217 research outputs found
Location cloaking for location privacy protection and location safety protection
Many applications today rely on location information, yet disclosing such information can present heightened privacy and safety risks. A person\u27s whereabouts, for example, may reveal sensitive private information such as health condition and lifestyle. Location information also has the potential to allow an adversary to physically locate and destroy a subject, which is particularly concerned in digital battlefields.
This research investigates two problems. The first one is location privacy protection in location-based services. Our goal is to provide a desired level of guarantee that the location data collected by the service providers cannot be correlated with restricted spaces such as home and office to derive who\u27s where at what time. We propose 1) leveraging historical location samples for location depersonalization and 2) allowing a user to express her location privacy requirement by identifying a spatial region. With these two ideas in place, we develop a suite of techniques for location-privacy aware uses of location-based services, which can be either sporadic or continuous. An experimental system has been implemented with these techniques. The second problem investigated in this research is location safety protection in ad hoc networks. Unlike location privacy intrusion, the adversary here is not interested in finding the individual identities of the nodes in a spatial region, but simply wants to locate and destroy them. We define the safety level of a spatial region as the inverse of its node density and develop a suite of techniques for location safety-aware cloaking and routing. These schemes allow nodes to disclose their location as accurately as possible, while preventing such information from being used to identify any region with a safety level lower than a required threshold. The performance of the proposed techniques is evaluated through analysis and simulation
L-SRR: Local Differential Privacy for Location-Based Services with Staircase Randomized Response
Location-based services (LBS) have been significantly developed and widely
deployed in mobile devices. It is also well-known that LBS applications may
result in severe privacy concerns by collecting sensitive locations. A strong
privacy model ''local differential privacy'' (LDP) has been recently deployed
in many different applications (e.g., Google RAPPOR, iOS, and Microsoft
Telemetry) but not effective for LBS applications due to the low utility of
existing LDP mechanisms. To address such deficiency, we propose the first LDP
framework for a variety of location-based services (namely ''L-SRR''), which
privately collects and analyzes user locations with high utility. Specifically,
we design a novel randomization mechanism ''Staircase Randomized Response''
(SRR) and extend the empirical estimation to significantly boost the utility
for SRR in different LBS applications (e.g., traffic density estimation, and
k-nearest neighbors). We have conducted extensive experiments on four real LBS
datasets by benchmarking with other LDP schemes in practical applications. The
experimental results demonstrate that L-SRR significantly outperforms them.Comment: accepted to CCS'22; full versio
Trajectory and Policy Aware Sender Anonymity in Location Based Services
We consider Location-based Service (LBS) settings, where a LBS provider logs
the requests sent by mobile device users over a period of time and later wants
to publish/share these logs. Log sharing can be extremely valuable for
advertising, data mining research and network management, but it poses a
serious threat to the privacy of LBS users. Sender anonymity solutions prevent
a malicious attacker from inferring the interests of LBS users by associating
them with their service requests after gaining access to the anonymized logs.
With the fast-increasing adoption of smartphones and the concern that historic
user trajectories are becoming more accessible, it becomes necessary for any
sender anonymity solution to protect against attackers that are
trajectory-aware (i.e. have access to historic user trajectories) as well as
policy-aware (i.e they know the log anonymization policy). We call such
attackers TP-aware.
This paper introduces a first privacy guarantee against TP-aware attackers,
called TP-aware sender k-anonymity. It turns out that there are many possible
TP-aware anonymizations for the same LBS log, each with a different utility to
the consumer of the anonymized log. The problem of finding the optimal TP-aware
anonymization is investigated. We show that trajectory-awareness renders the
problem computationally harder than the trajectory-unaware variants found in
the literature (NP-complete in the size of the log, versus PTIME). We describe
a PTIME l-approximation algorithm for trajectories of length l and empirically
show that it scales to large LBS logs (up to 2 million users)
Privacy preserving distributed spatio-temporal data mining
Time-stamped location information is regarded as spatio-temporal data due to its time and space dimensions and, by its nature, is highly vulnerable to misuse. Privacy issues related to collection, use and distribution of individuals’ location information are the main obstacles impeding knowledge discovery in spatio-temporal data. Suppressing identifiers from the data does not suffice since movement trajectories can easily be linked to individuals using publicly available information such as home or work addresses. Yet another solution could be employing existing privacy preserving data mining techniques. However these techniques are not suitable since time-stamped location observations of an object are not plain, independent attributes of this object. Therefore, new privacy preserving data mining techniques are required to handle spatio-temporal data specifically. In this thesis, we propose a privacy preserving data mining technique and two preprocessing steps for data mining related to privacy preservation in spatio-temporal datasets: (1) Distributed clustering, (2) Centralized anonymization and (3) Distributed anonymization. We also provide security and efficiency analysis of our algorithms which shows that under reasonable conditions, achieving privacy preservation with minimal sensitive information leakage is possible for data mining purposes
Trajectory Privacy Preservation and Lightweight Blockchain Techniques for Mobility-Centric IoT
Various research efforts have been undertaken to solve the problem of trajectory privacy preservation in the Internet of Things (IoT) of resource-constrained mobile devices. Most attempts at resolving the problem have focused on the centralized model of IoT, which either impose high delay or fail against a privacy-invading attack with long-term trajectory observation. These proposed solutions also fail to guarantee location privacy for trajectories with both geo-tagged and non-geo-tagged data, since they are designed for geo-tagged trajectories only. While a few blockchain-based techniques have been suggested for preserving trajectory privacy in decentralized model of IoT, they require large storage capacity on resource-constrained devices and can only provide conditional privacy when a set of authorities governs the blockchain. This dissertation addresses these challenges to develop efficient trajectory privacy-preservation and lightweight blockchain techniques for mobility-centric IoT.
We develop a pruning-based technique by quantifying the relationship between trajectory privacy and delay for real-time geo-tagged queries. This technique yields higher trajectory privacy with a reduced delay than contemporary techniques while preventing a long-term observation attack. We extend our study with the consideration of the presence of non-geo-tagged data in a trajectory. We design an attack model to show the spatiotemporal correlation between the geo-tagged and non-geo-tagged data which undermines the privacy guarantee of existing techniques. In response, we propose a methodology that considers the spatial distribution of the data in trajectory privacy-preservation and improves existing solutions, in privacy and usability.
With respect to blockchain, we design and implement one of the first blockchain storage management techniques utilizing the mobility of the devices. This technique reduces the required storage space of a blockchain and makes it lightweight for resource-constrained mobile devices. To address the trajectory privacy challenges in an authority-based blockchain under the short-range communication constraints of the devices, we introduce a silence-based one of the first technique to establish a balance between trajectory privacy and blockchain utility.
The designed trajectory privacy- preservation techniques we established are light- weight and do not require an intermediary to guarantee trajectory privacy, thereby providing practical and efficient solution for different mobility-centric IoT, such as mobile crowdsensing and Internet of Vehicles
Protecting privacy of semantic trajectory
The growing ubiquity of GPS-enabled devices in everyday life has made large-scale collection of trajectories feasible, providing ever-growing opportunities for human movement analysis. However, publishing this vulnerable data is accompanied by increasing concerns about individuals’ geoprivacy. This thesis has two objectives: (1) propose a privacy protection framework for semantic trajectories and (2) develop a Python toolbox in ArcGIS Pro environment for non-expert users to enable them to anonymize trajectory data. The former aims to prevent users’ re-identification when knowing the important locations or any random spatiotemporal points of users by swapping their important locations to new locations with the same semantics and unlinking the users from their trajectories. This is accomplished by converting GPS points into sequences of visited meaningful locations and moves and integrating several anonymization techniques. The second component of this thesis implements privacy protection in a way that even users without deep knowledge of anonymization and coding skills can anonymize their data by offering an all-in-one toolbox. By proposing and implementing this framework and toolbox, we hope that trajectory privacy is better protected in research
- …