ABSTRACT
Trajectory datasets are becoming more and more popular due to the massive usage of GPS and other location-based devices and services. In this paper, we address privacy issues regarding the identification of individuals in static trajectory datasets. We provide privacy protection by definig trajectory k-anonymity, meaning every released information refers to at least k users/trajectories. We propose a novel generalization-based approach that applies to trajectories and sequences in general. We also suggest the use of a simple random reconstruction of the original dataset from the anonymization, to overcome possible drawbacks of generalization approaches.
We present a utility metric that maximizes the probability of a good representation and propose trajectory anonymization techniques to address time and space sensitive applications. The experimental results over synthetic trajectory datasets show the effectiveness of the proposed approach.
- C. C. Aggarwal and P. S. Yu. A condensation approach to privacy preserving data mining. In EDBT'04, pages 183--199, Heraklion, Crete, Greece, Mar. 14 2004.Google ScholarCross Ref
- G. Agrawal, T. Feder, K. Kenthapadi, S. Khuller, R. Panigrahy, D. Thomas, and A. Zhu. Achieving anonymity via clustering. In PODS '06: Proc. of the 25th ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 153--162, Chicago, IL, USA, June 26-28 2006. Google ScholarDigital Library
- V. S. V. Aris Gkoulalas-Divanis. A free terrain model for trajectory k-anonymity. In 19th International Conference on Database and Expert Systems Applications - DEXA '08, pages 49--56, 2008. Google ScholarDigital Library
- M. Atzori. Weak -anonymity: A low-distortion model for protecting privacy. In ISC, pages 60--71, 2006. Google ScholarDigital Library
- C. Bettini, X. S. Wang, and S. Jajodia. Protecting privacy against location-based personal identification. In Secure Data Management, pages 185--199, 2005. Google ScholarDigital Library
- F. Bonchi, O. Abul, and M. Nanni. Never walk alone: Uncertainty for anonymity in moving objects databases. In Proceedings of the 24nd International Conference on Data Engineering (ICDE '08), Cancun, Mexico, Apr. 7 2008. Google ScholarDigital Library
- J.-W. Byun, A. Kamra, E. Bertino, and N. Li. Efficient k-anonymization using clustering techniques. In (DASFAAŠ07), Apr. 2007. Google ScholarDigital Library
- J.-W. Byun, Y. Sohn, E. Bertino, and N. Li. Secure anonymization for incremental datasets. In Third VLDB Workshop on Secure Data Management (SDM'06), Seoul, Korea, Sept. 18 2006. Google ScholarDigital Library
- L. Chen and R. Ng. The marriage of lp-norms and edit distance, 2004.Google Scholar
- R. Cheng, Y. Zhang, E. Bertino, and S. Prabhakar. Preserving user location privacy in mobile data management infrastructures. In 6th Workshop Privacy Enhancing Technology Workshop, pages 393--412. Springer, 2006. Google ScholarDigital Library
- M. Diomo and S. Ayman. Potential use of gps data for calibrating travel demand models. In 10th National Conference on Transportation Planning for Small and Medium-Sized Communities, Nashville Tennessee, USA, Sept. 13-15 2006.Google Scholar
- J. Domingo-Ferrer and V. Torra. Ordinal, continuous and heterogeneous k-anonymity through microaggregation. Data Min. Knowl. Discov., 11(2):195--212, 2005. Google ScholarDigital Library
- M. Duckham and L. Kulik. A formal model of obfuscation and negotiation for location privacy. In Pervasive, pages 152--170, 2005. Google ScholarDigital Library
- European Parliament. Directive 95/46/ec. http://www.cdt.org/privacy/eudirective/EU_Directive_.html, 1995.Google Scholar
- European Parliament. Regulation (ec) no 45/2001. http://ec.europa.eu/justice_home/fsj/privacy/docs/application/286_en.pdf, Dec. 18 2000.Google Scholar
- B. Gedik and L. Liu. Location privacy in mobile systems: A personalized anonymization model. In The 25th International Conference on Distributed Computing Systems (ICDCS'05), 2005. Google ScholarDigital Library
- G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan. Private queries in location based services: anonymizers are not necessary. In SIGMOD '08: Proceedings of the 2008 ACM SIGMOD international conference on Management of data, pages 121--132, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In Proceedings of the 1st International Conference on Mobile Systems, Applications, and Services, 2003. Google ScholarDigital Library
- M. Gruteser and X. Liu. Protecting privacy in continuous location-tracking applications. IEEE Security and Privacy, 02(2):28--34, 2004. Google ScholarDigital Library
- D. Gusfield. Efficient methods for multiple sequence alignment with guaranteed error bounds. In Bull. Math. Biol., pages 141--154, 1993.Google Scholar
- The health insurance portability and accountability act of 1996. Technical Report Federal Register 65 FR 82462, Department of Health and Human Services, Office of the Secretary, Dec. 2000.Google Scholar
- B. Hoh and M. Gruteser. Protecting location privacy through path confusion. In SECURECOMM '05: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05), pages 194--205, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
- B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady. Preserving privacy in gps traces via density-aware path cloaking. In ACM Conference on Computer and Communications Security (CCS), VA, USA, Oct. 29 2007. Google ScholarDigital Library
- A. O. hrn and L. Ohno-Machado. Using boolean reasoning to anonymize databases. Artificial Intelligence in Medicine, 15(3):235--254, Mar. 1999.Google ScholarCross Ref
- T. Jiang and L. Wang. On the complexity of multiple sequence alignment. J. Computer Biologyy, 1:337--348, 1994.Google ScholarCross Ref
- K. LeFevre, D. J. DeWitt, and R. Ramakrishnan. Mondrian multidimensional k-anonymity. In Proceedings of the 22nd International Conference on Data Engineering (ICDE '06), pages 25--35, Atlanta, GA, Apr. 3-7 2006. Google ScholarDigital Library
- N. Li and T. Li. t-closeness: Privacy beyond k-anonymity and l-diversity. In Proceedings of the 23nd International Conference on Data Engineering (ICDE '07), Istanbul, Turkey, Apr. 16-20 2007.Google ScholarCross Ref
- D. Luper, D. Cameron, J. A. Miller, and H. R. Arabnia. Spatial and temporal target association through semantic analysis and gps data mining. In The 2007 World Congress in Computer Science, Computer Engineering, & Applied Computing (IKE'07), Las Vegas, USA, June 25-28 2007.Google Scholar
- A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. In Proc. of the 22nd IEEE Int'l Conf. on Data Engineering (ICDE 2006), Atlanta Georgia, Apr. 2006. Google ScholarDigital Library
- T. McGhee. Gps technology tracks employees. http://www.denverpost.com/headlines/ci_4800440, 2006.Google Scholar
- MIT SENSEable City Lab. Real time rome. http://senseable.mit.edu/realtimerome/, 2006.Google Scholar
- M. F. Mokbel, C.-Y. Chow, and W. G. Aref. The new casper: query processing for location services without compromising privacy. In VLDB '06: Proceedings of the 32nd international conference on Very large data bases, pages 763--774. VLDB Endowment, 2006. Google ScholarDigital Library
- M. E. Nergiz, M. Atzori, and C. Clifton. Hiding the presence of individuals in shared databases. In SIGMOD '07: Proceedings of the 2007 ACM SIGMOD international conference on Management of data, Beijing, China, June 11-14 2007. Google ScholarDigital Library
- M. E. Nergiz, M. Atzori, and C. Clifton. Towards trajectory anonymization: a generalization-based approach. Technical Report TR-08-015, Purdue University, 2008.Google ScholarDigital Library
- M. E. Nergiz and C. Clifton. Thoughts on k-anonymization. Data and Knowledge Engineering, 63(3):622--645, Dec. 2007. Google ScholarDigital Library
- M. E. Nergiz, C. Clifton, and A. E. Nergiz. Multirelational k-anonymity. In Proceedings of the 23nd International Conference on Data Engineering (ICDE '07), Istanbul, Turkey, Apr. 16-20 2007.Google ScholarCross Ref
- Norwich Union. Pay as you drive. http://www.norwichunion.com/pay-as-you-drive/, 2007.Google Scholar
- P. Samarati. Protecting respondents' identities in microdata release. IEEE Transactions on Knowledge and Data Engineering, 13(6):1010--1027, 2001. Google ScholarDigital Library
- L. Sweeney. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst., 10(5):557--570, 2002. Google ScholarDigital Library
- M. Terrovitis and N. Mamoulis. Privacy preservation in the publication of trajectories. Mobile Data Management, 2008. MDM '08. 9th International Conference on, pages 65--72, April 2008. Google ScholarDigital Library
- T. M. Truta and A. Campan. k-anonymization incremental maintenance and optimization techniques. In ACM Symposium on Applied Computing (SAC2007), page 380 -- 387, Seoul, Korea, 2007. Google ScholarDigital Library
- US Department of Transportation. Measuring day-to-day variability in travel behavior using gps data. http://www.fhwa.dot.gov/ohim/gps/conclusion.html, 2006.Google Scholar
- R. C.-W. Wong, A. W.-C. Fu, K. Wang, and J. Pei. Minimality attack in privacy preserving data publishing. In VLDB '07: Proceedings of the 33rd international conference on Very large data bases, pages 543--554. VLDB Endowment, 2007. Google ScholarDigital Library
Index Terms
- Towards trajectory anonymization: a generalization-based approach
Recommendations
Towards Trajectory Anonymization: a Generalization-Based Approach
Trajectory datasets are becoming popular due to the massive usage of GPS and location-based services. In this paper, we address privacy issues regarding the identification of individuals in static trajectory datasets. We first adopt the notion of k-...
Information based data anonymization for classification utility
Anonymization is a practical approach to protect privacy in data. The major objective of privacy preserving data publishing is to protect private information in data whereas data is still useful for some intended applications, such as building ...
On Distributed k-Anonymization
When a database owner needs to disclose her data, she can k-anonymize her data to protect the involved individuals' privacy. However, if the data is distributed between two owners, then it is an open question whether the two owners can jointly k-...
Comments