Walking Without Friends: Publishing Anonymized Trajectory Dataset Without Leaking Social Relationships

Trajectory data has been widely collected via mobile devices and publicly released for academic research and commercial purposes. One primary concern of publishing such a dataset is the privacy issue. Previous protection schemes mainly focus on preventing re-identification attack, which utilizes the uniqueness of trajectories. However, the correlation between trajectories, which has not been given much attention to before, could also give rise to serious privacy leakage. Recent studies have proved that it is possible to identify social relationship, de-anonymize trajectories or even infer user’s locations by analyzing the correlation between users’ trajectories. We identify the serious privacy problem of social relationship leakage caused by what we call social relationship attack and aim to protect social relationship information, which cannot be protected by existing algorithms. We contribute to the design of a new privacy model and an effective system to deal with social relationship attack and re-identification attack simultaneously while maintaining high data utility. We propose a SlidingWindow algorithm to merge trajectories according to their social-aware distance, which concerns both the spatiotemporal distance and social proximity. Evaluations of two trajectory datasets under different scenarios demonstrate that our system provides more than 1.84 times privacy protection at the cost of only 2.5% data utility loss.

[1]  Henry A. Kautz,et al.  Finding your friends and following them to where you are , 2012, WSDM '12.

[2]  Bart Preneel,et al.  Practical privacy-preserving location-sharing based services with aggregate statistics , 2014, WiSec '14.

[3]  Christo Wilson,et al.  Peeking Beneath the Hood of Uber , 2015, Internet Measurement Conference.

[4]  Dan Pei,et al.  EDUM: classroom education measurements via large-scale WiFi networks , 2016, UbiComp.

[5]  Kai Zhao,et al.  Protecting Trajectory From Semantic Attack Considering ${k}$ -Anonymity, ${l}$ -Diversity, and ${t}$ -Closeness , 2019, IEEE Trans. Netw. Serv. Manag..

[6]  Michalis Faloutsos,et al.  Inferring cellular user demographic information using homophily on call graphs , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[7]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[8]  Xudong Pan,et al.  Geographical Feature Extraction for Entities in Location-based Social Networks , 2018, WWW.

[9]  Francesco Bonchi,et al.  Never Walk Alone: Uncertainty for Anonymity in Moving Objects Databases , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[10]  Catherine Crump How GPS Tracking Threatens Our Privacy , 2011 .

[11]  David Lazer,et al.  Inferring friendship network structure by using mobile phone data , 2009, Proceedings of the National Academy of Sciences.

[12]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[13]  Marco Fiore,et al.  Preserving mobile subscriber privacy in open datasets of spatiotemporal trajectories , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[14]  Laks V. S. Lakshmanan,et al.  Anonymizing moving objects: how to hide a MOB in a crowd? , 2009, EDBT '09.

[15]  Zhiyuan Liu,et al.  A Neural Network Approach to Joint Modeling Social Networks and Mobile Trajectories , 2016, ArXiv.

[16]  Shigehiro Ano,et al.  Group Mobility Detection and User Connectivity Models for Evaluation of Mobile Network Functions , 2018, IEEE Transactions on Network and Service Management.

[17]  Michael Hicks,et al.  Deanonymizing mobility traces: using social network as a side-channel , 2012, CCS.

[18]  Anna Monreale,et al.  Movement data anonymity through generalization , 2009, SPRINGL '09.

[19]  Wang-Chien Lee,et al.  PGT: Measuring Mobility Relationship Using Personal, Global and Temporal Factors , 2014, 2014 IEEE International Conference on Data Mining.

[20]  Marco Fiore,et al.  Hiding mobile traffic fingerprints with GLOVE , 2015, CoNEXT.

[21]  Wendy Hui Wang,et al.  Privacy-Preserving Distributed Movement Data Aggregation , 2013, AGILE Conf..

[22]  Yücel Saygin,et al.  Towards trajectory anonymization: a generalization-based approach , 2008, SPRINGL '08.

[23]  Henry Leung,et al.  Data-Driven Cell Zooming for Large-Scale Mobile Networks , 2018, IEEE Transactions on Network and Service Management.

[24]  Zhipeng Cai,et al.  FakeMask: A Novel Privacy Preserving Approach for Smartphones , 2016, IEEE Transactions on Network and Service Management.

[25]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[26]  Spiros Skiadopoulos,et al.  Apriori-based algorithms for km-anonymizing trajectory data , 2014, Trans. Data Priv..

[27]  Christos Faloutsos,et al.  Mobile call graphs: beyond power-law and lognormal distributions , 2008, KDD.

[28]  Zhenhui Li,et al.  Inferring Mobility Relationship via Graph Embedding , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[29]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[30]  Matthieu Roy,et al.  Loca: a location-oblivious co-location attack in crowds , 2016, UbiComp.

[31]  Dan Cosley,et al.  Inferring social ties from geographic coincidences , 2010, Proceedings of the National Academy of Sciences.

[32]  Aniket Kittur,et al.  Bridging the gap between physical location and online social networks , 2010, UbiComp.

[33]  Fengli Xu,et al.  Context-aware real-time population estimation for metropolis , 2016, UbiComp.

[34]  Francesco Bonchi,et al.  Anonymization of moving objects databases by clustering and perturbation , 2010, Inf. Syst..

[35]  Yang Zhang,et al.  Inferring friendship from check-in data of location-based social networks , 2015, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[36]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[37]  Marco Gruteser,et al.  USENIX Association , 1992 .

[38]  Reza Shokri,et al.  Quantifying the Effect of Co-location Information on Location Privacy , 2014, Privacy Enhancing Technologies.

[39]  Ashwin Machanavajjhala,et al.  Privacy-Preserving Data Publishing , 2009, Found. Trends Databases.

[40]  Y. de Montjoye,et al.  Unique in the shopping mall: On the reidentifiability of credit card metadata , 2015, Science.

[41]  Xing Xie,et al.  GeoLife: A Collaborative Social Networking Service among User, Location and Trajectory , 2010, IEEE Data Eng. Bull..

[42]  Xing Xie,et al.  GeoLife2.0: A Location-Based Social Networking Service , 2009, 2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware.

[43]  Lars Backstrom,et al.  Find me if you can: improving geographical prediction with social and spatial proximity , 2010, WWW '10.

[44]  Margaret Martonosi,et al.  Human mobility modeling at metropolitan scales , 2012, MobiSys '12.