Achieving Perfect Location Privacy in Wireless Devices Using Anonymization

The popularity of mobile devices and location-based services (LBSs) has raised significant concerns regarding the location privacy of their users. A popular approach to protect location privacy is anonymizing the users of LBS systems. In this paper, we introduce an information-theoretic notion for location privacy, which we call perfect location privacy. We then demonstrate how anonymization should be used by LBS systems to achieve the defined perfect location privacy. We study perfect location privacy under two models for user movements. First, we assume that a user’s current location is independent from her past locations. Using this independent identically distributed (i.i.d.) model, we show that if the pseudonym of the user is changed before <inline-formula> <tex-math notation="LaTeX">$O\left({n^{\frac {2}{r-1}}}\right)$ </tex-math></inline-formula> observations are made by the adversary for that user, then the user has perfect location privacy. Here, <inline-formula> <tex-math notation="LaTeX">$n$ </tex-math></inline-formula> is the number of the users in the network and <inline-formula> <tex-math notation="LaTeX">$r$ </tex-math></inline-formula> is the number of all possible locations. Next, we model users’ movements using Markov chains to better model real-world movement patterns. We show that perfect location privacy is achievable for a user if the user’s pseudonym is changed before <inline-formula> <tex-math notation="LaTeX">$O\left({n^{\frac {2}{|E|-r}}}\right)$ </tex-math></inline-formula> observations are collected by the adversary for that user, where <inline-formula> <tex-math notation="LaTeX">$|E|$ </tex-math></inline-formula> is the number of edges in the user’s Markov chain model.

[1]  Lars Kulik,et al.  A Formal Model of Obfuscation and Negotiation for Location Privacy , 2005, Pervasive.

[2]  Shen-Shyang Ho,et al.  Differential privacy for location pattern mining , 2011, SPRINGL '11.

[3]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[4]  Qian Zhang,et al.  Privacy-Preserving Collaborative Spectrum Sensing With Multiple Service Providers , 2015, IEEE Transactions on Wireless Communications.

[5]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[6]  H. Poor,et al.  Utility-Privacy Tradeoff in Databases : An Information-theoretic Approach , 2013 .

[7]  Qian Zhang,et al.  Privacy Preservation for Context Sensing on Smartphone , 2016, IEEE/ACM Transactions on Networking.

[8]  X. S. Wang,et al.  Preserving Anonymity in Location-based Services When Requests from the Same Issuer May Be Correlated , 2007 .

[9]  Qinghua Li,et al.  Enhancing privacy through caching in location-based services , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[10]  Muriel Médard,et al.  Fundamental limits of perfect privacy , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[11]  Yuguang Fang,et al.  A game-theoretic approach for achieving k-anonymity in Location Based Services , 2013, 2013 Proceedings IEEE INFOCOM.

[12]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[13]  Jizhong Zhao,et al.  Footprint: Detecting Sybil Attacks in Urban Vehicular Networks , 2012, IEEE Transactions on Parallel and Distributed Systems.

[14]  Frank Dürr,et al.  A classification of location privacy attacks and approaches , 2012, Personal and Ubiquitous Computing.

[15]  Reza Shokri,et al.  On the Optimal Placement of Mix Zones , 2009, Privacy Enhancing Technologies.

[16]  Ninghui Li,et al.  On the tradeoff between privacy and utility in data publishing , 2009, KDD.

[17]  Marco Gruteser,et al.  Protecting Location Privacy Through Path Confusion , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[18]  Vladimir Zadorozhny,et al.  Proceedings of the Seventh ACM International Workshop on Data Engineering for Wireless and Mobile Access , 2008, MobiDE 2008.

[19]  PapadiasDimitris,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007 .

[20]  Xin Mingjun,et al.  A Distributed Spatial Cloaking Protocol for Location Privacy , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[21]  Hirosuke Yamamoto,et al.  A source coding problem for sources with additional outputs to keep secret from the receiver or wiretappers , 1983, IEEE Trans. Inf. Theory.

[22]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.

[23]  Rinku Dewri,et al.  Local Differential Perturbations: Location Privacy under Approximate Knowledge Attackers , 2013, IEEE Transactions on Mobile Computing.

[24]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[25]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.

[26]  Panos Kalnis,et al.  PRIVE: anonymous location-based queries in distributed mobile systems , 2007, WWW '07.

[27]  Maxim Raya,et al.  Mix-Zones for Location Privacy in Vehicular Networks , 2007 .

[28]  Costas Lambrinoudakis,et al.  Protecting privacy and anonymity in pervasive computing: trends and perspectives , 2006, Telematics Informatics.

[29]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[30]  Carmela Troncoso,et al.  Protecting location privacy: optimal strategy against localization attacks , 2012, CCS.

[31]  Urs Hengartner,et al.  A distributed k-anonymity protocol for location privacy , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[32]  Chris Clifton,et al.  Differential identifiability , 2012, KDD.

[33]  Nina Taft,et al.  How to hide the elephant- or the donkey- in the room: Practical privacy against statistical inference for large data , 2013, 2013 IEEE Global Conference on Signal and Information Processing.

[34]  Marco Fiore,et al.  Verification and Inference of Positions in Vehicular Networks through Anonymous Beaconing , 2014, IEEE Transactions on Mobile Computing.

[35]  Catuscia Palamidessi,et al.  Broadening the Scope of Differential Privacy Using Metrics , 2013, Privacy Enhancing Technologies.

[36]  Catuscia Palamidessi,et al.  Optimal Geo-Indistinguishable Mechanisms for Location Privacy , 2014, CCS.

[37]  Chi-Yin Chow,et al.  Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments , 2011, GeoInformatica.

[38]  Panagiotis Papadimitratos,et al.  Ieee Transactions on Dependable and Secure Computing, Special Issue on " Security and Privacy in Mobile Platforms " , 2014 Hiding in the Mobile Crowd: Location Privacy through Collaboration , 2022 .

[39]  George Danezis,et al.  Quantifying Location Privacy: The Case of Sporadic Location Exposure , 2011, PETS.

[40]  Panos Kalnis,et al.  Location Diversity: Enhanced Privacy Protection in Location Based Services , 2009, LoCA.

[41]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[42]  Qian Zhang,et al.  Toward long-term quality of protection in mobile networks: a context-aware perspective , 2015, IEEE Wireless Communications.

[43]  H. Vincent Poor,et al.  Utility-Privacy Tradeoffs in Databases: An Information-Theoretic Approach , 2011, IEEE Transactions on Information Forensics and Security.

[44]  Philippe Golle,et al.  Faking contextual data for fun, profit, and privacy , 2009, WPES '09.

[45]  Jayakrishnan Unnikrishnan,et al.  Asymptotically Optimal Matching of Multiple Sequences to Source Distributions and Training Sequences , 2014, IEEE Transactions on Information Theory.

[46]  Frank Kargl,et al.  A location privacy metric for V2X communication systems , 2009, 2009 IEEE Sarnoff Symposium.

[47]  Hee-Dae Kim,et al.  An Advanced Cloaking Algorithm Using Hilbert Curves for Anonymous Location Based Service , 2010, 2010 IEEE Second International Conference on Social Computing.

[48]  Liviu Iftode,et al.  Privately querying location-based services with SybilQuery , 2009, UbiComp.

[49]  Ling Liu,et al.  MobiMix: Protecting location privacy with mix-zones over road networks , 2011, 2011 IEEE 27th International Conference on Data Engineering.

[50]  Rinku Dewri,et al.  Exploiting Service Similarity for Privacy in Location-Based Search Queries , 2014, IEEE Transactions on Parallel and Distributed Systems.

[51]  David C. Parkes,et al.  Non-Cooperative Location Privacy , 2013, IEEE Transactions on Dependable and Secure Computing.

[52]  Reza Shokri,et al.  Privacy Games: Optimal User-Centric Data Obfuscation , 2014, Proc. Priv. Enhancing Technol..

[53]  Ashwin Machanavajjhala,et al.  Privacy: Theory meets Practice on the Map , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[54]  Tetsuji Satoh,et al.  Protection of Location Privacy using Dummies for Location-based Services , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[55]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[56]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[57]  Josep Domingo-Ferrer,et al.  From t-Closeness-Like Privacy to Postrandomization via Information Theory , 2010, IEEE Transactions on Knowledge and Data Engineering.

[58]  Hossein Pishro-Nik,et al.  Achieving perfect location privacy in Markov models using anonymization , 2016, 2016 International Symposium on Information Theory and Its Applications (ISITA).

[59]  Alex Thomo,et al.  Differential Privacy in Practice , 2012, Secure Data Management.

[60]  Catuscia Palamidessi,et al.  Geo-indistinguishability: A Principled Approach to Location Privacy , 2015, ICDCIT.

[61]  Hossein Pishro-Nik,et al.  Defining perfect location privacy using anonymization , 2016, 2016 Annual Conference on Information Science and Systems (CISS).

[62]  H. T. Mouftah,et al.  Dynamic Mix-Zone for Location Privacy in Vehicular Networks , 2013, IEEE Communications Letters.

[63]  Reza Shokri,et al.  Optimal User-Centric Data Obfuscation , 2014 .

[64]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[65]  Hua Lu,et al.  PAD: privacy-area aware, dummy-based location privacy in mobile services , 2008, MobiDE '08.

[66]  Huirong Fu,et al.  Evaluating Location Privacy in Vehicular Communications and Applications , 2016, IEEE Transactions on Intelligent Transportation Systems.

[67]  Lars Kulik,et al.  A Spatiotemporal Model of Strategies and Counter Strategies for Location Privacy Protection , 2006, GIScience.

[68]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[69]  Marco Gruteser,et al.  USENIX Association , 1992 .

[70]  George Danezis,et al.  Proceedings of the 2012 ACM conference on Computer and communications security , 2012, CCS 2012.

[71]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[72]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[73]  Cyrus Shahabi,et al.  Location privacy: going beyond K-anonymity, cloaking and anonymizers , 2011, Knowledge and Information Systems.

[74]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[75]  Reza Shokri Quantifying and protecting location privacy , 2015, it Inf. Technol..

[76]  Cyrus Shahabi,et al.  Blind Evaluation of Nearest Neighbor Queries Using Space Transformation to Preserve Location Privacy , 2007, SSTD.

[77]  Tetsuji Satoh,et al.  An anonymous communication technique using dummies for location-based services , 2005, ICPS '05. Proceedings. International Conference on Pervasive Services, 2005..

[78]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[79]  Hui Zang,et al.  Anonymization of location data does not work: a large-scale measurement study , 2011, MobiCom.