Database Reference
In-Depth Information
without sharing the data, so that nothing is disclosed except the final result of the
data mining process. This problem is addressed in cryptography in the field of
secure multi-party computation
. An example of a problem tackled by this kind
of approach is privacy-preserving clustering in horizontally partitioned spatio-
temporal data. Here, each horizontal partition contains trajectories of distinct
moving objects collected by separate sites, which want to cluster these trajec-
tories without releasing sensitive location information to the other data holders.
At the end of the protocol the global clustering results will be available to each
data holder. The method used to achieve this goal is to construct the dissimilarity
matrix of the trajectories in a privacy preserving manner, which can be the input
of any hierarchical clustering algorithm. In this setting there is a third party that
has the following tasks: (1) managing the communication among data holders;
(2) constructing a global dissimilarity matrix; (3) clustering the trajectories by
using the dissimilarity matrix; and (4) releasing the final result to the data hold-
ers. Each party involved is considered semitrusted, in the sense that they follow
the protocol as expected to, but cannot store any information to infer sensitive
data. Moreover, parties do not share any sensitive information with each other.
As an example application of this technique, consider the case of a traffic
control office that wants to solve traffic congestion by analyzing data from
a mobile operator who cannot share these data with other entities for privacy
issues. The traffic congestion problem assumes the use of a clustering algorithm,
therefore the best solution is to apply a privacy-preserving clustering algorithm
for horizontally partitioned data that avoids sharing of the spatio-temporal data.
Knowledge Hiding in Mobility Data
Knowledge hiding refers to the activity of hiding patterns considered sensitive
in a database before being published. In fact, if the data are published as they
are, the sensitive patterns may be surfaced by means of data mining techniques.
Knowledge hiding involves a process of
sanitization
of the database in such a
way that the sensitive knowledge can no longer be inferred, while the original
database is changed as little as possible. This problem is particularly interesting
in the context of spatio-temporal patterns in a database of trajectories. Mobility
data contain the description of typical mobile behaviors (i.e., frequent patterns)
that are considered sensitive for political or security reasons. It is therefore
necessary to have a method capable of hiding such sensitive patterns before
the disclosure of the database. A valid hiding technique in this context should
take into consideration the road network, modeled as a directed graph, and there-
fore consider trajectories of objects moving over a background road network.
A privacy solution should sanitize the input trajectory database
D
in such a
way that a set of sensitive spatio-temporal patterns
P
is hidden while most of
the information in
D
is maintained. The resulting database
D
, which is the
released version, is consistent with the background road network. The privacy
