Local Suppression and Splitting Techniques for Privacy Preserving Publication of Trajectories

We study the problem of preserving user privacy in the publication of location sequences. Consider a database of trajectories, corresponding to movements of people, captured by their transactions when they use credit cards, RFID debit cards, or NFC (http://en.wikipedia.org/wiki/Near_field_communication) compliant devices. We show that, if such trajectories are published exactly (by only hiding the identities of persons that followed them), one can use partial trajectory knowledge as a quasi-identifier for the remaining locations in the sequence. We devise four intuitive techniques, based on combinations of locations suppression and trajectories splitting, and we show that they can prevent privacy breaches while keeping published data accurate for aggregate query answering and frequent subsets data mining.

[1]  Spiros Skiadopoulos,et al.  Apriori-based algorithms for km-anonymizing trajectory data , 2014, Trans. Data Priv..

[2]  Panos Kalnis,et al.  Local and global recoding methods for anonymizing set-valued data , 2010, The VLDB Journal.

[3]  Josep Domingo-Ferrer,et al.  Microaggregation- and permutation-based anonymization of movement data , 2012, Inf. Sci..

[4]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[5]  Wei Jiang,et al.  Privacy-Preserving Location Publishing under Road-Network Constraints , 2010, DASFAA.

[6]  Francesco Bonchi,et al.  Never Walk Alone: Uncertainty for Anonymity in Moving Objects Databases , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[7]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[8]  Spiros Skiadopoulos,et al.  Select-Organize-Anonymize: A Framework for Trajectory Data Anonymization , 2013, 2013 IEEE 13th International Conference on Data Mining Workshops.

[9]  Yücel Saygin,et al.  Ensuring location diversity in privacy-preserving spatio-temporal data publishing , 2013, The VLDB Journal.

[10]  Chi-Yin Chow,et al.  Differentially Private Location Recommendations in Geosocial Networks , 2014, 2014 IEEE 15th International Conference on Mobile Data Management.

[11]  Divesh Srivastava,et al.  DPT: Differentially Private Trajectory Synthesis Using Hierarchical Reference Systems , 2015, Proc. VLDB Endow..

[12]  Anna Monreale,et al.  Movement data anonymity through generalization , 2009, SPRINGL '09.

[13]  Jure Leskovec,et al.  Friendship and mobility: user movement in location-based social networks , 2011, KDD.

[14]  David J. DeWitt,et al.  Mondrian Multidimensional K-Anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[15]  Yücel Saygin,et al.  Towards trajectory anonymization: a generalization-based approach , 2008, SPRINGL '08.

[16]  Stavros Papadopoulos,et al.  Differentially Private Event Sequences over Infinite Streams , 2014, Proc. VLDB Endow..

[17]  Thomas Brinkhoff,et al.  A Framework for Generating Network-Based Moving Objects , 2002, GeoInformatica.

[18]  Claude Castelluccia,et al.  Differentially private sequential data publication via variable-length n-grams , 2012, CCS.

[19]  Laks V. S. Lakshmanan,et al.  Anonymizing moving objects: how to hide a MOB in a crowd? , 2009, EDBT '09.

[20]  Gabriel Ghinita,et al.  Privacy for Location-based Services , 2013, Privacy for Location-based Services.

[21]  Josep Domingo-Ferrer,et al.  On the privacy offered by (k, δ)-anonymity , 2013, Inf. Syst..

[22]  Nikos Mamoulis,et al.  Privacy Preservation in the Publication of Trajectories , 2008, The Ninth International Conference on Mobile Data Management (mdm 2008).

[23]  Nikos Pelekis,et al.  Who Cares about Others' Privacy: Personalized Anonymization of Moving Object Trajectories , 2016, EDBT.

[24]  Jianyong Wang,et al.  Mining sequential patterns by pattern-growth: the PrefixSpan approach , 2004, IEEE Transactions on Knowledge and Data Engineering.

[25]  Benjamin C. M. Fung,et al.  Privacy-preserving trajectory data publishing by local suppression , 2013, Inf. Sci..

[26]  Li Xiong,et al.  A two-phase algorithm for mining sequential patterns with differential privacy , 2013, CIKM.

[27]  Spiros Skiadopoulos,et al.  Anonymizing Data with Relational and Transaction Attributes , 2013, ECML/PKDD.

[28]  Stéphane Bressan,et al.  Publishing trajectories with differential privacy guarantees , 2013, SSDBM.

[29]  Bradley Malin,et al.  COAT: COnstraint-based anonymization of transactions , 2010, Knowledge and Information Systems.

[30]  Chris Clifton,et al.  On syntactic anonymity and differential privacy , 2013, 2013 IEEE 29th International Conference on Data Engineering Workshops (ICDEW).

[31]  Masatoshi Yoshikawa,et al.  Differentially Private Real-Time Data Release over Infinite Trajectory Streams , 2015, 2015 16th IEEE International Conference on Mobile Data Management.