skip to main content
research-article

Privacy Games Along Location Traces: A Game-Theoretic Framework for Optimizing Location Privacy

Published:16 December 2016Publication History
Skip Abstract Section

Abstract

The mainstream approach to protecting the privacy of mobile users in location-based services (LBSs) is to alter (e.g., perturb, hide, and so on) the users’ actual locations in order to reduce exposed sensitive information. In order to be effective, a location-privacy preserving mechanism must consider both the privacy and utility requirements of each user, as well as the user’s overall exposed locations (which contribute to the adversary’s background knowledge).

In this article, we propose a methodology that enables the design of optimal user-centric location obfuscation mechanisms respecting each individual user’s service quality requirements, while maximizing the expected error that the optimal adversary incurs in reconstructing the user’s actual trace. A key advantage of a user-centric mechanism is that it does not depend on third-party proxies or anonymizers; thus, it can be directly integrated in the mobile devices that users employ to access LBSs. Our methodology is based on the mutual optimization of user/adversary objectives (maximizing location privacy versus minimizing localization error) formalized as a Stackelberg Bayesian game. This formalization makes our solution robust against any location inference attack, that is, the adversary cannot decrease the user’s privacy by designing a better inference algorithm as long as the obfuscation mechanism is designed according to our privacy games.

We develop two linear programs that solve the location privacy game and output the optimal obfuscation strategy and its corresponding optimal inference attack. These linear programs are used to design location privacy--preserving mechanisms that consider the correlation between past, current, and future locations of the user, thus can be tuned to protect different privacy objectives along the user’s location trace. We illustrate the efficacy of the optimal location privacy--preserving mechanisms obtained with our approach against real location traces, showing their performance in protecting users’ different location privacy objectives.

References

  1. Osman Abul, Francesco Bonchi, and Mirco Nanni. 2008. Never walk alone: Uncertainty for anonymity in moving objects databases. In 24th International Conference on Data Engineering (ICDE’08). IEEE, 376--385. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Miguel E. Andrés, Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2013. Geo-indistinguishability: Differential privacy for location-based systems. In ACM Conference on Computer and Communications Security (CCS’13). ACM, 901--914. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Claudio A. Ardagna, Giovanni Livraga, and Pierangela Samarati. 2012. Protecting privacy of user information in continuous location-based services. In 15th International Conference on Computational Science and Engineering (CSE’12). IEEE, 162--169. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Alastair R. Beresford and Frank Stajano. 2003. Location privacy in pervasive computing. IEEE Pervasive Computing 2, 1, 46--55. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2014. Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 251--262. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Michael Brückner and Tobias Scheffer. 2011. Stackelberg games for adversarial prediction problems. In 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD’11), Chid Apté, Joydeep Ghosh, and Padhraic Smyth (Eds.). ACM, 547--555. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Konstantinos Chatzikokolakis, Catuscia Palamidessi, and Marco Stronati. 2014. A predictive differentially-private mechanism for mobility traces. In Privacy Enhancing Technologies. Springer, 21--41.Google ScholarGoogle Scholar
  8. Richard Chow and Philippe Golle. 2009. Faking contextual data for fun, profit, and privacy. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES’09). ACM, New York, NY, 105--108. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Sanjoy Dasgupta, Christos Papadimitriou, and Umesh Vazirani. 2008. Algorithms. McGraw-Hill, New York, NY. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Yoni De Mulder, George Danezis, Lejla Batina, and Bart Preneel. 2008. Identification via location-profiling in GSM networks. In Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society (WPES’08). ACM, New York, NY, 23--32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Michael Decker. 2009. Location privacy—an overview. In International Conference on Mobile Business. IEEE Computer Society, 221--230. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Matt Duckham. 2010. Moving forward: Location privacy and location awareness. In Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS (SPRINGL’10). ACM, New York, NY, 1--3. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Julien Freudiger, Reza Shokri, and Jean-Pierre Hubaux. 2009. On the optimal placement of mix zones. In Proceedings of the 9th International Symposium on Privacy Enhancing Technologies (PETS’09). Springer, Berlin, 216--234. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Julien Freudiger, Reza Shokri, and Jean-Pierre Hubaux. 2012. Evaluating the privacy risk of location-based services. In Proceedings of the 15th International Conference on Financial Cryptography and Data Security (FC’11). Springer, Berlin, 31--46. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Sheng Gao, Jianfeng Ma, Weisong Shi, Guoxing Zhan, and Cong Sun. 2013. TrPF: A trajectory privacy-preserving framework for participatory sensing. IEEE Transactions on Information Forensics and Security 8, 6, 874--887. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Bugra Gedik and Ling Liu. 2005. Location privacy in mobile systems: A personalized anonymization model. In Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDSC’05). IEEE Computer Society, Washington, DC, 620--629. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Gabriel Ghinita, Maria Luisa Damiani, Claudio Silvestri, and Elisa Bertino. 2009. Preventing velocity-based linkage attacks in location-aware applications. In 17th ACM SIGSPATIAL International Symposium on Advances in Geographic Information Systems (ACM-GIS’09). ACM, 246--255. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Gyözö Gidófalvi, Xuegang Huang, and Torben Bach Pedersen. 2007. Privacy-preserving data mining on moving object trajectories. In 8th International Conference on Mobile Data Management (MDM’07). IEEE, 60--68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Philippe Golle and Kurt Partridge. 2009. On the anonymity of home/work location pairs. In Proceedings of the 7th International Conference on Pervasive Computing (Pervasive’09). Springer, Berlin, 390--397. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Marco Gruteser and Dirk Grunwald. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In MobiSys’03: Proceedings of the 1st International Conference on Mobile Systems, Applications and Services. ACM, New York, NY, 31--42. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Michael Herrmann, Carmela Troncoso, Claudia Díaz, and Bart Preneel. 2013. Optimal sporadic location privacy preserving systems in presence of bandwidth constraints. In 12th Annual ACM Workshop on Privacy in the Electronic Society, Ahmad-Reza Sadeghi and Sara Foresti (Eds.). ACM, 167--178. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Baik Hoh, Marco Gruteser, Hui Xiong, and Ansaf Alrabady. 2006. Enhancing security and privacy in traffic-monitoring systems. IEEE Pervasive Computing 5, 4, 38--46. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Baik Hoh, Marco Gruteser, Hui Xiong, and Ansaf Alrabady. 2007. Preserving privacy in GPS traces via uncertainty-aware path cloaking. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). ACM, New York, NY, 161--171. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Baik Hoh, Marco Gruteser, Hui Xiong, and Ansaf Alrabady. 2010. Achieving guaranteed anonymity in GPS traces via uncertainty-aware path cloaking. IEEE Transactions in Mobile Computing 9, 8, 1089--1107. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Leping Huang, Hiroshi Yamane, Kanta Matsuura, and Kaoru Sezaki. 2006. Silent cascade: Enhancing location privacy without communication QoS degradation. In Security of Pervasive Computing (SPC’06). 165--180. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Tao Jiang, Helen J. Wang, and Yih-Chun Hu. 2007. Preserving location privacy in wireless LANs. In Proceedings of the 5th International Conference on Mobile Systems, Applications and Services (MobiSys’07). ACM, New York, NY, 246--257. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias. 2007. Preventing location-based identity inference in anonymous spatial queries. IEEE Transactions on Knowledge and Data Engineering 19, 12, 1719--1733. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. D. Korzhyk, Z. Yin, C. Kiekintveld, V. Conitzer, and M. Tambe. 2011. Stackelberg vs. Nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. Journal of Artificial Intelligence Research 41, 297--327. Google ScholarGoogle ScholarCross RefCross Ref
  29. John Krumm. 2007. Inference attacks on location tracks. In Proceedings of the 5th International Conference on Pervasive Computing (Pervasive’07). Lecture Notes in Computer Science, Vol. 4480. Springer, Berlin, 127--143. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Lin Liao, Donald J. Patterson, Dieter Fox, and Henry A. Kautz. 2007. Learning and inferring transportation routines. Artificial Intelligence 171, 5--6, 311--331. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Wei Liu and Sanjay Chawla. 2009. A game theoretical model for adversarial learning. In IEEE International Conference on Data Mining Workshops (ICDM’09), Yücel Saygin, Jeffrey Xu Yu, Hillol Kargupta, Wei Wang, Sanjay Ranka, Philip S. Yu, and Xindong Wu (Eds.). IEEE Computer Society, 25--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Mohammad Hossein Manshaei, Quanyan Zhu, Tansu Alpcan, Tamer Başar, and Jean-Pierre Hubaux. 2013. Game theory meets network security and privacy. ACM Computing Surveys 45, 3, Article 25, 39 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Joseph Meyerowitz and Romit Roy Choudhury. 2009. Hiding stars with fireworks: Location privacy through camouflage. In Proceedings of the 15th Annual International Conference on Mobile Computing and Networking (MobiCom’09). ACM, New York, NY, 345--356. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Kristopher Micinski, Philip Phelps, and Jeffrey S. Foster. 2013. An empirical study of location truncation on Android. Proceedings of the Mobile Security Technologies (MoST’13) 2.Google ScholarGoogle Scholar
  35. Mehmet Ercan Nergiz, Maurizio Atzori, Yücel Saygin, and Baris Güç. 2009. Towards trajectory anonymization: A generalization-based approach. Transactions on Data Privacy 2, 1, 47--75. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Xiao Pan, Xiaofeng Meng, and Jianliang Xu. 2009. Distortion-based anonymity for continuous queries in location-based mobile services. In 17th ACM SIGSPATIAL International Symposium on Advances in Geographic Information Systems (ACM-GIS’09). 256--265. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Praveen Paruchuri, Jonathan P. Pearce, Janusz Marecki, Milind Tambe, Fernando Ordóñez, and Sarit Kraus. 2008. Efficient algorithms to solve Bayesian Stackelberg games for security applications. In 23rd AAAI Conference on Artificial Intelligence (AAAI’08), Dieter Fox and Carla P. Gomes (Eds.). AAAI Press, 1559--1562. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Reza Shokri. 2015. Privacy games: Optimal user-centric data obfuscation. Proceedings of Privacy Enhancing Technologies.Google ScholarGoogle ScholarCross RefCross Ref
  39. Reza Shokri, Julien Freudiger, Murtuza Jadliwala, and Jean-Pierre Hubaux. 2009. A distortion-based metric for location privacy. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society (WPES’09). ACM, New York, NY, 21--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Reza Shokri, George Theodorakopoulos, George Danezis, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2011a. Quantifying location privacy: The case of sporadic location exposure. In Proceedings of the 11th International Conference on Privacy Enhancing Technologies (PETS’11). Springer, Berlin, 57--76. http://dl.acm.org/citation.cfm?id=2032162.2032166 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011b. Quantifying location privacy. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP’11). IEEE Computer Society, Washington, DC, 247--262. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Manolis Terrovitis and Nikos Mamoulis. 2008. Privacy preservation in the publication of trajectories. In 9th International Conference on Mobile Data Management (MDM’08). IEEE, 65--72. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Tun-Hao You, Wen-Chih Peng, and Wang-Chien Lee. 2007. Protecting moving trajectories with dummies. In 2007 International Conference on Mobile Data Management. 278--282. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Privacy Games Along Location Traces: A Game-Theoretic Framework for Optimizing Location Privacy

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM Transactions on Privacy and Security
              ACM Transactions on Privacy and Security  Volume 19, Issue 4
              February 2017
              93 pages
              ISSN:2471-2566
              EISSN:2471-2574
              DOI:10.1145/3018656
              Issue’s Table of Contents

              Copyright © 2016 ACM

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 16 December 2016
              • Revised: 1 October 2016
              • Accepted: 1 October 2016
              • Received: 1 July 2015
              Published in tops Volume 19, Issue 4

              Permissions

              Request permissions about this article.

              Request Permissions

              Check for updates

              Qualifiers

              • research-article
              • Research
              • Refereed

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!