Ensuring Privacy in Location-Based Services: An Approach Based on Opacity Enforcement

Abstract With the proliferation of mobile devices, Location-Based Services (LBS) that provide networked services based on users' locations have become increasingly popular. Such services, providing personalized and timely information, have raised privacy concerns such as unwanted revelation of users' current locations to potential stalkers. Many prior studies have proposed to address LBS privacy by sending “cloaking queries” that contain coarser location information. However, this method has been shown to be insufficient and no formal methodology exists for enforcing LBS privacy in mobile environments. In this work, we show that this problem can be formally addressed using the notion of opacity in discrete event systems. We use non-deterministic finite-state automata to capture the mobility patterns of users and label the transitions by the location information in the queries. Using opacity verification techniques, we show that the technique of sending cloaking queries to the server can still reveal the exact location of the user. To enforce location privacy, we apply the opacity enforcement technique by event insertion proposed in our prior work. Specifically, we synthesize suitable insertion functions that insert fake queries into the cloaking query sequences. The generated fake queries are always consistent with the mobility model of the user and provably ensure privacy of the user's current location. Finally, to minimize the overhead from fake queries, we design an optimal insertion function that introduces minimum average number of fake queries.

[1]  Chi-Yin Chow,et al.  Enabling Private Continuous Queries for Revealed User Locations , 2007, SSTD.

[2]  Laurent Mazare,et al.  Using Unification For Opacity Properties , 2004 .

[3]  Tetsuji Satoh,et al.  An anonymous communication technique using dummies for location-based services , 2005, ICPS '05. Proceedings. International Conference on Pervasive Services, 2005..

[4]  Lars Kulik,et al.  A Formal Model of Obfuscation and Negotiation for Location Privacy , 2005, Pervasive.

[5]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[6]  Stéphane Lafortune,et al.  Synthesis of insertion functions for enforcement of opacity security properties , 2014, Autom..

[7]  Stéphane Lafortune,et al.  Synthesis of Optimal Insertion Functions for Opacity Enforcement , 2016, IEEE Transactions on Automatic Control.

[8]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems , 1999, The Kluwer International Series on Discrete Event Dynamic Systems.

[9]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[10]  Xinwen Fu,et al.  Protection of query privacy for continuous location based services , 2011, 2011 Proceedings IEEE INFOCOM.

[11]  Stéphane Lafortune,et al.  Comparative analysis of related notions of opacity in centralized and coordinated architectures , 2013, Discret. Event Dyn. Syst..

[12]  Ying Cai,et al.  Exploring Historical Location Data for Anonymity Preservation in Location-Based Services , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[13]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[14]  Feng Lin,et al.  Opacity of discrete event systems and its applications , 2011, Autom..

[15]  Marco Gruteser,et al.  USENIX Association , 1992 .

[16]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[17]  A. Saboori,et al.  Verification of initial-state opacity in security applications of DES , 2008, 2008 9th International Workshop on Discrete Event Systems.

[18]  Kang G. Shin,et al.  Privacy protection for users of location-based services , 2012, IEEE Wireless Communications.

[19]  Carmela Troncoso,et al.  Unraveling an old cloak: k-anonymity for location privacy , 2010, WPES '10.

[20]  Hervé Marchand,et al.  Synthesis of opaque systems with static and dynamic masks , 2012, Formal Methods Syst. Des..