2,599 research outputs found
Rethinking Location Privacy for Unknown Mobility Behaviors
Location Privacy-Preserving Mechanisms (LPPMs) in the literature largely
consider that users' data available for training wholly characterizes their
mobility patterns. Thus, they hardwire this information in their designs and
evaluate their privacy properties with these same data. In this paper, we aim
to understand the impact of this decision on the level of privacy these LPPMs
may offer in real life when the users' mobility data may be different from the
data used in the design phase. Our results show that, in many cases, training
data does not capture users' behavior accurately and, thus, the level of
privacy provided by the LPPM is often overestimated. To address this gap
between theory and practice, we propose to use blank-slate models for LPPM
design. Contrary to the hardwired approach, that assumes known users' behavior,
blank-slate models learn the users' behavior from the queries to the service
provider. We leverage this blank-slate approach to develop a new family of
LPPMs, that we call Profile Estimation-Based LPPMs. Using real data, we
empirically show that our proposal outperforms optimal state-of-the-art
mechanisms designed on sporadic hardwired models. On non-sporadic location
privacy scenarios, our method is only better if the usage of the location
privacy service is not continuous. It is our hope that eliminating the need to
bootstrap the mechanisms with training data and ensuring that the mechanisms
are lightweight and easy to compute help fostering the integration of location
privacy protections in deployed systems
Optimal Geo-Indistinguishable Mechanisms for Location Privacy
We consider the geo-indistinguishability approach to location privacy, and
the trade-off with respect to utility. We show that, given a desired degree of
geo-indistinguishability, it is possible to construct a mechanism that
minimizes the service quality loss, using linear programming techniques. In
addition we show that, under certain conditions, such mechanism also provides
optimal privacy in the sense of Shokri et al. Furthermore, we propose a method
to reduce the number of constraints of the linear program from cubic to
quadratic, maintaining the privacy guarantees and without affecting
significantly the utility of the generated mechanism. This reduces considerably
the time required to solve the linear program, thus enlarging significantly the
location sets for which the optimal mechanisms can be computed.Comment: 13 page
On the Anonymization of Differentially Private Location Obfuscation
Obfuscation techniques in location-based services (LBSs) have been shown
useful to hide the concrete locations of service users, whereas they do not
necessarily provide the anonymity. We quantify the anonymity of the location
data obfuscated by the planar Laplacian mechanism and that by the optimal
geo-indistinguishable mechanism of Bordenabe et al. We empirically show that
the latter provides stronger anonymity than the former in the sense that more
users in the database satisfy k-anonymity. To formalize and analyze such
approximate anonymity we introduce the notion of asymptotic anonymity. Then we
show that the location data obfuscated by the optimal geo-indistinguishable
mechanism can be anonymized by removing a smaller number of users from the
database. Furthermore, we demonstrate that the optimal geo-indistinguishable
mechanism has better utility both for users and for data analysts.Comment: ISITA'18 conference pape
Towards trajectory anonymization: a generalization-based approach
Trajectory datasets are becoming popular due to the massive usage of GPS and locationbased services. In this paper, we address privacy issues regarding the identification of individuals in static trajectory datasets. We first adopt the notion of k-anonymity to trajectories and propose a novel generalization-based approach for anonymization of trajectories. We further show that releasing
anonymized trajectories may still have some privacy leaks. Therefore we propose a randomization based reconstruction algorithm for releasing anonymized trajectory data and also present how the underlying techniques can be adapted to other anonymity standards. The experimental results on real and synthetic trajectory datasets show the effectiveness of the proposed techniques
- …