Sanitization of Call Detail Records via Differentially-Private Bloom Filters

  • Mohammad Alaggan
  • Sébastien  Gambs
  • Stan MatwinEmail author
  • Mohammed Tuhin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9149)


Publishing directly human mobility data raises serious privacy issues due to its inference potential, such as the (re-)identification of individuals. To address these issues and to foster the development of such applications in a privacy-preserving manner, we propose in this paper a novel approach in which Call Detail Records (CDRs) are summarized under the form of a differentially-private Bloom filter for the purpose of privately estimating the number of mobile service users moving from one area (region) to another in a given time frame. Our sanitization method is both time and space efficient, and ensures differential privacy while solving the shortcomings of a solution recently proposed. We also report on experiments conducted using a real life CDRs dataset, which show that our method maintains a high utility while providing strong privacy.


Hash Function Bloom Filter Mean Relative Error Differential Privacy Telecom Operator 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was partially supported by the MSR-INRIA joint lab as well as the INRIA project lab CAPPRIS, and by NSERC Canada.


  1. 1.
    Alaggan, M., Gambs, S., Kermarrec, A.-M.: BLIP: Non-interactive differentially-private similarity computation on bloom filters. In: Richa, A.W., Scheideler, C. (eds.) SSS 2012. LNCS, vol. 7596, pp. 202–216. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Balu, R., Furon, T., Gambs, S.: Challenging differential privacy:the case of non-interactive mechanisms. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 146–164. Springer, Heidelberg (2014) Google Scholar
  3. 3.
    Bhatia, R., Davis, C.: A better bound on the variance. Am. Math. Mon. 107(4), 353–357 (2000)zbMATHMathSciNetCrossRefGoogle Scholar
  4. 4.
    Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)zbMATHCrossRefGoogle Scholar
  5. 5.
    Broder, A., Mitzenmacher, M., Mitzenmacher, A.B.I.M.: Network applications of bloom filters: a survey. In: Internet Mathematics, pp. 636–646 (2002)Google Scholar
  6. 6.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  7. 7.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  8. 8.
    Gambs, S., Killijian, M., del Prado Cortez, M.N.: De-anonymization attack on geolocated data. In: TrustCom, pp. 789–797 (2013)Google Scholar
  9. 9.
    González, M.C., C.A.H.R., Barabási, A.: Understanding individual human mobility patterns. CoRR, abs/0806.1256 (2008)Google Scholar
  10. 10.
    Krumm, J.: Inference attacks on location tracks. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 127–143. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  11. 11.
    Lee, J., Clifton, C.: How much is enough? choosing \(\epsilon \) for differential privacy. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 325–340. Springer, Heidelberg (2011) CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Mohammad Alaggan
    • 1
  • Sébastien  Gambs
    • 2
  • Stan Matwin
    • 3
    Email author
  • Mohammed Tuhin
    • 3
  1. 1.Helwan UniversityCairoEgypt
  2. 2.Université de Rennes 1 - InriaRennesFrance
  3. 3.Dalhousie UniversityHalifaxCanada

Personalised recommendations