and disordered to obfuscate the temporal information of the original sensor measurement stream with differential privacy. Besides, we design the operations on the system server side to exploit the data utility in measurements from large number of sensors. We evaluate the performance of the proposed scheme through both rigorous theoretical analysis and extensive simulation experiments in comparison with related existing schemes. Evaluation results show that the proposed scheme manages to preserve both the temporal privacy and measurement privacy with filter-resistance, and achieves better performance in terms of computational overhead, data utility of real-time aggregation, and individual accumulation