Effective mix-zone anonymization techniques for mobile travelers

Mix-zones are recognized as an alternative and complementary approach to spatial cloaking based location privacy protection. Unlike spatial cloaking techniques that perturb the location resolution through location k-anonymization, mix-zones break the continuity of location exposure by ensuring that users' movements cannot be traced while they are inside a mix-zone. In this paper we provide an overview of some known attacks that make mix-zones on road networks vulnerable and discuss a set of counter measures to make road network mix-zones attack-resilient. Concretely, we categorize the vulnerabilities of road network mix-zones into two classes: one due to the road network characteristics and user mobility, and the other due to the temporal, spatial and semantic correlations of location queries. We propose efficient road network mix-zone construction techniques that are resilient to attacks based on road network characteristics. Furthermore, we enhance the road network mix-zone framework with the concept of delay-tolerant mix-zones that introduce a combination of spatial and temporal shifts in the location exposure of the users to achieve higher anonymity. We study the factors that impact on the effectiveness of each of these attacks and evaluate the efficiency of the counter measures through extensive experiments on traces produced by GTMobiSim at different scales of geographic maps. © 2013 Springer Science+Business Media New York

Protecting privacy of semantic trajectory

The growing ubiquity of GPS-enabled devices in everyday life has made large-scale collection of trajectories feasible, providing ever-growing opportunities for human movement analysis. However, publishing this vulnerable data is accompanied by increasing concerns about individuals’ geoprivacy. This thesis has two objectives: (1) propose a privacy protection framework for semantic trajectories and (2) develop a Python toolbox in ArcGIS Pro environment for non-expert users to enable them to anonymize trajectory data. The former aims to prevent users’ re-identification when knowing the important locations or any random spatiotemporal points of users by swapping their important locations to new locations with the same semantics and unlinking the users from their trajectories. This is accomplished by converting GPS points into sequences of visited meaningful locations and moves and integrating several anonymization techniques. The second component of this thesis implements privacy protection in a way that even users without deep knowledge of anonymization and coding skills can anonymize their data by offering an all-in-one toolbox. By proposing and implementing this framework and toolbox, we hope that trajectory privacy is better protected in research

Anonymizing continuous queries with delay-tolerant mix-zones over road networks

This paper presents a delay-tolerant mix-zone framework for protecting the location privacy of mobile users against continuous query correlation attacks. First, we describe and analyze the continuous query correlation attacks (CQ-attacks) that perform query correlation based inference to break the anonymity of road network-aware mix-zones. We formally study the privacy strengths of the mix-zone anonymization under the CQ-attack model and argue that spatial cloaking or temporal cloaking over road network mix-zones is ineffective and susceptible to attacks that carry out inference by combining query correlation with timing correlation (CQ-timing attack) and transition correlation (CQ-transition attack) information. Next, we introduce three types of delay-tolerant road network mix-zones (i.e.; temporal, spatial and spatio-temporal) that are free from CQ-timing and CQ-transition attacks and in contrast to conventional mix-zones, perform a combination of both location mixing and identity mixing of spatially and temporally perturbed user locations to achieve stronger anonymity under the CQ-attack model. We show that by combining temporal and spatial delay-tolerant mix-zones, we can obtain the strongest anonymity for continuous queries while making acceptable tradeoff between anonymous query processing cost and temporal delay incurred in anonymous query processing. We evaluate the proposed techniques through extensive experiments conducted on realistic traces produced by GTMobiSim on different scales of geographic maps. Our experiments show that the proposed techniques offer high level of anonymity and attack resilience to continuous queries. © 2013 Springer Science+Business Media New York

Attack-resilient mix-zones over road networks: Architecture and algorithms

Continuous exposure of location information, even with spatially cloaked resolution, may lead to breaches of location privacy due to statistics-based inference attacks. An alternative and complementary approach to spatial cloaking based location anonymization is to break the continuity of location exposure by introducing techniques, such as mix-zones, where no application can trace user movements. Several factors impact on the effectiveness of mix-zone approach, such as user population, mix-zone geometry, location sensing rate and spatial resolution, as well as spatial and temporal constraints on user movement patterns. However, most of the existing mix-zone proposals fail to provide effective mix-zone construction and placement algorithms that are resilient to timing and transition attacks. This paper presents MobiMix, a road network based mix-zone framework to protect location privacy of mobile users traveling on road networks. It makes three original contributions. First, we provide the formal analysis on the vulnerabilities of directly applying theoretical rectangle mix-zones to road networks in terms of anonymization effectiveness and resilience to timing and transition attacks. Second, we develop a suite of road network mix-zone construction methods that effectively consider the above mentioned factors to provide higher level of resilience to timing and transition attacks, and yield a specified lower-bound on the level of anonymity. Third, we present a set of mix-zone placement algorithms that identify the best set of road intersections for mix-zone placement considering the road network topology, user mobility patterns and road characteristics. We evaluate the MobiMix approach through extensive experiments conducted on traces produced by GTMobiSim on different scales of geographic maps. Our experiments show that MobiMix offers high level of anonymity and high level of resilience to timing and transition attacks, compared to existing mix-zone approaches

Users Collaborative Mix-Zone to Resist the Query Content and Time Interval Correlation Attacks

In location-based services of continuous query, it is easier than snapshot to confirm whether a location belongs to a particular user, because sole location can be composed into a trajectory by profile correlation. In order to cut off the correlation and disturb the sub-trajectory, an un-detective region called mix-zone was proposed. However, at the time of this writing, the existing algorithms of this type mainly focus on the profiles of ID, passing time, transition probability, mobility patterns as well as road characteristics. In addition, there is still no standard way of coping with attacks of correlating each location by mining out query content and time interval from the sub-trajectory. To cope with such types of attack, users have to generalize their query contents and time intervals similarity. Hence, this paper first provided an attack model to simulate the adversary correlating the real location with a higher probability of query content and time interval similarity. Then a user collaboration mix-zone (CoMix) that can generalize these two types of profiles is proposed, so as to achieve location privacy. In CoMix, each user shares the common profile set to lowering the probability of success opponents to get the actual position through the correlation of location. Thirdly, entropy is utilized to measure the level of privacy preservation. At last, this paper further verifies the effectiveness and efficiency of the proposed algorithm by experimental evaluations

Virtual Pseudonym-Changing and Dynamic Grouping Policy for Privacy Preservation in VANETs

Location privacy is a critical problem in the vehicular communication networks. Vehicles broadcast their road status information to other entities in the network through beacon messages to inform other entities in the network. The beacon message content consists of the vehicle ID, speed, direction, position, and other information. An adversary could use vehicle identity and positioning information to determine vehicle driver behavior and identity at different visited location spots. A pseudonym can be used instead of the vehicle ID to help in the vehicle location privacy. These pseudonyms should be changed in appropriate way to produce uncertainty for any adversary attempting to identify a vehicle at different locations. In the existing research literature, pseudonyms are changed during silent mode between neighbors. However, the use of a short silent period and the visibility of pseudonyms of direct neighbors provides a mechanism for an adversary to determine the identity of a target vehicle at specific locations. Moreover, privacy is provided to the driver, only within the RSU range; outside it, there is no privacy protection. In this research, we address the problem of location privacy in a highway scenario, where vehicles are traveling at high speeds with diverse traffic density. We propose a Dynamic Grouping and Virtual Pseudonym-Changing (DGVP) scheme for vehicle location privacy. Dynamic groups are formed based on similar status vehicles and cooperatively change pseudonyms. In the case of low traffic density, we use a virtual pseudonym update process. We formally present the model and specify the scheme through High-Level Petri Nets (HLPN). The simulation results indicate that the proposed method improves the anonymity set size and entropy, provides lower traceability, reduces impact on vehicular network applications, and has lower computation cost compared to existing research work

Co-creating a smart tourism local service system in rural areas: a case study from south

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementThe most recent trends show an increase in the urbanization of cities, and, consequently, inner territories become more depopulated, business activities get closed, services get reduced and the overall services become poor and not able to offer quality offers to visitors (Bolay, 2020). According to (United Nations, 2019), by 2050 more than three out of four people will be living in urban areas. Nowadays, many studies have addressed the evolution and features of Smart Cities (Van Dijk & Teuben, 2015) and tourism is also one of those spheres that got digitally transformed by Smart Cities (Khan, Woo, Nam, & Chathoth, 2017). One of the features of smart applications is the possibility to let the user be a driver of value in creating and sharing contents (Kontogianni & Alepis, 2020). However, the explosion of smart solutions enabled by the latest technological innovations has been mostly contextualized in urban environments while fewer solutions have been developed in less urbanized rural areas (Steyn & Johanson, 2010). The methodology used employs the merging of two of the core contemporary service research approaches: Service Science and Service-Dominant logic; the first offers an organizational framework to generate and integrate value co-creation in terms of a smart service systems (Polese, Botti, Grimaldi, Monta & Vesci, 2018). For the same purpose, but differently, the second proposes a different layout called service ecosystems (Vargo & Lusch, 2016). This combination of approaches overcomes individual model limitations by setting an integrated model that can be employed to hypercompetitive and experience-based sectors (Polese, Botti, Grimaldi, Monta & Vesci, 2018), and that was adopted by using a case study methodology, relying on semi-structured interviews

Privacy-preserving Cooperative Services for Smart Traffic

Communication technology and the increasing intelligence of things enable new qualities of cooperation. However, it is often unclear how complex functionality can be realized in a reliable and abuse-resistant manner without harming users\u27 privacy in the face of strong adversaries. This thesis focuses on three functional building blocks that are especially challenging in this respect: cooperative planning, geographic addressing and the decentralized provision of pseudonymous identifiers