TY - JOUR
T1 - Online location trace privacy
T2 - An information theoretic approach
AU - Zhang, Wenjing
AU - Li, Ming
AU - Tandon, Ravi
AU - Li, Hui
N1 - Funding Information:
Manuscript received August 25, 2017; revised April 22, 2018 and June 11, 2018; accepted June 12, 2018. Date of publication June 18, 2018; date of current version July 23, 2018. This work was supported by U.S. NSF under Grants CNS-1731164 and CNS-1715947. The work of H. Li and W. Zhang was supported in part by the National Key Research and Development Program of China under Grant 2017YFB0802200, in part by NSFC under Grant 61732022 and U1401251, in part by the Shaanxi Nature Science Research Project under Grant 2016ZDJC-04, and in part by 111 Project under Grant B16037. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Aris Gkoulalas Divanis. (Corresponding author: Ming Li.) W. Zhang is with the State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 710071, China, and also with the Department of Electrical and Computer Engineering, University of Arizona, Tucson, AZ 85721 USA (e-mail: [email protected]).
Publisher Copyright:
© 2005-2012 IEEE.
PY - 2019/1
Y1 - 2019/1
N2 - We consider the problem of protecting individual user's location privacy at the trace-level and study the privacy-utility trade-off, which has key applications in privacy-preserving location-based service. Existing works on Location Privacy Protection Mechanisms (LPPMs) have mainly focused on protecting single location, without taking into account the temporal correlations among locations within the trace, which can lead to higher privacy leakage when considering the whole trace. However, to date, there lacks a formal framework to quantify the trace-level location privacy leakage, and a practical mechanism to release location traces in an optimal and online manner. In this paper, we endeavor to solve this problem using an information-theoretic approach. We first propose a location trace privacy metric based on the mutual information between the original and released trace in an offline setting, and formulate the optimal location trace release problem that minimizes trace-level privacy leakage given a utility constraint. We also propose a privacy metric to capture trace-level privacy leakage in an online setting. As directly computing these metrics incur exponential complexity w.r.t. the trace length, we obtain upper and lower bounds on the trace-level privacy leakage by exploiting the Markov structure of the temporal location correlations, which are efficiently computable. The proposed upper bounds enable us to derive efficient online solutions (i.e., LPPMs) by modifying Blahut-Arimoto algorithm in rate-distortion theory. Then we validate the proposed upper and lower bounds and the actual leakage of our LPPM through extensive experiments over both synthetic and real-world location data sets. Our results show the superiority of our LPPM over existing LPPMs in terms of trace-level privacy-utility tradeoff, which is more conspicuous when the location trace is more correlated.
AB - We consider the problem of protecting individual user's location privacy at the trace-level and study the privacy-utility trade-off, which has key applications in privacy-preserving location-based service. Existing works on Location Privacy Protection Mechanisms (LPPMs) have mainly focused on protecting single location, without taking into account the temporal correlations among locations within the trace, which can lead to higher privacy leakage when considering the whole trace. However, to date, there lacks a formal framework to quantify the trace-level location privacy leakage, and a practical mechanism to release location traces in an optimal and online manner. In this paper, we endeavor to solve this problem using an information-theoretic approach. We first propose a location trace privacy metric based on the mutual information between the original and released trace in an offline setting, and formulate the optimal location trace release problem that minimizes trace-level privacy leakage given a utility constraint. We also propose a privacy metric to capture trace-level privacy leakage in an online setting. As directly computing these metrics incur exponential complexity w.r.t. the trace length, we obtain upper and lower bounds on the trace-level privacy leakage by exploiting the Markov structure of the temporal location correlations, which are efficiently computable. The proposed upper bounds enable us to derive efficient online solutions (i.e., LPPMs) by modifying Blahut-Arimoto algorithm in rate-distortion theory. Then we validate the proposed upper and lower bounds and the actual leakage of our LPPM through extensive experiments over both synthetic and real-world location data sets. Our results show the superiority of our LPPM over existing LPPMs in terms of trace-level privacy-utility tradeoff, which is more conspicuous when the location trace is more correlated.
KW - Privacy metric
KW - information-theoretic privacy
KW - location trace privacy
KW - rate-distortion theory
KW - temporal correlations
UR - http://www.scopus.com/inward/record.url?scp=85048624421&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048624421&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2018.2848659
DO - 10.1109/TIFS.2018.2848659
M3 - Article
AN - SCOPUS:85048624421
SN - 1556-6013
VL - 14
SP - 235
EP - 250
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 1
ER -