ABSTRACT
The growing popularity of location-based systems, allowing unknown/untrusted servers to easily collect huge amounts of information regarding users' location, has recently started raising serious privacy concerns. In this paper we introduce geoind, a formal notion of privacy for location-based systems that protects the user's exact location, while allowing approximate information -- typically needed to obtain a certain desired service -- to be released.
This privacy definition formalizes the intuitive notion of protecting the user's location within a radius $r$ with a level of privacy that depends on r, and corresponds to a generalized version of the well-known concept of differential privacy. Furthermore, we present a mechanism for achieving geoind by adding controlled random noise to the user's location.
We describe how to use our mechanism to enhance LBS applications with geo-indistinguishability guarantees without compromising the quality of the application results. Finally, we compare state-of-the-art mechanisms from the literature with ours. It turns out that, among all mechanisms independent of the prior, our mechanism offers the best privacy guarantees.
- Pew Internet & American Life Project.http://pewinternet.org/Reports/2012/Location-based-services.aspx.Google Scholar
- Google Places API. https://developers.google. com/places/documentation/.Google Scholar
- Vodafone Mobile data usage Stats. http://www.vodafone.ie/internet-broadband/internet-on-your-mobile/usage/.Google Scholar
- M. Andrés, N. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. Geo-indistinguishability: Differential privacy for location-based systems. Technical report, 2012. http://arxiv.org/abs/1212.1984.Google Scholar
- C. A. Ardagna, M. Cremonini, E. Damiani, S. D. C. di Vimercati, and P. Samarati. Location privacy protection through obfuscation-based techniques. In Proc. of DAS, volume 4602 of LNCS, pages 47--60. Springer, 2007. Google ScholarDigital Library
- B. Bamba, L. Liu, P. Pesti, and T. Wang. Supporting anonymous location queries in mobile environments with privacygrid. In Proc. of WWW, pages 237--246. ACM, 2008. Google ScholarDigital Library
- A. Blum, K. Ligett, and A. Roth. A learning theory approach to non-interactive database privacy. In Proc. of STOC, pages 609--618. ACM, 2008. Google ScholarDigital Library
- K. Chatzikokolakis, E. Andrés, Miguel, E. Bordenabe, Nicolás, and C. Palamidessi. Broadening the scope of Differential Privacy using metrics. In Proc. of PETS, volume 7981 of LNCS, pages 82--102. Springer, 2013.Google Scholar
- Z. Chen. Energy-efficient Information Collection and Dissemination in Wireless Sensor Networks. PhD thesis, University of Michigan, 2009. Google ScholarDigital Library
- R. Cheng, Y. Zhang, E. Bertino, and S. Prabhakar. Preserving user location privacy in mobile data management infrastructures. In Proc. of PET, volume 4258 of LNCS, pages 393--412. Springer, 2006. Google ScholarDigital Library
- R. Dewri. Local differential perturbations: Location privacy under approximate knowledge attackers. IEEE Trans. on Mobile Computing, 99(PrePrints):1, 2012. Google ScholarDigital Library
- J. E. Dobson and P. F. Fisher. Geoslavery. Technology and Society Magazine, IEEE, 22(1):47--52, 2003.Google ScholarCross Ref
- M. Duckham and L. Kulik. A formal model of obfuscation and negotiation for location privacy. In Proc. of PERVASIVE, volume 3468 of LNCS, pages 152--170. Springer, 2005. Google ScholarDigital Library
- C. Dwork. Differential privacy. In Proc. of ICALP, volume 4052 of LNCS, pages 1--12. Springer, 2006. Google ScholarDigital Library
- C. Dwork. A firm foundation for private data analysis. Communications of the ACM, 54(1):86--96, 2011. Google ScholarDigital Library
- C. Dwork, M. Hardt, T. Pitassi, O. Reingold, and R. S. Zemel. Fairness through awareness. In Proc. of ITCS, pages 214--226. ACM, 2012. Google ScholarDigital Library
- C. Dwork, F. Mcsherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Proc. of TCC, volume 3876 of LNCS, pages 265--284. Springer, 2006. Google ScholarDigital Library
- I. Gazeau, D. Miller, and C. Palamidessi. Preserving differential privacy under finite-precision semantics. In Proc. of QAPL, volume 117 of EPTCS, pages 1--18. OPA, 2013.Google Scholar
- B. Gedik and L. Liu. Location privacy in mobile systems: A personalized anonymization model. In Proc. of ICDCS, pages 620--629. IEEE, 2005. Google ScholarDigital Library
- G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan. Private queries in location based services: anonymizers are not necessary. In Proc. of SIGMOD, pages 121--132. ACM, 2008. Google ScholarDigital Library
- M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In Proc. of MobiSys. USENIX, 2003. Google ScholarDigital Library
- S.-S. Ho and S. Ruan. Differential privacy for location pattern mining. In Proc. of SPRINGL, pages 17--24. ACM, 2011. Google ScholarDigital Library
- B. Hoh and M. Gruteser. Protecting location privacy through path confusion. In Proc. of SecureComm, pages 194--205. IEEE, 2005. Google ScholarDigital Library
- A. Khoshgozaran and C. Shahabi. Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy. In Proc. of SSTD, volume 4605 of LNCS, pages 239--257. Springer, 2007. Google ScholarDigital Library
- H. Kido, Y. Yanagisawa, and T. Satoh. Protection of location privacy using dummies for location-based services. In Proc. of ICDE Workshops, page 1248, 2005. Google ScholarDigital Library
- J. Krumm. A survey of computational location privacy. Personal and Ubiquitous Computing, 13(6):391--399, 2009. Google ScholarDigital Library
- K. Lange and J. S. Sinsheimer. Normal/independent distributions and their applications in robust regression. J. of Comp. and Graphical Statistics, 2(2):175--198, 1993.Google Scholar
- A. Machanavajjhala, D. Kifer, J. M. Abowd, J. Gehrke, and L. Vilhuber. Privacy: Theory meets practice on the map. In Proc. of ICDE, pages 277--286. IEEE, 2008. Google ScholarDigital Library
- I. Mironov. On significance of the least significant bits for differential privacy. In Proc. of CCS, pages 650--661. ACM, 2012. Google ScholarDigital Library
- M. F. Mokbel, C.-Y. Chow, and W. G. Aref. The new casper: Query processing for location services without compromising privacy. In Proc. of VLDB, pages 763--774. ACM, 2006. Google ScholarDigital Library
- J. Reed and B. C. Pierce. Distance makes the types grow stronger: a calculus for differential privacy. In Proc. of ICFP, pages 157--168. ACM, 2010. Google ScholarDigital Library
- A. Roth and T. Roughgarden. Interactive privacy via the median mechanism. In Proc. of STOC, pages 765--774, 2010. Google ScholarDigital Library
- P. Shankar, V. Ganapathy, and L. Iftode. Privately querying location-based services with sybilquery. In Proc. of UbiComp, pages 31--40. ACM, 2009. Google ScholarDigital Library
- K. G. Shin, X. Ju, Z. Chen, and X. Hu. Privacy protection for users of location-based services. IEEE Wireless Commun, 19(2):30--39, 2012.Google ScholarCross Ref
- R. Shokri, G. Theodorakopoulos, J.-Y. L. Boudec, and J.-P. Hubaux. Quantifying location privacy. In Proc. of S&P, pages 247--262. IEEE, 2011. Google ScholarDigital Library
- R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. L. Boudec. Protecting location privacy: optimal strategy against localization attacks. In Proc. of CCS, pages 617--627. ACM, 2012. Google ScholarDigital Library
- M. Terrovitis. Privacy preservation in the dissemination of location data. SIGKDD Explorations, 13(1):6--18, 2011. Google ScholarDigital Library
- M. Xue, P. Kalnis, and H. Pung. Location diversity: Enhanced privacy protection in location based services. In Proc. of LoCA, volume 5561 of LNCS, pages 70--87. Springer, 2009. Google ScholarDigital Library
- M. L. Yiu, C. S. Jensen, X. Huang, and H. Lu. Spacetwist: Managing the trade-offs among location privacy, query performance, and query accuracy in mobile services. In Proc. of ICDE, pages 366--375. IEEE, 2008. Google ScholarDigital Library
Index Terms
- Geo-indistinguishability: differential privacy for location-based systems
Recommendations
Velocity-Aware Geo-Indistinguishability
CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and PrivacyLocation Privacy-Preserving Mechanisms (LPPMs) have been proposed to mitigate the risks of privacy disclosure yielded from location sharing. However, due to the nature of this type of data, spatio-temporal correlations can be leveraged by an adversary to ...
A Geo-indistinguishable Location Privacy Preservation Scheme for Location-Based Services in Vehicular Networks
Algorithms and Architectures for Parallel ProcessingAbstractIn vehicular networks, the location-based services (LBSs) are very popular and essential for most vehicular applications. However, large number of location information sharing may raise location privacy leakage of in-vehicle users. Since the ...
ESOT: a new privacy model for preserving location privacy in Internet of Things
The Internet of Things (IoT) means connecting everything with every other thing through the Internet. In IoT, millions of devices communicate to exchange data and information with each other. During communication, security and privacy issues arise which ...
Comments