Matching Anonymized and Obfuscated Time Series to Users’ Profiles

Many popular applications use traces of user data to offer various services to their users. However, even if user data are anonymized and obfuscated, a user’s privacy can be compromised through the use of statistical matching techniques that match a user trace to prior user behavior. In this paper, we derive the theoretical bounds on the privacy of users in such a scenario. We build on our recent study in the area of location privacy, in which we introduced formal notions of location privacy for anonymization-based location privacy-protection mechanisms. Here, we derive the fundamental limits of user privacy when both anonymization and obfuscation-based protection mechanisms are applied to users’ time series of data. We investigate the impact of such mechanisms on the tradeoff between privacy protection and user utility. We first study achievability results for the case where the time-series of users are governed by an independent and identically distributed (i.i.d.) process. The converse results are proved both for the i.i.d. case as well as the more general Markov chain model. We demonstrate that as the number of users in the network grows, the obfuscation-anonymization plane can be divided into two regions: in the first region, all users have perfect privacy; and, in the second region, no user has privacy.

[1]  Frank Kargl,et al.  A location privacy metric for V2X communication systems , 2009, 2009 IEEE Sarnoff Symposium.

[2]  Hee-Dae Kim,et al.  An Advanced Cloaking Algorithm Using Hilbert Curves for Anonymous Location Based Service , 2010, 2010 IEEE Second International Conference on Social Computing.

[3]  Liviu Iftode,et al.  Privately querying location-based services with SybilQuery , 2009, UbiComp.

[4]  Jong Kim,et al.  Differential Privacy in Practice , 2013, J. Comput. Sci. Eng..

[5]  Lars Kulik,et al.  A Formal Model of Obfuscation and Negotiation for Location Privacy , 2005, Pervasive.

[6]  Ling Liu,et al.  MobiMix: Protecting location privacy with mix-zones over road networks , 2011, 2011 IEEE 27th International Conference on Data Engineering.

[7]  Cyrus Shahabi,et al.  Location privacy: going beyond K-anonymity, cloaking and anonymizers , 2011, Knowledge and Information Systems.

[8]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[9]  Munam Ali Shah,et al.  A novel model for preserving Location Privacy in Internet of Things , 2016, 2016 22nd International Conference on Automation and Computing (ICAC).

[10]  Dhiren R. Patel,et al.  Enhanced location privacy algorithm for wireless sensor network in Internet of Things , 2016, 2016 International Conference on Internet of Things and Applications (IOTA).

[11]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[12]  Reza Shokri,et al.  Optimal User-Centric Data Obfuscation , 2014 .

[13]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[14]  Hua Lu,et al.  PAD: privacy-area aware, dummy-based location privacy in mobile services , 2008, MobiDE '08.

[15]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[16]  Xiaohui Liang,et al.  Privacy Leakage of Location Sharing in Mobile Social Networks: Attacks and Defense , 2016, IEEE Transactions on Dependable and Secure Computing.

[17]  Hossein Pishro-Nik,et al.  Achieving perfect location privacy in Markov models using anonymization , 2016, 2016 International Symposium on Information Theory and Its Applications (ISITA).

[18]  Huirong Fu,et al.  Evaluating Location Privacy in Vehicular Communications and Applications , 2016, IEEE Transactions on Intelligent Transportation Systems.

[19]  Lars Kulik,et al.  A Spatiotemporal Model of Strategies and Counter Strategies for Location Privacy Protection , 2006, GIScience.

[20]  Soma Bandyopadhyay,et al.  IoT-Privacy: To be private or not to be private , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[21]  Frank Dürr,et al.  A classification of location privacy attacks and approaches , 2012, Personal and Ubiquitous Computing.

[22]  Catuscia Palamidessi,et al.  Geo-indistinguishability: A Principled Approach to Location Privacy , 2015, ICDCIT.

[23]  Rinku Dewri,et al.  Exploiting Service Similarity for Privacy in Location-Based Search Queries , 2014, IEEE Transactions on Parallel and Distributed Systems.

[24]  Vincent Y. F. Tan,et al.  Hypothesis testing in the high privacy limit , 2016, 2016 54th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[25]  Catuscia Palamidessi,et al.  Optimal Geo-Indistinguishable Mechanisms for Location Privacy , 2014, CCS.

[26]  Roksana Boreli,et al.  Network-level security and privacy control for smart-home IoT devices , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[27]  Chi-Yin Chow,et al.  Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments , 2011, GeoInformatica.

[28]  Xin Mingjun,et al.  A Distributed Spatial Cloaking Protocol for Location Privacy , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[29]  Darakhshan J. Mir Information-Theoretic Foundations of Differential Privacy , 2012, FPS.

[30]  Martin Vetterli,et al.  Where You Are Is Who You Are: User Identification by Matching Statistics , 2015, IEEE Transactions on Information Forensics and Security.

[31]  Marco Gruteser,et al.  Protecting Location Privacy Through Path Confusion , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[32]  Panagiotis Papadimitratos,et al.  Ieee Transactions on Dependable and Secure Computing, Special Issue on " Security and Privacy in Mobile Platforms " , 2014 Hiding in the Mobile Crowd: Location Privacy through Collaboration , 2022 .

[33]  Hossein Pishro-Nik,et al.  Defining perfect location privacy using anonymization , 2016, 2016 Annual Conference on Information Science and Systems (CISS).

[34]  Hossein Pishro-Nik,et al.  Achieving Perfect Location Privacy in Wireless Devices Using Anonymization , 2016, IEEE Transactions on Information Forensics and Security.

[35]  Ashwin Machanavajjhala,et al.  Privacy: Theory meets Practice on the Map , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[36]  Athanasios V. Vasilakos,et al.  The Quest for Privacy in the Internet of Things , 2016, IEEE Cloud Computing.

[37]  Urs Hengartner,et al.  A distributed k-anonymity protocol for location privacy , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[38]  Dennis Goeckel,et al.  Limits of location privacy under anonymization and obfuscation , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[39]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[40]  Robin Kravets,et al.  Security and Privacy in Public IoT Spaces , 2016, 2016 25th International Conference on Computer Communication and Networks (ICCCN).

[41]  Marco Gruteser,et al.  USENIX Association , 1992 .

[42]  Hirosuke Yamamoto,et al.  A source coding problem for sources with additional outputs to keep secret from the receiver or wiretappers , 1983, IEEE Trans. Inf. Theory.

[43]  Donald F. Towsley,et al.  Towards provably invisible network flow fingerprints , 2017, 2017 51st Asilomar Conference on Signals, Systems, and Computers.

[44]  V. Tan,et al.  Hypothesis testing under maximal leakage privacy constraints , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[45]  Rinku Dewri,et al.  Local Differential Perturbations: Location Privacy under Approximate Knowledge Attackers , 2013, IEEE Transactions on Mobile Computing.

[46]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[47]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[48]  Reza Shokri,et al.  On the Optimal Placement of Mix Zones , 2009, Privacy Enhancing Technologies.

[49]  Dennis Goeckel,et al.  Fundamental limits of location privacy using anonymization , 2017, 2017 51st Annual Conference on Information Sciences and Systems (CISS).

[50]  George Danezis,et al.  Quantifying Location Privacy: The Case of Sporadic Location Exposure , 2011, PETS.

[51]  Panos Kalnis,et al.  Location Diversity: Enhanced Privacy Protection in Location Based Services , 2009, LoCA.

[52]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[53]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[54]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[55]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.

[56]  H. Vincent Poor,et al.  Utility-Privacy Tradeoffs in Databases: An Information-Theoretic Approach , 2011, IEEE Transactions on Information Forensics and Security.

[57]  S. Hyrynsalmi,et al.  Security in the Internet of Things through obfuscation and diversification , 2015, 2015 International Conference on Computing, Communication and Security (ICCCS).

[58]  Jayakrishnan Unnikrishnan,et al.  Asymptotically Optimal Matching of Multiple Sequences to Source Distributions and Training Sequences , 2014, IEEE Transactions on Information Theory.

[59]  Yuan Zhang,et al.  On Designing Satisfaction-Ratio-Aware Truthful Incentive Mechanisms for $k$ -Anonymity Location Privacy , 2016, IEEE Transactions on Information Forensics and Security.

[60]  Qiaoyan Wen,et al.  Preserving Sensor Location Privacy in Internet of Things , 2012, 2012 Fourth International Conference on Computational and Information Sciences.

[61]  Sule Yildirim Yayilgan,et al.  Security and Privacy Considerations for IoT Application on Smart Grids: Survey and Research Challenges , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW).

[62]  X. S. Wang,et al.  Preserving Anonymity in Location-based Services When Requests from the Same Issuer May Be Correlated , 2007 .

[63]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[64]  Maxim Raya,et al.  Mix-Zones for Location Privacy in Vehicular Networks , 2007 .

[65]  Chris Clifton,et al.  Differential identifiability , 2012, KDD.

[66]  Nina Taft,et al.  How to hide the elephant- or the donkey- in the room: Practical privacy against statistical inference for large data , 2013, 2013 IEEE Global Conference on Signal and Information Processing.

[67]  Soma Bandyopadhyay,et al.  Privacy for IoT: Involuntary privacy enablement for smart energy systems , 2015, 2015 IEEE International Conference on Communications (ICC).

[68]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[69]  Oliver Kosut,et al.  Information-Theoretic Privacy with General Distortion Constraints , 2017, ArXiv.

[70]  Catuscia Palamidessi,et al.  Broadening the Scope of Differential Privacy Using Metrics , 2013, Privacy Enhancing Technologies.

[71]  Xuejun Zhang,et al.  Privacy Quantification Model Based on the Bayes Conditional Risk in Location-Based Services , 2014 .

[72]  Mohamed Jamal Zemerly,et al.  Security and privacy framework for ubiquitous healthcare IoT devices , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[73]  Philippe Golle,et al.  Faking contextual data for fun, profit, and privacy , 2009, WPES '09.

[74]  Muriel Médard,et al.  Fundamental limits of perfect privacy , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[75]  Yuguang Fang,et al.  A game-theoretic approach for achieving k-anonymity in Location Based Services , 2013, 2013 Proceedings IEEE INFOCOM.

[76]  Tetsuji Satoh,et al.  Protection of Location Privacy using Dummies for Location-based Services , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[77]  Alexander Barg,et al.  Optimal Schemes for Discrete Distribution Estimation Under Locally Differential Privacy , 2017, IEEE Transactions on Information Theory.

[78]  Ashish Khisti,et al.  Privacy-optimal strategies for smart metering systems with a rechargeable battery , 2015, 2016 American Control Conference (ACC).

[79]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[80]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[81]  Jean-Pierre Hubaux,et al.  Quantifying Interdependent Privacy Risks with Location Data , 2017, IEEE Transactions on Mobile Computing.

[82]  Carmela Troncoso,et al.  Protecting location privacy: optimal strategy against localization attacks , 2012, CCS.

[83]  Tetsuji Satoh,et al.  An anonymous communication technique using dummies for location-based services , 2005, ICPS '05. Proceedings. International Conference on Pervasive Services, 2005..

[84]  Oliver Kosut,et al.  On information-theoretic privacy with general distortion cost functions , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[85]  Calton Pu,et al.  Dynamic Differential Location Privacy with Personalized Error Bounds , 2017, NDSS.

[86]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[87]  Anand D. Sarwate,et al.  Robust Privacy-Utility Tradeoffs Under Differential Privacy and Hamming Distortion , 2016, IEEE Transactions on Information Forensics and Security.