skip to main content
DOE PAGES title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Privacy Vulnerability of Published Anonymous Mobility Traces

Abstract

Mobility traces of people and vehicles have been collected and published to assist the design and evaluation of mobile networks, such as large-scale urban sensing networks. Although the published traces are often made anonymous in that the true identities of nodes are replaced by random identifiers, the privacy concern remains. This is because in real life, nodes are open to observations in public spaces, or they may voluntarily or inadvertently disclose partial knowledge of their whereabouts. Thus, snapshots of nodes’ location information can be learned by interested third parties, e.g., directly through chance/engineered meetings between the nodes and their observers, or indirectly through casual conversations or other information sources about people. In this paper, we investigate how an adversary, when equipped with a small amount of the snapshot information termed as side information, can infer an extended view of the whereabouts of a victim node appearing in an anonymous trace. Our results quantify the loss of victim nodes’ privacy as a function of the nodal mobility, the inference strategies of adversaries, and any noise that may appear in the trace or the side information. Generally, our results indicate that the privacy concern is significant in that a relatively small amountmore » of side information is sufficient for the adversary to infer the true identity (either uniquely or with high probability) of a victim in a set of anonymous traces. For instance, an adversary is able to identify the trace of 30%-50% of the victims when she has collected 10 pieces of side information about a victim.« less

Authors:
 [1];  [2];  [3];  [4]
  1. Advanced Digital Sciences Center, Illinois (Singapore)
  2. Advanced Digital Sciences Center, Illinois (Singapore); Purdue Univ., West Lafayette, IN (United States)
  3. Purdue Univ., West Lafayette, IN (United States)
  4. Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
USDOE Office of Science (SC)
OSTI Identifier:
1095747
Grant/Contract Number:  
AC05-00OR22725
Resource Type:
Accepted Manuscript
Journal Name:
IEEE/ACM Transactions on Networking
Additional Journal Information:
Journal Volume: 21; Journal Issue: 3; Journal ID: ISSN 1063-6692
Publisher:
IEEE/ACM
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; Privacy; networking

Citation Formats

Ma, Chris Y. T., Yau, David K. Y., Yip, Nung Kwan, and Rao, Nageswara S. V. Privacy Vulnerability of Published Anonymous Mobility Traces. United States: N. p., 2013. Web. doi:10.1109/TNET.2012.2208983.
Ma, Chris Y. T., Yau, David K. Y., Yip, Nung Kwan, & Rao, Nageswara S. V. Privacy Vulnerability of Published Anonymous Mobility Traces. United States. doi:10.1109/TNET.2012.2208983.
Ma, Chris Y. T., Yau, David K. Y., Yip, Nung Kwan, and Rao, Nageswara S. V. Sat . "Privacy Vulnerability of Published Anonymous Mobility Traces". United States. doi:10.1109/TNET.2012.2208983. https://www.osti.gov/servlets/purl/1095747.
@article{osti_1095747,
title = {Privacy Vulnerability of Published Anonymous Mobility Traces},
author = {Ma, Chris Y. T. and Yau, David K. Y. and Yip, Nung Kwan and Rao, Nageswara S. V.},
abstractNote = {Mobility traces of people and vehicles have been collected and published to assist the design and evaluation of mobile networks, such as large-scale urban sensing networks. Although the published traces are often made anonymous in that the true identities of nodes are replaced by random identifiers, the privacy concern remains. This is because in real life, nodes are open to observations in public spaces, or they may voluntarily or inadvertently disclose partial knowledge of their whereabouts. Thus, snapshots of nodes’ location information can be learned by interested third parties, e.g., directly through chance/engineered meetings between the nodes and their observers, or indirectly through casual conversations or other information sources about people. In this paper, we investigate how an adversary, when equipped with a small amount of the snapshot information termed as side information, can infer an extended view of the whereabouts of a victim node appearing in an anonymous trace. Our results quantify the loss of victim nodes’ privacy as a function of the nodal mobility, the inference strategies of adversaries, and any noise that may appear in the trace or the side information. Generally, our results indicate that the privacy concern is significant in that a relatively small amount of side information is sufficient for the adversary to infer the true identity (either uniquely or with high probability) of a victim in a set of anonymous traces. For instance, an adversary is able to identify the trace of 30%-50% of the victims when she has collected 10 pieces of side information about a victim.},
doi = {10.1109/TNET.2012.2208983},
journal = {IEEE/ACM Transactions on Networking},
number = 3,
volume = 21,
place = {United States},
year = {2013},
month = {6}
}

Journal Article:
Free Publicly Available Full Text
Publisher's Version of Record

Citation Metrics:
Cited by: 18 works
Citation information provided by
Web of Science

Save / Share: