De-anonymization attack on geolocated data

• We propose an inference attack that can re-identify anonymous mobility data.
• The attack is based on a mobility model called Mobility Markov Chain (MMC).
• We design several distances between MMC to evaluate their impact in the de-anonymization.
• Experiments on real datasets demonstrate the efficiency of the attack.
• The results shows that anonymizing mobility data is a difficult task.

With the advent of GPS-equipped devices, a massive amount of location data is being collected, raising the issue of the privacy risks incurred by the individuals whose movements are recorded. In this work, we focus on a specific inference attack called the de-anonymization attack, by which an adversary tries to infer the identity of a particular individual behind a set of mobility traces. More specifically, we propose an implementation of this attack based on a mobility model called Mobility Markov Chain (MMC). An MMC is built out from the mobility traces observed during the training phase and is used to perform the attack during the testing phase. We design several distance metrics quantifying the closeness between two MMCs and combine these distances to build de-anonymizers that can re-identify users. Experiments conducted on real datasets demonstrate that the attack is both accurate and resilient to sanitization mechanisms.