Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Protecting Vehicle Location Privacy with Contextually-Driven Synthetic Location Generation

Sourabh Yadav, Chenyang Yu, Xinpeng Xie, Yan Huang, Chenxi Qiu

TL;DR

This work investigates vehicle location privacy under geo-obfuscation by highlighting the weaknesses of Geo-Indistinguishability when attackers leverage road networks and traffic context. It introduces VehiTrack, a context-aware inference framework that combines mobility-restriction Bayesian inference with LSTM-based posterior refinement to accurately recover real vehicle locations from obfuscated data. To counter this vulnerability, the authors propose TransProtect, a Transformer-based obfuscation framework that constructs a context-consistent set of candidate locations via location embeddings (Node2Vec and GCN) and a Transformer-driven assessment, ranking by a utility-loss objective. Experiments on Rome and San Francisco taxi datasets show that VehiTrack achieves substantial reductions in inference error over traditional methods, while TransProtect significantly enhances privacy with manageable utility loss. Overall, the paper provides a practical approach to strengthening location privacy in LBS by aligning obfuscated data with realistic mobility patterns and employing deep learning to model implicit context.

Abstract

Geo-obfuscation is a Location Privacy Protection Mechanism used in location-based services that allows users to report obfuscated locations instead of exact ones. A formal privacy criterion, geoindistinguishability (Geo-Ind), requires real locations to be hard to distinguish from nearby locations (by attackers) based on their obfuscated representations. However, Geo-Ind often fails to consider context, such as road networks and vehicle traffic conditions, making it less effective in protecting the location privacy of vehicles, of which the mobility are heavily influenced by these factors. In this paper, we introduce VehiTrack, a new threat model to demonstrate the vulnerability of Geo-Ind in protecting vehicle location privacy from context-aware inference attacks. Our experiments demonstrate that VehiTrack can accurately determine exact vehicle locations from obfuscated data, reducing average inference errors by 61.20% with Laplacian noise and 47.35% with linear programming (LP) compared to traditional Bayesian attacks. By using contextual data like road networks and traffic flow, VehiTrack effectively eliminates a significant number of seemingly "impossible" locations during its search for the actual location of the vehicles. Based on these insights, we propose TransProtect, a new geo-obfuscation approach that limits obfuscation to realistic vehicle movement patterns, complicating attackers' ability to differentiate obfuscated from actual locations. Our results show that TransProtect increases VehiTrack's inference error by 57.75% with Laplacian noise and 27.21% with LP, significantly enhancing protection against these attacks.

Protecting Vehicle Location Privacy with Contextually-Driven Synthetic Location Generation

TL;DR

This work investigates vehicle location privacy under geo-obfuscation by highlighting the weaknesses of Geo-Indistinguishability when attackers leverage road networks and traffic context. It introduces VehiTrack, a context-aware inference framework that combines mobility-restriction Bayesian inference with LSTM-based posterior refinement to accurately recover real vehicle locations from obfuscated data. To counter this vulnerability, the authors propose TransProtect, a Transformer-based obfuscation framework that constructs a context-consistent set of candidate locations via location embeddings (Node2Vec and GCN) and a Transformer-driven assessment, ranking by a utility-loss objective. Experiments on Rome and San Francisco taxi datasets show that VehiTrack achieves substantial reductions in inference error over traditional methods, while TransProtect significantly enhances privacy with manageable utility loss. Overall, the paper provides a practical approach to strengthening location privacy in LBS by aligning obfuscated data with realistic mobility patterns and employing deep learning to model implicit context.

Abstract

Geo-obfuscation is a Location Privacy Protection Mechanism used in location-based services that allows users to report obfuscated locations instead of exact ones. A formal privacy criterion, geoindistinguishability (Geo-Ind), requires real locations to be hard to distinguish from nearby locations (by attackers) based on their obfuscated representations. However, Geo-Ind often fails to consider context, such as road networks and vehicle traffic conditions, making it less effective in protecting the location privacy of vehicles, of which the mobility are heavily influenced by these factors. In this paper, we introduce VehiTrack, a new threat model to demonstrate the vulnerability of Geo-Ind in protecting vehicle location privacy from context-aware inference attacks. Our experiments demonstrate that VehiTrack can accurately determine exact vehicle locations from obfuscated data, reducing average inference errors by 61.20% with Laplacian noise and 47.35% with linear programming (LP) compared to traditional Bayesian attacks. By using contextual data like road networks and traffic flow, VehiTrack effectively eliminates a significant number of seemingly "impossible" locations during its search for the actual location of the vehicles. Based on these insights, we propose TransProtect, a new geo-obfuscation approach that limits obfuscation to realistic vehicle movement patterns, complicating attackers' ability to differentiate obfuscated from actual locations. Our results show that TransProtect increases VehiTrack's inference error by 57.75% with Laplacian noise and 27.21% with LP, significantly enhancing protection against these attacks.
Paper Structure (35 sections, 1 theorem, 13 equations, 15 figures, 5 tables)

This paper contains 35 sections, 1 theorem, 13 equations, 15 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Preliminary
  3. Geo-Obfuscation in LBS
  4. Geo-Indistinguishability
  5. Limitations of Geo-Ind
  6. VehiTrack: A Context-Aware Location Inference Algorithm
  7. Models
  8. Threat model
  9. Vehicle's mobility model
  10. Phase 1: Mobility Restriction-Aware Bayesian Inference
  11. Step 1 - Identify the location set $\mathcal{R}_{n}$ that is reachable by the locations in $\mathcal{S}_{n-1}$ during the time interval $[t_{n-1}, t_n]$
  12. Step 2 - Determine the possible location set $\mathcal{S}_{n}$ using the obfuscation matrices
  13. Phase 2: Posterior Refinement using LSTM
  14. Training dataset generation
  15. LSTM network architecture
  16. ...and 20 more sections

Key Result

proposition 1

$SPT_i$ is sufficient to identisfy $\mathcal{R}^i_{n}$.

Figures (15)

  • Figure 1: Introduction of VehiTrack and TransProtect.
  • Figure 2: Geo-indistinguishability and its limit.
  • Figure 3: Framework of deriving $\mathcal{S}_{n}$ from $\mathcal{S}_{n-1}$. Step 1: Find the location set $\mathcal{R}_{n}$ that are reachable by $\mathcal{S}_{n-1}$; Step 2: Derive the posterior of each location in $\mathcal{R}_{n}$ and find the ones of which the posteriors are higher than the threshold $\xi$.
  • Figure 4: Training data generation in Phase 2.
  • Figure 5: Framework of Phase 2.
  • ...and 10 more figures

Theorems & Definitions (2)

  • Definition 2.1
  • proposition 1