TY - GEN
T1 - Privacy vulnerability of published anonymous mobility traces
AU - Ma, Chris Y.T.
AU - Yau, David K.Y.
AU - Yip, Nung Kwan
AU - Rao, Nageswara S.V.
PY - 2010
Y1 - 2010
N2 - Mobility traces of people and vehicles have been collected and published to assist the design and evaluation of mobile networks, such as large-scale urban sensing networks. Although the published traces are often made anonymous in that the true identities of nodes are replaced by random identifiers, the privacy concern remains. This is because in real life, nodes are open to observations in public spaces, or they may voluntarily or inadvertently disclose partial knowledge of their whereabouts. Thus, snapshots of nodes' location information can be learned by interested third parties, e.g., directly through chance/engineered meetings between the nodes and their observers, or indirectly through casual conversations or other information sources about people. In this paper, we investigate how an adversary, when equipped with a small amount of the snapshot information termed as side information, can infer an extended view of the whereabouts of a victim node appearing in an anonymous trace. Our results quantify the loss of victim nodes' privacy as a function of the nodal mobility (captured in both real and synthetic traces), the inference strategies of adversaries, and any noise that may appear in the trace or the side information. Generally, our results indicate that the privacy concern is significant in that a relatively small amount of side information is sufficient for the adversary to infer the true identity (either uniquely or with high probability) of a victim in a set of anonymous traces.
AB - Mobility traces of people and vehicles have been collected and published to assist the design and evaluation of mobile networks, such as large-scale urban sensing networks. Although the published traces are often made anonymous in that the true identities of nodes are replaced by random identifiers, the privacy concern remains. This is because in real life, nodes are open to observations in public spaces, or they may voluntarily or inadvertently disclose partial knowledge of their whereabouts. Thus, snapshots of nodes' location information can be learned by interested third parties, e.g., directly through chance/engineered meetings between the nodes and their observers, or indirectly through casual conversations or other information sources about people. In this paper, we investigate how an adversary, when equipped with a small amount of the snapshot information termed as side information, can infer an extended view of the whereabouts of a victim node appearing in an anonymous trace. Our results quantify the loss of victim nodes' privacy as a function of the nodal mobility (captured in both real and synthetic traces), the inference strategies of adversaries, and any noise that may appear in the trace or the side information. Generally, our results indicate that the privacy concern is significant in that a relatively small amount of side information is sufficient for the adversary to infer the true identity (either uniquely or with high probability) of a victim in a set of anonymous traces.
KW - Entropy
KW - Location privacy
UR - https://www.scopus.com/pages/publications/78649253198
U2 - 10.1145/1859995.1860017
DO - 10.1145/1859995.1860017
M3 - Conference contribution
AN - SCOPUS:78649253198
SN - 9781450301817
T3 - Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM
SP - 185
EP - 196
BT - MobiCom'10 and MobiHoc'10 - Proceedings of the 16th Annual International Conference on Mobile Computing and Networking and 11th ACM International Symposium on Mobile Ad Hoc Networking and Computing
PB - Association for Computing Machinery
T2 - 16th Annual Conference on Mobile Computing and Networking, MobiCom 2010
Y2 - 20 September 2010 through 24 September 2010
ER -