Sanitization of Call Detail Records via Differentially-Private Bloom Filters
Publishing directly human mobility data raises serious privacy issues due to its inference potential, such as the (re-)identification of individuals. To address these issues and to foster the development of such applications in a privacy-preserving manner, we propose in this paper a novel approach in which Call Detail Records (CDRs) are summarized under the form of a differentially-private Bloom filter for the purpose of privately estimating the number of mobile service users moving from one area (region) to another in a given time frame. Our sanitization method is both time and space efficient, and ensures differential privacy while solving the shortcomings of a solution recently proposed. We also report on experiments conducted using a real life CDRs dataset, which show that our method maintains a high utility while providing strong privacy.
KeywordsHash Function Bloom Filter Mean Relative Error Differential Privacy Telecom Operator
This work was partially supported by the MSR-INRIA joint lab as well as the INRIA project lab CAPPRIS, and by NSERC Canada.
- 2.Balu, R., Furon, T., Gambs, S.: Challenging differential privacy:the case of non-interactive mechanisms. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 146–164. Springer, Heidelberg (2014) Google Scholar
- 5.Broder, A., Mitzenmacher, M., Mitzenmacher, A.B.I.M.: Network applications of bloom filters: a survey. In: Internet Mathematics, pp. 636–646 (2002)Google Scholar
- 8.Gambs, S., Killijian, M., del Prado Cortez, M.N.: De-anonymization attack on geolocated data. In: TrustCom, pp. 789–797 (2013)Google Scholar
- 9.González, M.C., C.A.H.R., Barabási, A.: Understanding individual human mobility patterns. CoRR, abs/0806.1256 (2008)Google Scholar