| With the continuous development of information technology,data becomes more and more important,especially trajectory data which plays a vital role.People's walk-ing can produce trajectories,and various modes of transportation can also produce tra-jectories.What ensues is a lot of trajectory data interaction and processing.For ex-ample,a user uploads his trajectory data to a map service provider to inquire about a nearby hotel;a government department collects trajectories of vehicles in an urban area to plan a road design against traffic jams.However,because trajectory data is tied to an individual,exposing it can cause serious privacy issues.The attacker can infer some sensitive information based on users' trajectory data(such as home address,organiza-tion/company he works for,hobbies,etc.).Therefore,designing a method to protect users' privacy during trajectory data interaction is imminent.This paper focuses on the privacy protection in two scenarios:privacy protection for individual users' trajectory data based on location services and privacy protection for multi-users' trajectory data based on data aggregation,and proposes a solution to satisfy differential privacy.In the first scenario,individual users upload their own trajectory data to request services.With location information services becoming more and more popular,this scenario is also becoming more and more common,so the followed privacy issues are becoming increasingly serious.In order to solve this problem,recently,geographic indistinguishability,a concept from differential privacy,has been proposed.This pri-vacy model requires that a noise be added to the original position to ensure that multiple adjacent original positions will produce the same output position with an approximate probability.Compared with traditional methods such as cryptography and k-anonymity,it combines the two advantages of verifiable proved privacy strength and lightweight.However,this method was originally designed to protect a single point.When it is used directly to protect multiple points,the total privacy consumption quickly accumulates as the number of protected points increases.It means that the number of users requesting location information services is limited greatly,or the user's privacy will be destroyed.In this paper,in order to solve this problem,we improved the original geographic in-distinguishability mechanism and put forward the PTM(prediction and testing mecha-nism).It constructs an approximate location of the real location by consuming a small amount of privacy,thereby achieving the purpose of reducing privacy consumption.It can significantly reduce privacy consumption while ensuring data availability.In or-der to obtain the approximate location,we focused three main scenarios and designed corresponding prediction methods.To test the performance of our mechanism,we con-ducted experiments on two data sets.The experimental results have shown that our mechanism has achieved a good balance between reducing privacy consumption and maintaining data availability.In the second scenario,data collectors gather a large amount of trajectory data for analysis,which causes privacy issues.Some research put forward solutions based on differential privacy,but these solutions need to assume that the data collector is trustworthy,so this requirement is difficult to meet in real life.In order to solve this problem,we used the latest local differential privacy technology.Local differential privacy requires users to perturb before uploading data,and the server can only touch the disturbed data,so it does not need to assume that the data collector is trustworthy.Based on the local differential privacy,we designed a basic perturbator to protect users'privacy.In order to handle a large amount of trajectory data,we introduced the N-Gram model to help us optimize the efficiency of the algorithm.This model not only can reduce the amount of data that needs to be transmitted and processed,but also the overall privacy consumption.We also designed a pruning strategy to control the number of Grams we need to process,and a sampling strategy to further reduce the overall privacy consumption.Finally,since the trajectory data can be seen as a special kind of sequence data set,we have found that our method can seamlessly extend to the privacy protection of sequence data sets under certain conditions.Experiments have shown that our method can ensure privacy and data availability. |
PDF Full Text Request