Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Can Trajectory Generation Combine Privacy and Utility?

Erik Buchholz, Alsharif Abuadbba, Shuo Wang, Surya Nepal, Salil S. Kanhere

TL;DR

This paper proposes a framework for designing a privacy-preserving trajectory publication approach by defining five design goals, particularly stressing the importance of choosing an appropriate Unit of Privacy, and performs an experimental study evaluating the applicability of six sequential generative models to the trajectory domain.

Abstract

While location trajectories represent a valuable data source for analyses and location-based services, they can reveal sensitive information, such as political and religious preferences. Differentially private publication mechanisms have been proposed to allow for analyses under rigorous privacy guarantees. However, the traditional protection schemes suffer from a limiting privacy-utility trade-off and are vulnerable to correlation and reconstruction attacks. Synthetic trajectory data generation and release represent a promising alternative to protection algorithms. While initial proposals achieve remarkable utility, they fail to provide rigorous privacy guarantees. This paper proposes a framework for designing a privacy-preserving trajectory publication approach by defining five design goals, particularly stressing the importance of choosing an appropriate Unit of Privacy. Based on this framework, we briefly discuss the existing trajectory protection approaches, emphasising their shortcomings. This work focuses on the systematisation of the state-of-the-art generative models for trajectories in the context of the proposed framework. We find that no existing solution satisfies all requirements. Thus, we perform an experimental study evaluating the applicability of six sequential generative models to the trajectory domain. Finally, we conclude that a generative trajectory model providing semantic guarantees remains an open research question and propose concrete next steps for future research.

SoK: Can Trajectory Generation Combine Privacy and Utility?

TL;DR

This paper proposes a framework for designing a privacy-preserving trajectory publication approach by defining five design goals, particularly stressing the importance of choosing an appropriate Unit of Privacy, and performs an experimental study evaluating the applicability of six sequential generative models to the trajectory domain.

Abstract

While location trajectories represent a valuable data source for analyses and location-based services, they can reveal sensitive information, such as political and religious preferences. Differentially private publication mechanisms have been proposed to allow for analyses under rigorous privacy guarantees. However, the traditional protection schemes suffer from a limiting privacy-utility trade-off and are vulnerable to correlation and reconstruction attacks. Synthetic trajectory data generation and release represent a promising alternative to protection algorithms. While initial proposals achieve remarkable utility, they fail to provide rigorous privacy guarantees. This paper proposes a framework for designing a privacy-preserving trajectory publication approach by defining five design goals, particularly stressing the importance of choosing an appropriate Unit of Privacy. Based on this framework, we briefly discuss the existing trajectory protection approaches, emphasising their shortcomings. This work focuses on the systematisation of the state-of-the-art generative models for trajectories in the context of the proposed framework. We find that no existing solution satisfies all requirements. Thus, we perform an experimental study evaluating the applicability of six sequential generative models to the trajectory domain. Finally, we conclude that a generative trajectory model providing semantic guarantees remains an open research question and propose concrete next steps for future research.
Paper Structure (24 sections, 8 equations, 5 figures, 7 tables)

This paper contains 24 sections, 8 equations, 5 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Trajectory Datasets
  4. Differential Privacy
  5. Differentially Private Deep Learning
  6. Generative Models
  7. Practical Attacks against Trajectory Privacy
  8. Design Goals
  9. Systematisation of Approaches
  10. Differential Privacy Protection
  11. DL-based Trajectory Generation
  12. Generative Models
  13. Conclusion
  14. Minimal Example trajLoss
  15. LSTM-TrajGAN Evaluations
  16. ...and 9 more sections

Figures (5)

  • Figure 1: Density problem of . A single outlier significantly reduces the hd but not the wd.
  • Figure 2: Categorisation of trajectory publication.
  • Figure 3: Application of GeoPointGAN GeoPointGAN to the and Geolife datasets. Compare \ref{['fig_gen-pointclouds']} for baseline.
  • Figure 4: dataset generation. All models perform reasonably well on this dataset. The two models generate the same image as each step depends on the previous, but the first row consists only of black pixels.
  • Figure 5: Overview of generative models. No considered sequential generative model can adequately capture the point distribution of the original trajectory datasets and Geolife.

Theorems & Definitions (1)

  • definition 1: Differential Privacy