{"title":"Geo-indistinguishable masking: enhancing privacy protection in spatial point mapping","authors":"Yue Lin","doi":"10.1080/15230406.2023.2267967","DOIUrl":null,"url":null,"abstract":"ABSTRACTSpatial point mapping is a useful practice in exploratory point pattern analysis, but it poses significant privacy risks as the identity of individuals may be revealed from the maps. Geomasking methods have been developed to mitigate the risks by displacing spatial points before mapping. However, many of these methods rely on a weak privacy notion called spatial k-anonymity, which is insufficient to withstand the growing amount of spatial data (e.g. land use) that adversaries can use as side information to infer the actual locations of individuals. We proposes a method called geo-indistinguishable masking to address this issue by relying on a strong privacy notion called geo-indistinguishability. This notion ensures consistent levels of privacy protection regardless of any side information. The method consists of two steps. The first step involves creating a masking area for each spatial point to include a set of candidate locations to which the point can be relocated. In the second step, we formulate an optimization model to ensure the masked locations satisfy geo-indistinguishability while minimizing the distance displaced. Computational experiments on a synthetic dataset demonstrate that our proposed method is both efficient and effective in providing strong privacy protection while preserving the spatial point patterns.KEYWORDS: Differential privacygeo-indistinguishabilitygeomaskinggeoprivacyspatial anonymization Disclosure statementNo potential conflict of interest was reported by the author(s).Data availability statementThe data and code that support the findings of this study are available on Figshare at https://doi.org/10.6084/m9.figshare.23632443.Supplementary materialSupplemental data for this article can be accessed online at https://doi.org/10.1080/15230406.2023.2267967.Notes1. https://www.gurobi.com/.2. https://www.ibm.com/products/ilog-cplex-optimization-studio/cplex-optimizer.3. https://www.coin-or.org/.","PeriodicalId":47562,"journal":{"name":"Cartography and Geographic Information Science","volume":"54 1","pages":"0"},"PeriodicalIF":2.6000,"publicationDate":"2023-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cartography and Geographic Information Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/15230406.2023.2267967","RegionNum":3,"RegionCategory":"地球科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"GEOGRAPHY","Score":null,"Total":0}
引用次数: 0
Abstract
ABSTRACTSpatial point mapping is a useful practice in exploratory point pattern analysis, but it poses significant privacy risks as the identity of individuals may be revealed from the maps. Geomasking methods have been developed to mitigate the risks by displacing spatial points before mapping. However, many of these methods rely on a weak privacy notion called spatial k-anonymity, which is insufficient to withstand the growing amount of spatial data (e.g. land use) that adversaries can use as side information to infer the actual locations of individuals. We proposes a method called geo-indistinguishable masking to address this issue by relying on a strong privacy notion called geo-indistinguishability. This notion ensures consistent levels of privacy protection regardless of any side information. The method consists of two steps. The first step involves creating a masking area for each spatial point to include a set of candidate locations to which the point can be relocated. In the second step, we formulate an optimization model to ensure the masked locations satisfy geo-indistinguishability while minimizing the distance displaced. Computational experiments on a synthetic dataset demonstrate that our proposed method is both efficient and effective in providing strong privacy protection while preserving the spatial point patterns.KEYWORDS: Differential privacygeo-indistinguishabilitygeomaskinggeoprivacyspatial anonymization Disclosure statementNo potential conflict of interest was reported by the author(s).Data availability statementThe data and code that support the findings of this study are available on Figshare at https://doi.org/10.6084/m9.figshare.23632443.Supplementary materialSupplemental data for this article can be accessed online at https://doi.org/10.1080/15230406.2023.2267967.Notes1. https://www.gurobi.com/.2. https://www.ibm.com/products/ilog-cplex-optimization-studio/cplex-optimizer.3. https://www.coin-or.org/.
期刊介绍:
Cartography and Geographic Information Science (CaGIS) is the official publication of the Cartography and Geographic Information Society (CaGIS), a member organization of the American Congress on Surveying and Mapping (ACSM). The Cartography and Geographic Information Society supports research, education, and practices that improve the understanding, creation, analysis, and use of maps and geographic information. The society serves as a forum for the exchange of original concepts, techniques, approaches, and experiences by those who design, implement, and use geospatial technologies through the publication of authoritative articles and international papers.