Protecting location privacy against spatial inferences: the PROBE approach

The widespread adoption of location-based services (LBS) raises increasing concerns for the protection of personal location information. A common strategy, referred to as obfuscation, to protect location privacy is based on forwarding the LSB provider a coarse user location instead of the actual user location. Conventional approaches, based on such technique, are however based only on geometric methods and therefore are unable to assure privacy when the adversary is aware of the geographical context. This paper provides a comprehensive solution to this problem. Our solution presents a novel approach that obfuscates the user location by taking into account the geographical context and user's privacy preferences. We define several theoretical notions underlying our approach. We then propose a strategy for generating obfuscated spaces and an efficient algorithm which implements such a strategy. The paper includes several experimental results assessing performance, storage requirements and accuracy for the approach. The paper also discusses the system architecture and shows that the approach can be deployed also for clients running on small devices.

[1]  Lars Kulik,et al.  A Formal Model of Obfuscation and Negotiation for Location Privacy , 2005, Pervasive.

[2]  Elisa Bertino,et al.  Interactive Location Cloaking with the PROBE Obfuscator , 2009, 2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware.

[3]  Einar Snekkenes,et al.  Concepts for personal location privacy policies , 2001, EC '01.

[4]  Indrakshi Ray,et al.  Towards Achieving Personalized Privacy for Location-Based Services , 2009, Trans. Data Priv..

[5]  Peter Steenkiste,et al.  Access control to people location information , 2005, TSEC.

[6]  Hanan Samet,et al.  Foundations of multidimensional and metric data structures , 2006, Morgan Kaufmann series in data management systems.

[7]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[8]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[9]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[10]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[11]  Hua Lu,et al.  SpaceTwist: Managing the Trade-Offs Among Location Privacy, Query Performance, and Query Accuracy in Mobile Services , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[12]  Marco Gruteser,et al.  USENIX Association , 1992 .

[13]  Yufei Tao,et al.  Personalized privacy preservation , 2006, Privacy-Preserving Data Mining.

[14]  Vijayalakshmi Atluri,et al.  Preserving mobile customer privacy: an access control system for moving objects and customer profiles , 2005, MDM '05.

[15]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[16]  Elisa Bertino,et al.  PROBE: An Obfuscation System for the Protection of Sensitive Location Information in LBS , 2008 .

[17]  Panos Kalnis,et al.  Location Diversity: Enhanced Privacy Protection in Location Based Services , 2009, LoCA.

[18]  Elisa Bertino,et al.  Protecting Location Privacy through Semantics-aware Obfuscation Techniques , 2008, IFIPTM.

[19]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[20]  Panos Kalnis,et al.  Privacy-Preserving Publication of User Locations in the Proximity of Sensitive Sites , 2008, SSDBM.

[21]  Nigel Davies,et al.  Preserving Privacy in Environments with Location-Based Applications , 2003, IEEE Pervasive Comput..