当前位置:
X-MOL 学术
›
arXiv.cs.CR
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Designing a Location Trace Anonymization Contest
arXiv - CS - Cryptography and Security Pub Date : 2021-07-22 , DOI: arxiv-2107.10407 Takao Murakami, Hiromi Arai, Koki Hamada, Takuma Hatano, Makoto Iguchi, Hiroaki Kikuchi, Atsushi Kuromasa, Hiroshi Nakagawa, Yuichi Nakamura, Kenshiro Nishiyama, Ryo Nojima, Hidenobu Oguri, Chiemi Watanabe, Akira Yamada, Takayasu Yamaguchi, Yuji Yamaoka
arXiv - CS - Cryptography and Security Pub Date : 2021-07-22 , DOI: arxiv-2107.10407 Takao Murakami, Hiromi Arai, Koki Hamada, Takuma Hatano, Makoto Iguchi, Hiroaki Kikuchi, Atsushi Kuromasa, Hiroshi Nakagawa, Yuichi Nakamura, Kenshiro Nishiyama, Ryo Nojima, Hidenobu Oguri, Chiemi Watanabe, Akira Yamada, Takayasu Yamaguchi, Yuji Yamaoka
Location-based services (LBS) are increasingly used in recent years, and
consequently a large amount of location traces are accumulating in a data
center. Although these traces can be provided to a data analyst for geo-data
analysis, the disclosure of location traces raises serious privacy concerns.
Finding an appropriate anonymization method for location traces is also
extremely challenging, especially for long traces. To address this issue, we
have designed and held a location trace anonymization contest that deals with a
long trace (400 events per user) and fine-grained locations (1024 regions). In
our contest, each team anonymizes her original traces, and then the other teams
perform privacy attacks against the anonymized traces (i.e., both defense and
attack compete together) in a partial-knowledge attacker model where the
adversary does not know the original traces. To realize such a contest, we
propose a novel location synthesizer that has diversity in that synthetic
traces for each team are different from those for the other teams and utility
in that synthetic traces preserve various statistical features of real traces.
We also show that re-identification alone is insufficient as a privacy risk,
and that trace inference should be added as an additional risk. Specifically,
we show an example of anonymization that is perfectly secure against
re-identification and is not secure against trace inference. Based on this, our
contest evaluates both the re-identification risk and trace inference risk, and
analyzes the relation between the two risks. In this paper, we present our
location synthesizer and the design of our contest, and then report our contest
results.
中文翻译:
设计位置追踪匿名化竞赛
近年来,基于位置的服务(LBS)的使用越来越多,因此在数据中心中积累了大量的位置轨迹。虽然这些痕迹可以提供给数据分析师进行地理数据分析,但位置痕迹的披露会引起严重的隐私问题。为位置轨迹找到合适的匿名化方法也极具挑战性,尤其是对于长轨迹。为了解决这个问题,我们设计并举办了一个位置跟踪匿名化竞赛,该竞赛处理长跟踪(每个用户 400 个事件)和细粒度位置(1024 个区域)。在我们的比赛中,每个团队都将她的原始痕迹匿名化,然后其他团队对匿名化的痕迹进行隐私攻击(即,防御和攻击一起竞争)在部分知识的攻击者模型中,对手不知道原始踪迹。为了实现这样的比赛,我们提出了一种新颖的位置合成器,它具有多样性,每个团队的合成轨迹与其他团队的合成轨迹不同,并且实用性在于合成轨迹保留了真实轨迹的各种统计特征。我们还表明,仅重新识别作为隐私风险是不够的,应该添加跟踪推断作为额外的风险。具体来说,我们展示了一个匿名化的例子,它对于重新识别是完全安全的,并且对于跟踪推断是不安全的。在此基础上,我们的比赛同时评估了重新识别风险和跟踪推断风险,并分析了这两种风险之间的关系。在本文中,
更新日期:2021-07-23
中文翻译:
设计位置追踪匿名化竞赛
近年来,基于位置的服务(LBS)的使用越来越多,因此在数据中心中积累了大量的位置轨迹。虽然这些痕迹可以提供给数据分析师进行地理数据分析,但位置痕迹的披露会引起严重的隐私问题。为位置轨迹找到合适的匿名化方法也极具挑战性,尤其是对于长轨迹。为了解决这个问题,我们设计并举办了一个位置跟踪匿名化竞赛,该竞赛处理长跟踪(每个用户 400 个事件)和细粒度位置(1024 个区域)。在我们的比赛中,每个团队都将她的原始痕迹匿名化,然后其他团队对匿名化的痕迹进行隐私攻击(即,防御和攻击一起竞争)在部分知识的攻击者模型中,对手不知道原始踪迹。为了实现这样的比赛,我们提出了一种新颖的位置合成器,它具有多样性,每个团队的合成轨迹与其他团队的合成轨迹不同,并且实用性在于合成轨迹保留了真实轨迹的各种统计特征。我们还表明,仅重新识别作为隐私风险是不够的,应该添加跟踪推断作为额外的风险。具体来说,我们展示了一个匿名化的例子,它对于重新识别是完全安全的,并且对于跟踪推断是不安全的。在此基础上,我们的比赛同时评估了重新识别风险和跟踪推断风险,并分析了这两种风险之间的关系。在本文中,
京公网安备 11010802027423号