Protecting Locations with Differential Privacy under Temporal Correlations

Concerns on location privacy frequently arise with the rapid development of GPS enabled devices and location-based applications. While spatial transformation techniques such as location perturbation or generalization have been studied extensively, most techniques rely on syntactic privacy models without rigorous privacy guarantee. Many of them only consider static scenarios or perturb the location at single timestamps without considering temporal correlations of a moving user's locations, and hence are vulnerable to various inference attacks. While differential privacy has been accepted as a standard for privacy protection, applying differential privacy in location based applications presents new challenges, as the protection needs to be enforced on the fly for a single user and needs to incorporate temporal correlations between a user's locations. In this paper, we propose a systematic solution to preserve location privacy with rigorous privacy guarantee. First, we propose a new definition, "$\delta$-location set" based differential privacy, to account for the temporal correlations in location data. Second, we show that the well known $\ell_1$-norm sensitivity fails to capture the geometric sensitivity in multidimensional space and propose a new notion, sensitivity hull, based on which the error of differential privacy is bounded. Third, to obtain the optimal utility we present a planar isotropic mechanism (PIM) for location perturbation, which is the first mechanism achieving the lower bound of differential privacy. Experiments on real-world datasets also demonstrate that PIM significantly outperforms baseline approaches in data utility.Comment: Final version Nov-04-201

De-anonymizable location cloaking for privacy-controlled mobile systems

The rapid technology upgrades of mobile devices and the popularity of wireless networks significantly drive the emergence and development of Location-based Services (LBSs), thus greatly expanding the business of online services and enriching the user experience. However, the personal location data shared with the service providers also leave hidden risks on location privacy. Location anonymization techniques transform the exact location of a user into a cloaking area by including the locations of multiple users in the exposed area such that the exposed location is indistinguishable from that of the other users. However in such schemes, location information once perturbed cannot be recovered from the cloaking region and as a result, users of the location cannot obtain fine granular information even when they have access to it. In this paper, we propose Dynamic Reversible Cloaking (DRC) a new de-anonymziable location cloaking mechanism that allows to restore the actual location from the perturbed information through the use of an anonymization key. Extensive experiments using realistic road network traces show that the proposed scheme is efficient, effective and scalable

The state of peer-to-peer network simulators

Networking research often relies on simulation in order to test and evaluate new ideas. An important requirement of this process is that results must be reproducible so that other researchers can replicate, validate and extend existing work. We look at the landscape of simulators for research in peer-to-peer (P2P) networks by conducting a survey of a combined total of over 280 papers from before and after 2007 (the year of the last survey in this area), and comment on the large quantity of research using bespoke, closed-source simulators. We propose a set of criteria that P2P simulators should meet, and poll the P2P research community for their agreement. We aim to drive the community towards performing their experiments on simulators that allow for others to validate their results

Spatial Cloaking Revisited: Distinguishing Information Leakage from Anonymity

Abstract. Location-based services (LBS) are receiving increasing popularity as they provide convenience to mobile users with on-demand information. The use of these services, however, poses privacy issues as the user locations and queries are exposed to untrusted LBSs. Spatial cloaking techniques provide privacy in the form of k-anonymity; i.e., they guarantee that the (location of the) querying user u is indistinguishable from at least k-1 others, where k is a parameter specified by u at query time. To achieve this, they form a group of k users, including u, and forward their minimum bounding rectangle (termed anonymizing spatial region, ASR) to the LBS. The rationale behind sending an ASR instead of the distinct k locations is that exact user positions (querying or not) should not be disclosed to the LBS. This results in large ASRs with considerable dead-space, and leads to unnecessary performance degradation. Additionally, there is no guarantee regarding the amount of location information that is actually revealed to the LBS. In this paper, we introduce the concept of information leakage in spatial cloaking. We provide measures of this leakage, and show how we can trade it for better performance in a tunable manner. The proposed methodology directly applies to centralized and decentralized cloaking models, and is readily deployable on existing systems.

Making tourist guidance systems more intelligent, adaptive and personalised using crowd sourced movement data

Ambient intelligence (AmI) provides adaptive, personalized, intelligent, ubiquitous and interactive services to wide range of users. AmI can have a variety of applications, including smart shops, health care, smart home, assisted living, and location-based services. Tourist guidance is one of the applications where AmI can have a great contribution to the quality of the service, as the tourists, who may not be very familiar with the visiting site, need a location-aware, ubiquitous, personalised and informative service. Such services should be able to understand the preferences of the users without requiring the users to specify them, predict their interests, and provide relevant and tailored services in the most appropriate way, including audio, visual, and haptic. This paper shows the use of crowd sourced trajectory data in the detection of points of interests and providing ambient tourist guidance based on the patterns recognised over such data

An adaptive stabilization framework for distributed hash tables

10.1109/IPDPS.2006.163926920th International Parallel and Distributed Processing Symposium, IPDPS 2006200

On the anonymization of sparse high-dimensional data

10.1109/ICDE.2008.4497480Proceedings - International Conference on Data Engineering715-72