Constructing elastic distinguishability metrics for location privacy

Open access

Abstract

With the increasing popularity of hand-held devices, location-based applications and services have access to accurate and real-time location information, raising serious privacy concerns for their users. The recently introduced notion of geo-indistinguishability tries to address this problem by adapting the well-known concept of differential privacy to the area of location-based systems. Although geo-indistinguishability presents various appealing aspects, it has the problem of treating space in a uniform way, imposing the addition of the same amount of noise everywhere on the map. In this paper we propose a novel elastic distinguishability metric that warps the geometrical distance, capturing the different degrees of density of each area. As a consequence, the obtained mechanism adapts the level of noise while achieving the same degree of privacy everywhere. We also show how such an elastic metric can easily incorporate the concept of a “geographic fence” that is commonly employed to protect the highly recurrent locations of a user, such as his home or work. We perform an extensive evaluation of our technique by building an elastic metric for Paris’ wide metropolitan area, using semantic information from the OpenStreetMap database. We compare the resulting mechanism against the Planar Laplace mechanism satisfying standard geo-indistinguishability, using two real-world datasets from the Gowalla and Brightkite location-based social networks. The results show that the elastic mechanism adapts well to the semantics of each area, adjusting the noise as we move outside the city center, hence offering better overall privacy.1

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] https://github.com/paracetamolo/elastic-mechanism.

  • [2] M. E. Andrés N. E. Bordenabe K. Chatzikokolakis and C. Palamidessi. Geo-indistinguishability: differential privacy for location-based systems. In Proc. of CCS pages 901–914. ACM 2013.

  • [3] C. A. Ardagna M. Cremonini E. Damiani S. D. C. di Vimercati and P. Samarati. Location privacy protection through obfuscation-based techniques. In Proc. of DAS volume 4602 of LNCS pages 47–60. Springer 2007.

  • [4] B. Bamba L. Liu P. Pesti and T. Wang. Supporting anonymous location queries in mobile environments with privacygrid. In Proc. of WWW pages 237–246. ACM 2008.

  • [5] N. E. Bordenabe K. Chatzikokolakis and C. Palamidessi. Optimal geo-indistinguishable mechanisms for location privacy. In Proc. of CCS 2014.

  • [6] A. J. B. Brush J. Krumm and J. Scott. Exploring end user preferences for location obfuscation location-based services and the value of location. In Proc. of UbiComp 2010. ACM 2010.

  • [7] K. Chatzikokolakis M. E. Andrés N. E. Bordenabe and C. Palamidessi. Broadening the scope of Differential Privacy using metrics. In Proc. of PETS volume 7981 of LNCS pages 82–102. Springer 2013.

  • [8] K. Chatzikokolakis C. Palamidessi and M. Stronati. A predictive differentially-private mechanism for mobility traces. In Proc. of PETS volume 8555 of LNCS pages 21–41. Springer 2014.

  • [9] R. Cheng Y. Zhang E. Bertino and S. Prabhakar. Preserving user location privacy in mobile data management infrastructures. In Proc. of PET volume 4258 of LNCS pages 393–412. Springer 2006.

  • [10] E. Cho S. A. Myers and J. Leskovec. Friendship and mobility: user movement in location-based social networks. In Proceedings of the 17th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining. ACM 2011.

  • [11] R. Dewri. Local differential perturbations: Location privacy under approximate knowledge attackers. IEEE Trans. on Mobile Computing 99(PrePrints):1 2012.

  • [12] M. Duckham and L. Kulik. A formal model of obfuscation and negotiation for location privacy. In Proc. of PERVASIVE volume 3468 of LNCS pages 152–170. Springer 2005.

  • [13] C. Dwork. Differential privacy. In Proc. of ICALP volume 4052 of LNCS pages 1–12. Springer 2006.

  • [14] K. Fawaz and K. G. Shin. Location privacy protection for smartphone users. In Proc. of CCS pages 239–250. ACM Press 2014.

  • [15] S. Gambs M.-O. Killijian and M. N. del Prado Cortez. Show me how you move and i will tell you who you are. Trans. on Data Privacy 4(2):103–126 2011.

  • [16] P. Golle and K. Partridge. On the anonymity of home/work location pairs. In Proc. of PerCom. IEEE 2009.

  • [17] S.-S. Ho and S. Ruan. Differential privacy for location pattern mining. In Proc. of SPRINGL pages 17–24. ACM 2011.

  • [18] B. Hoh and M. Gruteser. Protecting location privacy through path confusion. In Proc. of SecureComm pages 194–205. IEEE 2005.

  • [19] H. Kido Y. Yanagisawa and T. Satoh. Protection of location privacy using dummies for location-based services. In Proc. of ICDE Workshops page 1248 2005.

  • [20] J. Krumm. A survey of computational location privacy. Personal and Ubiquitous Computing 13(6):391–399 2009.

  • [21] A. Machanavajjhala D. Kifer J. M. Abowd J. Gehrke and L. Vilhuber. Privacy: Theory meets practice on the map. In Proc. of ICDE pages 277–286. IEEE 2008.

  • [22] A. Machanavajjhala D. Kifer J. Gehrke and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. ACM Trans. on Knowledge Discovery from Data (TKDD) 1(1):3 2007.

  • [23] F. McSherry and K. Talwar. Mechanism design via differential privacy. In Proc. of FOCS pages 94–103. IEEE 2007.

  • [24] P. Samarati. Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng 13(6):1010–1027 2001.

  • [25] P. Shankar V. Ganapathy and L. Iftode. Privately querying location-based services with SybilQuery. In Proc. of Ubi-Comp pages 31–40. ACM 2009.

  • [26] K. G. Shin X. Ju Z. Chen and X. Hu. Privacy protection for users of location-based services. IEEE Wireless Commun 19(2):30–39 2012.

  • [27] R. Shokri. Optimal user-centric data obfuscation. Technical report ETH Zurich 2014. http://arxiv.org/abs/1402.3426.

  • [28] R. Shokri G. Theodorakopoulos J.-Y. L. Boudec and J.-P. Hubaux. Quantifying location privacy. In Proc. of S&P pages 247–262. IEEE 2011.

  • [29] R. Shokri G. Theodorakopoulos C. Troncoso J.-P. Hubaux and J.-Y. L. Boudec. Protecting location privacy: optimal strategy against localization attacks. In Proc. of CCS pages 617–627. ACM 2012.

  • [30] R. Shokri C. Troncoso C. Diaz J. Freudiger and J.-P. Hubaux. Unraveling an old cloak: k-anonymity for location privacy. In Proc. of WPES 2010 pages 115–118 115–118 115–118 2010.

  • [31] M. Terrovitis. Privacy preservation in the dissemination of location data. SIGKDD Explorations 13(1):6–18 2011.

  • [32] M. Xue P. Kalnis and H. Pung. Location diversity: Enhanced privacy protection in location based services. In Proc. of LoCA volume 5561 of LNCS pages 70–87. Springer 2009.

Search
Journal information
Cited By
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 330 232 16
PDF Downloads 173 127 2