Database Reference
In-Depth Information
the function
f
(
x
1
,...,x
n
), without compromising privacy. There exist some
methods that allow transforming data mining problems into secure multi-party
computation problems. In the literature, many protocols have been proposed
for the computation of the secure sum, the secure set union, the secure size
of set intersection and the scalar product. These protocols can be used as data
mining primitives for secure multiparty computation in case of horizontally and
vertically partitioned data sets.
9.3 Privacy in Offline Mobility Data Analysis
In the context of offline mobility data analysis, large amounts of collected
mobility data can be used for extracting reliable knowledge useful for the under-
standing of very complex and interesting phenomena. Indeed, these data can
be used for various data analyses that allow improving systems for city traffic
control, mobility management, and urban planning, as evidenced in Chapters
6
,
7
,and
10
. Unfortunately, mobility data provide detailed movement information
of individuals and thus this information could be used for their identification and
sometimes for inferring personal sensitive information about them. Therefore,
when spatio-temporal data have to be analyzed and/or published, it is fundamen-
tal to guarantee individual privacy protection of the respondents represented in
the data.
The privacy models for relational data described in the previous section have
been widely adopted to achieve privacy protection in the context of the offline
analysis of spatio-temporal data. However, the different and more complex
nature of mobility data with respect to relational tabular data sometimes rendered
it difficult to apply these privacy models directly and this has led to the definition
of some suitable variants. The inadequacy of the aforementioned models for
trajectory data depends on the fact that these data pose new challenges due to
the following characteristics: time dependency, location dependency, and data
sparseness. The location and time components of the mobility data make it
harder to enforce privacy protection. Indeed, both the information alone or in
combination with external sources could be used by an attacker to reidentify
individuals and discover sensitive information about them. As a consequence,
a privacy defense has to take into consideration this fact and apply a data
transformation able to eliminate the privacy threats that derive from the two
sources of information. Moreover, the problem is made more difficult by the
sparseness of this large amount of data. Indeed, usually an individual visits few
locations with respect to the total number of locations available in the territory,
therefore the trajectories are relatively short and it is difficult to find overlapping
of locations among different trajectories, thus causing the sparseness problem.
Additionally, the time component makes the situation more complicated because
the same location can be visited by different individuals in different time periods.
