Mathematical Programming Algorithms for Spatial Cloaking

We consider a combinatorial optimization problem for spatial information cloaking. The problem requires computing one or several disjoint arborescences on a graph from a predetermined root or subset of candidate roots, so that the number of vertices in the arborescences is minimized but a given threshold on the overall weight associated with the vertices in each arborescence is reached. For a single arborescence case, we solve the problem to optimality by designing a branch-and-cut exact algorithm. Then we adapt this algorithm for the purpose of pricing out columns in an exact branch-and-price algorithm for the multiarborescence version. We also propose a branch-and-price-based heuristic algorithm, where branching and pricing, respectively, act as diversification and intensification mechanisms. The heuristic consistently finds optimal or near optimal solutions within a computing time, which can be three to four orders of magnitude smaller than that required for exact optimization. From an application point of view, our computational results are useful to calibrate the values of relevant parameters, determining the obfuscation level that is achieved

A Predictive Model for User Motivation and Utility Implications of Privacy-Protection Mechanisms in Location Check-Ins

Location check-ins contain both geographical and semantic information about the visited venues. Semantic information is usually represented by means of tags (e.g., “restaurant”). Such data can reveal some personal information about users beyond what they actually expect to disclose, hence their privacy is threatened. To mitigate such threats, several privacy protection techniques based on location generalization have been proposed. Although the privacy implications of such techniques have been extensively studied, the utility implications are mostly unknown. In this paper, we propose a predictive model for quantifying the effect of a privacy-preserving technique (i.e., generalization) on the perceived utility of check-ins. We first study the users’ motivations behind their location check-ins, based on a study targeted at Foursquare users (N = 77). We propose a machine-learning method for determining the motivation behind each check-in, and we design a motivation-based predictive model for the utility implications of generalization. Based on the survey data, our results show that the model accurately predicts the fine-grained motivation behind a check-in in 43% of the cases and in 63% of the cases for the coarse-grained motivation. It also predicts, with a mean error of 0.52 (on a scale from 1 to 5), the loss of utility caused by semantic and geographical generalization. This model makes it possible to design of utility-aware, privacy-enhancing mechanisms in location-based online social networks. It also enables service providers to implement location-sharing mechanisms that preserve both the utility and privacy for their users

Privacy preservation in mobile social networks

In this day and age with the prevalence of smartphones, networking has evolved in an intricate and complex way. With the help of a technology-driven society, the term "social networking" was created and came to mean using media platforms such as Myspace, Facebook, and Twitter to connect and interact with friends, family, or even complete strangers. Websites are created and put online each day, with many of them possessing hidden threats that the average person does not think about. A key feature that was created for vast amount of utility was the use of location-based services, where many websites inform their users that the website will be using the users' locations to enhance the functionality. However, still far too many websites do not inform their users that they may be tracked, or to what degree. In a similar juxtaposed scenario, the evolution of these social networks has allowed countless people to share photos with others online. While this seems harmless at face-value, there may be times in which people share photos of friends or other non-consenting individuals who do not want that picture viewable to anyone at the photo owner's control. There exists a lack of privacy controls for users to precisely de fine how they wish websites to use their location information, and for how others may share images of them online. This dissertation introduces two models that help mitigate these privacy concerns for social network users. MoveWithMe is an Android and iOS application which creates decoys that move locations along with the user in a consistent and semantically secure way. REMIND is the second model that performs rich probability calculations to determine which friends in a social network may pose a risk for privacy breaches when sharing images. Both models have undergone extensive testing to demonstrate their effectiveness and efficiency.Includes bibliographical reference

Modeling, Predicting and Capturing Human Mobility

Realistic models of human mobility are critical for modern day applications, specifically for recommendation systems, resource planning and process optimization domains. Given the rapid proliferation of mobile devices equipped with Internet connectivity and GPS functionality today, aggregating large sums of individual geolocation data is feasible. The thesis focuses on methodologies to facilitate data-driven mobility modeling by drawing parallels between the inherent nature of mobility trajectories, statistical physics and information theory. On the applied side, the thesis contributions lie in leveraging the formulated mobility models to construct prediction workflows by adopting a privacy-by-design perspective. This enables end users to derive utility from location-based services while preserving their location privacy. Finally, the thesis presents several approaches to generate large-scale synthetic mobility datasets by applying machine learning approaches to facilitate experimental reproducibility

Location cloaking for location privacy protection and location safety protection

Many applications today rely on location information, yet disclosing such information can present heightened privacy and safety risks. A person\u27s whereabouts, for example, may reveal sensitive private information such as health condition and lifestyle. Location information also has the potential to allow an adversary to physically locate and destroy a subject, which is particularly concerned in digital battlefields. This research investigates two problems. The first one is location privacy protection in location-based services. Our goal is to provide a desired level of guarantee that the location data collected by the service providers cannot be correlated with restricted spaces such as home and office to derive who\u27s where at what time. We propose 1) leveraging historical location samples for location depersonalization and 2) allowing a user to express her location privacy requirement by identifying a spatial region. With these two ideas in place, we develop a suite of techniques for location-privacy aware uses of location-based services, which can be either sporadic or continuous. An experimental system has been implemented with these techniques. The second problem investigated in this research is location safety protection in ad hoc networks. Unlike location privacy intrusion, the adversary here is not interested in finding the individual identities of the nodes in a spatial region, but simply wants to locate and destroy them. We define the safety level of a spatial region as the inverse of its node density and develop a suite of techniques for location safety-aware cloaking and routing. These schemes allow nodes to disclose their location as accurately as possible, while preventing such information from being used to identify any region with a safety level lower than a required threshold. The performance of the proposed techniques is evaluated through analysis and simulation

Location-Based Services and Privacy Protection under Mobile Cloud Computing

Location-based services can provide personalized services based on location information of moving objects and have already been widely used in public safety services, transportation, entertainment and many other areas. With the rapid development of mobile communication technology and popularization of intelligent terminals, there will be great commercial prospects to provide location-based services under mobile cloud computing environment. However, the high adhesion degree of mobile terminals to users not only brings facility but also results in the risk of privacy leak. The paper introduced the necessities and advantages to provide location-based services under mobile cloud computing environment, stressed the importance to protect location privacy in LBS services, pointed out new security risks brought by mobile cloud computing, and proposed a new framework and implementation method of LBS service. The cloud-based LBS system proposed in this paper is able to achieve privacy protection from the confidentiality of outsourced data and integrity of service results, and can be used as a reference while developing LBS system under mobile cloud computing environment

Handling user-defined private contexts for location privacy in LBS

e present a privacy-preserving framework for the protection of location from potentially untrustworthy location providers (LP), oering geolocation services to LBS subscribers, across indoor and outdoor settings. This framework, called Placeprint, is built on the metaphor of private place[1]. A private place is a user-de ned spatial context which belongs to the personal sphere of an individual, e.g. home. In Placeprint, users equipped with commodity devices, can be geolocated in private places without revealing to the LP their presence. Moreover users can specify context-based privacy rules to forestall the disclosure of private places also to LBS providers. The ultimate goal is to provide users with the capability of exercising exible control over the disclosure of the position to both LP and LBS provider

Balancing privacy needs with location sharing in mobile computing

Mobile phones are increasingly becoming tools for social interaction. As more phones come equipped with location tracking capabilities, capable of collecting and distributing personal information (including location) of their users, user control of location information and privacy for that matter, has become an important research issue. This research first explores various techniques of user control of location in location-based systems, and proposes the re-conceptualisation of deception (defined here as the deliberate withholding of location information) from information systems security to the field of location privacy. Previous work in this area considers techniques such as anonymisation, encryption, cloaking and blurring, among others. Since mobile devices have become social tools, this thesis takes a different approach by empirically investigating first the likelihood of the use of the proposed technique (deception) in protecting location privacy. We present empirical results (based on an online study) that show that people are willing to deliberately withhold their location information to protect their location privacy. However, our study shows that people feel uneasy in engaging in this type of deception if they believe this will be detected by their intended recipients. The results also suggest that the technique is popular in situations where it is very difficult to detect that there has been a deliberate withholding of location information during a location disclosure. Our findings are then presented in the form of initial design guidelines for the design of deception to control location privacy. Based on these initial guidelines, we propose and build a deception-based privacy control model. Two different evaluation approaches are employed in investigating the suitability of the model. These include; a field-based study of the techniques employed in the model and a laboratory-based usability study of the Mobile Client application upon which the DPC model is based, using HCI (Human Computer Interaction) professionals. Finally, we present guidelines for the design of deception in location disclosure, and lessons learned from the two evaluation approaches. We also propose a unified privacy preference framework implemented on the application layer of the mobile platform as a future direction of this thesis