Online Location Trace Privacy: An Information Theoretic Approach

We consider the problem of protecting individual user’s location privacy at the trace-level and study the privacy-utility trade-off, which has key applications in privacy-preserving location-based service. Existing works on Location Privacy Protection Mechanisms (LPPMs) have mainly focused on protecting single location, without taking into account the temporal correlations among locations within the trace, which can lead to higher privacy leakage when considering the whole trace. However, to date, there lacks a formal framework to quantify the trace-level location privacy leakage, and a practical mechanism to release location traces in an optimal and online manner. In this paper, we endeavor to solve this problem using an information-theoretic approach. We first propose a location trace privacy metric based on the mutual information between the original and released trace in an offline setting, and formulate the optimal location trace release problem that minimizes trace-level privacy leakage given a utility constraint. We also propose a privacy metric to capture trace-level privacy leakage in an online setting. As directly computing these metrics incur exponential complexity w.r.t. the trace length, we obtain upper and lower bounds on the trace-level privacy leakage by exploiting the Markov structure of the temporal location correlations, which are efficiently computable. The proposed upper bounds enable us to derive efficient online solutions (i.e., LPPMs) by modifying Blahut-Arimoto algorithm in rate-distortion theory. Then we validate the proposed upper and lower bounds and the actual leakage of our LPPM through extensive experiments over both synthetic and real-world location data sets. Our results show the superiority of our LPPM over existing LPPMs in terms of trace-level privacy-utility tradeoff, which is more conspicuous when the location trace is more correlated.

[1]  H. Vincent Poor,et al.  Utility-Privacy Tradeoffs in Databases: An Information-Theoretic Approach , 2011, IEEE Transactions on Information Forensics and Security.

[2]  Jure Leskovec,et al.  Friendship and mobility: user movement in location-based social networks , 2011, KDD.

[3]  Flávio du Pin Calmon,et al.  Privacy against statistical inference , 2012, 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[4]  Chi-Yin Chow,et al.  Trajectory privacy in location-based services and data publication , 2011, SKDD.

[5]  Nina Taft,et al.  How to hide the elephant- or the donkey- in the room: Practical privacy against statistical inference for large data , 2013, 2013 IEEE Global Conference on Signal and Information Processing.

[6]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[7]  Aravind Srinivasan,et al.  Modelling disease outbreaks in realistic urban social networks , 2004, Nature.

[8]  Xing Xie,et al.  GeoLife: A Collaborative Social Networking Service among User, Location and Trajectory , 2010, IEEE Data Eng. Bull..

[9]  Upkar Varshney,et al.  Challenges and business models for mobile location-based services and advertising , 2011, Commun. ACM.

[10]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[11]  Richard E. Blahut,et al.  Computation of channel capacity and rate-distortion functions , 1972, IEEE Trans. Inf. Theory.

[12]  Carmela Troncoso,et al.  Prolonging the Hide-and-Seek Game: Optimal Trajectory Privacy for Location-Based Services , 2014, WPES.

[13]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[14]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[15]  Sushil Jajodia,et al.  Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies , 2010, The VLDB Journal.

[16]  Carmela Troncoso,et al.  Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving Mechanisms , 2017, CCS.

[17]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[18]  Carmela Troncoso,et al.  Protecting location privacy: optimal strategy against localization attacks , 2012, CCS.

[19]  George Danezis,et al.  Quantifying Location Privacy: The Case of Sporadic Location Exposure , 2011, PETS.

[20]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[21]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[22]  Paul W. Cuff,et al.  Differential Privacy as a Mutual Information Constraint , 2016, CCS.

[23]  Suman Nath,et al.  MaskIt: privately releasing user context streams for personalized mobile applications , 2012, SIGMOD Conference.

[24]  Li Xiong,et al.  Protecting Locations with Differential Privacy under Temporal Correlations , 2014, CCS.

[25]  Richard T. Watson,et al.  Location-based services , 2008, CACM.

[26]  Takao Murakami,et al.  Expectation-Maximization Tensor Factorization for Practical Location Privacy Attacks , 2017, Proc. Priv. Enhancing Technol..

[27]  Chi-Yin Chow,et al.  Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments , 2011, GeoInformatica.

[28]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[29]  David K. Y. Yau,et al.  On Information-theoretic Measures for Quantifying Privacy Protection of Time-series Data , 2015, AsiaCCS.

[30]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[31]  Carmela Troncoso,et al.  Unraveling an old cloak: k-anonymity for location privacy , 2010, WPES '10.