The goal of this research is to develop concepts and methodologies that can be used to co-design transportation modeling methods and privacy protection techniques in collecting and using data from mobile traffic sensors. Mobile sensors such as cell phones move with the flow they are monitoring as opposed to fixed-location sensor in the road infrastructure. They promise low-cost collection of traffic data but also raise privacy concerns since their information is more closely tied to individual vehicles. Building on a close collaboration of transportation researchers and location privacy experts, this research aims to answer the following two interrelated questions: (1) what form of mobile data to use and how their use will impact privacy; and (2) what methods should be used to protect mobile data privacy and what are their implications to data requirements for modeling? Answering these questions will result in a framework with privacy-aware transportation modeling application-aware privacy protection, which can transform the way how mobile data are collected and used in transportation and many other science and engineering fields. This project builds on and will promote multidisciplinary collaborations, which benefit many audiences, including undergraduate and graduate students, transportation and location privacy researchers, and practitioners. Graduate and undergraduate students, especially those from underrepresented groups, can participate in the research. Results from this research will be used to enhance undergraduate and graduate level courses in both transportation engineering and computational privacy. Research findings can also help policy makers design proper policies/regulations on what mobile data to collect and how to better protect privacy. The PIs will work closely with transportation agencies and Standard groups and will make their best effort to convey research findings to transportation decision makers, engineers, the industry, and the academic communities.

Project Report

Traffic engineers and traffic information systems increasingly rely on data collected from mobile in-vehicle sensors, rather than stationary roadside sensors. These mobile sensors move with a specific driver and can monitor precise movements of the vehicles; they therefore allow almost complete monitoring of a person’s driving patterns and can raise significant privacy concerns. This project investigated techniques that can address such privacy concerns while still allowing the use of mobile sensors for beneficial applications. In particular, it brought together traffic engineers and data privacy researchers to co-design applications with privacy techniques that remove sensitive or identifying features from data yet retain those aspects that are important for traffic applications. The project demonstrated the feasibility of this approach using an example traffic engineering application wherein the performance of traffic signals needs to be evaluated. In this application, features such as real-time delays, arrival volumes, and vehicle queue lengths at certain traffic signals of interest should be estimated from Global Positioning System location traces collected from smartphones or other devices in vehicles. To address privacy concerns that arise from this collection of data, the project developed a data de-identification technique that we term VTL Zone-Aware Path Cloaking. We have focused on a de-identification approach since such applications require only location data and do not rely on vehicle or driver identity. Simply omitting vehicle and personal identifiers, however, is often not sufficient since identities can be reconstructed by analyzing the location traces and linking them with other known information. Reconstruction tends to be easier when traffic density is low. The privacy algorithms developed here make such reconstruction significantly more difficult, if not impossible. The algorithms release location traces only in the intersection zones where data is needed by the application and filter out progressively more data as traffic density becomes lower to maintain a fixed degree of privacy independent of traffic density. More formally, the algorithm seeks to achieve unlink-ability between released traces from any two different zones since the linking of short paths from different zones into a more complete trip increases the chance of re-identification. This is, to our knowledge, the first algorithm that combines awareness of traffic density and zones of interest. Traffic simulations have shown that this algorithm significantly outperforms earlier privacy algorithms. The project further studied the limits of such privacy algorithms when location traces become increasingly fine-grained and adversaries bring detailed traffic knowledge to the identity reconstruction analysis. This analysis showed that with fine-grained traces it may be possible to separate a small fraction of outlier driving patterns from the data set and increase the chance of re-identification. An example of such a pattern is the slower acceleration of a loaded truck compared to the surrounding vehicles. These results show that increased care is necessary when very fine-grained data is collected. The project experiments and data analysis were conducted by graduate students and provided them with important research mentoring and experience. One PhD student completed his dissertation based on research from this project and is now employed in the communications industry. Undergraduate students also participated in the project in the form of a summer research experience. Research results were disseminated through publication in conference proceedings and journals across the fields of computer and transportation engineering.

Project Start
Project End
Budget Start
2010-09-01
Budget End
2013-08-31
Support Year
Fiscal Year
2010
Total Cost
$150,000
Indirect Cost
Name
Rutgers University
Department
Type
DUNS #
City
Piscataway
State
NJ
Country
United States
Zip Code
08854