TY - GEN
T1 - Two de-anonymization attacks on real-world location data based on a hidden Markov model
AU - Eshun, Samuel N.
AU - Palmieri, Paolo
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - The increasing demand for smart context-aware services and the widespread use of location-based services (LBS) have resulted in the proliferation of mobile devices equipped with geolocation sensors (including GPS, geomagnetic field sensor, accelerometer, proximity sensor, et cetera). As a result, service providers and telecommunications companies can collect massive mobility datasets, often for millions of subscribers. To provide a degree of privacy, dataset owners normally replace personal identifiers such as name, address, and social security number (SSN) with pseudorandom identifiers prior to publication or sale. However, it has been repeatedly shown how sensitive information can be easily extracted or inferred from individuals' mobility data even when personal identifiers are removed. Knowledge of the extent to which location data can be de-anonymized is therefore crucial, in order to design appropriate privacy mechanisms that can prevent re-identification. In this paper, we propose and implement two novel and highly effective de-anonymization techniques: the Forward, and the KL algorithms. Our work utilizes a hidden Markov model (which incorporates spatio-temporal trajectories) in a novel way to generate user mobility profiles for target users. Using a real-world reference dataset containing mobility trajectories from the city of Shanghai (GeoLife, a reference dataset also used in previous studies), we evaluate the robustness of the proposed attack techniques. The results show that our attack techniques successfully re-identify up to 85% anonymized users. This significantly exceeds current comparable de-anonymization techniques, which have a success rate of 40% to 45%.
AB - The increasing demand for smart context-aware services and the widespread use of location-based services (LBS) have resulted in the proliferation of mobile devices equipped with geolocation sensors (including GPS, geomagnetic field sensor, accelerometer, proximity sensor, et cetera). As a result, service providers and telecommunications companies can collect massive mobility datasets, often for millions of subscribers. To provide a degree of privacy, dataset owners normally replace personal identifiers such as name, address, and social security number (SSN) with pseudorandom identifiers prior to publication or sale. However, it has been repeatedly shown how sensitive information can be easily extracted or inferred from individuals' mobility data even when personal identifiers are removed. Knowledge of the extent to which location data can be de-anonymized is therefore crucial, in order to design appropriate privacy mechanisms that can prevent re-identification. In this paper, we propose and implement two novel and highly effective de-anonymization techniques: the Forward, and the KL algorithms. Our work utilizes a hidden Markov model (which incorporates spatio-temporal trajectories) in a novel way to generate user mobility profiles for target users. Using a real-world reference dataset containing mobility trajectories from the city of Shanghai (GeoLife, a reference dataset also used in previous studies), we evaluate the robustness of the proposed attack techniques. The results show that our attack techniques successfully re-identify up to 85% anonymized users. This significantly exceeds current comparable de-anonymization techniques, which have a success rate of 40% to 45%.
KW - DBSCAN Clustering
KW - De-anonymization
KW - Hidden Markov model
KW - Location privacy
UR - http://www.scopus.com/inward/record.url?scp=85134191119&partnerID=8YFLogxK
U2 - 10.1109/EuroSPW55150.2022.00062
DO - 10.1109/EuroSPW55150.2022.00062
M3 - Conference contribution
AN - SCOPUS:85134191119
T3 - Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
SP - 524
EP - 532
BT - Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
Y2 - 6 June 2022 through 10 June 2022
ER -