Location cloaking for location privacy protection and location safety protection

Many applications today rely on location information, yet disclosing such information can present heightened privacy and safety risks. A person\u27s whereabouts, for example, may reveal sensitive private information such as health condition and lifestyle. Location information also has the potential to allow an adversary to physically locate and destroy a subject, which is particularly concerned in digital battlefields. This research investigates two problems. The first one is location privacy protection in location-based services. Our goal is to provide a desired level of guarantee that the location data collected by the service providers cannot be correlated with restricted spaces such as home and office to derive who\u27s where at what time. We propose 1) leveraging historical location samples for location depersonalization and 2) allowing a user to express her location privacy requirement by identifying a spatial region. With these two ideas in place, we develop a suite of techniques for location-privacy aware uses of location-based services, which can be either sporadic or continuous. An experimental system has been implemented with these techniques. The second problem investigated in this research is location safety protection in ad hoc networks. Unlike location privacy intrusion, the adversary here is not interested in finding the individual identities of the nodes in a spatial region, but simply wants to locate and destroy them. We define the safety level of a spatial region as the inverse of its node density and develop a suite of techniques for location safety-aware cloaking and routing. These schemes allow nodes to disclose their location as accurately as possible, while preventing such information from being used to identify any region with a safety level lower than a required threshold. The performance of the proposed techniques is evaluated through analysis and simulation

L-SRR: Local Differential Privacy for Location-Based Services with Staircase Randomized Response

Location-based services (LBS) have been significantly developed and widely deployed in mobile devices. It is also well-known that LBS applications may result in severe privacy concerns by collecting sensitive locations. A strong privacy model ''local differential privacy'' (LDP) has been recently deployed in many different applications (e.g., Google RAPPOR, iOS, and Microsoft Telemetry) but not effective for LBS applications due to the low utility of existing LDP mechanisms. To address such deficiency, we propose the first LDP framework for a variety of location-based services (namely ''L-SRR''), which privately collects and analyzes user locations with high utility. Specifically, we design a novel randomization mechanism ''Staircase Randomized Response'' (SRR) and extend the empirical estimation to significantly boost the utility for SRR in different LBS applications (e.g., traffic density estimation, and k-nearest neighbors). We have conducted extensive experiments on four real LBS datasets by benchmarking with other LDP schemes in practical applications. The experimental results demonstrate that L-SRR significantly outperforms them.Comment: accepted to CCS'22; full versio

Trajectory and Policy Aware Sender Anonymity in Location Based Services

We consider Location-based Service (LBS) settings, where a LBS provider logs the requests sent by mobile device users over a period of time and later wants to publish/share these logs. Log sharing can be extremely valuable for advertising, data mining research and network management, but it poses a serious threat to the privacy of LBS users. Sender anonymity solutions prevent a malicious attacker from inferring the interests of LBS users by associating them with their service requests after gaining access to the anonymized logs. With the fast-increasing adoption of smartphones and the concern that historic user trajectories are becoming more accessible, it becomes necessary for any sender anonymity solution to protect against attackers that are trajectory-aware (i.e. have access to historic user trajectories) as well as policy-aware (i.e they know the log anonymization policy). We call such attackers TP-aware. This paper introduces a first privacy guarantee against TP-aware attackers, called TP-aware sender k-anonymity. It turns out that there are many possible TP-aware anonymizations for the same LBS log, each with a different utility to the consumer of the anonymized log. The problem of finding the optimal TP-aware anonymization is investigated. We show that trajectory-awareness renders the problem computationally harder than the trajectory-unaware variants found in the literature (NP-complete in the size of the log, versus PTIME). We describe a PTIME l-approximation algorithm for trajectories of length l and empirically show that it scales to large LBS logs (up to 2 million users)

Privacy preserving distributed spatio-temporal data mining

Time-stamped location information is regarded as spatio-temporal data due to its time and space dimensions and, by its nature, is highly vulnerable to misuse. Privacy issues related to collection, use and distribution of individuals’ location information are the main obstacles impeding knowledge discovery in spatio-temporal data. Suppressing identifiers from the data does not suffice since movement trajectories can easily be linked to individuals using publicly available information such as home or work addresses. Yet another solution could be employing existing privacy preserving data mining techniques. However these techniques are not suitable since time-stamped location observations of an object are not plain, independent attributes of this object. Therefore, new privacy preserving data mining techniques are required to handle spatio-temporal data specifically. In this thesis, we propose a privacy preserving data mining technique and two preprocessing steps for data mining related to privacy preservation in spatio-temporal datasets: (1) Distributed clustering, (2) Centralized anonymization and (3) Distributed anonymization. We also provide security and efficiency analysis of our algorithms which shows that under reasonable conditions, achieving privacy preservation with minimal sensitive information leakage is possible for data mining purposes

Trajectory Privacy Preservation and Lightweight Blockchain Techniques for Mobility-Centric IoT

Various research efforts have been undertaken to solve the problem of trajectory privacy preservation in the Internet of Things (IoT) of resource-constrained mobile devices. Most attempts at resolving the problem have focused on the centralized model of IoT, which either impose high delay or fail against a privacy-invading attack with long-term trajectory observation. These proposed solutions also fail to guarantee location privacy for trajectories with both geo-tagged and non-geo-tagged data, since they are designed for geo-tagged trajectories only. While a few blockchain-based techniques have been suggested for preserving trajectory privacy in decentralized model of IoT, they require large storage capacity on resource-constrained devices and can only provide conditional privacy when a set of authorities governs the blockchain. This dissertation addresses these challenges to develop efficient trajectory privacy-preservation and lightweight blockchain techniques for mobility-centric IoT. We develop a pruning-based technique by quantifying the relationship between trajectory privacy and delay for real-time geo-tagged queries. This technique yields higher trajectory privacy with a reduced delay than contemporary techniques while preventing a long-term observation attack. We extend our study with the consideration of the presence of non-geo-tagged data in a trajectory. We design an attack model to show the spatiotemporal correlation between the geo-tagged and non-geo-tagged data which undermines the privacy guarantee of existing techniques. In response, we propose a methodology that considers the spatial distribution of the data in trajectory privacy-preservation and improves existing solutions, in privacy and usability. With respect to blockchain, we design and implement one of the first blockchain storage management techniques utilizing the mobility of the devices. This technique reduces the required storage space of a blockchain and makes it lightweight for resource-constrained mobile devices. To address the trajectory privacy challenges in an authority-based blockchain under the short-range communication constraints of the devices, we introduce a silence-based one of the first technique to establish a balance between trajectory privacy and blockchain utility. The designed trajectory privacy- preservation techniques we established are light- weight and do not require an intermediary to guarantee trajectory privacy, thereby providing practical and efficient solution for different mobility-centric IoT, such as mobile crowdsensing and Internet of Vehicles

Protecting privacy of semantic trajectory

The growing ubiquity of GPS-enabled devices in everyday life has made large-scale collection of trajectories feasible, providing ever-growing opportunities for human movement analysis. However, publishing this vulnerable data is accompanied by increasing concerns about individuals’ geoprivacy. This thesis has two objectives: (1) propose a privacy protection framework for semantic trajectories and (2) develop a Python toolbox in ArcGIS Pro environment for non-expert users to enable them to anonymize trajectory data. The former aims to prevent users’ re-identification when knowing the important locations or any random spatiotemporal points of users by swapping their important locations to new locations with the same semantics and unlinking the users from their trajectories. This is accomplished by converting GPS points into sequences of visited meaningful locations and moves and integrating several anonymization techniques. The second component of this thesis implements privacy protection in a way that even users without deep knowledge of anonymization and coding skills can anonymize their data by offering an all-in-one toolbox. By proposing and implementing this framework and toolbox, we hope that trajectory privacy is better protected in research