TY - JOUR
T1 - Privacy vulnerability of published anonymous mobility traces
AU - Ma, Chris Y.T.
AU - Yau, David K.Y.
AU - Yip, Nung Kwan
AU - Rao, Nageswara S.V.
PY - 2013
Y1 - 2013
N2 - Mobility traces of people and vehicles have been collected and published to assist the design and evaluation of mobile networks, such as large-scale urban sensing networks. Although the published traces are often made anonymous in that the true identities of nodes are replaced by random identifiers, the privacy concern remains. This is because in real life, nodes are open to observations in public spaces, or they may voluntarily or inadvertently disclose partial knowledge of their whereabouts. Thus, snapshots of nodes' location information can be learned by interested third parties, e.g., directly through chance/engineered meetings between the nodes and their observers, or indirectly through casual conversations or other information sources about people. In this paper, we investigate how an adversary, when equipped with a small amount of the snapshot information termed as side information, can infer an extended view of the whereabouts of a victim node appearing in an anonymous trace. Our results quantify the loss of victim nodes' privacy as a function of the nodal mobility, the inference strategies of adversaries, and any noise that may appear in the trace or the side information. Generally, our results indicate that the privacy concern is significant in that a relatively small amount of side information is sufficient for the adversary to infer the true identity (either uniquely or with high probability) of a victim in a set of anonymous traces. For instance, an adversary is able to identify the trace of 30%-50% of the victims when she has collected 10 pieces of side information about a victim.
AB - Mobility traces of people and vehicles have been collected and published to assist the design and evaluation of mobile networks, such as large-scale urban sensing networks. Although the published traces are often made anonymous in that the true identities of nodes are replaced by random identifiers, the privacy concern remains. This is because in real life, nodes are open to observations in public spaces, or they may voluntarily or inadvertently disclose partial knowledge of their whereabouts. Thus, snapshots of nodes' location information can be learned by interested third parties, e.g., directly through chance/engineered meetings between the nodes and their observers, or indirectly through casual conversations or other information sources about people. In this paper, we investigate how an adversary, when equipped with a small amount of the snapshot information termed as side information, can infer an extended view of the whereabouts of a victim node appearing in an anonymous trace. Our results quantify the loss of victim nodes' privacy as a function of the nodal mobility, the inference strategies of adversaries, and any noise that may appear in the trace or the side information. Generally, our results indicate that the privacy concern is significant in that a relatively small amount of side information is sufficient for the adversary to infer the true identity (either uniquely or with high probability) of a victim in a set of anonymous traces. For instance, an adversary is able to identify the trace of 30%-50% of the victims when she has collected 10 pieces of side information about a victim.
KW - Mobility traces
KW - privacy
KW - security and protection
UR - http://www.scopus.com/inward/record.url?scp=84879157826&partnerID=8YFLogxK
U2 - 10.1109/TNET.2012.2208983
DO - 10.1109/TNET.2012.2208983
M3 - Article
AN - SCOPUS:84879157826
SN - 1063-6692
VL - 21
SP - 720
EP - 733
JO - IEEE/ACM Transactions on Networking
JF - IEEE/ACM Transactions on Networking
IS - 3
M1 - 6256763
ER -