Joint Obfuscation of Location and Its Semantic Information for Privacy Protection

May 1, 2020
Go to Project Site

In this work, I introduced a new obfuscation approach, called joint obfuscation for protecting location privacy and semantic location privacy of users in location-based social networks (LBSNs) such as Foursquare and Facebook. In these networks, users can share with each other, their (geographical) locations together with the semantic information associated with their locations. The semantic information captures the type of a location and is usually represented by a semantic tag. Semantic tag sharing increases the threat to users’ location privacy (which is already at risk because of location sharing) and it also puts users’ semantic location privacy at risk. A common solution to protect the location privacy and the semantic location privacy of users in such LBSNs is to obfuscate the location and the semantic tag independently of each other in a so called disjoint obfuscation approach. However, since in this approach the location obfuscation is performed in a semantic-oblivious manner, an adversary can still increase his chance to infer the actual location and the actual semantic tag by exploiting the semantic incompatibility between the obfuscated location and the obfuscated semantic tag.

In this work, I addressed this is- sue by proposing a joint obfuscation approach in which the location obfuscation is performed based on the result of the semantic tag obfuscation. I also provided a formal framework for evaluation and comparison of our joint approach with the disjoint approach. In particular, I formalized the both approaches using probability distribution functions and proposed an adversary model that performed inference attacks against users. I presented an implementation of the attacks based on dynamic bayesian network (DBN) models. By running an experimental evaluation on a dataset of real-world user traces collected from six different cities, I showed that in almost all cases (i.e., in different cities and with different obfuscation parameters), the joint approach outperformed the disjoint approach in terms of location privacy protection and the semantic location privacy protection. Based on the evaluation results, I also discussed how different obfuscation parameters and the choice of the city could affect the performance of the obfuscation approaches. In particular, we show how changing these parameters could improved the performance of the joint approach. For the experimental evaluation, I wrote programs in python and shell script and run the evaluations using Google Cloud virtual machines.

Privacy Social networks Location-based services Location semantics Bayesian networks Probabilistic graphical models Utility data analytics Data Science
Behnaz Bostanipour
Behnaz Bostanipour
Computer Science Researcher

Related