Measuring query privacy in location-based services

The popularity of location-based services leads to serious concerns on user privacy. A common mechanism to protect users' location and query privacy is spatial generalisation. As more user information becomes available with the fast growth of Internet applications, e.g., social networks, attackers have the ability to construct users' personal profiles. This gives rise to new challenges and reconsideration of the existing privacy metrics, such as k-anonymity. In this paper, we propose new metrics to measure users' query privacy taking into account user profiles. Furthermore, we design spatial generalisation algorithms to compute regions satisfying users' privacy requirements expressed in these metrics. By experimental results, our metrics and algorithms are shown to be effective and efficient for practical usage.

[1]  Reza Shokri,et al.  Evaluating the Privacy Risk of Location-Based Services , 2011, Financial Cryptography.

[2]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[3]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[4]  Michael R. Clarkson,et al.  Quantifying information flow with beliefs , 2009, J. Comput. Secur..

[5]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[6]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[7]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.

[8]  Alastair R. Beresford,et al.  Location privacy in ubiquitous computing , 2005 .

[9]  George Danezis,et al.  Quantifying Location Privacy: The Case of Sporadic Location Exposure , 2011, PETS.

[10]  Kyriakos Mouratidis,et al.  Spatial Cloaking Revisited: Distinguishing Information Leakage from Anonymity , 2009, SSTD.

[11]  A. Rényi On Measures of Entropy and Information , 1961 .

[12]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[13]  Riccardo Bettati,et al.  Anonymity vs. Information Leakage in Anonymity Systems , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[14]  Jon M. Kleinberg,et al.  Challenges in mining social network data: processes, privacy, and paradoxes , 2007, KDD '07.

[15]  B. E. Eckbo,et al.  Appendix , 1826, Epilepsy Research.

[16]  Panos Kalnis,et al.  Location Diversity: Enhanced Privacy Protection in Location Based Services , 2009, LoCA.

[17]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[18]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2006, Inf. Comput..

[19]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[20]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[21]  Vijayalakshmi Atluri,et al.  A Profile Anonymization Model for Privacy in a Personalized Location Based Service Environment , 2008, The Ninth International Conference on Mobile Data Management (mdm 2008).

[22]  Jun Pang,et al.  Measuring Anonymity with Relative Entropy , 2006, Formal Aspects in Security and Trust.

[23]  Thomas Brinkhoff,et al.  A Framework for Generating Network-Based Moving Objects , 2002, GeoInformatica.

[24]  Reza Shokri,et al.  A distortion-based metric for location privacy , 2009, WPES '09.

[25]  Ying Cai,et al.  Feeling-based location privacy protection for location-based services , 2009, CCS.

[26]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[27]  Andreas Pfitzmann,et al.  The Disadvantages of Free MIX Routes and how to Overcome Them , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[28]  Marco Gruteser,et al.  USENIX Association , 1992 .

[29]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[30]  Walid G. Aref,et al.  The New Casper: A Privacy-Aware Location-Based Database Server , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[31]  Claudio Bettini,et al.  Spatial generalisation algorithms for LBS privacy preservation , 2007, J. Locat. Based Serv..

[32]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[33]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[34]  Carmela Troncoso,et al.  Unraveling an old cloak: k-anonymity for location privacy , 2010, WPES '10.

[35]  Pierangela Samarati,et al.  Generalizing Data to Provide Anonymity when Disclosing Information , 1998, PODS 1998.

[36]  Bodo Manthey,et al.  k-Means Has Polynomial Smoothed Complexity , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[37]  Mohamed F. Mokbel,et al.  Towards Privacy-Aware Location-Based Database Servers , 2006, 22nd International Conference on Data Engineering Workshops (ICDEW'06).

[38]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.