A Dummy-based Anonymization Method Based on User Trajectory with Pauses

Ryo Kato, Mayu Iwata, Takahiro Hara, Akiyoshi Suzuki, Shojiro Nishio

Osaka UniversityYuki Arase, Xing Xie

Microsoft Research AsiaACM SIGSPATIAL GIS 2012

User 1User 1

User 1User 1

User 1User 1

User 1User 1

Overview

• Location privacy in LBS• Extending k-Anonymous algorithm• Does not need a trusted third-party server

K-Anonymousserver

User 1

User 2

User 3

User 4

LBSprovider

k requests

k responsesActual location + dummy locations

Related Work

• [12] – Moving in a neighborhood– Moving in a limited neighborhood

• [14]– Circle-based dummy– Uniform grid-based dummy

• [18]– Location Traceable Tree(LT-tree)

Dummy-based Approach

Restrictions in Real World Environment

• Consistency of movements– Consider actual road map information in order to

generate reasonable dummy trajectories• Traceability • Anonymous area

Proposed Approach - Assumptions

• User continuously sends location to LBS provider

• Moving with some distribution of speed• Stopping at several locations for a certain time• Movement plans are known in advance

Proposed Approach

Three Steps1. Determine base pause position and base

pause start time2. Determine sets of shared pause positions and

shared pause start times3. Determine dummy’s movements

Determining Base Pause Position and Base Pause Start Time

0 1 2

3 4 5

6 7 8

T 0 1 2 3 … 8

0s 2 1 2 0 1

10s 1 3 0 1 2

20s 2 4 1 0 1

30s 0 0 3 0 1

total 5 8 6 1 5

Base pause grid: 3Base pause start time: 20s

Determining Sets of Shared Pause Positions and Shared Paused Start Times

Reachable

Reachable

Base pause position&

Base pause start time

Reachable

Determining Dummy’s Movements

T=3

T=12

T=14T=28

Reachable

Mid-pauseposition

Mid-pauseposition

Shared pauseposition

Shared pauseposition

Shared pauseposition

Base pauseposition

Mid-pauseposition T=9 T=19

T=22

Evaluation Setup

• Network simulator MobiREAL

Evaluation Metrics

• Anonymous Area Achieving Ratio-Count(AAAR-Count)

• Anonymous Area Achieving Ratio-Size(AAAR-Size)

• Mean Time to Confusion(MTC)

Methods Comparison

• Previous method [17]– Similar method without pauses

• Proposed method• Proposed method (AAAR-80)– Size of anonymous area varies greatly, low AAAR-

Count found in some situations– Dynamically adjust anonymous area size to

achieve 80% AAAR-Count

Result – AAAR-Count

Result – AAAR-Ratio

Result – AAAR-80

Result – MTC

Conclusion & Future Work

• The proposed approach generated dummies that moved naturally

• Real world restrictions taken into consideration

• Reactive dummies, does not need to know user’s movement plan in advance

• Real world experiment with real humans

Comments

• Did not mention communication and computation cost

• Prefer distribution/CDF plot over AAAR-Count/AAAR-Size percentage plot

• No additional third-party server is required• Location accuracy is preserved