Impact of Frequency of Location Reports on the Privacy Level of Geo-indistinguishability

Abstract Location privacy has became an emerging topic due to the pervasiveness of Location-Based Services (LBSs). When sharing location, a certain degree of privacy can be achieved through the use of Location Privacy-Preserving Mechanisms (LPPMs), in where an obfuscated version of the exact user location is reported instead. However, even obfuscated location reports disclose information which poses a risk to privacy. Based on the formal notion of differential privacy, Geo-indistinguishability has been proposed to design LPPMs that limit the amount of information that is disclosed to a potential adversary observing the reports. While promising, this notion considers reports to be independent from each other, thus discarding the potential threat that arises from exploring the correlation between reports. This assumption might hold for the sporadic release of data, however, there is still no formal nor quantitative boundary between sporadic and continuous reports and thus we argue that the consideration of independence is valid depending on the frequency of reports made by the user. This work intends to fill this research gap through a quantitative evaluation of the impact on the privacy level of Geo-indistinguishability under different frequency of reports. Towards this end, state-of-the-art localization attacks and a tracking attack are implemented against a Geo-indistinguishable LPPM under several values of privacy budget and the privacy level is measured along different frequencies of updates using real mobility data.

[1]  Tianqing Zhu,et al.  Location Privacy and Its Applications: A Systematic Study , 2018, IEEE Access.

[2]  John Krumm,et al.  Hidden Markov map matching through noise and sparseness , 2009, GIS.

[3]  Hajime Watanabe,et al.  Localization Attacks Using Matrix and Tensor Factorization , 2016, IEEE Transactions on Information Forensics and Security.

[4]  Hai Liu,et al.  Spatiotemporal correlation-aware dummy-based privacy protection scheme for location-based services , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[5]  João P. Vilela,et al.  Privacy-Preserving Data Mining: Methods, Metrics, and Applications , 2017, IEEE Access.

[6]  Geoff Boeing,et al.  OSMnx: New Methods for Acquiring, Constructing, Analyzing, and Visualizing Complex Street Networks , 2016, Comput. Environ. Urban Syst..

[7]  Catuscia Palamidessi,et al.  Efficient Utility Improvement for Location Privacy , 2017, Proc. Priv. Enhancing Technol..

[8]  João Gama,et al.  Predicting Taxi–Passenger Demand Using Streaming Data , 2013, IEEE Transactions on Intelligent Transportation Systems.

[9]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[10]  Thambipillai Srikanthan,et al.  Online Map-Matching of Noisy and Sparse Location Data With Hidden Markov and Route Choice Models , 2017, IEEE Transactions on Intelligent Transportation Systems.

[11]  Patrick Siehndel,et al.  Predicting User Locations and Trajectories , 2014, UMAP.

[12]  Edsger W. Dijkstra,et al.  A note on two problems in connexion with graphs , 1959, Numerische Mathematik.

[13]  Li Xiong,et al.  Protecting Locations with Differential Privacy under Temporal Correlations , 2014, CCS.

[14]  Muhammad Tayyab Asif,et al.  Online map-matching based on Hidden Markov model for real-time traffic sensing applications , 2012, 2012 15th International IEEE Conference on Intelligent Transportation Systems.

[15]  Matthias Grossglauser,et al.  CRAWDAD dataset epfl/mobility (v.2009-02-24) , 2009 .

[16]  Carmela Troncoso,et al.  Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving Mechanisms , 2017, CCS.

[17]  Silviu-Iulian Niculescu,et al.  Comparative Study and Application-Oriented Classification of Vehicular Map-Matching Methods , 2018, IEEE Intelligent Transportation Systems Magazine.

[18]  Hassan A. Karimi,et al.  A critical review of real-time map-matching algorithms: Current issues and future directions , 2014, Comput. Environ. Urban Syst..

[19]  Carmela Troncoso,et al.  Is Geo-Indistinguishability What You Are Looking for? , 2017, WPES@CCS.

[20]  Frank Dürr,et al.  A classification of location privacy attacks and approaches , 2012, Personal and Ubiquitous Computing.

[21]  Raed Al-Dhubhani,et al.  An adaptive geo-indistinguishability mechanism for continuous LBS queries , 2018, Wirel. Networks.

[22]  Lionel Brunie,et al.  Differentially Private Location Privacy in Practice , 2014, ArXiv.

[23]  Reza Shokri,et al.  Privacy Games: Optimal User-Centric Data Obfuscation , 2014, Proc. Priv. Enhancing Technol..

[24]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[25]  George Danezis,et al.  Quantifying Location Privacy: The Case of Sporadic Location Exposure , 2011, PETS.

[26]  Sébastien Gambs,et al.  Show me how you move and I will tell you who you are , 2010, SPRINGL '10.

[27]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[28]  Carmela Troncoso,et al.  Privacy Games Along Location Traces , 2016, ACM Trans. Priv. Secur..

[29]  Catuscia Palamidessi,et al.  A Predictive Differentially-Private Mechanism for Mobility Traces , 2013, Privacy Enhancing Technologies.

[30]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[31]  Carmela Troncoso,et al.  Rethinking Location Privacy for Unknown Mobility Behaviors , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[32]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[33]  Albert-László Barabási,et al.  Limits of Predictability in Human Mobility , 2010, Science.

[34]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[35]  Carmela Troncoso,et al.  Protecting location privacy: optimal strategy against localization attacks , 2012, CCS.

[36]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[37]  Catuscia Palamidessi,et al.  Optimal Geo-Indistinguishable Mechanisms for Location Privacy , 2014, CCS.

[38]  Takao Murakami,et al.  Expectation-Maximization Tensor Factorization for Practical Location Privacy Attacks , 2017, Proc. Priv. Enhancing Technol..

[39]  Andreas Haeberlen,et al.  Differential Privacy: An Economic Method for Choosing Epsilon , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[40]  João P. Vilela,et al.  On the Effect of Update Frequency on Geo-Indistinguishability of Mobility Traces , 2018, WISEC.

[41]  Xing Xie,et al.  Mining interesting locations and travel sequences from GPS trajectories , 2009, WWW '09.

[42]  Matthias Grossglauser,et al.  A parsimonious model of mobile partitioned networks with clustering , 2009, 2009 First International Communication Systems and Networks and Workshops.