Murat AKIN, Şeref SAĞIROĞLU, Yavuz CANBAY

Yörünge Verisi Yayınlamada Mahremiyet Duyarlı Yeni Bir Model Önerisi ve Uygulaması

Konum tabanlı servisler (KTS), sağladıkları bilgi ve yönlendirmeler ile gündelik hayatı kolaylaştırmaktadır. Kullanıcıların KTS’leri kullanarak gezinmesi sonucu elde edilen konum bilgileri zamana göre sıralandığında, yörünge verileri oluşmaktadır. Bu veriler, KTS sağlayıcıları tarafından toplanmakta, depolanmakta, işlenmekte ve çeşitli gerekçelerle yayınlanmaktadır. Yörünge verileri kişisel veri olarak değerlendirildiği için, bu tür veriler orijinal hali ile yayınlanırsa, saldırganlar kurbanları hakkında hassas bilgilere ulaşabilir ve ifşa saldırıları düzenleyebilir. Bu problemi gidermek için mahremiyet koruyucu güncel yaklaşımlara her zaman ihtiyaç vardır. Bu çalışmada, yörünge verilerinin mahremiyetini koruyarak yayınlanmasını sağlamak için diferansiyel mahremiyet tabanlı yeni bir anonimleştirme modeli önerilmiş, geliştirilmiş ve başarıyla test edilmiştir. Elde edilen sonuçlar, önerilen modelin mahremiyet korumalı yörünge verisi yayınlamada sadece araştırmalar için değil aynı zamanda gerçek uygulamalar için de başarıyla kullanılabileceğini göstermektedir.

Anahtar Kelimeler:

konum verisi, yörünge verisi, anonimleştirme, diferansiyel mahremiyet, veri yayımlama

A New Privacy-Aware Model Proposal and Application on Trajectory Data Publishing

Location-based services (LBS) make daily life easier with the information and directions they provide. Trajectory data is generated when the location information acquired from users utilizing LBS is sorted according to time. Such kind of data are collected, stored, processed and published by LBS providers for various reasons. Since trajectory data is considered as personal data, attackers may obtain sensitive information about their victims and perform disclosure attacks if the trajectory data is published in original form. There is always a need for up-to-date privacy preserving approaches to address this problem. In this study, in order to publish privacy preserved trajectory data, a new anonymization model based on differential privacy was proposed, developed and successfully tested. The obtained results have shown that the proposed model might be successfully used for privacy preserving trajectory data publishing, not only research purposes but also real time applications.

Keywords:

location data, trajectory data, anonymization, differential privacy, data publishing,

PDF

___

[1] Fung B. C., Wang K., Fu A. W. and Philip S. Y., "Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques". CRC Press, (2010).
[2] Liu X. and Zhu Y., "Privacy and Utility Preserving Trajectory Data Publishing for Intelligent Transportation Systems," IEEE Access, 8, 176454-176466, (2020).
[3] Warren S. D. and Brandeis L. D., "The Right to Privacy," Harvard Law Review, 193-220, (1890).
[4] Jain P., Gyanchandani M., and Khare N., "Big Data Privacy: A Technological Perspective and Review," Journal of Big Data,3(1): 25, (2016).
[5] De Capitani Di Vimercati S., Foresti S., Livraga G., and Samarati P., "Data Privacy: Definitions and Techniques," International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 20(6): 793-817, (2012).
[6] İnternet: "Kişisel Verilerin Korunması Kanunu." Bakanlar Kurulu. http://www.resmigazete.gov.tr/eskiler/2016/04/20160407-8.pdf (11.09.2020).
[7] Abul O., Bonchi F., and Nanni M., "Never walk alone: Uncertainty for anonymity in moving objects databases," in International conference on data engineering, 376-385, (2008).
[8] Wang Y., Xia Y., Hou J., Gao S.-m., Nie X., and Wang Q., "A fast privacy-preserving framework for continuous location-based queries in road networks," Journal of Network and Computer Applications,53, 57-73, (2015).
[9] Dwork C., "Differential Privacy," International Colloquium on Automata, Languages and Programming, 1-12, (2006).
[10] Ren W. and Tang S., "EGeoIndis: An effective and efficient location privacy protection framework in traffic density detection," Vehicular Communications, 21,100187, (2020).
[11] Zhang G., "A differentially private data aggregation method based on worker partition and location obfuscation for mobile crowdsensing," Computers, Materials & Continua, 63(1): 223-241, (2020).
[12] Liu L., "From data privacy to location privacy: models and algorithms," International conference on Very large data bases, Vienna, Austria, (2007).
[13] Hoh B., Gruteser M., Xiong H., and Alrabady A., "Preserving privacy in gps traces via uncertainty-aware path cloaking," Conference on Computer and communications security, 161-171, (2007).
[14] Li M., Zhu L., Zhang Z., and Xu R., "Achieving differential privacy of trajectory data publishing in participatory sensing," Information Sciences, 400, 1-13, (2017).
[15] Chen R., Fung B., and Desai B. C., "Differentially private trajectory data publication," arXiv preprint arXiv:1112.2020, (2011).
[16] Han Q., Xiong Z., and Zhang K., "Research on trajectory data releasing method via differential privacy based on spatial partition," Security and Communication Networks, 2018, (2018).
[17] He X., Cormode G., Machanavajjhala A., Procopiuc C. M., and Srivastava D., "DPT: differentially private trajectory synthesis using hierarchical reference systems," VLDB Endowment, 8(11):1154-1165, (2015).
[18] Gursoy M. E., Liu L., Truex S., and Yu L., "Differentially private and utility preserving publication of trajectory data," IEEE Transactions on Mobile Computing, 18(10)2315-2329, (2018).
[19] Cao Y. and Yoshikawa M., "Differentially private real-time data release over infinite trajectory streams," in IEEE International Conference on Mobile Data Management, 2, 68-73, (2015).
[20] Tian F., Zhang S., Lu L., Liu H., and Gui X., "A novel personalized differential privacy mechanism for trajectory data publication," in International Conference on Networking and Network Applications, 61-68, (2017).
[21] Zhao X., Dong Y., and Pi D., "Novel trajectory data publishing method under differential privacy," Expert Systems with Applications, 138,112791, (2019).
[22] Zhao J., Mei J., Matwin S., Su Y., and Yang Y., "Risk-Aware Individual Trajectory Data Publishing with Differential Privacy," IEEE Access, (2020).
[23] Jiang K., Shao D., Bressan S., Kister T., and Tan K.-L., "Publishing trajectories with differential privacy guarantees," in International Conference on Scientific and Statistical Database Management, 1-12, (2013).
[24] Han Q., Lu D., Zhang K., Du X., and Guizani M., "Lclean: a plausible approach to individual trajectory data sanitization," IEEE Access,6, 30110-30116, (2018).
[25] Singh K., Rong J., and Batten L., "Sharing sensitive medical data sets for research purposes-a case study," in International Conference on Data Science and Advanced Analytics, 555-562, (2014).
[26] Xie H., Kulik L., and Tanin E., "Privacy-aware collection of aggregate spatial data," Data & Knowledge Engineering, 70(6):576-595, (2011).
[27] Chen B., LeFevre K., and Ramakrishnan R., "Privacy Skyline: Privacy with Multidimensional Adversarial Knowledge," in International Conference on Very Large Data Bases, Vienna, Austria, 770-781, (2007).
[28] Sweeney L., "Computational Disclosure Control: A Primer on Data Privacy Protection," Ph. D. Thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, USA, (2001).
[29] Machanavajjhala A., Gehrke J., Kifer D., and Venkitasubramaniam M., "l-Diversity: Privacy Beyond k-Anonymity," International Conference on Data Engineering, Atlanta, USA, (2006).
[30] Nergiz M. E., Atzori M., and Clifton C., "Hiding the Presence of Individuals from Shared Databases," in International Conference on Management of Data, Beijing, China, 665-676, (2007).
[31] Wang Y., Xia Y., Hou J., Gao S. M., Nie X., and Wang Q., "A fast privacy-preserving framework for continuous location-based queries in road networks," J Netw Comput Appl, 53,57-73, (2015).
[32] Sweeney L., "k-Anonymity: A Model for Protecting Privacy," International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems,10(5):557-570, (2002).
[33] Kenig B. and Tassa T., "A practical approximation algorithm for optimal k-anonymity," Data Mining and Knowledge Discovery, 25,(1):134-168, (2012).
[34] Meyerson A. and Williams R., "On the Complexity of Optimal k-Anonymity," in Symposium on Principles of Database Systems, Paris, France, 223-228, (2004).
[35] Aggarwal G. et al., "Approximation Algorithms for k-Anonymity," Journal of Privacy Technology, 1-18, (2005).
[36] Aggarwal G. et al., "Anonymizing Tables," in International Conference on Database Theory, Edinburgh, UK, 246-258, (2005).
[37] Zhu T., Li G., Zhou W., and Philip S. Y., "Differentially private data publishing and analysis: A survey," IEEE Transactions on Knowledge and Data Engineering, 29(8):1619-1638, (2017).
[38] Canbay Y. and Sağıroğlu Ş., "Derin Öğrenmede Diferansiyel Mahremiyet," Uluslararası Bilgi Güvenliği Mühendisliği Dergisi,6(1):1-16, (2020).
[39] Samarati P., "Protecting Respondents Identities in Microdata Release," IEEE Transactions on Knowledge and Data Engineering, 13(6):1010-1027, (2001).
[40] LeFevre K., DeWitt D., and Ramakrishnan R., "Mondrian Multidimensional k-Anonymity," in International Conference on Data Engineering, Atlanta, USA, 25-25, (2006).
[41] Skowron A. and Rauszer C., "The Discernibility Matrices and Functions in Information Systems," in Intelligent Decision Support, 331-362, (1992).
[42] Ghinita G., Karras P., Kalnis P., and Mamoulis N., "Fast Data Anonymization with Low Information Loss," in International Conference on Very Large Databases, Vienna, Austria, 758-769, (2007).