TY - JOUR
T1 - Aggregation-based location privacy
T2 - An information theoretic approach
AU - Zhang, Wenjing
AU - Jiang, Bo
AU - Li, Ming
AU - Tandon, Ravi
AU - Liu, Qiao
AU - Li, Hui
N1 - Publisher Copyright:
© 2020 Elsevier Ltd
PY - 2020/10
Y1 - 2020/10
N2 - We explore the problem of quantifying and protecting aggregation-based location privacy and study the privacy-utility tradeoff, which are essential to protect user's location privacy when releasing aggregate statistics. Existing works on Aggregation-based Location Privacy Protection Mechanisms (ALPPMs) are mainly based on differential privacy, and metrics for evaluating information leakage introduced by releasing aggregates are normally built on adversary's estimation error. However, there lacks privacy metrics for measuring the fundamental leakage on individual user's data that is independent of specific data instances or attack algorithms. In this paper, we aim to solve this problem using an information-theoretic approach. We first propose a privacy metric based on the mutual information between the individual user's location profile and the released location aggregates, and formulate the optimal location aggregate release problem that minimizes the mutual information given a utility constraint for each user. Since solving this optimization problem causes exponential complexity, we turn to prove and evaluate an upper bound, i.e., the mutual information between the original and the perturbed location aggregates, and propose a Blahut-Arimoto based algorithm to solve the optimization problem minimizing the mutual information to derive an ALPPM. We validate the actual leakage of our ALPPM and compare it to a differentially private mechanism through experiments over both synthetic and real-world location datasets. Results show the advantage of the proposed ALPPM in terms of privacy-utility tradeoff, which is enhanced when users’ location prior distributions are more skewed.
AB - We explore the problem of quantifying and protecting aggregation-based location privacy and study the privacy-utility tradeoff, which are essential to protect user's location privacy when releasing aggregate statistics. Existing works on Aggregation-based Location Privacy Protection Mechanisms (ALPPMs) are mainly based on differential privacy, and metrics for evaluating information leakage introduced by releasing aggregates are normally built on adversary's estimation error. However, there lacks privacy metrics for measuring the fundamental leakage on individual user's data that is independent of specific data instances or attack algorithms. In this paper, we aim to solve this problem using an information-theoretic approach. We first propose a privacy metric based on the mutual information between the individual user's location profile and the released location aggregates, and formulate the optimal location aggregate release problem that minimizes the mutual information given a utility constraint for each user. Since solving this optimization problem causes exponential complexity, we turn to prove and evaluate an upper bound, i.e., the mutual information between the original and the perturbed location aggregates, and propose a Blahut-Arimoto based algorithm to solve the optimization problem minimizing the mutual information to derive an ALPPM. We validate the actual leakage of our ALPPM and compare it to a differentially private mechanism through experiments over both synthetic and real-world location datasets. Results show the advantage of the proposed ALPPM in terms of privacy-utility tradeoff, which is enhanced when users’ location prior distributions are more skewed.
KW - Aggregation-based location privacy
KW - Information-theoretic approach
KW - Privacy metric
KW - Privacy-utility tradeoff
KW - Rate distortion function
KW - Upper bound
UR - http://www.scopus.com/inward/record.url?scp=85088818568&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85088818568&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2020.101953
DO - 10.1016/j.cose.2020.101953
M3 - Article
AN - SCOPUS:85088818568
SN - 0167-4048
VL - 97
JO - Computers and Security
JF - Computers and Security
M1 - 101953
ER -