A Method of Sanitizing Privacy-Sensitive Sequence Pattern Networks Mined From Trajectories Released

Mobility patterns mined from released trajectories can help to allocate resources and provide personalized services, although these also pose a threat to personal location privacy. As the existing sanitization methods cannot deal with the problems of location privacy inference attacks based on privacy-sensitive sequence pattern networks, the authors proposed a method of sanitizing the privacy-sensitive sequence pattern networks mined from trajectories released by identifying and removing influential nodes from the networks. The authors conducted extensive experiments and the results were shown that by adjusting the parameter of the proportional factors, the proposed method can thoroughly sanitize privacy-sensitive sequence pattern networks and achieve the optimal values for security degree and connectivity degree measurements. In addition, the performance of the proposed method was shown to be stable for multiple networks with basically the same privacy-sensitive node ratio and be scalable for batches of networks with different sensitive nodes ratios.

Download Full-text

Privacy vs. Reward in Indoor Location-Based Services

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2016-0031 ◽

2016 ◽

Vol 2016 (4) ◽

pp. 102-122 ◽

Cited By ~ 3

Author(s):

Kassem Fawaz ◽

Kyu-Han Kim ◽

Kang G. Shin

Keyword(s):

Location Privacy ◽

Indoor Localization ◽

Service Providers ◽

Location Based Services ◽

Location Information ◽

Privacy Concerns ◽

Indoor Location ◽

Location Data ◽

Personalized Services ◽

Privacy Risks

AbstractWith the advance of indoor localization technology, indoor location-based services (ILBS) are gaining popularity. They, however, accompany privacy concerns. ILBS providers track the users’ mobility to learn more about their behavior, and then provide them with improved and personalized services. Our survey of 200 individuals highlighted their concerns about this tracking for potential leakage of their personal/private traits, but also showed their willingness to accept reduced tracking for improved service. In this paper, we propose PR-LBS (Privacy vs. Reward for Location-Based Service), a system that addresses these seemingly conflicting requirements by balancing the users’ privacy concerns and the benefits of sharing location information in indoor location tracking environments. PR-LBS relies on a novel location-privacy criterion to quantify the privacy risks pertaining to sharing indoor location information. It also employs a repeated play model to ensure that the received service is proportionate to the privacy risk. We implement and evaluate PR-LBS extensively with various real-world user mobility traces. Results show that PR-LBS has low overhead, protects the users’ privacy, and makes a good tradeoff between the quality of service for the users and the utility of shared location data for service providers.

Download Full-text

A novel on-line spatial-temporal k-anonymity method for location privacy protection from sequence rules-based inference attacks

PLoS ONE ◽

10.1371/journal.pone.0182232 ◽

2017 ◽

Vol 12 (8) ◽

pp. e0182232 ◽

Cited By ~ 3

Author(s):

Haitao Zhang ◽

Chenxue Wu ◽

Zewei Chen ◽

Zhao Liu ◽

Yunhong Zhu

Keyword(s):

Privacy Protection ◽

Location Privacy ◽

On Line ◽

Inference Attacks ◽

Location Privacy Protection ◽

Sequence Rules

Download Full-text

Measures of node centrality in mobile social networks

International Journal of Modern Physics C ◽

10.1142/s0129183115501077 ◽

2015 ◽

Vol 26 (09) ◽

pp. 1550107 ◽

Cited By ~ 17

Author(s):

Zhenxiang Gao ◽

Yan Shi ◽

Shanzhi Chen

Keyword(s):

Social Networks ◽

Social Relations ◽

Human Mobility ◽

Graph Model ◽

Information Propagation ◽

Mobile Social Networks ◽

Mobility Patterns ◽

Centrality Metrics ◽

Influential Nodes ◽

Over Time

Mobile social networks exploit human mobility and consequent device-to-device contact to opportunistically create data paths over time. While links in mobile social networks are time-varied and strongly impacted by human mobility, discovering influential nodes is one of the important issues for efficient information propagation in mobile social networks. Although traditional centrality definitions give metrics to identify the nodes with central positions in static binary networks, they cannot effectively identify the influential nodes for information propagation in mobile social networks. In this paper, we address the problems of discovering the influential nodes in mobile social networks. We first use the temporal evolution graph model which can more accurately capture the topology dynamics of the mobile social network over time. Based on the model, we explore human social relations and mobility patterns to redefine three common centrality metrics: degree centrality, closeness centrality and betweenness centrality. We then employ empirical traces to evaluate the benefits of the proposed centrality metrics, and discuss the predictability of nodes' global centrality ranking by nodes' local centrality ranking. Results demonstrate the efficiency of the proposed centrality metrics.

Download Full-text

Protecting location privacy against inference attacks

Proceedings of the 9th annual ACM workshop on Privacy in the electronic society - WPES '10 ◽

10.1145/1866919.1866938 ◽

2010 ◽

Cited By ~ 8

Author(s):

Kazuhiro Minami ◽

Nikita Borisov

Keyword(s):

Location Privacy ◽

Inference Attacks

Download Full-text

KLPPS: A k-Anonymous Location Privacy Protection Scheme via Dummies and Stackelberg Game

Security and Communication Networks ◽

10.1155/2021/9635411 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Dongdong Yang ◽

Baopeng Ye ◽

Wenyin Zhang ◽

Huiyu Zhou ◽

Xiaobin Qian

Keyword(s):

Service Quality ◽

Privacy Protection ◽

Privacy Preservation ◽

Location Privacy ◽

Stackelberg Game ◽

Single Point ◽

Third Party ◽

Protection Scheme ◽

Inference Attacks ◽

Location Privacy Protection

Protecting location privacy has become an irreversible trend; some problems also come such as system structures adopted by location privacy protection schemes suffer from single point of failure or the mobile device performance bottlenecks, and these schemes cannot resist single-point attacks and inference attacks and achieve a tradeoff between privacy level and service quality. To solve these problems, we propose a k-anonymous location privacy protection scheme via dummies and Stackelberg game. First, we analyze the merits and drawbacks of the existing location privacy preservation system architecture and propose a semitrusted third party-based location privacy preservation architecture. Next, taking into account both location semantic diversity, physical dispersion, and query probability, etc., we design a dummy location selection algorithm based on location semantics and physical distance, which can protect users’ privacy against single-point attack. And then, we propose a location anonymous optimization method based on Stackelberg game to improve the algorithm. Specifically, we formalize the mutual optimization of user-adversary objectives by using the framework of Stackelberg game to find an optimal dummy location set. The optimal dummy location set can resist single-point attacks and inference attacks while effectively balancing service quality and location privacy. Finally, we provide exhaustive simulation evaluation for the proposed scheme compared with existing schemes in multiple aspects, and the results show that the proposed scheme can effectively resist the single-point attack and inference attack while balancing the service quality and location privacy.

Download Full-text

What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2017-0043 ◽

2017 ◽

Vol 2017 (4) ◽

pp. 156-176 ◽

Cited By ~ 13

Author(s):

Apostolos Pyrgelis ◽

Carmela Troncoso ◽

Emiliano De Cristofaro

Keyword(s):

Location Privacy ◽

Differential Privacy ◽

Information Leakage ◽

Mobility Patterns ◽

Protection Mechanism ◽

Location Data ◽

Knowledge Based ◽

Inference Problems ◽

Additional Protection ◽

The Impact

Abstract Information about people’s movements and the locations they visit enables an increasing number of mobility analytics applications, e.g., in the context of urban and transportation planning, In this setting, rather than collecting or sharing raw data, entities often use aggregation as a privacy protection mechanism, aiming to hide individual users’ location traces. Furthermore, to bound information leakage from the aggregates, they can perturb the input of the aggregation or its output to ensure that these are differentially private. In this paper, we set to evaluate the impact of releasing aggregate location time-series on the privacy of individuals contributing to the aggregation. We introduce a framework allowing us to reason about privacy against an adversary attempting to predict users’ locations or recover their mobility patterns. We formalize these attacks as inference problems, and discuss a few strategies to model the adversary’s prior knowledge based on the information she may have access to. We then use the framework to quantify the privacy loss stemming from aggregate location data, with and without the protection of differential privacy, using two real-world mobility datasets. We find that aggregates do leak information about individuals’ punctual locations and mobility profiles. The density of the observations, as well as timing, play important roles, e.g., regular patterns during peak hours are better protected than sporadic movements. Finally, our evaluation shows that both output and input perturbation offer little additional protection, unless they introduce large amounts of noise ultimately destroying the utility of the data.

Download Full-text

A novel destination prediction attack and corresponding location privacy protection method in geo-social networks

International Journal of Distributed Sensor Networks ◽

10.1177/1550147716685421 ◽

2017 ◽

Vol 13 (1) ◽

pp. 155014771668542 ◽

Cited By ~ 7

Author(s):

Di Xue ◽

Li-Fa Wu ◽

Hua-Bo Li ◽

Zheng Hong ◽

Zhen-Ji Zhou

Keyword(s):

Social Networks ◽

Privacy Protection ◽

Location Privacy ◽

Background Information ◽

Data Set ◽

Attack Model ◽

Protection Method ◽

Inference Attacks ◽

Location Privacy Protection ◽

Prediction Approach

Location publication in check-in services of geo-social networks raises serious privacy concerns due to rich sources of background information. This article proposes a novel destination prediction approach Destination Prediction specially for the check-in service of geo-social networks, which not only addresses the “data sparsity problem” faced by common destination prediction approaches, but also takes advantages of the commonly available background information from geo-social networks and other public resources, such as social structure, road network, and speed limits. Further considering the Destination Prediction–based attack model, we present a location privacy protection method Check-in Deletion and framework Destination Prediction + Check-in Deletion to help check-in users detect potential location privacy leakage and retain confidential locational information against destination inference attacks without sacrificing the real-time check-in precision and user experience. A new data preprocessing method is designed to construct a reasonable complete check-in subset from the worldwide check-in data set of a real-world geo-social network without loss of generality and validity of the evaluation. Experimental results show the great prediction ability of Destination Prediction approach, the effective protection capability of Check-in Deletion method against destination inference attacks, and high running efficiency of the Destination Prediction + Check-in Deletion framework.

Download Full-text

Mitigating Location Privacy Attacks on Mobile Devices using Dynamic App Sandboxing

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2019-0020 ◽

2019 ◽

Vol 2019 (2) ◽

pp. 66-87 ◽

Cited By ~ 1

Author(s):

Sashank Narain ◽

Guevara Noubir

Keyword(s):

Private Information ◽

Location Privacy ◽

Historical Data ◽

Mobile Apps ◽

Machine Learning Techniques ◽

Traffic Information ◽

Quadratic Program ◽

Mobility Patterns ◽

Learning Techniques ◽

Location Inference

Abstract We present the design, implementation and evaluation of a system, called MATRIX, developed to protect the privacy of mobile device users from location inference and sensor side-channel attacks. MATRIX gives users control and visibility over location and sensor (e.g., Accelerometers and Gyroscopes) accesses by mobile apps. It implements a PrivoScope service that audits all location and sensor accesses by apps on the device and generates real-time notifications and graphs for visualizing these accesses; and a Synthetic Location service to enable users to provide obfuscated or synthetic location trajectories or sensor traces to apps they find useful, but do not trust with their private information. The services are designed to be extensible and easy for users, hiding all of the underlying complexity from them. MATRIX also implements a Location Provider component that generates realistic privacy-preserving synthetic identities and trajectories for users by incorporating traffic information using historical data from Google Maps Directions API, and accelerations using statistical information from user driving experiments. These mobility patterns are generated by modeling/solving user schedule using a randomized linear program and modeling/solving for user driving behavior using a quadratic program. We extensively evaluated MATRIX using user studies, popular location-driven apps and machine learning techniques, and demonstrate that it is portable to most Android devices globally, is reliable, has low-overhead, and generates synthetic trajectories that are difficult to differentiate from real mobility trajectories by an adversary.

Download Full-text

GLPP: A Game-Based Location Privacy-Preserving Framework in Account Linked Mixed Location-Based Services

Security and Communication Networks ◽

10.1155/2018/9148768 ◽

2018 ◽

Vol 2018 ◽

pp. 1-14 ◽

Cited By ~ 1

Author(s):

Zhuo Ma ◽

Jiuxin Cao ◽

Xiusheng Chen ◽

Shuai Xu ◽

Bo Liu ◽

...

Keyword(s):

Location Privacy ◽

Privacy Preserving ◽

Location Based Services ◽

Behavioral Analysis ◽

Continuous Location ◽

Real Dataset ◽

Privacy Leakage ◽

Cross Platform ◽

Inference Attacks ◽

Zero Sum

In Location-Based Services (LBSs) platforms, such as Foursquare and Swarm, the submitted position for a share or search leads to the exposure of users’ activities. Additionally, the cross-platform account linkage could aggravate this exposure, as the fusion of users’ information can enhance inference attacks on users’ next submitted location. Hence, in this paper, we propose GLPP, a personalized and continuous location privacy-preserving framework in account linked platforms with different LBSs (i.e., search-based LBSs and share-based LBSs). The key point of GLPP is to obfuscate every location submitted in search-based LBSs so as to defend dynamic inference attacks. Specifically, first, possible inference attacks are listed through user behavioral analysis. Second, for each specific attack, an obfuscation model is proposed to minimize location privacy leakage under a given location distortion, which ensures submitted locations’ utility for search-based LBSs. Third, for dynamic attacks, a framework based on zero-sum game is adopted to joint specific obfuscation above and minimize the location privacy leakage to a balanced point. Experiments on real dataset prove the effectiveness of our proposed attacks in Accuracy, Certainty, and Correctness and, meanwhile, also show the performance of our preserving solution in defense of attacks and guarantee of location utility.

Download Full-text

PrivateRide: A Privacy-Enhanced Ride-Hailing Service

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2017-0015 ◽

2017 ◽

Vol 2017 (2) ◽

pp. 38-56 ◽

Cited By ~ 17

Author(s):

Anh Pham ◽

Italo Dacosta ◽

Bastien Jacot-Guillarmod ◽

Kévin Huguenin ◽

Taha Hajar ◽

...

Keyword(s):

High Risk ◽

Location Privacy ◽

Real Data ◽

Data Sets ◽

Mobility Patterns ◽

Transportation Services ◽

Privacy Concerns ◽

Privacy Threats ◽

The Past ◽

Online Marketplace

AbstractIn the past few years, we have witnessed a rise in the popularity of ride-hailing services (RHSs), an online marketplace that enables accredited drivers to use their own cars to drive ride-hailing users. Unlike other transportation services, RHSs raise significant privacy concerns, as providers are able to track the precise mobility patterns of millions of riders worldwide. We present the first survey and analysis of the privacy threats in RHSs. Our analysis exposes high-risk privacy threats that do not occur in conventional taxi services. Therefore, we propose PrivateRide, a privacy-enhancing and practical solution that offers anonymity and location privacy for riders, and protects drivers’ information from harvesting attacks. PrivateRide lowers the high-risk privacy threats in RHSs to a level that is at least as low as that of many taxi services. Using real data-sets from Uber and taxi rides, we show that PrivateRide significantly enhances riders’ privacy, while preserving tangible accuracy in ride matching and fare calculation, with only negligible effects on convenience. Moreover, by using our Android implementation for experimental evaluations, we show that PrivateRide’s overhead during ride setup is negligible. In short, we enable privacy-conscious riders to achieve levels of privacy that are not possible in current RHSs and even in some conventional taxi services, thereby offering a potential business differentiator.

Download Full-text