scholarly journals On the difficulty of achieving Differential Privacy in practice: user-level guarantees in aggregate location data

2022 ◽  
Vol 13 (1) ◽  
Author(s):  
Florimond Houssiau ◽  
Luc Rocher ◽  
Yves-Alexandre de Montjoye
Keyword(s):  
Differential Privacy ◽  
Location Data

scholarly journals Dynamic Release of Big Location Data Based on Adaptive Sampling and Differential Privacy

IEEE Access ◽  
2019 ◽  
Vol 7 ◽  
pp. 164962-164974
Author(s):  
Yan Yan ◽  
Lianxiu Zhang ◽  
Quan Z. Sheng ◽  
Bingqian Wang ◽  
Xin Gao ◽  
...  
Keyword(s):  
Adaptive Sampling ◽  
Differential Privacy ◽  
Location Data

scholarly journals An Analysis of Differential Privacy Research in Location and Trajectory Data

2020 ◽  
Author(s):  
Fatima Zahra Errounda ◽  
Yan Liu
Keyword(s):  
Location Privacy ◽  
Differential Privacy ◽  
State Of The Art ◽  
Original Data ◽  
Privacy Preserving ◽  
The State ◽  
Trajectory Data ◽  
Powerful Technique ◽  
Location Data ◽  
Single User

Abstract Location and trajectory data are routinely collected to generate valuable knowledge about users' pattern behavior. However, releasing location data may jeopardize the privacy of the involved individuals. Differential privacy is a powerful technique that prevents an adversary from inferring the presence or absence of an individual in the original data solely based on the observed data. The first challenge in applying differential privacy in location is that a it usually involves a single user. This shifts the adversary's target to the user's locations instead of presence or absence in the original data. The second challenge is that the inherent correlation between location data, due to people's movement regularity and predictability, gives the adversary an advantage in inferring information about individuals. In this paper, we review the differentially private approaches to tackle these challenges. Our goal is to help newcomers to the field to better understand the state-of-the art by providing a research map that highlights the different challenges in designing differentially private frameworks that tackle the characteristics of location data. We find that in protecting an individual's location privacy, the attention of differential privacy mechanisms shifts to preventing the adversary from inferring the original location based on the observed one. Moreover, we find that the privacy-preserving mechanisms make use of the predictability and regularity of users' movements to design and protect the users' privacy in trajectory data. Finally, we explore how well the presented frameworks succeed in protecting users' locations and trajectories against well-known privacy attacks.

scholarly journals What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy

2017 ◽  
Vol 2017 (4) ◽  
pp. 156-176 ◽  
Author(s):  
Apostolos Pyrgelis ◽  
Carmela Troncoso ◽  
Emiliano De Cristofaro
Keyword(s):  
Location Privacy ◽  
Differential Privacy ◽  
Information Leakage ◽  
Mobility Patterns ◽  
Protection Mechanism ◽  
Location Data ◽  
Knowledge Based ◽  
Inference Problems ◽  
Additional Protection ◽  
The Impact

Abstract Information about people’s movements and the locations they visit enables an increasing number of mobility analytics applications, e.g., in the context of urban and transportation planning, In this setting, rather than collecting or sharing raw data, entities often use aggregation as a privacy protection mechanism, aiming to hide individual users’ location traces. Furthermore, to bound information leakage from the aggregates, they can perturb the input of the aggregation or its output to ensure that these are differentially private. In this paper, we set to evaluate the impact of releasing aggregate location time-series on the privacy of individuals contributing to the aggregation. We introduce a framework allowing us to reason about privacy against an adversary attempting to predict users’ locations or recover their mobility patterns. We formalize these attacks as inference problems, and discuss a few strategies to model the adversary’s prior knowledge based on the information she may have access to. We then use the framework to quantify the privacy loss stemming from aggregate location data, with and without the protection of differential privacy, using two real-world mobility datasets. We find that aggregates do leak information about individuals’ punctual locations and mobility profiles. The density of the observations, as well as timing, play important roles, e.g., regular patterns during peak hours are better protected than sporadic movements. Finally, our evaluation shows that both output and input perturbation offer little additional protection, unless they introduce large amounts of noise ultimately destroying the utility of the data.

scholarly journals Preserving Geo-Indistinguishability of the Emergency Scene to Predict Ambulance Response Time

2021 ◽  
Vol 26 (3) ◽  
pp. 56
Author(s):  
Héber H. Arcolezi ◽  
Selene Cerna ◽  
Christophe Guyeux ◽  
Jean-François Couchot
Keyword(s):  
Response Time ◽  
Rural Areas ◽  
Differential Privacy ◽  
Sensitive Data ◽  
Rescue Service ◽  
Location Data ◽  
Ambulance Dispatch ◽  
Considerable Impact ◽  
The Moment ◽  
Ambulatory Services

Emergency medical services (EMS) provide crucial emergency assistance and ambulatory services. One key measurement of EMS’s quality of service is their ambulances’ response time (ART), which generally refers to the period between EMS notification and the moment an ambulance arrives on the scene. Due to many victims requiring care within adequate time (e.g., cardiac arrest), improving ARTs is vital. This paper proposes to predict ARTs using machine-learning (ML) techniques, which could be used as a decision-support system by EMS to allow a dynamic selection of ambulance dispatch centers. However, one well-known predictor of ART is the location of the emergency (e.g., if it is urban or rural areas), which is sensitive data because it can reveal who received care and for which reason. Thus, we considered the ‘input perturbation’ setting in the privacy-preserving ML literature, which allows EMS to sanitize each location data independently and, hence, ML models are trained only with sanitized data. In this paper, geo-indistinguishability was applied to sanitize each emergency location data, which is a state-of-the-art formal notion based on differential privacy. To validate our proposals, we used retrospective data of an EMS in France, namely Departmental Fire and Rescue Service of Doubs, and publicly available data (e.g., weather and traffic data). As shown in the results, the sanitization of location data and the perturbation of its associated features (e.g., city, distance) had no considerable impact on predicting ARTs. With these findings, EMSs may prefer using and/or sharing sanitized datasets to avoid possible data leakages, membership inference attacks, or data reconstructions, for example.

scholarly journals Travel Trajectory Frequent Pattern Mining Based on Differential Privacy Protection

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Weiya Wang ◽  
Geng Yang ◽  
Lin Bao ◽  
Ke Ma ◽  
Hao Zhou ◽  
...  
Keyword(s):  
Privacy Protection ◽  
Pattern Mining ◽  
Differential Privacy ◽  
Data Availability ◽  
Frequent Pattern ◽  
Frequent Subgraph Mining ◽  
Trajectory Data ◽  
User Privacy ◽  
Location Data ◽  
Subgraph Mining

Now, many application services based on location data have brought a lot of convenience to people’s daily life. However, publishing location data may divulge individual sensitive information. Because the location records about location data may be discrete in the database, some existing privacy protection schemes are difficult to protect location data in data mining. In this paper, we propose a travel trajectory data record privacy protection scheme (TMDP) based on differential privacy mechanism, which employs the structure of a trajectory graph model on location database and frequent subgraph mining based on weighted graph. Time series is introduced into the location data; the weighted trajectory model is designed to obtain the travel trajectory graph database. We upgrade the mining of location data to the mining of frequent trajectory graphs, which can discover the relationship of location data from the database and protect location data mined. In particular, to improve the identification efficiency of frequent trajectory graphs, we design a weighted trajectory graph support calculation algorithm based on canonical code and subgraph structure. Moreover, to improve the data utility under the premise of protecting user privacy, we propose double processes of adding noises to the subgraph mining process by the Laplace mechanism and selecting final data by the exponential mechanism. Through formal privacy analysis, we prove that our TMDP framework satisfies ε -differential privacy. Compared with the other schemes, the experiments show that the data availability of the proposed scheme is higher and the privacy protection of the scheme is effective.

Sign in / Sign up

Export Citation Format

Share Document