InfoSec Seminar: What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy

Speaker: Apostolos Pyrgelis

Date/Time: 13-Jul-2017, 16:00 UTC

Venue: Gordon Street (25), Room 500



Information about people's movements and locations is routinely used in a wide range of settings, e.g., transportation and urban planning applications. In this context, data aggregation is often considered as a privacy-friendly strategy to hide individual users' traces. This protection can be further enhanced using differential privacy (DP) techniques to bound the privacy leakage from the aggregates themselves, by either perturbing the input of the aggregation or its output. In this paper, we set to evaluate the impact of releasing aggregate location time-series on the privacy of individuals contributing to the aggregation. We introduce a framework allowing us to reason about privacy against an adversary attempting to predict users' locations or recover their mobility patterns. We formalize these attacks as inference problems, and discuss a few strategies to model the adversary's prior knowledge based on the information she may have access to. We then use the framework to quantify the privacy loss stemming from aggregate location data, with and without DP protection, using two real-world mobility datasets. We find that aggregates do leak information about punctual locations and profiles. Furthermore, the density of the observations, as well as timing, play important roles, e.g., regular patterns during peak hours are better protected than sporadic movements. Finally, our evaluation shows that both output and input perturbation offer little additional protection, unless they introduce large amounts of noise ultimately destroying the utility of the data.  


Add to Calendar

This page was last modified on 27 Mar 2014.