Preserving privacy in gps traces via uncertainty-aware path cloaking

Motivated by a probe-vehicle based automotive traffic monitoring system, this paper considers the problem of guaranteed anonymity in a dataset of location traces while maintaining high data accuracy. We find through analysis of a set of GPS traces from 233 vehicles that known privacy algorithms cannot meet accuracy requirements or fail to provide privacy guarantees for drivers in low-density areas. To overcome these challenges, we develop a novel time-to-confusion criterion to characterize privacy in a location dataset and propose an uncertainty-aware path cloaking algorithm that hides location samples in a dataset to provide a time-to-confusion guarantee for all vehicles. We show that this approach effectively guarantees worst case tracking bounds, while achieving significant data accuracy improvements.

[1]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[2]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[3]  Wade Trappe,et al.  Enhancing Source-Location Privacy in Sensor Network Routing , 2005, ICDCS.

[4]  Marco Gruteser,et al.  Protecting Location Privacy Through Path Confusion , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[5]  Radha Poovendran,et al.  Swing & swap: user-centric approaches towards maximizing location privacy , 2006, WPES '06.

[6]  Marco Gruteser,et al.  Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative Analysis , 2005, Mob. Networks Appl..

[7]  James Fogarty,et al.  Putting people in their place: an anonymous and privacy-sensitive approach to collecting sensed data in location-based applications , 2006, CHI.

[8]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[9]  Martin A. Ferman,et al.  A simple analytical model of a probe-based traffic information system , 2003, Proceedings of the 2003 IEEE International Conference on Intelligent Transportation Systems.

[10]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[11]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[12]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[13]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[14]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[15]  Shivakant Mishra,et al.  Countermeasures Against Traffic Analysis Attacks in Wireless Sensor Networks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[16]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[17]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[18]  Randall Cayford,et al.  OPERATIONAL PARAMETERS AFFECTING THE USE OF ANONYMOUS CELL PHONE TRACKING FOR GENERATING TRAFFIC INFORMATION , 2003 .

[19]  Qi Wang,et al.  Random-data perturbation techniques and privacy-preserving data mining , 2005, Knowledge and Information Systems.

[20]  Hannes Federrath,et al.  MIXes in Mobile Communication Systems: Location Management with Privacy , 1996, Information Hiding.

[21]  Christian S. Jensen,et al.  Techniques for efficient road-network-based tracking of moving objects , 2005, IEEE Transactions on Knowledge and Data Engineering.

[22]  R. Poovendran,et al.  CARAVAN: Providing Location Privacy for VANET , 2005 .

[23]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[24]  Helen J. Wang,et al.  Preserving location privacy in wireless lans , 2007, MobiSys '07.

[25]  Martin A. Ferman,et al.  A simulation evaluation of a real-time traffic information system using probe vehicles , 2003, Proceedings of the 2003 IEEE International Conference on Intelligent Transportation Systems.

[26]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[27]  Vijayalakshmi Atluri,et al.  An authorization model for temporal data , 2000, CCS.

[28]  Charu C. Aggarwal,et al.  On the design and quantification of privacy preserving data mining algorithms , 2001, PODS.

[29]  Yang Zhang,et al.  CarTel: a distributed mobile sensor computing system , 2006, SenSys '06.

[30]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[31]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[32]  Vijayalakshmi Atluri,et al.  Preserving mobile customer privacy: an access control system for moving objects and customer profiles , 2005, MDM '05.

[33]  Hui Xiong,et al.  Enhancing Security and Privacy in Traffic-Monitoring Systems , 2006, IEEE Pervasive Computing.

[34]  Eric Horvitz,et al.  Predestination: Inferring Destinations from Partial Trajectories , 2006, UbiComp.

[35]  Marco Gruteser,et al.  USENIX Association , 1992 .

[36]  Alberto Escudero-Pascual,et al.  Privacy for Location Data in mobile networks , 2002 .

[37]  Einar Snekkenes,et al.  Concepts for personal location privacy policies , 2001, EC '01.

[38]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.

[39]  Marco Gruteser,et al.  On the Anonymity of Periodic Location Samples , 2005, SPC.

[40]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[41]  I. M. Jacobs,et al.  Principles of Communications Engineering , 1966 .

[42]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[43]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..