Query-aware location anonymization for road networks

2010 Eleventh International Conference on Mobile Data Management, 2010

The emerging location-detection devices together with ubiquitous connectivity have enabled a large variety of locationbased services (LBS). Unfortunately, LBS may threaten the users' privacy. K-anonymity cloaking the user location to Kanonymizing spatial region (K-ASR) has been extensively studied to protect privacy in LBS. Traditional K-anonymity method needs complex query processing algorithms at the server side. SpaceTwist [8] rectifies the above shortcoming of traditional Kanonymity since it only requires incremental nearest neighbor (INN) queries processing techniques at the server side. However, SpaceTwist may fail since it cannot guarantee K-anonymity. In this paper, our proposed framework, called KAWCR (Kanonymity Without Cloaked Region), rectifies the shortcomings and retains the advantages of the above two techniques. KAWCR only needs the server to process INN queries and can guarantee that the users issuing the query is indistinguishable from at least K-1 other users. We formulate the communication costs of KAWCR, traditional K-anonymity and SpaceTwist under the assumptions that POIs and users are uniformly distributed. We also did extensive experiments to compare KAWCR with traditional K-anonymity and SpaceTwist in terms of communication costs. The experimental results show that the communication cost of KAWCR for kNN queries is lower than that of both traditional K-anonymity and SpaceTwist.

2011

Users of location-based services (LBSs) may have serious privacy concerns when using these technologies since their location can be utilized by adversaries to infer privacy-sensitive information about them. In this work, we analyze the mainstream anonymity solutions proposed for LBSs based on k-anonymity, and point out that these do not follow the safe assumptions as per the original definition of k-anonymity. We propose an alternative LBS anonymity property, LBS (k,T)-anonymity, that ensures anonymity of a user's query against an attacker who knows about the issuance of the user query within a time window. We evaluate the vulnerability of the approaches in the literature to this type of attack that we believe is very basic and important, and assess the performance of our proposed algorithm for achieving LBS (k,T)-anonymity in terms of providing optimal solution.

ACM SIGKDD Explorations Newsletter, 2010

The offering of anonymity in relational databases has attracted a great deal of attention in the database community during the last decade . Among the different solution approaches that have been proposed to tackle this problem, K-anonymity has received increased attention and has been extensively studied in various forms. New forms of data that come into existence, like location data capturing user movement, pave the way for the offering of cutting edge services such as the prevailing Location Based Services (LBSs). Given that these services assume an in-depth knowledge of the mobile users' whereabouts it is certain that the assumed knowledge may breach the privacy of the users. Thus, concrete approaches are necessary to preserve the anonymity of the mobile users when requesting LBSs. In this work, we survey recent advancements for the offering of K-anonymity in LBSs. Most of the approaches that have been proposed heavily depend on a trusted server component -that acts as an intermediate between the end user and the service provider -to preserve the anonymity of the former entity. Existing approaches are partitioned in three categories: (a) historical K-anonymity, (b) location K-anonymity, and (c) trajectory K-anonymity. In each of these categories we present some of the most prevalent methodologies that have been proposed and highlight their operation.

2010

In this paper we deal with security and historical privacy in Location Based Service (LBS) applications where users submit accurate location samples to an LBS provider. Specifically we propose a distributed scheme that establishes access control while protecting the privacy of a user in both sporadic and continuous LBS queries. Our solution employs a hybrid network architecture where LBS users: (a) are able to communicate with an LBS provider through a network (e.g., cellular) operator, and (b) they are also able to create wireless ad-hoc networks with other peers in order to obtain privacy against an adversary that performs traffic analysis. Our threat model considers the network operator, the LBS provider and other peers, as potential privacy adversaries. For historical privacy we adopt the generic approach of using multiple pseudonyms that are changed frequently. In order to establish untraceability against traffic analysis attacks, a message is not sent directly to the cellular operator, but it is distributed among mobile neighbors who act like mixes and re-encrypt a message before sending it to the LBS provider via the cellular operator. As an extension, we also discuss how to aggregate independent data from different mobile peers before sending them to the LBS provider. This approach may be suitable in applications where aggregate location data are useful (e.g., traffic monitoring and control)

This paper presents PrivacyGrid − a framework for supporting anonymous location-based queries in mobile information delivery systems. The PrivacyGrid framework offers three unique capabilities. First, it provides a location privacy protection preference profile model, called location P3P, which allows mobile users to explicitly define their preferred location privacy requirements in terms of both location hiding measures (e.g., location k-anonymity and location l-diversity) and location service quality measures (e.g., maximum spatial resolution and maximum temporal resolution). Second, it provides fast and effective location cloaking algorithms for location k-anonymity and location l-diversity in a mobile environment. We develop dynamic bottomup and top-down grid cloaking algorithms with the goal of achieving high anonymization success rate and efficiency in terms of both time complexity and maintenance cost. A hybrid approach that carefully combines the strengths of both bottom-up and top-down cloaking approaches to further reduce the average anonymization time is also developed. Last but not the least, PrivacyGrid incorporates temporal cloaking into the location cloaking process to further increase the success rate of location anonymization. We also discuss PrivacyGrid mechanisms for supporting anonymous location queries. Experimental evaluation shows that the PrivacyGrid approach can provide close to optimal location k-anonymity as defined by per user location P3P without introducing significant performance penalties.

Operational Research, 2011

The offering of location based services requires an in-depth knowledge of the subscriber's whereabouts. Thus, without the existence of strict safeguards, the deployment of such services may easily breach user privacy. To address this issue, special algorithms are necessary that anonymize user location information prior to its release to the service provider of the telecom operator. In this paper, we extend existing work in historical K-anonymity (1) by considering an underlying network of user movement and (2) by pushing the core functionality of the anonymizer into a spatiotemporal DBMS. The proposed scheme allows each individual to specify his/ her anonymity requirements, involving a series of spatiotemporal regions that are considered as unsafe with respect to his/her privacy. When the user requests an LBS from within one of his unsafe regions, the anonymizer performs a spatial along with a temporal generalization of his request in order to protect the user's privacy. If the generalization algorithm fails to provide the necessary anonymity, the system dynamically constructs a mix-zone around the requester with the aim of unlinking his future requests from the previous ones. As the experimental results indicate, by utilizing the spatiotemporal capabilities of the used DBMS, the performance of the anonymizer improves when compared to existing work in historical K-anonymity.

2006

This paper tackles a major privacy concern in current location-based services where users have to continuously report their locations to the database server in order to obtain the service. For example, a user asking about the nearest gas station has to report her exact location. With untrusted servers, reporting the location information may lead to several privacy threats. In this paper, we present Casper 1 ; a new framework in which mobile and stationary users can entertain location-based services without revealing their location information. Casper consists of two main components, the location anonymizer and the privacy-aware query processor. The location anonymizer blurs the users' exact location information into cloaked spatial regions based on userspecified privacy requirements. The privacy-aware query processor is embedded inside the location-based database server in order to deal with the cloaked spatial areas rather than the exact location information. Experimental results show that Casper achieves high quality location-based services while providing anonymity for both data and queries.

2012 IEEE First International Conference on Mobile Services, 2012

The explosive growth of location-detection devices, such as GPS (Global Positioning System), continuously increasing users' privacy threat in location-based services (LBSs). However, in order to enjoy such services, the user must precisely disclose his/her exact location to the LBS. So, it is a key challenge to efficiently preserve user's privacy while accessing LBS. For this, the existing method employs a 2PASS cloaking framework that not only hides the actual user location but also reduces bandwidth consumption. However, it suffers from privacy attack. Therefore, we wish to provide the solution which can preserve user privacy by utilizing k-anonymity mechanism. In this paper, we propose a weighted adjacency graph based k-anonymous cloaking technique that can ensure users privacy protection and also reduce bandwidth usages. Our cloaking approach efficiently supports k-nearest neighbor queries without revealing private information of the query initiator. We demonstrate via experimental results that our algorithm yields much better performance than the existing one.

2007 IEEE 23rd International Conference on Data Engineering Workshop, 2007

With the proliferation of mobile devices (e.g., PDAs, cell phones, etc.), location-based services have become more and more popular in recent years. However, users have to reveal their location information to access location-based services with existing service infrastructures. It is possible that adversaries could collect the location information, which in turn invades user's privacy. There are existing solutions for query processing on spatial networks and mobile user privacy protection in Euclidean space. However there is no solution for solving queries on spatial networks with privacy protection. Therefore, we aim to provide network distance spatial query solutions which can preserve user privacy by utilizing K-anonymity mechanisms. In this paper, we present two novel query algorithms, PSNN and PSRQ, for answering nearest neighbor queries and range queries on spatial networks without revealing private information of the query initiator. The effectiveness of our privacy protected algorithms has been validated using real world road networks. In addition, we demonstrate the appeal of our technique using extensive simulation results.

2011 Proceedings IEEE INFOCOM, 2011

Location-based services (LBS) have become an immensely valuable source of real-time information and guidance. Nonetheless, the potential abuse of users' sensitive personal data by an LBS server is evolving into a serious concern. Privacy concerns in LBS exist on two fronts: location privacy and query privacy. In this paper we investigate issues related to query privacy. In particular, we aim to prevent the LBS server from correlating the service attribute, e.g., bar/tavern, in the query to the user's real-world identity. Location obfuscation using spatial generalization aided by anonymization of LBS queries is a conventional means to this end. However, effectiveness of this technique would abate in continuous LBS scenarios, i.e., where users are moving and recurrently requesting for LBS. In this paper, we present a novel query-perturbation-based scheme that protects query privacy in continuous LBS even when useridentities are revealed. Unlike most exiting works, our scheme does not require the presence of a trusted third party.

Proceedings of the 13th international conference on Ubiquitous computing - UbiComp '11, 2011

A promising approach to location privacy is query obfuscation, which involves reporting k − 1 false locations along with the real location. In this paper, we examine the level of privacy protection provided by the current query obfuscation techniques against adversarial location service providers. As a representative and realistic implementation of query obfuscation, we focus on SybilQuery. We present two types of attacks depending upon whether or not a short-term query history is available. When history is available, using machine learning, we were able to identify 93.67% of user trips, with only 2.02% of fake trips misclassified, for the security parameter k = 5. In the absence of history, we used trip correlations to form a smaller set of trips effectively increasing the user query identification probability from 20% to about 40%. Our work demonstrates that the use of aggregate statistical information alone is not sufficient to generate simulated trips. We identify areas for improvement in the existing query obfuscation techniques.

Vol. 19 No. 3 MARCH 2021 International Journal of Computer Science and Information Security (IJCSIS), 2021

The prevailing infrastructure of ubiquitous computing paradigm on the one hand making significant development for integrating technology in the daily life but on the other hand raising concerns for privacy and confidentiality. As Location based services (LBS) equip users to query information specific to a location with respect to temporal and spatial factors thus LBS put under extreme criticism when it comes to location privacy and user confidentiality. Here in this paper we are addressing the significance of our proposed scheme, a query processing architecture for privacy preservation in LBS, by providing flexible and efficient LBS model to ensure accurate and qualitative result set by employing some indexing scheme at location anonymizer as well as by Identifying possible adversary attacks to breach user privacy in the previous work with respect to location privacy and query privacy. Realizing the need for a unanimous query processing model which can operate in centralize as well as distributed environment, also flexible enough to provide privacy for public queries (snapshot/continuous) as well as private queries (snapshot/continuous) for public and private locations. Finally we will quantify the benefits of our approach using sampled results through experiments that the proposed cloaking algorithm is scalable, efficient and robust to support anonymity irrespective of scale of user queries in real time scenario.

2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008), 2008

Most of research efforts have elaborated on k-anonymity for location privacy. The general architecture for implementing k-anonymity is that there is one trusted server (referred to as location anonymizer) responsible for cloaking at least k users' locations for protecting location privacy. A location anonymizer will generate cloaked regions in which there are at least k users for query processing. Prior works only explore grid shape cloaked regions. However, grid shape cloaked regions result in a considerable amount of query results, thereby increasing the overhead of filtering unwanted query results. In this paper, we propose a cloaking algorithm in which cloaked regions are generated according to the features of spatial networks. By exploring the features of spatial networks, the cloaked regions are very efficient for reducing query results and improving cache utilization of mobile devices. Furthermore, an index structure for spatial networks is built and in light of the proposed index structure, we develop a Spatial-Temporal Connective Cloaking algorithm(abbreviated as STCC). A simulator is implemented and extensive experiments are conducted. Experimental results show that our proposed algorithm outperforms prior cloaking algorithms in terms of the candidate query results and the cache utilization.

Journal of Network and Computer Applications, 2018

Location-based applications provide convenient services to users. However, they also lead to location privacy leakage. Malicious adversaries may use the leaked information to violate users' privacy in unpredictable ways. Current location protection algorithms use fake or obfuscated locations to query services, thus resulting in inaccurate results. Usually, these algorithms need to sacrifice quality of service to ensure protection. Location searching services (LSSs) is one kind of location-based service (LBS). Users use LSSs to query nearby locations and exact distances to these locations. Thus, any mistake in results can make LSSs useless. Therefore, current location protection algorithms are not suitable for LSSs. In this paper, we propose a novel algorithm to offer protection for LSSs. In the proposed algorithm, users can have accurate LSSs with powerful location privacy protection. Overhead, in terms of data usage, was introduced in this paper to improve the privacy and decrease the Quality Loss (QL) simultaneously. QL can be decreased to zero if users have a good Internet environment. We derive the privacy and QL calculation methods and also use simulations to calculate the expected privacy and QL. The results illustrate that the proposed algorithm has excellent privacy protection and service quality.

Location-based services (LBS) require users to continuously report their location to a potentially untrusted server to obtain services based on their location, which can expose them to privacy risks. Unfortunately, existing privacy-preserving techniques for LBS have several limitations, such as requiring a fully-trusted third party, offering limited privacy guarantees and incurring high communication overhead. In this paper, we propose a user-defined privacy grid system called dynamic matrix framework (DMF); the first holistic system that fulfills four essential requirements for privacy-preserving snapshot and continuous LBS. (1) The system only requires a semi-trusted third party, responsible for carrying out simple matching operations correctly. This semi-trusted third party does not have any information about a user's location. (2) Secure snapshot and continuous location privacy is guaranteed under our defined adversary models. (3) The communication cost for the user does not depend on the user's desired privacy level, it only depends on the number of relevant points of interest in the vicinity of the user. (4) Although we only focus on range and k-nearest-neighbor queries in this work, our system can be easily extended to support other spatial queries without changing the algorithms run by the semi-trusted third party and the database server, provided the required search area of a spatial query can be abstracted into spatial regions.