Privacy risks of spatio-temporal data transformations
Kaplan, Emre (2017) Privacy risks of spatio-temporal data transformations. [Thesis]
In recent years, we witness a great leap in data collection thanks to increasing number of mobile devices. Millions of mobile devices including smart phones, tablets and even wearable gadgets embedded with GPS hardware enable tagging data with location. New generation applications rely heavily on location information for innovative business intelligence which may require data to be shared with third parties for analytics. However, location data is considered to be highly sensitive and its processing is regulated especially in Europe where strong data protection practices are enforced. To preserve privacy of individuals, first precaution is to remove personal identifiers such as name and social security number which was shown to be problematic due to possible linking with public data sources. In fact, location itself may be an identifier, for example the locations in the evening may hint the home address which may be linked to the individual. Since location cannot be shared as it is, data transformation techniques have been developed with the aim of preventing user re-identification. Data transformation techniques transform data points from their initial domain into a new domain while preserving certain statistical properties of data. In this thesis, we show that distance-preserving data transformations may not fully preserve privacy in the sense that location information may be estimated from the transformed data when the attacker utilizes information such as public domain knowledge and known samples. We present attack techniques based on adversaries with various background information. We first focus on spatio-temporal trajectories and propose an attack that can reconstruct a target trajectory using a few known samples from the dataset. We show that it is possible to create many similar trajectories that mimic the target trajectory according to the knowledge (i.e. number of known samples). The attack can identify locations visited or not visited by the trajectory with high confidence. Next, we consider relation-preserving transformations and develop a novel attack technique on transformation of sole location points even when only approximate or noisy distances are present. We experimentally demonstrate that an attacker with a limited background information from the dataset is still able to identify small regions that include the target location points.
Repository Staff Only: item control page