Protecting Locations with Differential Privacy under Temporal Correlations (1410.5919v5)

Abstract: Concerns on location privacy frequently arise with the rapid development of GPS enabled devices and location-based applications. While spatial transformation techniques such as location perturbation or generalization have been studied extensively, most techniques rely on syntactic privacy models without rigorous privacy guarantee. Many of them only consider static scenarios or perturb the location at single timestamps without considering temporal correlations of a moving user's locations, and hence are vulnerable to various inference attacks. While differential privacy has been accepted as a standard for privacy protection, applying differential privacy in location based applications presents new challenges, as the protection needs to be enforced on the fly for a single user and needs to incorporate temporal correlations between a user's locations. In this paper, we propose a systematic solution to preserve location privacy with rigorous privacy guarantee. First, we propose a new definition, "$\delta$-location set" based differential privacy, to account for the temporal correlations in location data. Second, we show that the well known $\ell_1$-norm sensitivity fails to capture the geometric sensitivity in multidimensional space and propose a new notion, sensitivity hull, based on which the error of differential privacy is bounded. Third, to obtain the optimal utility we present a planar isotropic mechanism (PIM) for location perturbation, which is the first mechanism achieving the lower bound of differential privacy. Experiments on real-world datasets also demonstrate that PIM significantly outperforms baseline approaches in data utility.

• The paper introduces ɛ-location set differential privacy to protect temporally correlated location data, marking a major advancement for LBS applications.
• It develops a sensitivity hull that captures geometric sensitivity more precisely than traditional l1-norm measures, balancing privacy and data utility.
• The proposed Planar Isotropic Mechanism achieves the theoretical lower bound of error, outperforming baseline Laplace methods in real-world experiments.

Differential Privacy in Location-Based Services with Temporal Correlations

In the development of privacy-preserving techniques for location-based services (LBS), this paper by Yonghui Xiao and Li Xiong addresses the challenging task of applying differential privacy while considering temporal correlations in user data. The paper proposes a novel framework that advances the understanding of privacy in LBS, where user movement results in temporally correlated location data vulnerable to inference attacks. Unlike traditional methods that focus on static scenarios or perturbations at single timestamps, this research presents an innovative approach by incorporating temporal dynamics into privacy mechanisms.

Key Contributions

1. ɛ-Location Set Differential Privacy: A new definition of differential privacy is introduced, termed ɛ-location set differential privacy. This concept specifically accounts for the temporal correlations of moving users’ location data. The traditional 'neighboring databases' paradigm is adapted to suit location data by defining a set of potential locations, called an ɛ-location set, where the true location is concealed.
2. Sensitivity Hull for Geometric Sensitivity: The authors criticize the inadequacy of the standard l1-norm sensitivity for multidimensional spaces. They introduce the notion of a sensitivity hull, which effectively captures geometric sensitivity by forming a convex hull around potential location data points. The sensitivity hull provides a more precise measure of sensitivity in the context of location data perturbation, ensuring a balance between privacy protection and data utility.
3. Planar Isotropic Mechanism (PIM): As part of the framework, the authors develop the Planar Isotropic Mechanism, which is the first mechanism to achieve the theoretical lower bound of error for differential privacy in location-based scenarios. The mechanism utilizes the sensitivity hull to introduce optimal noise, thus enhancing data utility without compromising privacy. The implementation of PIM is shown to outperform baseline approaches, like the Laplace Mechanism, in experimental settings using real-world datasets from Geolife and Gowalla.

Numerical Results and Evaluation

The authors present rigorous experimental evaluations to substantiate their claims, demonstrating that their proposed PIM significantly enhances the utility of the released location data compared to traditional methods. Notably, they report improvements in precision and recall metrics in k-nearest neighbor (kNN) queries across multiple trajectories, thereby indicating practical effectiveness in real-world applications. Additionally, an analysis shows a marked reduction in drift ratio and enhanced accuracy over time, aligning with the theoretical lower bounds discussed.

Implications and Future Directions

From a theoretical perspective, this paper extends the boundaries of differential privacy by adapting it to contexts with inherently dynamic and correlated data, moving beyond static analysis. Practically, the research holds significant promise for LBS applications, enabling service providers to protect user privacy without severely impacting service quality.

The approach adopted in this paper can serve as a foundation for further explorations in different domains requiring privacy guarantees for dynamic datasets. Future research could delve into integrating more sophisticated mobility models, beyond Markov chains, to better capture user behavior, and further improving the inference techniques within such frameworks. Additionally, expanding the proposed methods to support other kinds of query workloads or application settings, while still maintaining differential privacy guarantees, would be a fruitful area of exploration.

Overall, the contribution made by this paper is an important step forward in the evolution of privacy preservation in data-driven applications, emphasizing the necessity of considering the temporal dimensions of data to achieve robust privacy guarantees.