Mobility patterns of vehicles and people provide powerful data sources for location-based services such as fleet optimization and traffic flow analysis. These data, in particular pick-up/origin and drop-off/destination of vehicles, carry high privacy risk due to the semantic context spatial-temporal data encompass. Therefore, location-based service providers must balance the value they extract from trajectory data (utility), with protecting the privacy of the individuals behind those trajectories. In order to optimize this trade-off, privacy risks must be measured. Existing privacy measures for non-sequential data are not suitable for trajectory data and this paper provides an answer to this issue. We introduce a model of an adversary with imperfect knowledge that is based on the concept of equivalence classes. We then adapt standard privacy measures, i.e. k-anonymity, l-diversity and t-closeness to the peculiarities of trajectory data. Our approach to measuring trajectory privacy provides a general measure, independent of whether and what anonymization has been applied, which can be used to intuitively compare privacy of different datasets. This work is of high relevance to all service providers acting as processors of trajectory data who want to manage privacy risks and optimize the privacy vs. utility trade-off of their services.
翻译:车辆和人员的流动模式为车辆优化和交通流量分析等基于地点的服务提供了强有力的数据来源,这些数据,特别是车辆的取出/来源和落出/目的地/目的地数据,由于空间时空数据包含的语系背景数据,具有很高的隐私风险,因此,基于地点的服务供应商必须平衡从轨迹数据中提取的价值(效用),保护轨道数据背后的个人隐私。为了优化这种权衡,必须衡量隐私风险。现有的非顺序数据的隐私措施不适合轨迹数据,本文提供了这一问题的答案。我们采用了一种基于等同类概念的不完善知识的对立模式。然后,我们调整标准隐私措施,即K-匿名性、多样性和对轨迹数据的特殊性。我们测量轨迹隐私的方法提供了一种一般性的衡量标准,独立于是否和采用了匿名,可以用来直接比较不同数据集的隐私,而本文提供了答案。这项工作与以等同等同型概念概念为基础的不完善知识的对抗模式,我们调整了标准的隐私措施,即K-匿名性、多样性和与轨迹数据供应商的保密性关系。