With the recent bloom of data and the drive towards an information-based society, the urge of and the advancements in data analytics is surging like never before. And with this, the risks of privacy violation of various kinds are also increasing manifold. Most of the methods to mitigate the privacy risks for location data resort to adding some noise to the location, like the planar Laplace used to achieve geo-indistinguishability. However, the noise should be calibrated carefully, taking into account the implications for utility, because it is far from ideal for the service providers to completely lose the utility of the collected data succumbing to the privacy requirements of the users. Similarly, the quality of service for the users should be optimized with their personalized needs of privacy protection used to shield their sensitive information. In this paper, we address this age-old battle between privacy and utility from three ends: privacy of the users' data, the quality of service (QoS) received by them in exchange for sharing their privatized data, and the statistical utility of the privatized data for the service providers who wish to perform various kinds of analysis and research on the data collected from the users. We propose a method to produce a geo-indistinguishable location-privacy mechanism that advances to optimize simultaneously between the level of privacy attained, the QoS, and the statistical utility achieved by the obfuscated data. We illustrate the soundness of this three-way privacy-utility optimization mechanism both analytically and with experiments. Apart from the novelty of the proposed method, this work is aimed to engender an analytical perspective to bridge between geo-indistinguishable location-privacy, QoS, and statistical utilities used in standard data analytics, from an information theoretical, probabilistic, and statistical perspective.
翻译:随着最近数据泛滥和对信息型社会的推动,数据分析的急迫性和进步正在前所未有地猛增。与此同时,各种侵犯隐私的风险也在不断增多。减轻定位数据隐私风险的大多数方法,如用于实现地理差异化的Plantar Laplace等,在位置上增加了一些噪音。然而,应仔细校正噪音,考虑到对实用性的影响,因为服务供应商完全丧失所收集的数据对用户隐私需求的效用远非理想。同样,为用户提供的服务质量应当以其个人化的隐私保护需求来优化,以掩盖其敏感信息。在本文件中,我们从三个方面处理隐私与实用性之间的老战役:用户数据的保密性、他们为分享其私有化数据而收到的服务质量,以及私有化数据对于希望对用户的隐私要求进行各种分析和研究的实用性。 我们用一种方法,即从地理成本成本分析角度,到从地理成本层面的准确性数据水平,用一种方法,从用户的正确性数据角度,用一种方法,从地理成本层面的计算,用一种方法,用一种从地理成本角度,用一种方法,从地理空间角度,用一种我们所收集的数据速度,用的方法,用一种方法,用一种方法到进进进。