Synthesizing Plausible Privacy-Preserving Location Traces

Camouflaging user's actual location with fakes is a prevalent obfuscation technique for protecting location privacy. We show that the protection mechanisms based on the existing (ad hoc) techniques for generating fake locations are easily broken by inference attacks. They are also detrimental to many utility functions, as they fail to credibly imitate the mobility of living people. This paper introduces a systematic approach to synthesizing plausible location traces. We propose metrics that capture both geographic and semantic features of real location traces. Based on these statistical metrics, we design a privacy-preserving generative model to synthesize location traces which are plausible to be trajectories of some individuals with consistent lifestyles and meaningful mobilities. Using a state-of-the-art quantitative framework, we show that our synthetic traces can significantly paralyze location inference attacks. We also show that these fake traces have many useful statistical features in common with real traces, thus can be used in many geo-data analysis tasks. We guarantee that the process of generating synthetic traces itself is privacy preserving and ensures plausible deniability. Thus, although the crafted traces statistically resemble human mobility, they do not leak significant information about any particular individual whose data is used in the synthesis process.

[1]  Cecilia Mascolo,et al.  Geo-spotting: mining online location-based services for optimal retail store placement , 2013, KDD.

[2]  David K. Y. Yau,et al.  Privacy vulnerability of published anonymous mobility traces , 2010, MobiCom.

[3]  Panos M. Pardalos,et al.  Quadratic assignment and related problems : DIMACS workshop, May 20-21, 1993 , 1994 .

[4]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[5]  Peter J. Bickel,et al.  The Earth Mover's distance is the Mallows distance: some insights from statistics , 2001, Proceedings Eighth IEEE International Conference on Computer Vision. ICCV 2001.

[6]  Padhraic Smyth,et al.  Modeling human location data with mixtures of kernel densities , 2014, KDD.

[7]  Leonidas J. Guibas,et al.  A metric for distributions with applications to image databases , 1998, Sixth International Conference on Computer Vision (IEEE Cat. No.98CH36271).

[8]  Claude Castelluccia,et al.  Differentially private sequential data publication via variable-length n-grams , 2012, CCS.

[9]  Ronald L. Rivest,et al.  Honeywords: making password-cracking detectable , 2013, CCS.

[10]  N. Metropolis,et al.  Equation of State Calculations by Fast Computing Machines , 1953, Resonance.

[11]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[12]  Claude Castelluccia,et al.  Study : Privacy Preserving Release of Spatio-temporal Density in Paris , 2014 .

[13]  Johannes Gehrke,et al.  Towards Privacy for Social Networks: A Zero-Knowledge Based Definition of Privacy , 2011, TCC.

[14]  Rafael Pass,et al.  Outlier Privacy , 2014, TCC.

[15]  Margaret Martonosi,et al.  DP-WHERE: Differentially private modeling of human mobility , 2013, 2013 IEEE International Conference on Big Data.

[16]  Ian R. Kerr,et al.  Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society , 2009 .

[17]  Helen Nissenbaum,et al.  Trackmenot: Resisting Surveillance in Web Search , 2015 .

[18]  Yin Yang,et al.  Differentially private histogram publication , 2012, The VLDB Journal.

[19]  Takahiro Hara,et al.  A user location anonymization method for location based services in a real environment , 2010, GIS '10.

[20]  Ashwin Machanavajjhala,et al.  Privacy: Theory meets Practice on the Map , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[21]  Ryen W. White,et al.  From devices to people: attribution of search activity in multi-user settings , 2014, WWW.

[22]  Chao Zhang,et al.  L2P2: Location-aware location privacy protection for location-based services , 2012, 2012 Proceedings IEEE INFOCOM.

[23]  Philippe Golle,et al.  Faking contextual data for fun, profit, and privacy , 2009, WPES '09.

[24]  Xing Xie,et al.  Mining interesting locations and travel sequences from GPS trajectories , 2009, WWW '09.

[25]  Takahiro Hara,et al.  A dummy-based anonymization method based on user trajectory with pauses , 2012, SIGSPATIAL/GIS.

[26]  J. Munkres ALGORITHMS FOR THE ASSIGNMENT AND TRANSIORTATION tROBLEMS* , 1957 .

[27]  David J. C. MacKay,et al.  Information Theory, Inference, and Learning Algorithms , 2004, IEEE Transactions on Information Theory.

[28]  Johannes Gehrke,et al.  Crowd-Blending Privacy , 2012, IACR Cryptol. ePrint Arch..

[29]  George Danezis,et al.  Quantifying Location Privacy: The Case of Sporadic Location Exposure , 2011, PETS.

[30]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[31]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[32]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[33]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[34]  S. Brooks,et al.  Optimization Using Simulated Annealing , 1995 .

[35]  Cynthia Dwork,et al.  Differential privacy and robust statistics , 2009, STOC '09.

[36]  John Krumm Realistic Driving Trips For Location Privacy , 2009, Pervasive.

[37]  Sabrina De Capitani di Vimercati,et al.  An Obfuscation-Based Approach for Protecting Location Privacy , 2011, IEEE Transactions on Dependable and Secure Computing.

[38]  Oliver Berthold,et al.  Dummy Traffic against Long Term Intersection Attacks , 2002, Privacy Enhancing Technologies.

[39]  Wang-Chien Lee,et al.  Protecting Moving Trajectories with Dummies , 2007, 2007 International Conference on Mobile Data Management.

[40]  Tetsuji Satoh,et al.  An anonymous communication technique using dummies for location-based services , 2005, ICPS '05. Proceedings. International Conference on Pervasive Services, 2005..

[41]  Srdjan Capkun,et al.  Quantifying Web-Search Privacy , 2014, CCS.

[42]  Hui Zang,et al.  Anonymization of location data does not work: a large-scale measurement study , 2011, MobiCom.

[43]  Claude Castelluccia,et al.  Differentially Private Histogram Publishing through Lossy Compression , 2012, 2012 IEEE 12th International Conference on Data Mining.

[44]  Carmela Troncoso,et al.  Protecting location privacy: optimal strategy against localization attacks , 2012, CCS.

[45]  L. Cox Statistical Disclosure Limitation , 2006 .

[46]  D. Gática-Pérez,et al.  Towards rich mobile phone datasets: Lausanne data collection campaign , 2010 .

[47]  Andrew J. Viterbi,et al.  Error bounds for convolutional codes and an asymptotically optimum decoding algorithm , 1967, IEEE Trans. Inf. Theory.

[48]  Krzysztof Janowicz,et al.  On the semantic annotation of places in location-based social networks , 2011, KDD.

[49]  Leonidas J. Guibas,et al.  The Earth Mover's Distance as a Metric for Image Retrieval , 2000, International Journal of Computer Vision.

[50]  Bart Preneel,et al.  Taxonomy of Mixes and Dummy Traffic , 2004, International Information Security Workshops.

[51]  Catuscia Palamidessi,et al.  Optimal Geo-Indistinguishable Mechanisms for Location Privacy , 2014, CCS.

[52]  Yin Wang,et al.  Mining large-scale, sparse GPS traces for map inference: comparison of approaches , 2012, KDD.

[53]  Albert-László Barabási,et al.  Limits of Predictability in Human Mobility , 2010, Science.

[54]  Hua Lu,et al.  PAD: privacy-area aware, dummy-based location privacy in mobile services , 2008, MobiDE '08.

[55]  Sharon Goldberg,et al.  Calibrating Data to Sensitivity in Private Data Analysis , 2012, Proc. VLDB Endow..

[56]  Xinwen Fu,et al.  Protection of query privacy for continuous location based services , 2011, 2011 Proceedings IEEE INFOCOM.

[57]  Daniel Gatica-Perez,et al.  The Places of Our Lives: Visiting Patterns and Automatic Labeling from Longitudinal Smartphone Data , 2014, IEEE Transactions on Mobile Computing.

[58]  Xing Xie,et al.  Discovering regions of different functions in a city using human mobility and POIs , 2012, KDD.