Location Privacy for Rank-based Geo-Query Systems

Abstract

The mobile eco-system is driven by an increasing number of location-aware applications. Consequently, a number of location privacy models have been proposed to prevent the unwanted inference of sensitive information from location traces. A primary focus in these models is to ensure that a privacy mechanism can indeed retrieve results that are geographically the closest. However, geo-query results are, in most cases, ranked using a combination of distance and importance data, thereby producing a result landscape that is periodically flat and not always dictated by distance. A privacy model that does not exploit this structure of geo-query results may enforce weaker levels of location privacy. Towards this end, we explore a formal location privacy principle designed to capture arbitrary similarity between locations, be it distance, or the number of objects common in their result sets. We propose a composite privacy mechanism that performs probabilistic cloaking and exponentially weighted sampling to provide coarse grain location hiding within a tunable area, and finer privacy guarantees under the principle inside this area. We present extensive empirical evidence to supplement claims on the effectiveness of the approach, along with comparative results to assert the stronger privacy guarantees.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] M. E. Andrés, N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. Geo-indistinguishability: Differential Privacy for Location-Based Systems. In Proceedings of the 20th ACM Conference on Computer and Communications Security, pages 901–914, 2013.

  • [2] B. Bamba, L. Liu, P. Pesti, and T. Wang. Supporting Anonymous Location Queries in Mobile Environments with Privacy Grid. In Proceedings of the 17th International World Wide Web Conference, pages 237–246, 2008.

  • [3] N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. Optimal Geo-Indistinguishable Mechanisms for Location Privacy. In Proceedings of the 21th ACM Conference on Computer and Communications Security, pages 251–262, 2014.

  • [4] K. Chatzikokolakis, M. E. Andrés, N. E. Bordenabe, and C. Palamidessi. Broadening the Scope of Differential Privacy Using Metrics. In Proceedings of the 2013 International Symposium on Privacy Enhancing Technologies, pages 82–102, 2013.

  • [5] R. Dewri. Local Differential Perturbations: Location Privacy Under Approximate Knowledge Attackers. IEEE Transactions on Mobile Computing, 12(12):2360–2372, 2013.

  • [6] R. Dewri, W. Eltarjaman, P. Annadata, and R. Thurimella. Beyond the Thin Client Model for Location Privacy. In Proceedings of the 2013 International Conference on Privacy and Security in Mobile Systems, pages 1–8, 2013.

  • [7] R. Dewri, I. Ray, I. Ray, and D. Whitley. Query m-Invariance: Preventing Query Disclosures in Continuous Location-Based Services. In Proceedings of the 11th International Conference on Mobile Data Management, pages 95–104, 2010.

  • [8] J. Freudiger, R. Shokri, and J.-P. Hubaux. Evaluating the Privacy Risk of Location-Based Services. In Proceedings of the 15th International Conference on Financial Cryptography and Data Security, pages 31–46, 2011.

  • [9] S. Gambs, M.-O. Killijian, and M. N. del Prado Cortez. De-anonymization Attack on Geolocated Data. Journal of Computer and System Sciences, 80(8):1597–1614, 2014.

  • [10] B. Gedik and L. Liu. Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms. IEEE Transactions on Mobile Computing, 7(1):1–18, 2008.

  • [11] Google. Google Places API. https://developers.google.com/places/web-service/search#PlaceSearchRequests, 2017. [Online; accessed 1-March-2017].

  • [12] M. Gruteser and D. Grunwald. Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In Proceedings of the 1st International Conference on Mobile Systems, Applications, and Services, pages 31–42, 2003.

  • [13] P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias. Preventing Location-Based Identity Inference in Anonymous Spatial Queries. IEEE Transactions on Knowledge and Data Engineering, 19(12):1719–1733, 2007.

  • [14] A. Khoshgozaran, C. Shahabi, and H. Shirani-Mehr. Location Privacy: Going beyond k-Anonymity, Cloaking and Anonymizers. Journal of Knowledge and Information Systems, 26(3):435–465, 2011.

  • [15] H. Kido, Y. Yanagisawa, and T. Satoh. An Anonymous Communication Technique Using Dummies for Location-Based Services. In Proceedings of the IEEE International Conference on Pervasive Services, pages 88–97, 2005.

  • [16] F. Liu, K. A. Hua, and Y. Cai. Query l-Diversity in Location-Based Services. In Proceedings of the 10th International Conference on Mobile Data Management: Systems, Services and Middleware, pages 436–442, 2009.

  • [17] C. Y. T. Ma, D. K. Y. Ma, N. K. Yip, and N. S. V. Rao. Privacy Vulnerability of Published Anonymous Mobility Traces. IEEE/ACM Transactions on Networking, 21(3):720–733, 2013.

  • [18] F. McSherry and K. Talwar. Mechanism Design via Differential Privacy. In Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science, pages 94–103, 2007.

  • [19] M. F. Mokbel, C. Chow, and W. G. Aref. The New Casper: Query Processing for Location Services Without Compromising Privacy. In Proceedings of the 32nd International Conference on Very Large Data Bases, pages 763–774, 2006.

  • [20] Moz, Inc. The 2015 Local Search Ranking Factors. https://moz.com/local-search-ranking-factors, 2015. [Online; accessed 1-March-2017].

  • [21] B. Niu, Q. Li, X. Zhu, G. Cao, and H. Li. Achieving K-anonymity in Privacy-aware Location-based Services. In Proceedings of the 33rd Annual IEEE International Conference on Computer Communications, pages 754–762, 2014.

  • [22] B. Niu, Q. Li, X. Zhu, G. Cao, and H. Li. Enhancing Privacy through Caching in Location-based Services. In Proceedings of the 34th Annual IEEE International Conference on Computer Communications, pages 1017–1025, 2015.

  • [23] B. O’Clair, D. Egnor, and L. E. Greenfield. Scoring local search results based on location prominence, 2011. US Patent 8,046,371.

  • [24] D. M. W. Powers. Applications and Explanations of Zipf’s Law. In Proceedings of the Joint Conferences on New Methods in Language Processing and Computational Natural Language Learning, pages 151–160, 1998.

  • [25] J. Reed and B. C. Pierce. Distance Makes the Types Grow Stronger: A Calculus for Differential Privacy. In Proceedings of the 15th ACM SIGPLAN International Conference on Functional Programming, pages 157–168, 2010.

  • [26] R. Shokri, G. Theodorakopoulos, J.-Y. L. Boudec, and J.-P. Hubaux. Quantifying Location Privacy. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, pages 247–262, 2011.

  • [27] R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. L. Boudec. Protecting Location Privacy: Optimal Strategy Against Localization Attacks. In Proceedings of the 19th ACM Conference on Computer and Communications Security, pages 617–627, 2012.

  • [28] R. Shokri, C. Troncoso, C. Diaz, J. Freudiger, and J.-P. Hubaux. Unraveling an Old Cloak: k-Anonymity for Location Privacy. In Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society, pages 115–118, 2010.

  • [29] M. Soriano, S. Qing, and J. Lopez. Time Warp: How Time Affects Privacy in LBSs. In Proceedings of the 12th International Conference on Information and Communications Security, pages 325–339, 2010.

  • [30] Y. Xiao and L. Xiong. Protecting Locations with Differential Privacy under Temporal Correlations. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1298–1309, 2015.

  • [31] T. Xu and Y. Cai. Feeling-Based Location Privacy Protection for Location-Based Services. In Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 348–357, 2009.

  • [32] Yelp Inc. Yelp API v3. https://www.yelp.com/developers/documentation/v3/business_search, 2017. [Online; accessed 1-March-2017].

Journal + Issues

Search