Personalized Privacy-Preserving Publication of Trajectory Data by Generalization and Distortion of Moving Points

Abstract

With the rising prevalence of location-aware devices such as mobile phones, Radio-Frequency Identification (RFID) tags, and Global Positioning Systems (GPSs), the amount of trajectory data is significantly increasing, resulting in various data mining applications. Improper publication of trajectory data may jeopardize the privacy of moving objects, so trajectories ought to be anonymized before making them accessible to the public. Many existing approaches for privacy-preserving publication of trajectory data provide only the same level of privacy protection for all moving objects, whereas different moving objects may require different amounts of privacy protection. In this paper, we address this issue by presenting WINR2D, a novel clustering-based approach for privacy-preserving publication of trajectory data. Being based on the concept of personalized privacy, the aim of WINR2D is to anonymize trajectories to some extent so that an adversary having some background knowledge cannot uniquely identify a specific trajectory, but with a maximum probability inversely proportional to the privacy protection requirement of the moving object that produced it. In doing so, we first assign a privacy level to each trajectory based on the privacy protection requirement of its moving object and then partition all the trajectories into a set of clusters based on a greedy strategy. Each cluster is created such that its size is proportional to the highest privacy level of trajectories within it. Eventually, we anonymize the trajectories of each cluster and generate a set of anonymized trajectories containing generalized and distorted moving points. Our experimental results show that WINR2D achieves a reasonable trade-off between the conflicting goals of data utility and data privacy according to the privacy protection requirements of moving objects.

Appendices

Appendix 1

Proof of Lemma 1

Let \(P_i^k\) be a set of linkable moving points \((t_{i_j}^{k_j},x_{i_j}^{k_j},y_{i_j}^{k_j})\) for a moving point \(p_i^k=(t_i^{k},x_i^{k},y_i^{k})\) and \(m=\vert P_i^k\vert\) be the number of moving points in \(P_i^k\). According to Definition 4, we know that all moving points in \(P_i^k\) are located in a cylinder with center \(p_i^k\), radius \(\delta _s\), and height \(2\delta _t\). Therefore, for all \(j=1,2,\dots ,m\), we have

$$\begin{aligned} \bigl |t_i^k-t_{i_j}^{k_j}\bigr |\le \delta _t , \end{aligned}$$

or, equivalently,

$$\begin{aligned} -\delta _t\le t_i^k-t_{i_j}^{k_j}\le \delta _t . \end{aligned}$$

By adding the above inequalities, we obtain

$$\begin{aligned} -\delta _t\le t_i^k-\frac{1}{m}\sum _{j=1}^{m}{t_{i_j}^{k_j}}\le \delta _t , \end{aligned}$$

or, equivalently,

$$\begin{aligned} \Bigl |t_i^k-\frac{1}{m}\sum _{j=1}^{m}{t_{i_j}^{k_j}}\Bigr |\le \delta _t . \end{aligned}$$

Thus, we conclude that

$$\begin{aligned} \bigl |t_i^k-{\bar{t}}_i^k\bigr |\le \delta _t . \end{aligned}$$

(18)

On the other hand, for all \(j=1,2,\dots ,m\), we have

$$\begin{aligned} \sqrt{{\bigl (x_i^k-x_{i_j}^{k_j}\bigr )}^2+{\bigl (y_i^k-y_{i_j}^{k_j}\bigr )}^2 }\le \delta _s, \end{aligned}$$

from which we get

$$\begin{aligned} \bigl |x_i^k-x_{i_j}^{k_j}\bigr |\le r_j \text {\;and\;} \bigl |y_i^k-y_{i_j}^{k_j}\bigr |\le \sqrt{\delta _s^2-r_j^2} , \end{aligned}$$

where \(r_j\) is a random value in the range \([0,\delta _s]\). By adding the above inequalities, we obtain

$$\begin{aligned} \Bigl |x_i^k-\frac{1}{m}\sum _{j=1}^{m}{x_{i_j}^{k_j}}\Bigr |\le \frac{1}{m}\sum _{j=1}^{m}{r_j} \end{aligned}$$

and

$$\begin{aligned} \Bigl |y_i^k-\frac{1}{m}\sum _{j=1}^{m}{y_{i_j}^{k_j}}\Bigr |\le \frac{1}{m}\sum _{j=1}^{m}{\sqrt{\delta _s^2-r_j^2}} . \end{aligned}$$

Thus, we conclude that

$$\begin{aligned} \bigl |x_i^k-{\bar{x}}_i^k\bigr |\le \frac{1}{m}\sum _{j=1}^{m}{r_j} \end{aligned}$$

and

$$\begin{aligned} \bigl |y_i^k-{\bar{y}}_i^k\bigr |\le \frac{1}{m}\sum _{j=1}^{m}{\sqrt{\delta _s^2-r_j^2}} . \end{aligned}$$

By raising both sides of the inequalities to the power of two and then adding the final inequalities, we obtain

$$\begin{aligned} \bigl (x_i^k-{\bar{x}}_i^k\bigr )^2+\bigl (y_i^k-{\bar{y}}_i^k\bigr )^2&\le \Bigl (\frac{1}{m}\sum _{j=1}^{m}{r_j}\Bigr )^2 \\&\quad + \Bigl (\frac{1}{m}\sum _{j=1}^{m}{\sqrt{\delta _s^2-r_j^2}}\Bigr )^2 . \end{aligned}$$

Let us substitute each \(r_j\) with its minimum or maximum value (i.e., 0 or \(\delta _s\)), respectively. This yields

$$\begin{aligned} \bigl (x_i^k-{\bar{x}}_i^k\bigr )^2+\bigl (y_i^k-{\bar{y}}_i^k\bigr )^2\le \delta _s^2 , \end{aligned}$$

or, equivalently,

$$\begin{aligned} \sqrt{\bigl (x_i^k-{\bar{x}}_i^k\bigr )^2+\bigl (y_i^k-{\bar{y}}_i^k\bigr )^2}\le \delta _s . \end{aligned}$$

(19)

Therefore, by (18) and (19), we conclude that \(\partial (p_i^k,P_i^k)=({\bar{t}}_i^k,{\bar{x}}_i^k,{\bar{y}}_i^k)\) is a linkable moving point of \(p_i^k\).

Appendix 2

EDR Algorithm

Algorithm 6 shows a dynamic programming algorithm that computes the EDR distance between two trajectories.