Reconstruction Attack on Differential Private Trajectory Protection Mechanisms

TL;DR

This paper introduces RAoPT, a deep learning attack that reconstructs original trajectories from differentially private releases, exposing privacy vulnerabilities and emphasizing the need for improved privacy-preserving methods.

Contribution

The paper presents a novel deep learning-based reconstruction attack on differentially private trajectory data, demonstrating significant reduction in trajectory distortion and revealing privacy risks.

Findings

RAoPT reduces Euclidean and Hausdorff distances by over 68% on real datasets.

The attack increases the Jaccard index of activity spaces by over 180%.

Effective even at low privacy budgets ($5;=0.1).

Abstract

Location trajectories collected by smartphones and other devices represent a valuable data source for applications such as location-based services. Likewise, trajectories have the potential to reveal sensitive information about individuals, e.g., religious beliefs or sexual orientations. Accordingly, trajectory datasets require appropriate sanitization. Due to their strong theoretical privacy guarantees, differential private publication mechanisms receive much attention. However, the large amount of noise required to achieve differential privacy yields structural differences, e.g., ship trajectories passing over land. We propose a deep learning-based Reconstruction Attack on Protected Trajectories (RAoPT), that leverages the mentioned differences to partly reconstruct the original trajectory from a differential private release. The evaluation shows that our RAoPT model can reduce the Euclidean and Hausdorff distances between the released and original trajectories by over 68% on two real-world datasets under protection with $\varepsilon \leq 1$. In this setting, the attack increases the average Jaccard index of the trajectories' convex hulls, representing a user's activity space, by over 180%. Trained on the GeoLife dataset, the model still reduces the Euclidean and Hausdorff distances by over 60% for T-Drive trajectories protected with a state-of-the-art mechanism ($\varepsilon = 0.1$). This work highlights shortcomings of current trajectory publication mechanisms, and thus motivates further research on privacy-preserving publication schemes.