Skip to main content
SpringerLink
Log in

Ensuring location diversity in privacy-preserving spatio-temporal data publishing

  • Regular Paper
  • Published:
The VLDB Journal Aims and scope Submit manuscript

Abstract

The rise of mobile technologies in the last decade has led to vast amounts of location information generated by individuals. From the knowledge discovery point of view, these data are quite valuable, but the inherent personal information in the data raises privacy concerns. There exists many algorithms in the literature to satisfy the privacy requirements of individuals, by generalizing, perturbing, and suppressing their data. Current techniques that try to ensure a level of indistinguishability between trajectories in a dataset are direct applications of \(k\)-anonymity, thus suffer from the shortcomings of \(k\)-anonymity such as the lack of diversity in sensitive regions. Moreover, these techniques fail to incorporate some common background knowledge, an adversary might have such as the underlying map, the traffic density, and the anonymization algorithm itself. We propose a new privacy metric \(p\)-confidentiality that ensures location diversity by bounding the probability of a user visiting a sensitive location with the \(p\) input parameter. We perform our probabilistic analysis based on the background knowledge of the adversary. Instead of grouping the trajectories, we anonymize the underlying map, that is, we group nodes (points of interest) to create obfuscation areas around sensitive locations. The groups are formed in such a way that the parts of trajectories entering the groups, coupled with the adversary background, do not increase the adversary’s belief in violating the \(p\)-confidentiality. We then use the map anonymization as a model to anonymize the trajectories. We prove that our algorithm is resistant to reverse-engineering attacks when the statistics required for map anonymization is publicly available. We empirically evaluate the performance of our algorithm and show that location diversity can be satisfied effectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. Where the data owner releases a complete trajectory dataset.

  2. http://www.openstreetmap.org

References

  1. Alvares, L.O., Bogorny, V., Kuijpers, B., de Macedo, J.A.F., Moelans, B., Vaisman, A.: A model for enriching trajectories with semantic geographical information. In: GIS ’07: Proceedings of the 15th Annual ACM International Symposium on Advances in Geographic Information Systems, pp. 1–8. ACM, New York, NY, USA (2007)

  2. Aris Gkoulalas-Divanis, V.S.V.: A free terrain model for trajectory k-anonymity. In: DEXA’08: 19th International Conference on Database and Expert Systems Applications, pp. 49–56 (2008)

  3. Assam, R., Hassani, M., Seidl, T.: Differential private trajectory protection of moving objects. In: Proceedings of the Third ACM SIGSPATIAL International Workshop on GeoStreaming, IWGS ’12, pp. 68–77. ACM, New York, NY, USA (2012)

  4. Baglioni, M., Macedo, J., Renso, C., Wachowicz, M.: An ontology-based approach for the semantic modelling and reasoning on trajectories. In Proceedings of the ER 2008 Workshops (CMLSA, ECDM, FP-UML, M2AS, RIGiM, SeCoGIS, WISM) on Advances in Conceptual Modeling: Challenges and Opportunities, ER ’08, pp. 344–353. Springer, Berlin, Heidelberg (2008)

  5. Bayardo, R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: ICDE’05: Proceedings of the 21st International Conference on Data Engineering, pp. 217–228. IEEE, Computer Society, Washington, DC, USA (2005)

  6. Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Comput. 2(1), 46–55 (2003)

    Article  Google Scholar 

  7. Bettini, C., Wang, X.S., Jajodia, S.: Protecting privacy against location-based personal identification. In: Secure Data Management, pp. 185–199 (2005)

  8. Bonchi, F., Abul, O., Nanni, M.: Never walk alone: uncertainty for anonymity in moving objects databases. In: ICDE’08: Proceedings of the 24th International Conference on Data Engineering Cancun, Mexico, April 7 (2008)

  9. Bonchi, F., Lakshmanan, L.V., Wang, H.W. : Trajectory anonymity in publishing personal mobility data. SIGKDD Explor. Newsl. 13(1) (2011)

  10. Brinkhoff, T.: Generating network-based moving objects. In: SSDBM ’00: Proceedings of the 12th International Conference on Scientific and Statistical Database Management, p. 253. Springer, Berlin, Heidelberg (2000)

  11. Chen, B.-C., LeFevre, K., Ramakrishnan, R.: Privacy skyline: privacy with multidimensional adversarial knowledge. In: VLDB’07: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 770–781. VLDB Endowment (2007)

  12. Chen, R., Fung, B.C., Desai, B.C., Sossou, N.M.: Differentially private transit data publication: a case study on the montreal transportation system. In: Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining KDD ’12, pp. 213–221. ACM, New York, NY, USA (2012)

  13. Chen, R., Mohammed, N., Fung, B.C.M., Desai, B.C., Xiong, L.: Publishing set-valued data via differential privacy. PVLDB, pp. 1087–1098 (2011)

  14. Ciriani, V., di Vimercati, S.D.C., Foresti, S., Samarati, P.: k-anonymity. In: Secure Data Management in Decentralized Systems, pp. 323–353 (2007)

  15. Cormode, G., Procopiuc, C., Srivastava, D., Shen, E., Yu, T.: Differentially private spatial decompositions. In: Proceedings of the 2012 IEEE 28th International Conference on Data Engineering, ICDE ’12, pp. 20–31. IEEE Computer Society, Washington, DC, USA (2012)

  16. Du, W., Teng, Z., Zhu, Z.: Privacy-MaxEnt: integrating background knowledge in privacy quantification. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, pp. 459–472. Vancouver, BC, Canada, June 9–12 (2008)

  17. Dwork, C.: Differential privacy. In: ICALP: Proceedings of the 33rd International Colloquium on Automata, Languages and Programming, pp. 1–12. Springer (2006)

  18. Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42(4), 1–53 (2010)

    Article  Google Scholar 

  19. Fung, B.C.M., Wang, K., Yu, P.S.: Top-down specialization for information and privacy preservation. In ICDE’05: Proceedings of the 21st International Conference on Data Engineering, pp. 205–216. IEEE Computer Society, Washington, DC, USA (2005)

  20. Gedik, B., Liu, L.: Location privacy in mobile systems: a personalized anonymization model. In: ICDCS’05: The 25th International Conference on Distributed, Computing Systems (2005)

  21. Ghinita, G., Damiani, M.L., Bertino, E., Silvestri, C.: Interactive location cloaking with the probe obfuscator. In: Mobile Data Management, pp. 355–356 (2009)

  22. Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: VLDB’07: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 758–769. VLDB Endowment (2007)

  23. Golle, P.: Revisiting the uniqueness of simple demographics in the us population. In: WPES ’06: Proceedings of the 5th ACM Workshop on Privacy in Electronic Society, pp. 77–80. ACM, New York, NY, USA (2006)

  24. Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st International Conference on Mobile Systems, Applications, and Services (2003)

  25. Gruteser, M., Liu, X.: Protecting privacy in continuous location-tracking applications. IEEE Secur. Priv. 02(2), 28–34 (2004)

    Article  Google Scholar 

  26. Guc, B., May, M., Saygin, Y., Korner, C.: Semantic annotation of gps trajectories. In: The 13th AGILE International Conference on Geographic Information Science (2008)

  27. Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Preserving privacy in GPS traces via density-aware path cloaking. In: CCS: ACM Conference on Computer and Communications Security VA, USA, Oct 29 (2007)

  28. Hu, H., Xu, J., On, S.T., Du, J., Ng, J.K.-Y.: Privacy-aware location data publishing. ACM Trans. Database Syst. 35(3), 18:1–18:42 (2010)

    Google Scholar 

  29. Hundepool, A., Willenborg, L.: \(\mu \) and t-argus: software for statistical disclosure control. In: Third International Seminar on Statistical Confidentiality (1996)

  30. Iyengar, V.S.: Transforming data to satisfy privacy constraints. In: KDD’02: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 279–288. ACM, New York, NY, USA (2002)

  31. Krishnamachari, B., Ghinita, G., Kalnis, P.: Privacy-preserving publication of user locations in the proximity of sensitive sites. In: SSDBM ’08: Proceedings of the 20th International Conference on Scientific and Statistical Database Management, pp. 95–113. Springer, Berlin, Heidelberg (2008)

  32. LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: efficient full-domain k-anonymity. In: SIGMOD’05: Proceedings of the 2005 ACM SIGMOD International Conference on Management of Data, pp. 49–60. ACM, New York, NY, USA (2005)

  33. LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: ICDE’06: Proceedings of the 22nd International Conference on Data Engineering, pp. 25–35. Atlanta, GA, April 3–7 (2006)

  34. Li, N., Li, T.: t-closeness: privacy beyond k-anonymity and l-diversity. In: ICDE’07: Proceedings of the 23nd International Conference on Data Engineering Istanbul, Turkey, April 16–20 (2007)

  35. Li, T., Li, N., Zhang, J.: Modeling and integrating background knowledge in data anonymization. In: International Conference on Data Engineering, pp. 6–17 (2009)

  36. Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: \(\ell \)-diversity: privacy beyond \(k\)-anonymity. In: ICDE’06: Proceedings of the 22nd IEEE International Conference on Data Engineering, Atlanta Georgia, April (2006)

  37. Martin, D.J., Kifer, D., Machanavajjhala, A., Gehrke, J., Halpern, J.Y.: Worst-case background knowledge for privacy-preserving data publishing. In: ICDE’07: Proceedings of the 23rd International Conference on Data Engineering Istanbul, Turkey, April 16–20 (2007)

  38. Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In PODS’04: Proceedings of the 23rd SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp. 223–228. ACM, New York, NY, USA (2004)

  39. Nergiz, M.E., Atzori, M., Saygin, Y., Guc, B.: Towards trajectory anonymization: a generalization-based approach. Trans. Data Priv. 2(1), 47–75 (2009)

    Google Scholar 

  40. Nergiz, M.E., Clifton, C.: Thoughts on k-anonymization. Data Knowl. Eng. 63(3), 622–645 (2007)

    Article  Google Scholar 

  41. Nergiz, M.E., Clifton, C.: \(\delta \)-presence without complete world knowledge. IEEE Trans. Knowl. Data Eng. (2009)

  42. Nergiz, M.E., Tamersoy, A., Saygin, Y.: Instant anonymization. ACM Trans. Database Syst. 36(1), 21–233 (2011)

    Article  Google Scholar 

  43. Qardaji, W.H., Yang, W., Li, N.: Differentially private grids for geospatial data. CoRR abs/1209.1322 (2012)

  44. Samarati, P.: Protecting respondent’s identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)

    Article  Google Scholar 

  45. Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information (abstract). In: PODS ’98: Proceedings of the Seventeenth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, pp. 188. ACM, New York, NY, USA (1998)

  46. Spaccapietra, S., Parent, C., Damiani, M.L., de Macedo, J.A., Porto, F., Vangenot, C.: A conceptual view on trajectories. Data Knowl. Eng. 65(1), 126–146 (2008)

    Article  Google Scholar 

  47. Sweeney, L.: Uniqueness of simple demographics in the US population (2000)

  48. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 10(5), 557–570 (2002)

    Google Scholar 

  49. Terrovitis, M., Mamoulis, N.: Privacy preservation in the publication of trajectories. In: MDM’08: Proceedings of the Ninth International Conference on Mobile Data Management, pp. 65–72. IEEE Computer Society, Washington, DC, USA (2008)

  50. Truta, T.M., Vinay, B.: Privacy protection: p-sensitive k-anonymity property. In: ICDEW ’06: Proceedings of the 22nd International Conference on Data Engineering Workshops, p. 94. IEEE Computer Society, Washington, DC, USA (2006)

  51. Wong, R.C.-W., Fu, A.W.-C., Wang, K., Pei, J.: Minimality attack in privacy preserving data publishing. In: VLDB’07: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 543–554. VLDB Endowment (2007)

  52. Wong, R.C.-W., Li, J., Fu, A.W.-C., Wang, K.: (\(\alpha \), k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing. In: KDD’06: Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 754–759. ACM, New York, NY, USA (2006)

  53. Xiao, X., Tao, Y.: Anatomy: simple and effective privacy preservation. In: VLDB’06: Proceedings of 32nd International Conference on Very Large Data Bases, Seoul, Korea, September 12–15 (2006)

  54. Yan, Z.: Towards semantic trajectory data analysis: a conceptual and computational approach. In: VLDB PhD, Workshop (2009)

  55. Zhang, L., Jajodia, S., Brodsky, A.: Information disclosure under realistic assumptions: privacy versus optimality. In: CCS ’07: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 573–583. ACM, New York, NY, USA (2007)

  56. Zhang, Q., Koudas, N., Srivastava, D., Yu, T.: Aggregate query answering on anonymized tables. Data Engineering, 2007. ICDE 2007. IEEE 23rd International Conference on pages 116–125, April (2007)

Download references

Author information

Authors and Affiliations

  1. Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA , 15213, USA

    A. Ercument Cicek

  2. Zirve University Kizilhisar Campus, Gaziantep, Turkey

    Mehmet Ercan Nergiz

  3. Sabanci University Tuzla, 34956 , Istanbul, Turkey

    Yucel Saygin

Authors
  1. A. Ercument Cicek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehmet Ercan Nergiz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yucel Saygin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yucel Saygin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cicek, A.E., Nergiz, M.E. & Saygin, Y. Ensuring location diversity in privacy-preserving spatio-temporal data publishing. The VLDB Journal 23, 609–625 (2014). https://doi.org/10.1007/s00778-013-0342-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00778-013-0342-x

Keywords

Search

Navigation