ASA: Against statistical attacks for privacy-aware users in Location Based Service

Abstract The fusion of mobile devices and social networks is stimulating a wider use of Location Based Service (LBS) and makes it become an important part in our daily life. However, the problem of privacy leakage has become a main factor that hinders the further development of LBS. When a LBS user sends queries to the LBS server, the user’s personal privacy in terms of identity and location may be leaked to the attacker. To protect user’s privacy, Niu et al. proposed an algorithm named enhanced-Dummy Location Selection (en-DLS). In this paper, we introduce two attacks to en-DLS, namely long-term statistical attack (LSA) and regional statistical attack (RSA). In the proposed attacks, an attacker can obtain the privacy contents of a user by analyzing LBS historical data, which causes en-DLS to be invalid for user’s privacy protection. Furthermore, this paper proposes a set of privacy protection schemes against both LSA and RSA. For LSA, we propose two protection methods named multiple user name (MNAME) and same user name (SNAME). To solve the regional privacy issue, we divide the map into various regions with different requirements on privacy protection. For this purpose, four levels of protection requirements (PLs) are defined, and true location is protected by allocating a certain number of positions from the dummies according to the location’s PL. Performance analysis and simulation results show that our proposed methods can completely avoid the vulnerabilities of en-DLS to both LSA and RSA, and incur marginal increase of communication overhead and computational cost.

[1]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[2]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[3]  Yuguang Fang,et al.  A game-theoretic approach for achieving k-anonymity in Location Based Services , 2013, 2013 Proceedings IEEE INFOCOM.

[4]  Hua Lu,et al.  SpaceTwist: Managing the Trade-Offs Among Location Privacy, Query Performance, and Query Accuracy in Mobile Services , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[5]  John Krumm Realistic Driving Trips For Location Privacy , 2009, Pervasive.

[6]  Qinghua Li,et al.  Achieving k-anonymity in privacy-aware location-based services , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[7]  Liam McNamara,et al.  SpotME If You Can: Randomized Responses for Location Obfuscation on Mobile Phones , 2011, 2011 31st International Conference on Distributed Computing Systems.

[8]  Hua Lu,et al.  PAD: privacy-area aware, dummy-based location privacy in mobile services , 2008, MobiDE '08.

[9]  Theodore S. Rappaport,et al.  An overview of the challenges and progress in meeting the E-911 requirement for location service , 1998, IEEE Commun. Mag..

[10]  Marco Gruteser,et al.  USENIX Association , 1992 .

[11]  Tetsuji Satoh,et al.  An anonymous communication technique using dummies for location-based services , 2005, ICPS '05. Proceedings. International Conference on Pervasive Services, 2005..

[12]  Panos Kalnis,et al.  A reciprocal framework for spatial K-anonymity , 2010, Inf. Syst..

[13]  Ren-Hung Hwang,et al.  A Novel Time-Obfuscated Algorithm for Trajectory Privacy Protection , 2014, IEEE Transactions on Services Computing.

[14]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[15]  Ying Cai,et al.  Exploring Historical Location Data for Anonymity Preservation in Location-Based Services , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[16]  Qinghua Li,et al.  Enhancing privacy through caching in location-based services , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[17]  Zan Li,et al.  MobiCache: When k-anonymity meets cache , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[18]  Carmela Troncoso,et al.  Optimal sporadic location privacy preserving systems in presence of bandwidth constraints , 2013, WPES.

[19]  Meikang Qiu,et al.  Health-CPS: Healthcare Cyber-Physical System Assisted by Cloud and Big Data , 2017, IEEE Systems Journal.

[20]  Ernesto Damiani,et al.  Location Privacy Protection Through Obfuscation-Based Techniques , 2007, DBSec.

[21]  Limei Peng,et al.  CADRE: Cloud-Assisted Drug REcommendation Service for Online Pharmacies , 2014, Mobile Networks and Applications.

[22]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[23]  Carmela Troncoso,et al.  Unraveling an old cloak: k-anonymity for location privacy , 2010, WPES '10.

[24]  Marco Gruteser,et al.  Protecting Location Privacy Through Path Confusion , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[25]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[26]  Tao Peng,et al.  Enhanced Location Privacy Preserving Scheme in Location-Based Services , 2017, IEEE Systems Journal.

[27]  Hui Li,et al.  3PLUS: Privacy-preserving pseudo-location updating system in location-based services , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).

[28]  Lars Kulik,et al.  A Formal Model of Obfuscation and Negotiation for Location Privacy , 2005, Pervasive.

[29]  Reza Shokri,et al.  A distortion-based metric for location privacy , 2009, WPES '09.

[30]  Limei Peng,et al.  Green data center with IoT sensing and cloud-assisted smart temperature control system , 2016, Comput. Networks.

[31]  Chi-Yin Chow,et al.  Trajectory privacy in location-based services and data publication , 2011, SKDD.

[32]  Rong Zheng,et al.  Efficient algorithms for K-anonymous location privacy in participatory sensing , 2012, 2012 Proceedings IEEE INFOCOM.

[33]  Hui Li,et al.  EPS: Encounter-Based Privacy-Preserving Scheme for Location-Based Services , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).