Customizable and Rigorous Location Privacy through Policy Graph

Location privacy has been extensively studied in the literature. However, existing location privacy models are either not rigorous or not customizable, which limits the trade-off between privacy and utility in many real-world applications. To address this issue, we propose a new location privacy notion called PGLP, i.e., \textit{Policy Graph based Location Privacy}, providing a rich interface to release private locations with customizable and rigorous privacy guarantee. First, we design the privacy metrics of PGLP by extending differential privacy. Specifically, we formalize a user's location privacy requirements using a \textit{location policy graph}, which is expressive and customizable. Second, we investigate how to satisfy an arbitrarily given location policy graph under adversarial knowledge. We find that a location policy graph may not always be viable and may suffer \textit{location exposure} when the attacker knows the user's mobility pattern. We propose efficient methods to detect location exposure and repair the policy graph with optimal utility. Third, we design a private location trace release framework that pipelines the detection of location exposure, policy graph repair, and private trajectory release with customizable and rigorous location privacy. Finally, we conduct experiments on real-world datasets to verify the effectiveness of the privacy-utility trade-off and the efficiency of the proposed algorithms.

[1]  Emiliano De Cristofaro,et al.  What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy , 2017, Proc. Priv. Enhancing Technol..

[2]  Masatoshi Yoshikawa,et al.  Your neighbors are my spies: Location and other privacy concerns in dating apps , 2016, 2016 18th International Conference on Advanced Communication Technology (ICACT).

[3]  Stefano Spaccapietra,et al.  Semantic trajectories modeling and analysis , 2013, CSUR.

[4]  Urs Hengartner,et al.  A distributed k-anonymity protocol for location privacy , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[5]  Ashwin Machanavajjhala,et al.  Principled Evaluation of Differentially Private Algorithms using DPBench , 2015, SIGMOD Conference.

[6]  Yang Cao,et al.  LocLok: Location Cloaking with Differential Privacy via Hidden Markov Model , 2017, Proc. VLDB Endow..

[7]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[8]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[9]  Chi-Yin Chow,et al.  Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments , 2011, GeoInformatica.

[10]  Xing Xie,et al.  GeoLife2.0: A Location-Based Social Networking Service , 2009, 2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware.

[11]  Kunal Talwar,et al.  On the geometry of differential privacy , 2009, STOC '10.

[12]  Yang Cao,et al.  PriSTE: From Location Privacy to Spatiotemporal Event Privacy , 2018, 2019 IEEE 35th International Conference on Data Engineering (ICDE).

[13]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[14]  Mohamed F. Mokbel,et al.  Recommendations in location-based social networks: a survey , 2015, GeoInformatica.

[15]  Marco Gruteser,et al.  USENIX Association , 1992 .

[16]  Ninghui Li,et al.  Differential Privacy: From Theory to Practice , 2016, Differential Privacy.

[17]  Masatoshi Yoshikawa,et al.  ConTPL: Controlling Temporal Privacy Leakage in Differentially Private Continuous Data Release , 2018, Proc. VLDB Endow..

[18]  Damien Desfontaines,et al.  SoK: Differential privacies , 2019, Proc. Priv. Enhancing Technol..

[19]  Masatoshi Yoshikawa,et al.  PriSTE: Protecting Spatiotemporal Event Privacy in Continuous Location-Based Services , 2019, Proc. VLDB Endow..

[20]  Guoliang Li,et al.  DeepEye: A Data Science System for Monitoring and Exploring COVID-19 Data , 2020, IEEE Data Eng. Bull..

[21]  Masatoshi Yoshikawa,et al.  Protecting Spatiotemporal Event Privacy in Continuous Location-Based Services , 2019, IEEE Transactions on Knowledge and Data Engineering.

[22]  Andrew McGregor,et al.  Optimizing linear counting queries under differential privacy , 2009, PODS.

[23]  Kang G. Shin,et al.  Location Privacy Protection for Smartphone Users , 2014, CCS.

[24]  Masatoshi Yoshikawa,et al.  Quantifying Differential Privacy under Temporal Correlations , 2016, 2017 IEEE 33rd International Conference on Data Engineering (ICDE).

[25]  Ashwin Machanavajjhala,et al.  Blowfish privacy: tuning privacy-utility trade-offs using policies , 2013, SIGMOD Conference.

[26]  Ashwin Machanavajjhala,et al.  A rigorous and customizable framework for privacy , 2012, PODS.

[27]  Jure Leskovec,et al.  Friendship and mobility: user movement in location-based social networks , 2011, KDD.

[28]  Daniel Blank,et al.  Slowing the Spread of Infectious Diseases Using Crowdsourced Data , 2020, IEEE Data Eng. Bull..

[29]  Carmela Troncoso,et al.  Prolonging the Hide-and-Seek Game: Optimal Trajectory Privacy for Location-Based Services , 2014, WPES.

[30]  Masatoshi Yoshikawa,et al.  PANDA: Policy-aware Location Privacy for Epidemic Surveillance , 2020, Proc. VLDB Endow..

[31]  Fernando Ordóñez,et al.  Ridesharing: The state-of-the-art and future directions , 2013 .

[32]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[33]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[34]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[35]  Vaidy S. Sunderam,et al.  Monitoring web browsing behavior with differential privacy , 2014, WWW.

[36]  Masatoshi Yoshikawa,et al.  Voice-Indistinguishability: Protecting Voiceprint In Privacy-Preserving Speech Data Release , 2020, 2020 IEEE International Conference on Multimedia and Expo (ICME).

[37]  Catuscia Palamidessi,et al.  A Predictive Differentially-Private Mechanism for Mobility Traces , 2013, Privacy Enhancing Technologies.

[38]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[39]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[40]  Masatoshi Yoshikawa,et al.  Quantifying Differential Privacy in Continuous Data Release Under Temporal Correlations , 2017, IEEE Transactions on Knowledge and Data Engineering.

[41]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[42]  Catuscia Palamidessi,et al.  Constructing elastic distinguishability metrics for location privacy , 2015, Proc. Priv. Enhancing Technol..

[43]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[44]  Yizhen Wang,et al.  Pufferfish Privacy Mechanisms for Correlated Data , 2016, SIGMOD Conference.

[45]  Li Xiong,et al.  Protecting Locations with Differential Privacy under Temporal Correlations , 2014, CCS.

[46]  Ben Mokhtar Sonia,et al.  The Long Road to Computational Location Privacy: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[47]  Masatoshi Yoshikawa,et al.  Geo-Graph-Indistinguishability: Protecting Location Privacy for LBS over Road Networks , 2019, DBSec.

[48]  Marc-Olivier Killijian,et al.  Next place prediction using mobility Markov chains , 2012, MPM '12.