Sparse Mobile Crowdsensing With Differential and Distortion Location Privacy

Sparse Mobile Crowdsensing (MCS) has become a compelling approach to acquire and infer urban-scale sensing data. However, participants risk their location privacy when reporting data with their actual sensing positions. To address this issue, we propose a novel location obfuscation mechanism combining <inline-formula> <tex-math notation="LaTeX">$\epsilon $ </tex-math></inline-formula> <italic>-differential-privacy</italic> and <inline-formula> <tex-math notation="LaTeX">$\delta $ </tex-math></inline-formula> <italic>-distortion-privacy</italic> in Sparse MCS. More specifically, differential privacy bounds adversaries&#x2019; relative information gain regardless of their prior knowledge, while distortion privacy ensures that the expected inference error is larger than a threshold under an assumption of adversaries&#x2019; prior knowledge. To reduce the data quality loss incurred by location obfuscation, we design a differential-and-distortion privacy-preserving framework with three components. First, we learn a <italic>data adjustment</italic> function to fit the original sensing data to the obfuscated location. Second, we apply a linear program to select an <italic>optimal location obfuscation</italic> function. The linear program aims to minimize the uncertainty in data adjustment under the constraints of <inline-formula> <tex-math notation="LaTeX">$\epsilon $ </tex-math></inline-formula>-differential-privacy, <inline-formula> <tex-math notation="LaTeX">$\delta $ </tex-math></inline-formula>-distortion-privacy, and evenly-distributed obfuscation. We also design an <italic>approximated</italic> method to reduce the required computation resources. Third, we propose an <italic>uncertainty-aware inference</italic> algorithm to improve the inference accuracy for the obfuscated data. Evaluations with real environment and traffic datasets show that our optimal method reduces the data quality loss by up to 42&#x0025; compared to the state-of-the-art methods with the same level of privacy protection; the approximated method incurs &#x003C; 3&#x0025; additional quality loss than the optimal method, but only needs &#x003C; 1&#x0025; of the computation time.