Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On the Transit Obfuscation Problem

Hideaki Takahashi, Alex Fukunaga

TL;DR

The paper addresses the Transit Obfuscation Problem (TOP), which seeks to route from $s$ to $g$ while concealing a transit point $t$ from a powerful observer. It formalizes a quantitative privacy guarantee, $(k,\ell,m)$-Anonymity, and develops a partitioning-based planner (PbP) to realize $(k,\ell,\infty)$-Anonymity, balancing privacy against path cost via APR and MAC metrics. The PbP framework uses a partitioning phase and a WRPT-based path query, with enhancements like Merge-BB, various merge orders, and pruning criteria; it is complemented by $m$-bounded planners (Rbp, $m$-Pbp, Cbp) for finite $m$. Experimental results on grid-map benchmarks show that the Merge-BB with CostAsc and Tunnel heuristics achieves higher anonymization ratios with lower costs than baselines, while $m$-Pbp and Cbp offer scalable alternatives for finite anonymity horizons. The work provides a foundation for anonymity-aware routing and points to future directions in scalability, multi-agent extension, and dynamic environments.

Abstract

Concealing an intermediate point on a route or visible from a route is an important goal in some transportation and surveillance scenarios. This paper studies the Transit Obfuscation Problem, the problem of traveling from some start location to an end location while "covering" a specific transit point that needs to be concealed from adversaries. We propose the notion of transit anonymity, a quantitative guarantee of the anonymity of a specific transit point, even with a powerful adversary with full knowledge of the path planning algorithm. We propose and evaluate planning/search algorithms that satisfy this anonymity criterion.

On the Transit Obfuscation Problem

TL;DR

The paper addresses the Transit Obfuscation Problem (TOP), which seeks to route from to while concealing a transit point from a powerful observer. It formalizes a quantitative privacy guarantee, -Anonymity, and develops a partitioning-based planner (PbP) to realize -Anonymity, balancing privacy against path cost via APR and MAC metrics. The PbP framework uses a partitioning phase and a WRPT-based path query, with enhancements like Merge-BB, various merge orders, and pruning criteria; it is complemented by -bounded planners (Rbp, -Pbp, Cbp) for finite . Experimental results on grid-map benchmarks show that the Merge-BB with CostAsc and Tunnel heuristics achieves higher anonymization ratios with lower costs than baselines, while -Pbp and Cbp offer scalable alternatives for finite anonymity horizons. The work provides a foundation for anonymity-aware routing and points to future directions in scalability, multi-agent extension, and dynamic environments.

Abstract

Concealing an intermediate point on a route or visible from a route is an important goal in some transportation and surveillance scenarios. This paper studies the Transit Obfuscation Problem, the problem of traveling from some start location to an end location while "covering" a specific transit point that needs to be concealed from adversaries. We propose the notion of transit anonymity, a quantitative guarantee of the anonymity of a specific transit point, even with a powerful adversary with full knowledge of the path planning algorithm. We propose and evaluate planning/search algorithms that satisfy this anonymity criterion.
Paper Structure (28 sections, 9 theorems, 3 equations, 7 figures, 3 tables, 4 algorithms)

This paper contains 28 sections, 9 theorems, 3 equations, 7 figures, 3 tables, 4 algorithms.

Table of Contents

  1. Introduction
  2. Transit Obfuscation Problem
  3. $(k, \ell, m)$-Anonymity
  4. Definitions of $(k, \ell, m)$-Anonymity
  5. Properties of $(k, \ell, m)$-Anonymity
  6. PbP: Partitioning-based Planner for $(k,\ell,\infty)$-Anonymity
  7. Objectives
  8. Pbp: Partitioning-based Planner
  9. WRP With Targets (WRPT)
  10. Searching for a Partitioning
  11. Merge-based Branch-and-Bound
  12. Merge Ordering Strategies
  13. Pruning Criteria
  14. Planners for $m$-bounded $(k,l,m)$-Anonymity
  15. Random-Walk-based Planner (Rbp)
  16. ...and 13 more sections

Key Result

Proposition 1

A path $\pi$ = $\mathcal{A}(\langle \mathcal{D}, s, g, t \rangle)$ is $(k, \ell, \infty)$-Anonymized Path iff there exists a set of nodes $T \subseteq \mathscr{T}$ satisfying all of the following:

Figures (7)

  • Figure 1: Let nodes within a radius of one be visible. Then, it is not possible for an observer to determine which of ${t_1, t_2, t_3, t_4}$ is the true transit point.
  • Figure 2: Directed vs. Undirected: While all tuples are $(3, 1, \infty)$-Anonymizable Tuples, planning $(3, 1, \infty)$-Anonymized Path for every transit point is impossible in the directed (left) case.
  • Figure 3: Convergence of ARP and MAC. Mege-BB with CostAsc shows the best performance.
  • Figure 3: Comparison of the runtime ([s]) for each planner. Rbp and Cbp show better scalability compared to $m$-Pbp.
  • Figure 4: Impact of $k$, $\ell$, and radius $r$. Larger $k$ and $\ell$ increase MAC. The impact of $r$ is not monotonic.
  • ...and 2 more figures

Theorems & Definitions (15)

  • Definition 1: $(k, \ell, m)$-Anonymized Path
  • Definition 2: $(k, \ell, m)$-Anonymizable Tuple
  • Definition 3: $(k, \ell, m)$-Anonymity
  • Definition 4: $(k, \ell, m, \delta)$-Local Anonymity
  • Proposition 1: 3C Condition for Output Path
  • Theorem 1: Complexity
  • Theorem 2: Existence of a Satisfying Path Planner
  • Lemma 1: Path-Extension
  • Definition 5: Anonymized Path Ratio (APR)
  • Definition 6: Mean Anonymization Cost (MAC)
  • ...and 5 more