1 / 46

Privacy -p reserving of Trajectory Data : A Survey

Privacy -p reserving of Trajectory Data : A Survey. Huo Zheng. OUTLINE. Motivating Applications Privacy -p reserving in Different Scenarios Conclusions & Future work. Motivating Applications. 1. Trajectory data publication & analysis. 2. LBS. 4 . Trajectory data outsourcing. 3. ITS.

hesper
Download Presentation

Privacy -p reserving of Trajectory Data : A Survey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy-preserving of Trajectory Data : A Survey HuoZheng

  2. OUTLINE • Motivating Applications • Privacy-preserving in Different Scenarios • Conclusions & Future work

  3. Motivating Applications • 1. Trajectory data publication & analysis • 2. • LBS • 4. • Trajectory data outsourcing • 3. • ITS

  4. OUTLINE • Motivating Applications • Privacy-preserving in Different Scenarios • Conclusions & Future work

  5. Solutions-overview

  6. Scenario #1 • Trajectory data publication & analysis • Trajectory data outsourcing • LBS • ITS

  7. Solutions #1 Overview • Protecting trajectory data privacy against attackers in the following aspects: • Protecting trajectory data to be identified by the adversary • Protecting sensitive location samples in trajectory data. • Attackers may have background knowledge to induce users’ information,For example, home and work place can help adversary to infer the trajectory’s owner • Protect data privacy while preserving the utility of data

  8. Dummies • Basic Idea • Increasing the number of possible trajectories from the adversaries’ perspective • Decreasing disclosure of the user trajectory • Method • Generate dummy trajectories as human behavior • Generate dummy trajectories with distances larger than a predefined distance deviation [You PALMS’07]

  9. Dummies (cont’) Source • Procedure • Set a disclosure rate • Generate dummies • Random • Trajectories with intersections • Rotate • Compute distance deviation destination [You PALMS’07]

  10. Pros and cons • Pros • Attackers can’t distinguish which trajectory is real user trajectory under a threshold which is given by users • Simple, easy to understand • Cons • High cost in storage, for example, to protect a single trajectory, you need to store several dummy trajectories, causing lower data utility. • High disclosure rate for adversaries with strong background knowledge [You PALMS’07]

  11. Suppress locations in trajectory data publication • Basic Idea • Suppress location samples in a trajectory database • Procedure • Decide which location to suppress • If the location sample is sensitive, suppress it. • If the location sample may reveal other information, suppress it. • Suppress the location when publishing data [Terrovitis MDM’08]

  12. Privacy preservation in the publication of trajectories • Motivation • Octopus RFID card is commonly used by HK residents to pay for their transportations, transactions at point-of-sale services; • If the Octopus company publish the data directly, it may cause privacy linkage, since other agencies may have partial knowledge of a same person. a1 a3 [Terrovitis MDM’08]

  13. An Example Suppress Compute distortion [Terrovitis MDM’08]

  14. Pros and Cons • Pros • Protecting moving objects’ privacy even the adversaries have partial knowledge • Easy to understand, low computation cost. • Cons • May cause serious information loss if suppressed too much location samples.

  15. Never Walk Alone • Motivation • Due to the imprecision of GPS devices, where its radius δ represents the possible location imprecision • Key Idea • Anonymize trajectories in a same time span under uncertaintyδ [AbulICDE’08]

  16. Never Walk Alone(cont’) • Key Methods • Preprocessing • Uniform trajectories in a same time span • Clustering • Greedy Clustering based on the Euclid distance • (K, δ)-anonymity • Space translation …… …… Time tn t1 …… …… y x [AbulICDE’08]

  17. Pros and cons • Pros • It exploits the inherent uncertainty of location in order to reduce the amount of distortion needed to anonymize data; • It is a simple, efficient and effective method. • Cons • It assumes a uniform uncertainty level, in some applications it is not suitable; • Due to the limitation of the uncertainty level, distortion grows rapidly when K is larger.

  18. Towards trajectory anonymity • Motivation • To improve the utility of the published data • Most data mining and statistical applications work on atomic trajectory • Procedure • Trajectory grouping • Logic cost metric • K-Anonymity • Reconstruction [NergizTDP’09]

  19. An Example Anonymizationtr* and tr3 Anonymizationtr* of tr1 and tr2 Randomly select points Complete Reconstruction [NergizTDP’09]

  20. Conclusions • Trajectory data privacy preserving in data publication has been widely studied. • Several methods are proposed in trajectory data privacy preserving, most of them come from privacy preserving in data publication. • Challenges lies in privacy preserving in high frequency sampling while providing high quality of data utility.

  21. Scenario #2 • Trajectory data mining • LBS • Trajectory data outsourcing • ITS

  22. Solutions #2 overview • Protecting trajectory data privacy against attackers in the following aspects • Protecting trajectory privacy against non-trustworthy LBS server • Protecting users’ privacy when acquiring LBS services, such as sending queries. • Protecting data privacy while providing high quality of services.

  23. Navigational path privacy protection Mr.Q is going to a psychiatrist , he may have some psychopathic ward • Motivation • Navigational path query is one of the most popular LBS, which determines a route from a source to a destination • Issuing path queries to some non-trustworthy service providers may pose privacy threats How to get to the psychiatrist from home? User queries Queries Results Service providers [Lee CIKM’09]

  24. Navigational path privacy protection(cont’) • Solutions • Landmark: replace both source and destination of a path query Q(s, t) to with other locations, thus resulting in another path query Q(s’, t’) • Cloaking: it may cloak both the source and destination into locations at the same street level, the result may be irrelevant. [Lee CIKM’09]

  25. Navigational path privacy protection(cont’) • Solutions • Obfuscate a path query by injecting some fake sources and destinations • Three methods • Independent obfuscate path query • Shared obfuscate path query • Anti-collusion path query S s Mr.Q ’s home Clinic T t [Lee CIKM’09]

  26. System overview Independent obfuscate query : Obfuscate one independent path queries by randomly inject fake locations S={sA, s1}, T={tA, t1, t2} Pb=1/2*3=1/6 Shared obfuscate query: Obfuscate two or more path together with injecting fake locations. S={sA, s1, sB}, T={tA, t1, t2, tB} Pb=1/3*4=1/12 Anti-collusion obfuscate query: Injecting more fake locations in order to get a low breach probability. S={sA, s1, s2, sB}, T={tA, t1, t2 t2, tB} Pbmin=1/4*5=1/20; Pbmax=1/2*3=1/6 [Lee CIKM’09]

  27. Pros and Cons • Pros • Developed a framework to obfuscate path queries in order to protect mobile users’ trajectory privacy • Mixing some fake sources and destinations greatly reduced the breach probability • Cons • Provide weak privacy protection when the adversary have strong background knowledge

  28. Cut-Enclose • Motivation • Overlapping of trajectory anonymity rectangles may cause location privacy linkage • Simply cut and enclose methods may cause privacy leakage in the joint of grids Time delay factor Problems with existing methods [ti-1,ti] [ti,ti+1] [ti+1,ti+2] Problems with simple cut-enclose [GidofalviMDM’07]

  29. Cut-Enclose(cont’) • Procedure • Users set privacy levels (individual privacy level/region sensitive level); • Separate 2D space into grids; • According to user specified individual privacy level (CRP /IRP)or region sensitive level(IIR), combine girds into partitions; • Anonymize trajectory piecesineach partition with time delay factor. Individual Regular Partitioning Individual Irregular Partitioning Anonymized trajectory Common Regular Partitioning [GidofalviMDM’07]

  30. Anonymity with historical data ? • Motivation • Existing cloaking methods highly depend on the network density ; • Existing methods are not suitable for time-series sequence • The cloaking box form a trajectory that may disclose a user’s trajectory. [Toby INFOCOM’08]

  31. Anonymity with historical data(cont’) • Cloaking K-1 additive trajectory • Liner: the cloaking result is considered as a new base trajectory T0 • 2. Quadratic: the selection of the new • trajectory is based on its distance • to T, not T0 • Procedure Clocking one additive trajectory 1. Select a pivot for each footprint; 2. Choose the one with the smallest MBC and index No. as the next pivot; 3. Until all trajectory points of the base trajectory is all anonymized. C4 C1 c2 C2 C3 c1 c4 c3 a8 a4 b7 a7 b4 b2 a2 a1 b1 a5 b5 a3 b3 a6 b6 T0 Ta Tb [Toby INFOCOM’08]

  32. Senario #3 • Trajectory data mining • LBS • Trajectory data outsourcing • ITS

  33. Privacy preserving traffic monitoring • Motivation • GPS-equipped vehicles send their location info to traffic monitoring center in a regular frequency • The location traces might reveal sensitive places that drivers have visited [Hoh MobiSys’08]

  34. Privacy preserving traffic monitoring(cont’) • Key Idea • Minimizing tracking time reduces the risk that an adversary can correlate an identity with sensitive locations • Method • A time-to-confusion level • An uncertainty level [Hoh MobiSys’08]

  35. Conclusions • Trajectory data privacy preserving in online applications are necessary, no dominant methods exists to solve this problem. • Challenges lies in the current trajectory privacy preserving without location privacy leakage while providing high quality of online services.

  36. Scenario #4 • Trajectory data mining • LBS • Trajectory data outsourcing • ITS

  37. Solutions #2 overview • Motivation • Cloud emerges as a new way of DaaS; • More and more agencies are moving their data to the cloud, they worried the privacy and security in the cloud; • Privacy protection in the cloud is necessary. Dark Cloud Green Cloud [XuProposal’10]

  38. Privacy Threats in the Cloud Data Owner • Users’ Query Privacy • Eg. Mr.Q want to protect his query against the Cloud, since his query is about mental disease • Data Privacy of the Data Owner • Mutual Privacy • Semi-honest model Data Cloud Query Results [XuProposal’10]

  39. Main Framework The Cloud decrypted Ec(E(i)) to get Ec(i), return it to the client. [XuProposal’10] Data Owner encrypts the database R and sends it to the Cloud Data Owner sends a shadow index E(I) and S-1() to the client, and sends E-1() to the Cloud for the following processing E(i) is retrieved locally and encrypts as Ec(E(i)), then sent back to the Cloud for decryption If it is a leaf node, decrypt it with S-1(), get the result. If it is not a leaf node, get the next i

  40. Research issue • Efficient Privacy-Preserving Query Processing Techniques • Challenges lie in those complex queries, especially queries that are based on distances. Typical examples likek-nearest neighbor (kNN) • Privacy-Aware Query Result Authentication Techniques • If the cloud is malicious or does not follow the protocol faithfully, there is a need for the client to authenticate the correctness of query results Cloud “Nearest Clinic” Results [XuProposal’10]

  41. OUTLINE • Motivating Applications • Privacy-preserving in different scenarios • Conclusions & Future work

  42. CONCLUSIONS • This survey discussed trajectory data privacy preservation techniques • For online trajectory data privacy preservation, service is centric, trade-off is between QoS and privacy preservation • For offline trajectory data privacy preservation, data is centric, trade-off is between data quality and privacy preservation • Most of the techniques deals with this problem in free space, and most of them are offline algorithms

  43. FUTURE WORK ○ Complete the survey in following aspects: Privacy preserving in time-series data. Privacy preserving in outsourcing data. …… ○ Trajectory data protection in online applications ● Trajectory data protection in data publication / data outsourcing ITS/LBS Trajectory data outsourcing

  44. References • G.Gidofalvi, X. Huang, and T. B. Pedersen. Privacy-Preserving Data Mining on Moving Object Trajectories, In proceedings of MDM’07, 2007 • J. Krumm. Inference attacks on location tracks. In Proceedings of the 5th International Conference on Pervasive Computing (Pervasive 2007), May 2007. • M. Terrovitis, and N. Mamoulis. Privacy Preserving in the Publication of Trajectories. In proceedings of MDM’08, 2008 • A.Gkoulalas-Divanis, V.S.Verykios. A Privacy-Aware Trajectory Tracking Query Engine. In proceedings of SIGKDD 2008. • MehmetEranNergiz, Maurizio Atzori, YucelSaygin, BarisGuc. Towards Trajectory Anonymization: a Generalization-Based Approach. IEEE Transactions on Data Privacy 2(2009) 47-75. • Tun-Hao You, Wen-ChihPeng, Wang-Chien Lee. Protecting Moving Trajectories with Dummies. In proceedings of PALMS 2007. • Kido H., Yanagisawa Y., Satoh T..An anonymous communication technique using dummies for location based services. In proceedings of ICPS 2005 • O. Abul, F. Bonchi, and M. Nanni. Never Walk Alone: Uncertainty for Anonymity in Moving Objects Databases. In proceeding of ICDE 2008. • G.Ghinita. Private Queries and Trajectory Anonymization: a Dual Perspective on Location Privacy. Transactions on Data Privacy 2009(3-19). • V. Rastogi, S. Nath. Differentially Private Aggregation of Distributed Time-Series with Transformation and Encryption. In proceedings of SIGMOD ’10, 2010. • T. Xu, Y. Cai. Exploring Historical Location Data for Anonymity Preservation in Location-based Services. In Proceedings of INFOCOM’08, 2008. • K. C. K. Lee, W. Lee, H.Va Leong, B.Zheng. Navigational Path Privacy Protection. In Proceedings of CIKM’09 2009.

  45. References(cont’) • A. Gkoulalas-Divanis, V.S. Verykios, M. F. Mokbel. Identifying Unsafe Routes for Network-Based Trajectory Privacy. In Proceedings of SPC’09. 2009 • O. Abul, M. Atzori, F. Bonchi, F. Giannotti. Hiding Sensitive Trajectory Patterns. In Proceedings of ICDMW’07, 2007. • M. Gruteser, X. Liu. Protecting Privacy in Continuous Location-Tracking Applications. In IEEE Security and Privacy, 2004. • X. Pan, X. Meng, J.Xu. Distortion-based Anonymity for Continuous Queries in Location-Based Mobile Services. In Proceedings of SIGGIS’09, 2009. • S.Mukherjee , Z. Chen, A. Gangopadhyay. A privacy-preserving technique for Euclidean distance-based mining algorithms using Fourier-related transforms. InVLDB Journal (2006) 15:293–315 • B. Hoh, M. Gruteser, H.Xiong, A. Alrabady. Preserving Privacy in GPS Traces via Uncertainty-Aware Path Cloaking. In proceedings of CCS’07, 2007

  46. Q&A Thanks for your time! I got your interests~

More Related