Towards Achieving Personalized Privacy for Location-Based Services

With the growth of wireless and mobile technologies, we are witnessing an increase in location-based services (LBSs). Although LBSs provide enhanced functionalities, they open up new vulnerabilities that can be exploited to cause security and privacy breaches. Consequently, location data of individuals used by such services must be adequately protected. Such services will require new models for expressing privacy preferences for location data and mechanisms for enforcing them. We identify the factors on which location privacy depends and propose models for expressing privacy that can be used by LBSs. We discuss the architecture of a system that allows one to specify and enforce location privacy and that can be easily integrated with existing systems providing LBSs. We demonstrate the feasibility of our approach by developing a prototype.

[1]  Tara Matthews,et al.  Location disclosure to social relations: why, when, & what people want to share , 2005, CHI.

[2]  Neha Jain,et al.  Specifying privacy policies with P3P and EPAL: lessons learned , 2004, WPES '04.

[3]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[4]  Tetsuji Satoh,et al.  Protection of Location Privacy using Dummies for Location-based Services , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[5]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[6]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[7]  Einar Snekkenes,et al.  Concepts for personal location privacy policies , 2001, EC '01.

[8]  Marco Gruteser,et al.  USENIX Association , 1992 .

[9]  Peter Steenkiste,et al.  Implementing access control to people location information , 2004, SACMAT '04.

[10]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[11]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[12]  Tetsuji Satoh,et al.  An anonymous communication technique using dummies for location-based services , 2005, ICPS '05. Proceedings. International Conference on Pervasive Services, 2005..

[13]  Jeff Magee,et al.  Security Considerations for a Distributed Location Service , 1998, Journal of Network and Systems Management.

[14]  Indrakshi Ray,et al.  Towards a scalable model for location privacy , 2008, SPRINGL '08.

[15]  Helen J. Wang,et al.  Preserving location privacy in wireless lans , 2007, MobiSys '07.

[16]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[17]  Lorrie Faith Cranor,et al.  P3P: Making Privacy Policies More Useful , 2003, IEEE Secur. Priv..

[18]  Chi-Yin Chow,et al.  A peer-to-peer spatial cloaking algorithm for anonymous location-based service , 2006, GIS '06.

[19]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[20]  Manachai Toahchoodee,et al.  A Spatio-temporal Access Control Model Supporting Delegation for Pervasive Computing Applications , 2008, TrustBus.

[21]  Gregory D. Abowd,et al.  Social Disclosure of Place: From Location Technology to Communication Practices , 2005, Pervasive.

[22]  Manachai Toahchoodee,et al.  A Spatio-temporal Role-Based Access Control Model , 2007, DBSec.

[23]  Robert H. Deng,et al.  A novel privacy preserving authentication and access control scheme for pervasive computing environments , 2006, IEEE Transactions on Vehicular Technology.

[24]  Indrakshi Ray,et al.  LRBAC: A Location-Aware Role-Based Access Control Model , 2006, ICISS.