ABSTRACT
The increasing abundance of data about the trajectories of personal movement is opening up new opportunities for analyzing and mining human mobility, but new risks emerge since it opens new ways of intruding into personal privacy. Representing the personal movements as sequences of places visited by a person during her/his movements - semantic trajectory - poses even greater privacy threats w.r.t. raw geometric location data. In this paper we propose a privacy model defining the attack model of semantic trajectory linking, together with a privacy notion, called c-safety. This method provides an upper bound to the probability of inferring that a given person, observed in a sequence of nonsensitive places, has also stopped in any sensitive location. Coherently with the privacy model, we propose an algorithm for transforming any dataset of semantic trajectories into a c-safe one. We report a study on a real-life GPS trajectory dataset to show how our algorithm preserves interesting quality/utility measures of the original trajectories, such as sequential pattern mining results.
- O. Abul, F. Bonchi, and M. Nanni. Never walk alone: Uncertainty for anonymity in moving objects databases. In Int. Conf. on Data Engineering, 2008. Google ScholarDigital Library
- R. Agrawal and R. Srikant. Privacy-preserving data mining. In SIGMOD, pages 439--450. ACM, 2000. Google ScholarDigital Library
- L. O. Alvares, V. Bogorny, B. Kuijpers, J. A. F. de Macedo, B. Moelans, and A. Vaisman. A model for enriching trajectories with semantic geographical information. In ACM-GIS, 2007. Google ScholarDigital Library
- O. Abul, F. Bonchi, and F. Giannotti. Hiding Sequential and Spatio-temporal Patterns. The TKDE Journal, 2008. Google ScholarDigital Library
- V. Bogorny and M. Wachowicz. A Framework for Context-Aware Trajectory Data Mining. Data Mining for Business Applications, Springer, 2008.Google Scholar
- M. L. Damiani, E. Bertino, C. Silvestri. The PROBE Framework for the Personalized Cloaking of Private Locations. In TDP, 3:2 (2010) 91--121. Google ScholarDigital Library
- Gruber. T. R. (2008) Ontology. Entry in the Encyclopedia of Database Systems, Ling Liu and M. Tamer zsu (Eds.), Springer-Verlag.Google Scholar
- M. Gruteser and D. Grunwald. A methodological assessment of location privacy risks in wireless hotspot networks. In First Int. Conf. on Security in Pervasive Computing, 2003.Google Scholar
- Y. He and J. F. Naughton. Anonymization of Set-Valued Data via Top-Down, Local Generalization. In PVLDB, 2009. Google ScholarDigital Library
- N. Li, T. Li, and S. Venkatasubramanian. t-closeness: Privacy beyond k-anonymity and l-diversity. In Int. Conf. on Data Engineering. IEEE, 2007.Google ScholarCross Ref
- A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. In Int. Conference on Data Engineering. IEEE, 2006. Google ScholarDigital Library
- A. Meyerson and R. Williams. On the complexity of optimal k-anonymity. In PODS '04. ACM, 2004. Google ScholarDigital Library
- M. F. Mokbel, C. Chow, and W. G. Aref. The new casper: Query processing for location services without compromising privacy. In VLDB, 2006. Google ScholarDigital Library
- M. F. Mokbel, C. Chow, and W. G. Aref. The new casper: A privacy-aware location-based database server. In Int. Conference on Data Engineering, IEEE 2007.Google ScholarCross Ref
- A. Monreale, G. Andrienko, N. Andrienko, F. Giannotti, D. Pedreschi, S. Rinzivillo, S. Wrobel. Movement Data Anonymity through Generalization. Transactions on Data Privacy 3:2 (2010) pp. 91--121. Google ScholarDigital Library
- M. E. Nergiz, M. Atzori, and Y. Saygin. Perturbation-driven anonymization of trajectories. Technical Report 2007-TR-017, ISTI-CNR, Pisa, 2007.Google Scholar
- A. T. Palma, V. Bogorny, B. Kuijpers, and L. O. Alvares. A clustering-based approach for discovering interesting places in trajectories. In ACM-SAC, 2008. Google ScholarDigital Library
- R. G. Pensa, A. Monreale, F. Pinelli, and D. Pedreschi. Pattern-preserving k-anonymization of sequences and its application to mobility data mining. In Int. Workshop on Privacy in Location-Based Applications - PiLBA '08, 2008.Google Scholar
- P. Samarati and L. Sweeney. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report, SRI International, 1998.Google Scholar
- S. Spaccapietra, C. Parent M. L. Damiani, J. Macedo, F. Porto, C. Vangenot. A conceptual view on trajectories. DKE Journal 65(1): 126--146 (2008). Google ScholarDigital Library
- L. Sweeney. Uniqueness of Simple Demographics in the U.S. Population, LIDAPWP4. Carnegie Mellon University, Laboratory for International Data Privacy, 2000. The Identifiability of Data.Google Scholar
- M. Terrovitis and N. Mamoulis. Privacy preservation in the publication of trajectories. In Int. Conf. On Mobile Data Management, 2008. Google ScholarDigital Library
- A. Valls, C. Gómez-Alonso and V. Torra Generation of Prototypes for Masking Sequences of Events. In Int. Conf. on Availability, Reliability and Security, 2009.Google Scholar
- R. Yarovoy, F. Bonchi, L. V. S. Lakshmanan, and W. H. Wang. Anonymizing moving objects: how to hide a mob in a crowd? In EDBT, 2009. Google ScholarDigital Library
Index Terms
- Preserving privacy in semantic-rich trajectories of human mobility
Recommendations
Privacy-preserving data sharing in cloud computing
Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...
Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection
The massive amount of sensitive survey data about individuals that agencies collect and share through the Internet is causing a great deal of privacy concerns. These concerns may discourage individuals from revealing their sensitive information. ...
The cost of privacy: destruction of data-mining utility in anonymized data publishing
KDD '08: Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data miningRe-identification is a major privacy threat to public datasets containing individual records. Many privacy protection algorithms rely on generalization and suppression of "quasi-identifier" attributes such as ZIP code and birthdate. Their objective is ...
Comments