Trpf: a Trajectory Privacy-Preserving Framework

TrPF: A Trajectory Privacy-Preserving Framework

for Participatory Sensing

ABSTRACT

The ubiquity of the various cheap embedded sensorson mobile devices, for example cameras,microphones, accelerometers,and so on, is enabling the emergence of participatory sensingapplications. While participatory sensing can benefit the individualsand communities greatly, the collection and analysis of theparticipators’ location and trajectory data may jeopardize theirprivacy. However, the existing proposals mostly focus on participators’location privacy, and few are done on participators’ trajectoryprivacy. The effective analysis on trajectories that contain spatial-temporal history information will reveal participators’ whereaboutsand the relevant personal privacy. In this paper, we proposea trajectory privacy-preserving framework, named TrPF, for participatorysensing. Based on the framework, we improve the theoreticalmix-zones model with considering the time factor from theperspective of graph theory. Finally, we analyze the threat modelswith different background knowledge and evaluate the effectivenessof our proposal on the basis of information entropy, and thencompare the performance of our proposal with previous trajectoryprivacy protections. The analysis and simulation results prove thatour proposal can protect participators’ trajectories privacy effectivelywith lower information loss and costs than what is affordedby the other proposals.

Existing System

In typical participatory sensing applications, the uploadeddata reports may reveal participators’ spatial-temporal information.Analysts could obtain some valuable results from the publishedtrajectories for decision making, for example, merchantsmay decide where to build a supermarket that can produce maximumprofit by analyzing trajectories of customers in a certainarea and the Department of Transportation can make an optimizedvehicle scheduling strategy by monitoring trajectories ofvehicles. However, it may introduce serious threats to participators’privacy. Adversary may possibly analyze the trajectorieswhich contain rich spatial-temporal history information to linkmultiple reports from the same participators and determine certainprivate information such as the places where the data reportsare collected. Thus, it is necessary to unlink the participators’identities from sensitive data collection locations. To best of ourknowledge, existing work on privacy in participatory sensingmainly concentrate on data contribution and reporting process. If an adversary has a priori knowledge of a participator’strajectory, it is effortless to deanonymize his/her reports.

Proposed System:

we propose a trajectory privacy-preserving framework,named TrPF, for participatory sensing. We observe thatthe locations on or nearby participators’ trajectories may not allbe sensitive, and with this thought, our proposal only deals withthe sensitive trajectory segments that will be discussed in thefollowing. Moreover, mix-zones are regions where noapplications can track participators’ movements. Some worksfocused on road network mix-zones, which are notapplicable in participatory sensing. For one thing, they all buildmix-zones at road intersection, which may restrict the randomdata collection time and the number of ingress/egress locations;for another thing, the trajectory segments at the road intersectionmay not be sensitive, while the others would be. Therefore, weimprove the theoretical mix-zones model to constructtrajectory mix-zones model for protecting sensitive trajectorysegments from the perspective of graph theory. Compared withexisting trajectory privacy-preserving proposals, our proposalhas advantages of lower costs and information loss while theprivacy level would not decrease.

Advantages:

• Lower costs and
• Information loss while theprivacy level would not decrease

Architecture:

MODULES”

1. Data Collectors
2. Trusted Third Party Server (TTPs)
3. Report Server
4. Application Server
5. Queriers

Modules Description

1. Data Collectors

Mobile Nodes are devices with thecapabilities of sensing, computation, memory and wirelesscommunication, which act as data collectors in participatorysensing system. They can be used for context-aware datacapture and carried along with each participator. Note thatthe involvement of data collectors in this sensing campaign isvoluntary. Any participator who wants to provide applicationserver with shared data needs to obtain a certificate from TrustedThird Party Server. To prevent adversary from disguising as alegitimate participator to upload malicious data, only the onewho has been validated can access the participatory sensingsystem and upload his/her collected data reports.

1. Trusted Third Party Server (TTPs)

To ensure systemsecurity and participators’ privacy, TTPs stores participators’relevant information such as certificates and pseudonyms information.Certificates are used for verifying participators’ validityso as to exclude malicious attacker. The disclosure ofthe spatial-temporal information may also threaten the participators’privacy. We remove the linkage between the participators’spatial-temporal information and their identities based onpseudonym technique.

1. Report Server

Report Server is responsible for dealingwith two aspects: (a) Interact with TTPs to verify the validityof the participators’ identities by the certificates contained inthe data reports; (b) Simplify the uploaded data reports such asdata aggregation, and then send the data reports to ApplicationServer.

1. Application Server

Application Server acts as a datacenter. It can provide kinds of data services for end users andplay the following roles: (a) Data Storage: store the processeddata reports received from data report server; (b) Data Sharing:any legitimate end user can access the available data services;(c) Data Publish: publish the data reports for the end users toquery.

However, in our system architecture, Application Server may be untrustworthy. It may leak participators’ sensitive information to adversary. For example, the disclosure of participators’ trajectories may indicate where the data reports are collected. Maybe some of the locations such as home address are sensitive. Adversary can use the published trajectories to link participators’ data reports with sensitive locations. As a result, the participators are aware that their privacy might be invaded seriously so that they may not want to share their collected datareports with end users.

1. Queriers

Queriers are end users that request sensor reportsin a given participatory sensing application, which can bepersonal users or community users. They access and consult thedata gathered by the data collectors according to their requirements.The queriers include, for example, data collectors are intendingto consult their own collected data, doctors checkingtheir patients’ records, environmentalists querying the climatedata of a certain area or the general public for other purposes.Note that only the registered end users can access the shareddata reports. End users send certificate authentication requeststo TTPs. Anyone who has registered before can get the accessauthorization and only the valid end users can access the shareddata reports that are provided by data collectors.

System Configuration:-

H/W System Configuration:-

Processor - Pentium –III

Speed - 1.1 Ghz

RAM - 256 MB (min)

Hard Disk - 20 GB

Floppy Drive - 1.44 MB

Key Board - Standard Windows Keyboard

Mouse - Two or Three Button Mouse

Monitor - SVGA

S/W System Configuration:-

Operating System :Windows95/98/2000/XP

Application Server : Tomcat5.0/6.X

Front End : HTML, Java, Jsp

 Scripts : JavaScript.

Server side Script : Java Server Pages.

Database : Mysql

Database Connectivity : JDBC.

CONCLUSION

The disclosure of data collectors’ trajectories poses seriousthreats to participators’ personal privacy. It may prevent participatorsfrom data sharing. In this paper, we first propose a

trajectory privacy-preserving framework TrPF for participatorysensing. Then, we propose a trajectory mix-zones graph modelto protect participators’ trajectories from the perspective ofgraph theory. We take the time factor into consideration to improvethe mix-zones model. It may be more realistic in practice.Thirdly, we define the privacy metric in terms of the privacylevel and privacy loss and information loss metric, and then analyzethe threat models with different background knowledge.Finally, we evaluate the effectiveness and performance of ourtrajectory mix-zones graph model using the metric above withdifferent parameter sets. The simulation results prove that thetrajectory mix-zones graph model can protect participators’trajectories privacy effectively and reduce the informationloss and costs in contrast to the other proposals. In the future,we will work on the semantic trajectory privacy problems ofmultiple mix-zones in detail.