A Geo-Indistinguishable Location Perturbation Mechanism for Location-Based Services Supporting Frequent Queries

As location-based services (LBSs) on smartphones become increasingly popular, such services are causing serious privacy concerns, because many users are unwilling to see their location information leaked to service providers. Recently, in order to protect users’ location privacy, researchers have introduced geo-indistinguishability, the first specialized privacy model for LBSs that can provide provable privacy guarantees. Intuitively, geo-indistinguishability means that through perturbation, any two locations within a given distance produce observations with similar distributions, and thus, attackers have no way to learn users’ real locations. However, even if geo-indistinguishability is achieved, there remains a significant threat to users’ location privacy: the privacy consumption increases with the number of queries for the existing geo-indistinguishable location perturbation mechanism, and therefore, there is a high risk of privacy violation when the number of queries is not small. In this paper, we enhance the privacy protection for LBSs by proposing an improved geo-indistinguishable mechanism. It can reduce the privacy costs to almost 0 when the user’s location satisfies a condition. We also present an improvement to further reduce the privacy costs when the above condition is not satisfied. Evaluations upon two public trace data sets show that the proposed mechanisms can dramatically save the privacy budget and thus support much more queries. The results also show that the proposed mechanisms are efficient, and their performance is controllable.

[1]  Yuan Zhang,et al.  On Designing Satisfaction-Ratio-Aware Truthful Incentive Mechanisms for $k$ -Anonymity Location Privacy , 2016, IEEE Transactions on Information Forensics and Security.

[2]  Marco Gruteser,et al.  USENIX Association , 1992 .

[3]  Panos Kalnis,et al.  Location Diversity: Enhanced Privacy Protection in Location Based Services , 2009, LoCA.

[4]  Tim Roughgarden,et al.  Interactive privacy via the median mechanism , 2009, STOC '10.

[5]  Nicolás E. Bordenabe,et al.  Mesurer la confidentialité avec des métriques de discernabilité: définitions, mécanismes et confidentialité des informations liées à la localisation. (Measuring Privacy with Distinguishability Metrics: Definitions, Mechanisms and Application to Location Privacy) , 2014 .

[6]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[7]  Catuscia Palamidessi,et al.  Broadening the Scope of Differential Privacy Using Metrics , 2013, Privacy Enhancing Technologies.

[8]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[9]  Aaron Roth,et al.  Mechanism design in large games: incentives and privacy , 2012, ITCS.

[10]  Aaron Roth,et al.  Iterative Constructions and Private Data Release , 2011, TCC.

[11]  Akihiko Ohsuga,et al.  Differential Private Data Collection and Analysis Based on Randomized Multiple Dummies for Untrusted Mobile Crowdsensing , 2017, IEEE Transactions on Information Forensics and Security.

[12]  Aaron Roth,et al.  A learning theory approach to non-interactive database privacy , 2008, STOC.

[13]  Carmela Troncoso,et al.  Privacy Games Along Location Traces , 2016, ACM Trans. Priv. Secur..

[14]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[15]  Yue Gao,et al.  Differentially private publication of general time-serial trajectory data , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[16]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[17]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[18]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[19]  Sabrina De Capitani di Vimercati,et al.  An Obfuscation-Based Approach for Protecting Location Privacy , 2011, IEEE Transactions on Dependable and Secure Computing.

[20]  Benjamin C. M. Fung,et al.  Differentially Private Trajectory Data Publication , 2011, ArXiv.

[21]  Catuscia Palamidessi,et al.  Optimal Geo-Indistinguishable Mechanisms for Location Privacy , 2014, CCS.

[22]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[23]  Chi-Yin Chow,et al.  Trajectory privacy in location-based services and data publication , 2011, SKDD.

[24]  Catuscia Palamidessi,et al.  A Predictive Differentially-Private Mechanism for Mobility Traces , 2013, Privacy Enhancing Technologies.

[25]  Sheng Zhong,et al.  A Jointly Differentially Private Scheduling Protocol for Ridesharing Services , 2017, IEEE Transactions on Information Forensics and Security.

[26]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[27]  Li Xiong,et al.  Protecting Locations with Differential Privacy under Temporal Correlations , 2014, CCS.

[28]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[29]  Kunal Talwar,et al.  On the geometry of differential privacy , 2009, STOC '10.

[30]  Yanchao Zhang,et al.  Privacy-Preserving Crowdsourced Spectrum Sensing , 2018, IEEE/ACM Transactions on Networking.

[31]  Pierangela Samarati,et al.  Protecting Privacy of User Information in Continuous Location-Based Services , 2012, 2012 IEEE 15th International Conference on Computational Science and Engineering.

[32]  Tao Li,et al.  DPSense: Differentially Private Crowdsourced Spectrum Sensing , 2016, CCS.

[33]  Carmela Troncoso,et al.  Prolonging the Hide-and-Seek Game: Optimal Trajectory Privacy for Location-Based Services , 2014, WPES.

[34]  Xiaohui Liang,et al.  Privacy Leakage of Location Sharing in Mobile Social Networks: Attacks and Defense , 2016, IEEE Transactions on Dependable and Secure Computing.

[35]  Zhenfu Cao,et al.  Location privacy in database-driven Cognitive Radio Networks: Attacks and countermeasures , 2013, 2013 Proceedings IEEE INFOCOM.

[36]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[37]  Lars Kulik,et al.  A Formal Model of Obfuscation and Negotiation for Location Privacy , 2005, Pervasive.

[38]  Athanasios V. Vasilakos,et al.  ${\rm PROFIL}_{R}$: Toward Preserving Privacy and Functionality in Geosocial Networks , 2014, IEEE Trans. Inf. Forensics Secur..

[39]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[40]  Xing Xie,et al.  T-drive: driving directions based on taxi trajectories , 2010, GIS '10.

[41]  Liviu Iftode,et al.  Privately querying location-based services with SybilQuery , 2009, UbiComp.