Protecting Locations with Differential Privacy under Temporal Correlations

  title={Protecting Locations with Differential Privacy under Temporal Correlations},
  author={Yonghui Xiao and Li Xiong},
  journal={Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security},
  • Yonghui XiaoLi Xiong
  • Published 21 October 2014
  • Computer Science
  • Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Concerns on location privacy frequently arise with the rapid development of GPS enabled devices and location-based applications. While spatial transformation techniques such as location perturbation or generalization have been studied extensively, most techniques rely on syntactic privacy models without rigorous privacy guarantee. Many of them only consider static scenarios or perturb the location at single timestamps without considering temporal correlations of a moving user's locations, and… 

Figures and Tables from this paper

Multi-User Location Correlation Protection with Differential Privacy

This paper proposes a novel definition, private candidate sets which are obtained by hidden Markov models, and presents a private trajectory releasing mechanism which can preserve the location correlations among users who move under hiddenMarkov models in a period of time.

Dynamic Differential Location Privacy with Personalized Error Bounds

It is argued that geo-indistinguishability and expected inference error are two complementary notions for location privacy, and the PIVE approach effectively guarantees the two privacy notions simultaneously and outperforms the existing mechanisms in terms of adaptive privacy protection in presence of skewed locations and computation efficiency.

Protecting Privacy-Sensitive Locations in Trajectories with Correlated Positions

Under the constraint of the total noise power, the problem of obfuscating a location in a temporal and spatial correlated trajectory is formulated as finding the best noise allocation vector which can achieve the highest privacy level.

Quantifying Location Privacy Risks Under Heterogeneous Correlations

QUAD is presented, a framework for quantifying location privacy risks under heterogeneous correlations that can capture more privacy risks than competitors, and the risks can be dramatically reduced by the defense mechanism embedded with the quantified privacy risks.

A new γ ‐map mechanism for mobility traces privacy

A new γ ‐map mechanism to help users better understand the privacy/accuracy tradeoff process and preserve location data and a new notion of εΔt ‐privacy based on differential privacy to account for the temporal‐spatial correlation and history correlation in the case of crossing region, which is the major privacy concern of a moving user's trace.

Customizable and Rigorous Location Privacy through Policy Graph

This work formalizes a user's location privacy requirements using a location policy graph, which is expressive and customizable, and designs a private location trace release framework that pipelines the detection of location exposure, policy graph repair, and private trajectory release with customizable and rigorous location privacy.

Locally differentially private continuous location sharing with randomized response

A novel definition of ( ε , δ ) -local differential privacy is introduced to capture the temporal correlations between locations and a generalized randomized response mechanism is presented to achieve ( δ, δ) - local differential privacy for location privacy preservation.

A Geo-Indistinguishable Location Perturbation Mechanism for Location-Based Services Supporting Frequent Queries

The privacy protection for LBSs is enhanced by proposing an improved geo-indistinguishable mechanism that can reduce the privacy costs to almost 0 when the user’s location satisfies a condition, and an improvement to further reduce thePrivacy costs when the above condition is not satisfied.

Utility-Aware Synthesis of Differentially Private and Attack-Resilient Location Traces

It is argued that privacy-preserving synthesis of complete location traces can be an effective solution to this problem, and AdaTrace, a scalable location trace synthesizer with three novel features: provable statistical privacy, deterministic attack resilience, and strong utility preservation is presented.

Online Location Trace Privacy: An Information Theoretic Approach

The results show the superiority of the information-theoretic LPPM over existing LPPMs in terms of trace-level privacy-utility tradeoff, which is more conspicuous when the location trace is more correlated.



Privacy for Location-based Services

An overview of the state-of-the-art in location privacy protection is provided, including methods that use location generalization, cryptographic techniques or differential privacy, and promising directions for future work are identified.

Geo-indistinguishability: differential privacy for location-based systems

The growing popularity of location-based systems, allowing unknown/untrusted servers to easily collect huge amounts of information regarding users' location, has recently started raising serious

Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms

A scalable architecture for protecting the location privacy from various privacy threats resulting from uncontrolled usage of LBSs is described, including the development of a personalized location anonymization model and a suite of location perturbation algorithms.

Quantifying Location Privacy

This paper provides a formal framework for the analysis of LPPMs, it captures the prior information that might be available to the attacker, and various attacks that he can perform, and clarifies the difference between three aspects of the adversary's inference attacks, namely their accuracy, certainty, and correctness.

Preserving User Location Privacy in Mobile Data Management Infrastructures

A data model to augment uncertainty to location data is suggested, and imprecise queries that hide the location of the query issuer and yields probabilistic results are proposed that investigate the evaluation and quality aspects for a range query.

Differential privacy with δ-neighbourhood for spatial and dynamic datasets

This paper attempts to exploit the intuition that farther-apart entities should have lesser influences to each other, and thus more privacy budget should be invested to protect close-by entities, and proposes embedding the underlying spatial or temporal distance function into the notion of dataset neighbourhood.

Nearest neighbor search with strong location privacy

This paper focuses on k nearest neighbor (kNN) queries and defines the notion of strong location privacy, which renders a query indistinguishable from any location in the data space, and argues that previous work fails to support this property for arbitrary kNN search.

On the Anonymity of Home/Work Location Pairs

If the approximate locations of an individual's home and workplace can both be deduced from a location trace, then the median size of the individual's anonymity set in the U.S. working population is 1, 21 and 34,980.

Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking

A middleware architecture and algorithms that can be used by a centralized location broker service that adjusts the resolution of location information along spatial or temporal dimensions to meet specified anonymity constraints based on the entities who may be using location services within a given area.

A survey of computational location privacy

  • John Krumm
  • Computer Science
    Personal and Ubiquitous Computing
  • 2008
This is a literature survey of computational location privacy, meaning computation-based privacy mechanisms that treat location data as geometric information. This definition includes