Yingjie Wu

P-cover k-anonymity model for protecting multiple sensitive attributes

The k-anonymity model has been introduced for protecting individual privacy. While focusing on membership disclosure, k-anonymity model fail to protect sensitive attribute disclosure. Different from the existing models of single sensitive attribute, extra associations among multiple sensitive attributes should be invested. In this paper, we propose a p-cover k-anonymity model to prevent both membership and multiple sensitive attributes disclosure. We present an optimal global-recoding algorithm based on p-cover k-anonymity model. The simulation experiments on real datasets show that the proposed model and algorithm are feasible and effective.

Preserving location privacy for location-based services with continuous queries on road network

Recently, several techniques have been proposed to protect the user location privacy for location-based services in road network environments. A typical approach for user location privacy protection is to blur a user location into a cloaked set of road segments S such that S satisfies the user specified privacy requirements. However, these location cloaking algorithms work with snapshot locations only and do not consider the effect of continuous location updates. Applying these algorithms directly to continuous queries would lead to privacy leakage if attackers have knowledge about maximum user velocity, namely velocity-based Attack. In this paper, we present the privacy safety condition to defend against velocity-based attack, and propose an anonymity algorithm based on greedy strategy to preserve user privacy. The experiment results based on dataset of real network show the algorithm is effective and feasible.

A technique for preventing replay attack in road networks

Recent years, several techniques have been proposed to preserve the user location privacy in road networks. Some of the existing techniques may suffer replay attack, and leads to leaking the user location privacy. The existing technique to resist replay attack is add a randomize step into the cloak process, which may be unquestioning. In this paper, we propose a grouping-based method to prevent replay attack by dividing the segment set to form cloaked set. The experiment result shows the effectiveness and feasibility of our algorithm.

Guess-Answer: Protecting Location Privacy in Location Based Services

When mobile users retrieve interested location information through location based service (LBS), they should always provide their accurate location, which may leak their location privacy. In order to prevent privacy leakage when service provider is not reliable, some solutions based on two ties architecture are proposed. However, these solutions are either hard to implement or may lead to huge communication cost. In this paper, we present a novel technique, called Guess-Answer. Through the interaction between user and server, the location information within a region that satisfies the minimum privacy requirement of the user would be delivered. Through proper analysis and experimental study, we demonstrate that Guess-Answer is an efficient and effective way to achieve personalized privacy.

A Weight-Based Attack Model in Road Networks

Recently, several techniques have been proposed to preserve the user location privacy in road networks. To protect the location privacy of users, many of the existing techniques adopt cloaking which blurs the actual location into a set of segments. But these techniques do not take the weight of the segments into account in the situation of road networks. In this paper, we propose a new attack model that an adversary can infer the true location of the requester according to the weight distribution with a certain probability. And we also design an approach to solve this problem, which can guarantee better distribution of the weights in the cloaked set. The experiment result shows the effectiveness and feasibility of our algorithm.

A survey of transaction dada anonymous publication

Transaction data contain a large amount of information of individuals and entities. Publication of these data can provide important resources for researching such as association rule mining, recommendation systems and user behavior prediction ect. But on the other hand, it will compromise individual privacy. Recently, many works focus on privacy preserving transaction data publishing, especially on anonymous publishing. In this paper, we will systematically summarize and evaluate different anonymous approaches for transactional data publication.

Preventing Location-based Inference Attack in Location Based Services

The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the senders location to k-anonymized spatial region (ASR), such that an attack based on the senders location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Extended Guess-Answer: Preventing velocity-based linkage attacks in location-based services

When mobile users search points of interest in location based services, they should always provide their accurate locations, which may leak location privacy of themselves. A typical approach to protect user location privacy is to generate a cloaked region (CR) that encloses the user position. However, if locations are continuously reported, an attacker can correlate CRs from multiple timestamps to accurately pinpoint the user position within a CR. In this paper, we present a novel approach, called Extended Guess-Answer, to protect against velocity-based linkage attacks in location based services. Through the interaction between the user and the server, a cloaked region that contains user current location can be generated. The experimental results show that our approach is effective and feasible.

New algorithm with lower upper size bound for k-anonymity

k-Anonymity is a well-researched privacy principle for data publishing. It requires that each tuple of a public released table can not be identified with a probability higher than 1 over k. According to literatures, one way to achieve k-anonymity is to generalize the table into several anonymization groups. All tuples within a group is indistinguishable. However, best of our knowledge, the worst-case upper bound on size of anonymization groups resulting from existing algorithms is not good, and the lowest value is 2k − 1. This paper propose a new algorithm for k-anonymity focusing on improving the solution quality. We show that the upper bound of our algorithm is lower than 2k − 1 in non-trivial cases, and when n > k2, the bound becomes k + 1. Experiments on real world dataset demonstrate our conclusions.