More Web Proxy on the site http://driver.im/

research-article

Measuring Membership Privacy on Aggregate Location Time-Series

Authors:

Apostolos Pyrgelis,

Carmela Troncoso,

Emiliano De CristofaroAuthors Info & Claims

Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 4, Issue 2

Article No.: 36, Pages 1 - 28

https://doi.org/10.1145/3392154

Published: 12 June 2020 Publication History

Abstract

While location data is extremely valuable for various applications, disclosing it prompts serious threats to individuals' privacy. To limit such concerns, organizations often provide analysts with aggregate time-series that indicate, e.g., how many people are in a location at a time interval, rather than raw individual traces. In this paper, we perform a measurement study to understand Membership Inference Attacks (MIAs) on aggregate location time-series, where an adversary tries to infer whether a specific user contributed to the aggregates. We find that the volume of contributed data, as well as the regularity and particularity of users' mobility patterns, play a crucial role in the attack's success. We experiment with a wide range of defenses based on generalization, hiding, and perturbation, and evaluate their ability to thwart the attack vis-à-vis the utility loss they introduce for various mobility analytics tasks. Our results show that some defenses fail across the board, while others work for specific tasks on aggregate location time-series. For instance, suppressing small counts can be used for ranking hotspots, data generalization for forecasting traffic, hotspot discovery, and map inference, while sampling is effective for location labeling and anomaly detection when the dataset is sparse. Differentially private techniques provide reasonable accuracy only in very specific settings, e.g., discovering hotspots and forecasting their traffic, and more so when using weaker privacy notions like crowd-blending privacy. Overall, our measurements show that there does not exist a unique generic defense that can preserve the utility of the analytics for arbitrary applications, and provide useful insights regarding the disclosure of sanitized aggregate location time-series.

References

[1]

John M Abowd. 2018. The US Census Bureau adopts differential privacy. In KDD .

[2]

Gergely Acs and Claude Castelluccia. 2014. A case study: Privacy-preserving release of spatio-temporal density in Paris. In KDD.

[3]

Michael Backes, Pascal Berrang, Mathias Humbert, and Praveen Manoharan. 2016. Membership privacy in MicroRNA-based studies. In CCS .

[4]

Vincent Bindschaedler and Reza Shokri. 2016. Synthesizing plausible privacy-preserving location traces. In S&P .

[5]

Spyros Boukoros, Mathias Humbert, Stefan Katzenbeisser, and Carmela Troncoso. 2019. On (the Lack of) Location Privacy in Crowdsourcing Applications. In Usenix Security .

[6]

N. Buscher, S. Boukoros, S. Bauregger, and S. Katzenbeisser. 2017. Two Is Not Enough: Privacy Assessment of Aggregation Schemes in Smart Metering. In PoPETS.

[7]

Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, and Ian Goldberg. 2014. A systematic approach to developing and evaluating website fingerprinting defenses. In CCS .

[8]

Luca Canzian and Mirco Musolesi. 2015. Trajectories of depression: unobtrusive monitoring of depressive states by means of smartphone mobility traces analysis. In Ubicomp .

[9]

Richard Chow and Philippe Golle. 2009. Faking Contextual Data for Fun, Profit, and Privacy. In WPES .

[10]

Consumer Financial Protection Bureau. 2017. Consumer Protection Principles: Consumer-Authorized Financial Data Sharing and Aggregation . https://files.consumerfinance.gov/f/documents/cfpb_consumer-protection-principles_data-aggregation.pdf .

[11]

Yves-Alexandre de Montjoye, César A Hidalgo, Michel Verleysen, and Vincent D Blondel. 2013. Unique in the Crowd: The privacy bounds of human mobility . SREP (2013).

[12]

Cynthia Dwork. 2008. Differential privacy: A survey of results. In TAMC.

[13]

Cynthia Dwork, Moni Naor, Toniann Pitassi, and Guy N Rothblum. 2010. Differential privacy under continual observation. In STOC .

[14]

Energy Networks Association (ENA). 2017. Smart Meter Aggregation Assessment Final Report . https://bit.ly/2LHqAg3 .

[15]

Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. 2014. Rappor: Randomized aggregatable privacy-preserving ordinal response. In CCS .

Digital Library

[16]

Johannes Gehrke, Michael Hay, Edward Lui, and Rafael Pass. 2012. Crowd-blending privacy. In CRYPTO .

[17]

Johannes Gehrke, Edward Lui, and Rafael Pass. 2011. Towards privacy for social networks: A zero-knowledge based definition of privacy. In TCC .

[18]

Philippe Golle and Kurt Partridge. 2009. On the Anonymity of Home/Work Location Pairs. In Pervasive Computing .

[19]

Marco Gruteser and Dirk Grunwald. 2003. Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In MobiSys .

[20]

Mehmet Emre Gursoy, Ling Liu, Stacey Truex, Lei Yu, and Wenqi Wei. 2018. Utility-Aware Synthesis of Differentially Private and Attack-Resilient Location Traces. In CCS .

[21]

Jamie Hayes, Luca Melis, George Danezis, and Emiliano De Cristofaro. 2019. LOGAN: Evaluating Privacy Leakage of Generative Models Using Generative Adversarial Networks. In PoPETS.

[22]

Xi He, Graham Cormode, Ashwin Machanavajjhala, Cecilia M Procopiuc, and Divesh Srivastava. 2015. DPT: differentially private trajectory synthesis using hierarchical reference systems. VLDB (2015).

[23]

Minh X Hoang, Yu Zheng, and Ambuj K Singh. 2016. Forecasting Citywide Crowd Flows based on Big Data. In SIGSPATIAL .

[24]

Baik Hoh, Marco Gruteser, Hui Xiong, and Ansaf Alrabady. 2007. Preserving privacy in GPS traces via uncertainty-aware path cloaking. In CCS .

[25]

Nils Homer, Szabolcs Szelinger, Margot Redman, David Duggan, Waibhav Tembe, Jill Muehling, John V Pearson, Dietrich A Stephan, Stanley F Nelson, and David W Craig. 2008. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays . PLoS Genetics (2008).

[26]

Yue-Qing Hu and Wing K Fung. 2003. Interpreting DNA mixtures with the presence of relatives. International Journal of Legal Medicine, Vol. 117, 1 (2003).

[27]

Bargav Jayaraman and David Evans. 2019. Evaluating Differentially Private Machine Learning in Practice. In USENIX Security .

[28]

Shouling Ji, Weiqing Li, Mudhakar Srivatsa, Jing Selena He, and Raheem Beyah. 2016. General graph data de-anonymization: From mobility traces to social networks. TISSEC (2016).

[29]

Renhe Jiang, Xuan Song, Zipei Fan, Tianqi Xia, Quanjun Chen, Qi Chen, and Ryosuke Shibasaki. 2018. Deep ROI-Based Modeling for Urban Human Mobility Prediction . IMWUT (2018).

[30]

Ian Jolliffe. 2002. Principal Component Analysis .Wiley & Sons .

[31]

Dmytro Karamshuk, Anastasios Noulas, Salvatore Scellato, Vincenzo Nicosia, and Cecilia Mascolo. 2013. Geo-spotting: mining online location-based services for optimal retail store placement. In KDD .

[32]

Maurice G Kendall. 1945. The treatment of ties in ranking problems. Biometrika (1945).

[33]

John Krumm. 2007. Inference attacks on location tracks. In PerCom .

[34]

Ninghui Li, Wahbeh Qardaji, and Dong Su. 2012. On Sampling, Anonymization, and Differential Privacy or, K-anonymization Meets Differential Privacy. In ASIACCS .

[35]

Xuemei Liu, James Biagioni, Jakob Eriksson, Yin Wang, George Forman, and Yanmin Zhu. 2012. Mining large-scale, sparse GPS traces for map inference: comparison of approaches. In KDD .

[36]

Yunhui Long, Vincent Bindschaedler, Lei Wang, Diyue Bu, Xiaofeng Wang, Haixu Tang, Carl A Gunter, and Kai Chen. 2018. Understanding membership inferences on well-generalized learning models. arXiv preprint arXiv:1802.04889 (2018).

[37]

Ashwin Machanavajjhala, Daniel Kifer, John Abowd, Johannes Gehrke, and Lars Vilhuber. 2008. Privacy: Theory meets practice on the map. In ICDE.

[38]

Luca Melis, Congzheng Song, Emiliano De Cristofaro, and Vitaly Shmatikov. 2019. Inference Attacks Against Collaborative Learning. In S&P.

[39]

Joseph Meyerowitz and Romit Roy Choudhury. 2009. Hiding Stars with Fireworks: Location Privacy Through Camouflage. In MobiCom .

[40]

Darakhshan J Mir, Sibren Isaacman, Ramón Cáceres, Margaret Martonosi, and Rebecca N Wright. 2013. Dp-where: Differentially private modeling of human mobility. In BigData .

[41]

Milad Nasr, Reza Shokri, and Amir Houmansadr. 2018. Machine learning with membership privacy using adversarial regularization. In CCS .

[42]

Bei Pan, Yu Zheng, David Wilkie, and Cyrus Shahabi. 2013. Crowd sensing of traffic anomalies based on human mobility and social media. In SIGSPATIAL .

[43]

Michal Piorkowski, Natasa Sarafijanovic-Djukic, and Matthias Grossglauser. 2009. CRAWDAD EPFL/Mobility Dataset . http://crawdad.org/epfl/mobility/20090224 .

[44]

Apostolos Pyrgelis, Emiliano De Cristofaro, and Gordon J Ross. 2016. Privacy-friendly mobility analytics using aggregate location data. In SIGSPATIAL .

[45]

Apostolos Pyrgelis, Nicolas Kourtellis, Ilias Leontiadis, Joan Serrà, and Claudio Soriente. 2018. There goes Wally: Anonymously sharing your location gives you away. In Big Data .

[46]

Apostolos Pyrgelis, Carmela Troncoso, and Emiliano De Cristofaro. 2017. What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy. In PoPETS.

[47]

Apostolos Pyrgelis, Carmela Troncoso, and Emiliano De Cristofaro. 2018. Knock Knock, Who's There? Membership Inference on Aggregate Location Data. In NDSS .

[48]

Daniele Quercia, Ilias Leontiadis, Liam McNamara, Cecilia Mascolo, and Jon Crowcroft. 2011. SpotMe if you can: Randomized responses for location obfuscation on mobile phones. In ICDCS .

[49]

Vibhor Rastogi and Suman Nath. 2010. Differentially private aggregation of distributed time-series with transformation and encryption. In SIGMOD.

[50]

Luca Rossi, James Walker, and Mirco Musolesi. 2015. Spatio-temporal techniques for user identification by means of GPS mobility data . EPJ Data Science (2015).

[51]

Ahmed Salem, Yang Zhang, Mathias Humbert, Mario Fritz, and Michael Backes. 2019. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In NDSS .

[52]

Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In S&P .

[53]

Reza Shokri, George Theodorakopoulos, George Danezis, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2011a. Quantifying Location Privacy: The Case of Sporadic Location Exposure. In PoPETS .

[54]

Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011b. Quantifying location privacy. In S&P.

[55]

Reza Shokri, Carmela Troncoso, Claudia Diaz, Julien Freudiger, and Jean-Pierre Hubaux. 2010. Unraveling an old cloak: k-anonymity for location privacy. In WPES.

[56]

Mudhakar Srivatsa and Mike Hicks. 2012. Deanonymizing mobility traces: Using social network as a side-channel. In CCS .

[57]

Telefonica Smart Steps. 2019. https://www.business-solutions.telefonica.com/en/enterprise/solutions/smarter-selling/big-data-insights/.

[58]

Hien To, Kien Nguyen, and Cyrus Shahabi. 2016. Differentially private publication of location entropy. In SIGSPATIAL.

[59]

Stacey Truex, Ling Liu, Mehmet Emre Gursoy, Lei Yu, and Wenqi Wei. 2018. Towards Demystifying Membership Inference Attacks . arXiv 1807.09173 (2018).

[60]

Uber Movement. 2019. https://movement.uber.com/.

[61]

Giridhari Venkatadri, Athanasios Andreou, Yabing Liu, Alan Mislove, Krishna P Gummadi, Patrick Loiseau, and Oana Goga. 2018. Privacy Risks with Facebook's PII-based Targeting: Auditing a Data Broker's Advertising Interface. In S&P .

[62]

Huandong Wang, Chen Gao, Yong Li, Gang Wang, Depeng Jin, and Jingbo Sun. 2018. De-anonymization of mobility trajectories: Dissecting the gaps between theory and practice. In NDSS .

[63]

Huandong Wang, Chen Gao, Yong Li, Zhi-Li Zhang, and Depeng Jin. 2017. From fingerprint to footprint: Revealing physical world privacy leakage by cyberspace cookie logs. In CIKM .

[64]

Rui Wang, Yong Fuga Li, XiaoFeng Wang, Haixu Tang, and Xiaoyong Zhou. 2009. Learning your identity and disease from research papers: information leaks in genome wide association study. In CCS .

[65]

Waze. 2019. https://www.waze.com .

[66]

Fengli Xu, Zhen Tu, Yong Li, Pengyu Zhang, Xiaoming Fu, and Depeng Jin. 2017. Trajectory Recovery From Ash: User Privacy Is NOT Preserved in Aggregated Mobility Data. In WWW.

[67]

Mao Ye, Dong Shou, Wang-Chien Lee, Peifeng Yin, and Krzysztof Janowicz. 2011. On the semantic annotation of places in location-based social networks. In KDD .

[68]

Samuel Yeom, Irene Giacomelli, Matt Fredrikson, and Somesh Jha. 2018. Privacy risk in machine learning: Analyzing the connection to overfitting. In CSF .

[69]

Hui Zang and Jean Bolot. 2011. Anonymization of location data does not work: A large-scale measurement study. In MobiCom .

[70]

Yu Zheng, Lizhu Zhang, Xing Xie, and Wei-Ying Ma. 2009. Mining interesting locations and travel sequences from GPS trajectories. In WWW .

Cited By

Cai KZhang JHong ZShand WWang GZhang DChi JTian YBaeza-Yates RBonchi F(2024)Where Have You Been? A Study of Privacy Risk for Point-of-Interest RecommendationProceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining10.1145/3637528.3671758(175-186)Online publication date: 25-Aug-2024
https://dl.acm.org/doi/10.1145/3637528.3671758
Gadotti ARocher LHoussiau FCreţu Ade Montjoye Y(2024)Anonymization: The imperfect science of using data while preserving privacyScience Advances10.1126/sciadv.adn705310:29Online publication date: 19-Jul-2024
https://doi.org/10.1126/sciadv.adn7053
Gao WZhou S(2024)Privacy-Preserving for Dynamic Real-Time Published Data Streams Based on Local Differential PrivacyIEEE Internet of Things Journal10.1109/JIOT.2023.333739711:8(13551-13562)Online publication date: 15-Apr-2024
https://doi.org/10.1109/JIOT.2023.3337397
Show More Cited By

Index Terms

Measuring Membership Privacy on Aggregate Location Time-Series
1. Security and privacy
  1. Database and storage security
    1. Data anonymization and sanitization
  2. Human and societal aspects of security and privacy
    1. Privacy protections

Recommendations

Measuring Membership Privacy on Aggregate Location Time-Series
SIGMETRICS '20: Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems

While location data is extremely valuable for various applications, disclosing it prompts serious threats to individuals' privacy. To limit such concerns, organizations often provide analysts with aggregate time-series that indicate, e.g., how many ...
Measuring Membership Privacy on Aggregate Location Time-Series

While location data is extremely valuable for various applications, disclosing it prompts serious threats to individuals' privacy. To limit such concerns, organizations often provide analysts with aggregate time-series that indicate, e.g., how many ...
Privacy-friendly mobility analytics using aggregate location data
SIGSPACIAL '16: Proceedings of the 24th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

Location data can be extremely useful to study commuting patterns and disruptions, as well as to predict real-time traffic volumes. At the same time, however, the fine-grained collection of user locations raises serious privacy concerns, as this can ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 4, Issue 2

SIGMETRICS

June 2020

623 pages

EISSN:2476-1249

DOI:10.1145/3405833

Editors:
Augustin Chaintreau
Columbia University
,
Leana Golubchik
University of Southern California
,
Zhi-Li Zhang
University of Minnesota

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2020

Online AM: 07 May 2020

Published in POMACS Volume 4, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
295
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)2

Reflects downloads up to 18 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cai KZhang JHong ZShand WWang GZhang DChi JTian YBaeza-Yates RBonchi F(2024)Where Have You Been? A Study of Privacy Risk for Point-of-Interest RecommendationProceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining10.1145/3637528.3671758(175-186)Online publication date: 25-Aug-2024
https://dl.acm.org/doi/10.1145/3637528.3671758
Gadotti ARocher LHoussiau FCreţu Ade Montjoye Y(2024)Anonymization: The imperfect science of using data while preserving privacyScience Advances10.1126/sciadv.adn705310:29Online publication date: 19-Jul-2024
https://doi.org/10.1126/sciadv.adn7053
Gao WZhou S(2024)Privacy-Preserving for Dynamic Real-Time Published Data Streams Based on Local Differential PrivacyIEEE Internet of Things Journal10.1109/JIOT.2023.333739711:8(13551-13562)Online publication date: 15-Apr-2024
https://doi.org/10.1109/JIOT.2023.3337397
Niu JLiu PZhu XShen KWang YChi HShen YJiang XMa JZhang Y(2024)A survey on membership inference attacks and defenses in machine learningJournal of Information and Intelligence10.1016/j.jiixd.2024.02.0012:5(404-454)Online publication date: Sep-2024
https://doi.org/10.1016/j.jiixd.2024.02.001
Gomrokchi MAmin SAboutalebi HWong APrecup D(2023)Membership Inference Attacks Against Temporally Correlated Data in Deep Reinforcement LearningIEEE Access10.1109/ACCESS.2023.327086011(42796-42808)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3270860
Hu HSalcic ZSun LDobbie GYu PZhang X(2022)Membership Inference Attacks on Machine Learning: A SurveyACM Computing Surveys10.1145/352327354:11s(1-37)Online publication date: 9-Sep-2022
https://dl.acm.org/doi/10.1145/3523273

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents