Deanonymizing mobility traces: using social network as a side-channel

Location-based services, which employ data from smartphones, vehicles, etc., are growing in popularity. To reduce the threat that shared location data poses to a user's privacy, some services anonymize or obfuscate this data. In this paper, we show these methods can be effectively defeated: a set of location traces can be deanonymized given an easily obtained social network graph. The key idea of our approach is that a user may be identified by those she meets: a "contact graph" identifying meetings between anonymized users in a set of traces can be structurally correlated with a social network graph, thereby identifying anonymized users. We demonstrate the effectiveness of our approach using three real world datasets: University of St Andrews mobility trace and social network (27 nodes each), SmallBlue contact trace and Facebook social network (125 nodes), and Infocom 2006 bluetooth contact traces and conference attendees' DBLP social network (78 nodes). Our experiments show that 80% of users are identified precisely, while only 8% are identified incorrectly, with the remainder mapped to a small set of users.

[1]  Wei Pan,et al.  SoundSense: scalable sound sensing for people-centric applications on mobile phones , 2009, MobiSys '09.

[2]  V. Latora,et al.  Centrality measures in spatial networks of urban streets. , 2005, Physical review. E, Statistical, nonlinear, and soft matter physics.

[3]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[4]  Xinwen Fu,et al.  CAP: A Context-Aware Privacy Protection System for Location-Based Services , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[5]  James Biagioni,et al.  Cooperative transit tracking using smart-phones , 2010, SenSys '10.

[6]  John Skvoretz,et al.  Node centrality in weighted networks: Generalizing degree and shortest paths , 2010, Soc. Networks.

[7]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[8]  Pan Hui,et al.  CRAWDAD dataset cambridge/haggle (v.2009-05-29) , 2009 .

[9]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[10]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[11]  Sheldon M. Ross,et al.  Introduction to Probability Models, Eighth Edition , 1972 .

[12]  Alain Biem,et al.  IBM infosphere streams for scalable, real-time, intelligent transportation services , 2010, SIGMOD Conference.

[13]  Stanley M. Selkow,et al.  The Tree-to-Tree Editing Problem , 1977, Inf. Process. Lett..

[14]  Robert F. Stengel,et al.  Optimal Control and Estimation , 1994 .

[15]  Sheldon M. Ross,et al.  Introduction to probability models , 1975 .

[16]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[17]  Albert-László Barabási,et al.  Understanding individual human mobility patterns , 2008, Nature.

[18]  Helen J. Wang,et al.  Preserving location privacy in wireless lans , 2007, MobiSys '07.

[19]  Henry A. Kautz,et al.  Learning and inferring transportation routines , 2004, Artif. Intell..

[20]  Saleem N. Bhatti,et al.  CRAWDAD dataset st_andrews/sassy (v.2011-06-03) , 2011 .

[21]  MSc PhD Ian Miguel BSC Dynamic Flexible Constraint Satisfaction and its Application to AI Planning , 2004, Distinguished Dissertations.

[22]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[23]  Guohong Cao,et al.  Supporting Cooperative Caching in Disruption Tolerant Networks , 2011, 2011 31st International Conference on Distributed Computing Systems.

[24]  Michael J. Mossinghoff,et al.  Combinatorics and graph theory , 2000 .

[25]  Lawrence O Gostin,et al.  Health information privacy. , 1995, Cornell law review.

[26]  Enn Tyugu,et al.  Constraint Programming , 1994, NATO ASI Series.

[27]  Tarek F. Abdelzaher,et al.  GreenGPS: a participatory sensing fuel-efficient maps application , 2010, MobiSys '10.

[28]  Yang Zhang,et al.  CarTel: a distributed mobile sensor computing system , 2006, SenSys '06.

[29]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[30]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[31]  M. R. Rao,et al.  Combinatorial Optimization , 1992, NATO ASI Series.