Abstract
The mainstream approach to protecting the privacy of mobile users in location-based services (LBSs) is to alter (e.g., perturb, hide, and so on) the users’ actual locations in order to reduce exposed sensitive information. In order to be effective, a location-privacy preserving mechanism must consider both the privacy and utility requirements of each user, as well as the user’s overall exposed locations (which contribute to the adversary’s background knowledge).
In this article, we propose a methodology that enables the design of optimal user-centric location obfuscation mechanisms respecting each individual user’s service quality requirements, while maximizing the expected error that the optimal adversary incurs in reconstructing the user’s actual trace. A key advantage of a user-centric mechanism is that it does not depend on third-party proxies or anonymizers; thus, it can be directly integrated in the mobile devices that users employ to access LBSs. Our methodology is based on the mutual optimization of user/adversary objectives (maximizing location privacy versus minimizing localization error) formalized as a Stackelberg Bayesian game. This formalization makes our solution robust against any location inference attack, that is, the adversary cannot decrease the user’s privacy by designing a better inference algorithm as long as the obfuscation mechanism is designed according to our privacy games.
We develop two linear programs that solve the location privacy game and output the optimal obfuscation strategy and its corresponding optimal inference attack. These linear programs are used to design location privacy--preserving mechanisms that consider the correlation between past, current, and future locations of the user, thus can be tuned to protect different privacy objectives along the user’s location trace. We illustrate the efficacy of the optimal location privacy--preserving mechanisms obtained with our approach against real location traces, showing their performance in protecting users’ different location privacy objectives.
- Osman Abul, Francesco Bonchi, and Mirco Nanni. 2008. Never walk alone: Uncertainty for anonymity in moving objects databases. In 24th International Conference on Data Engineering (ICDE’08). IEEE, 376--385. Google Scholar
Digital Library
- Miguel E. Andrés, Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2013. Geo-indistinguishability: Differential privacy for location-based systems. In ACM Conference on Computer and Communications Security (CCS’13). ACM, 901--914. Google Scholar
Digital Library
- Claudio A. Ardagna, Giovanni Livraga, and Pierangela Samarati. 2012. Protecting privacy of user information in continuous location-based services. In 15th International Conference on Computational Science and Engineering (CSE’12). IEEE, 162--169. Google Scholar
Digital Library
- Alastair R. Beresford and Frank Stajano. 2003. Location privacy in pervasive computing. IEEE Pervasive Computing 2, 1, 46--55. Google Scholar
Digital Library
- Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2014. Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 251--262. Google Scholar
Digital Library
- Michael Brückner and Tobias Scheffer. 2011. Stackelberg games for adversarial prediction problems. In 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD’11), Chid Apté, Joydeep Ghosh, and Padhraic Smyth (Eds.). ACM, 547--555. Google Scholar
Digital Library
- Konstantinos Chatzikokolakis, Catuscia Palamidessi, and Marco Stronati. 2014. A predictive differentially-private mechanism for mobility traces. In Privacy Enhancing Technologies. Springer, 21--41.Google Scholar
- Richard Chow and Philippe Golle. 2009. Faking contextual data for fun, profit, and privacy. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES’09). ACM, New York, NY, 105--108. Google Scholar
Digital Library
- Sanjoy Dasgupta, Christos Papadimitriou, and Umesh Vazirani. 2008. Algorithms. McGraw-Hill, New York, NY. Google Scholar
Digital Library
- Yoni De Mulder, George Danezis, Lejla Batina, and Bart Preneel. 2008. Identification via location-profiling in GSM networks. In Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society (WPES’08). ACM, New York, NY, 23--32. Google Scholar
Digital Library
- Michael Decker. 2009. Location privacy—an overview. In International Conference on Mobile Business. IEEE Computer Society, 221--230. Google Scholar
Digital Library
- Matt Duckham. 2010. Moving forward: Location privacy and location awareness. In Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS (SPRINGL’10). ACM, New York, NY, 1--3. Google Scholar
Digital Library
- Julien Freudiger, Reza Shokri, and Jean-Pierre Hubaux. 2009. On the optimal placement of mix zones. In Proceedings of the 9th International Symposium on Privacy Enhancing Technologies (PETS’09). Springer, Berlin, 216--234. Google Scholar
Digital Library
- Julien Freudiger, Reza Shokri, and Jean-Pierre Hubaux. 2012. Evaluating the privacy risk of location-based services. In Proceedings of the 15th International Conference on Financial Cryptography and Data Security (FC’11). Springer, Berlin, 31--46. Google Scholar
Digital Library
- Sheng Gao, Jianfeng Ma, Weisong Shi, Guoxing Zhan, and Cong Sun. 2013. TrPF: A trajectory privacy-preserving framework for participatory sensing. IEEE Transactions on Information Forensics and Security 8, 6, 874--887. Google Scholar
Digital Library
- Bugra Gedik and Ling Liu. 2005. Location privacy in mobile systems: A personalized anonymization model. In Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDSC’05). IEEE Computer Society, Washington, DC, 620--629. Google Scholar
Digital Library
- Gabriel Ghinita, Maria Luisa Damiani, Claudio Silvestri, and Elisa Bertino. 2009. Preventing velocity-based linkage attacks in location-aware applications. In 17th ACM SIGSPATIAL International Symposium on Advances in Geographic Information Systems (ACM-GIS’09). ACM, 246--255. Google Scholar
Digital Library
- Gyözö Gidófalvi, Xuegang Huang, and Torben Bach Pedersen. 2007. Privacy-preserving data mining on moving object trajectories. In 8th International Conference on Mobile Data Management (MDM’07). IEEE, 60--68. Google Scholar
Digital Library
- Philippe Golle and Kurt Partridge. 2009. On the anonymity of home/work location pairs. In Proceedings of the 7th International Conference on Pervasive Computing (Pervasive’09). Springer, Berlin, 390--397. Google Scholar
Digital Library
- Marco Gruteser and Dirk Grunwald. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In MobiSys’03: Proceedings of the 1st International Conference on Mobile Systems, Applications and Services. ACM, New York, NY, 31--42. Google Scholar
Digital Library
- Michael Herrmann, Carmela Troncoso, Claudia Díaz, and Bart Preneel. 2013. Optimal sporadic location privacy preserving systems in presence of bandwidth constraints. In 12th Annual ACM Workshop on Privacy in the Electronic Society, Ahmad-Reza Sadeghi and Sara Foresti (Eds.). ACM, 167--178. Google Scholar
Digital Library
- Baik Hoh, Marco Gruteser, Hui Xiong, and Ansaf Alrabady. 2006. Enhancing security and privacy in traffic-monitoring systems. IEEE Pervasive Computing 5, 4, 38--46. Google Scholar
Digital Library
- Baik Hoh, Marco Gruteser, Hui Xiong, and Ansaf Alrabady. 2007. Preserving privacy in GPS traces via uncertainty-aware path cloaking. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). ACM, New York, NY, 161--171. Google Scholar
Digital Library
- Baik Hoh, Marco Gruteser, Hui Xiong, and Ansaf Alrabady. 2010. Achieving guaranteed anonymity in GPS traces via uncertainty-aware path cloaking. IEEE Transactions in Mobile Computing 9, 8, 1089--1107. Google Scholar
Digital Library
- Leping Huang, Hiroshi Yamane, Kanta Matsuura, and Kaoru Sezaki. 2006. Silent cascade: Enhancing location privacy without communication QoS degradation. In Security of Pervasive Computing (SPC’06). 165--180. Google Scholar
Digital Library
- Tao Jiang, Helen J. Wang, and Yih-Chun Hu. 2007. Preserving location privacy in wireless LANs. In Proceedings of the 5th International Conference on Mobile Systems, Applications and Services (MobiSys’07). ACM, New York, NY, 246--257. Google Scholar
Digital Library
- P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias. 2007. Preventing location-based identity inference in anonymous spatial queries. IEEE Transactions on Knowledge and Data Engineering 19, 12, 1719--1733. Google Scholar
Digital Library
- D. Korzhyk, Z. Yin, C. Kiekintveld, V. Conitzer, and M. Tambe. 2011. Stackelberg vs. Nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. Journal of Artificial Intelligence Research 41, 297--327. Google Scholar
Cross Ref
- John Krumm. 2007. Inference attacks on location tracks. In Proceedings of the 5th International Conference on Pervasive Computing (Pervasive’07). Lecture Notes in Computer Science, Vol. 4480. Springer, Berlin, 127--143. Google Scholar
Digital Library
- Lin Liao, Donald J. Patterson, Dieter Fox, and Henry A. Kautz. 2007. Learning and inferring transportation routines. Artificial Intelligence 171, 5--6, 311--331. Google Scholar
Digital Library
- Wei Liu and Sanjay Chawla. 2009. A game theoretical model for adversarial learning. In IEEE International Conference on Data Mining Workshops (ICDM’09), Yücel Saygin, Jeffrey Xu Yu, Hillol Kargupta, Wei Wang, Sanjay Ranka, Philip S. Yu, and Xindong Wu (Eds.). IEEE Computer Society, 25--30. Google Scholar
Digital Library
- Mohammad Hossein Manshaei, Quanyan Zhu, Tansu Alpcan, Tamer Başar, and Jean-Pierre Hubaux. 2013. Game theory meets network security and privacy. ACM Computing Surveys 45, 3, Article 25, 39 pages. Google Scholar
Digital Library
- Joseph Meyerowitz and Romit Roy Choudhury. 2009. Hiding stars with fireworks: Location privacy through camouflage. In Proceedings of the 15th Annual International Conference on Mobile Computing and Networking (MobiCom’09). ACM, New York, NY, 345--356. Google Scholar
Digital Library
- Kristopher Micinski, Philip Phelps, and Jeffrey S. Foster. 2013. An empirical study of location truncation on Android. Proceedings of the Mobile Security Technologies (MoST’13) 2.Google Scholar
- Mehmet Ercan Nergiz, Maurizio Atzori, Yücel Saygin, and Baris Güç. 2009. Towards trajectory anonymization: A generalization-based approach. Transactions on Data Privacy 2, 1, 47--75. Google Scholar
Digital Library
- Xiao Pan, Xiaofeng Meng, and Jianliang Xu. 2009. Distortion-based anonymity for continuous queries in location-based mobile services. In 17th ACM SIGSPATIAL International Symposium on Advances in Geographic Information Systems (ACM-GIS’09). 256--265. Google Scholar
Digital Library
- Praveen Paruchuri, Jonathan P. Pearce, Janusz Marecki, Milind Tambe, Fernando Ordóñez, and Sarit Kraus. 2008. Efficient algorithms to solve Bayesian Stackelberg games for security applications. In 23rd AAAI Conference on Artificial Intelligence (AAAI’08), Dieter Fox and Carla P. Gomes (Eds.). AAAI Press, 1559--1562. Google Scholar
Digital Library
- Reza Shokri. 2015. Privacy games: Optimal user-centric data obfuscation. Proceedings of Privacy Enhancing Technologies.Google Scholar
Cross Ref
- Reza Shokri, Julien Freudiger, Murtuza Jadliwala, and Jean-Pierre Hubaux. 2009. A distortion-based metric for location privacy. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES’09). ACM, New York, NY, 21--30. Google Scholar
Digital Library
- Reza Shokri, George Theodorakopoulos, George Danezis, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2011a. Quantifying location privacy: The case of sporadic location exposure. In Proceedings of the 11th International Conference on Privacy Enhancing Technologies (PETS’11). Springer, Berlin, 57--76. http://dl.acm.org/citation.cfm?id=2032162.2032166 Google Scholar
Digital Library
- Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011b. Quantifying location privacy. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP’11). IEEE Computer Society, Washington, DC, 247--262. Google Scholar
Digital Library
- Manolis Terrovitis and Nikos Mamoulis. 2008. Privacy preservation in the publication of trajectories. In 9th International Conference on Mobile Data Management (MDM’08). IEEE, 65--72. Google Scholar
Digital Library
- Tun-Hao You, Wen-Chih Peng, and Wang-Chien Lee. 2007. Protecting moving trajectories with dummies. In 2007 International Conference on Mobile Data Management. 278--282. Google Scholar
Digital Library
Index Terms
Privacy Games Along Location Traces: A Game-Theoretic Framework for Optimizing Location Privacy
Recommendations
Protecting location privacy using location semantics
KDD '11: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data miningAs the use of mobile devices increases, a location-based service (LBS) becomes increasingly popular because it provides more convenient context-aware services. However, LBS introduces problematic issues for location privacy due to the nature of the ...
A privacy-aware location cloaking technique reducing bandwidth consumption in location-based services
QUeST '12: Proceedings of the Third ACM SIGSPATIAL International Workshop on Querying and Mining Uncertain Spatio-Temporal DataThe explosive growth of location-detection devices, such as GPS (Global Positioning System), continuously increases users' privacy threat in location-based services (LBSs). However, in order to enjoy such services, the user must precisely disclose his/...
Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms
Continued advances in mobile networks and positioning technologies have created a strong market push for location-based applications. Examples include location-aware emergency response, location-based advertisement, and location-based entertainment. An ...






Comments