Impact of Frequency of Location Reports on the Privacy Level of Geo-indistinguishability

Ricardo Mendes 1 , Mariana Cunha 2  and João P. Vilela 3
  • 1 Department of Informatics Engineering, University of Coimbra
  • 2 Department of Informatics Engineering, University of Coimbra
  • 3 Department of Informatics Engineering, University of Coimbra

Abstract

Location privacy has became an emerging topic due to the pervasiveness of Location-Based Services (LBSs). When sharing location, a certain degree of privacy can be achieved through the use of Location Privacy-Preserving Mechanisms (LPPMs), in where an obfuscated version of the exact user location is reported instead. However, even obfuscated location reports disclose information which poses a risk to privacy. Based on the formal notion of differential privacy, Geo-indistinguishability has been proposed to design LPPMs that limit the amount of information that is disclosed to a potential adversary observing the reports. While promising, this notion considers reports to be independent from each other, thus discarding the potential threat that arises from exploring the correlation between reports. This assumption might hold for the sporadic release of data, however, there is still no formal nor quantitative boundary between sporadic and continuous reports and thus we argue that the consideration of independence is valid depending on the frequency of reports made by the user. This work intends to fill this research gap through a quantitative evaluation of the impact on the privacy level of Geo-indistinguishability under different frequency of reports. Towards this end, state-of-the-art localization attacks and a tracking attack are implemented against a Geo-indistinguishable LPPM under several values of privacy budget and the privacy level is measured along different frequencies of updates using real mobility data.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] J. Krumm, “A survey of computational location privacy,” Personal and Ubiquitous Computing, vol. 13, no. 6, pp. 391–399, 2009.

  • [2] S. Gambs, M.-O. Killijian, and M. N. del Prado Cortez, “Show me how you move and I will tell you who you are,” in Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS, pp. 34–41, ACM, 2010.

  • [3] R. Mendes and J. P. Vilela, “Privacy-Preserving Data Mining: Methods, Metrics, and Applications,” IEEE Access, vol. 5, pp. 10562–10582, 2017.

  • [4] M. Andrés, N. Bordenabe, K. Chatzikokolakis, and C. Palamidessi, “Geo-Indistinguishability: Differential Privacy for Location-Based Systems,” in 20th ACM Conference on Computer and Communications Security, pp. 901–914, ACM, 2013.

  • [5] C. Dwork, “Differential privacy: A survey of results,” in International Conference on Theory and Applications of Models of Computation, pp. 1–19, Springer, 2008.

  • [6] B. Liu, W. Zhou, T. Zhu, L. Gao, and Y. Xiang, “Location Privacy and Its Applications: A Systematic Study,” IEEE Access, vol. 6, pp. 17606–17624, 2018.

  • [7] K. Chatzikokolakis, E. Elsalamouny, and C. Palamidessi, “Efficient utility improvement for location privacy,” Proceedings on Privacy Enhancing Technologies, vol. 2017, no. 4, pp. 308–328, 2017.

  • [8] J. Hsu, M. Gaboardi, A. Haeberlen, S. Khanna, A. Narayan, B. C. Pierce, and A. Roth, “Differential privacy: An economic method for choosing epsilon,” in Computer Security Foundations Symposium (CSF), 2014 IEEE 27th, pp. 398–410, IEEE, 2014.

  • [9] R. Shokri, G. Theodorakopoulos, G. Danezis, J.-P. Hubaux, and J.-Y. Le Boudec, “Quantifying location privacy: the case of sporadic location exposure,” in International Symposium on Privacy Enhancing Technologies Symposium, pp. 57–76, Springer, 2011.

  • [10] R. Shokri, G. Theodorakopoulos, J.-Y. Le Boudec, and J.-P. Hubaux, “Quantifying location privacy,” in 2011 IEEE symposium on security and privacy, pp. 247–262, IEEE, 2011.

  • [11] Y. Xiao and L. Xiong, “Protecting locations with differential privacy under temporal correlations,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1298–1309, ACM, 2015.

  • [12] S. Oya, C. Troncoso, and F. Pérez-González, “Rethinking location privacy for unknown mobility behaviors,” in 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 416–431, June 2019.

  • [13] S. Oya, C. Troncoso, and F. Pérez-González, “Is Geo-Indistinguishability What You Are Looking for?,” in Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, pp. 137–140, ACM, 2017.

  • [14] R. Mendes and J. Vilela, “On the Effect of Update Frequency on Geo-Indistinguishability of Mobility Traces,” in Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pp. 271–276, ACM, 2018.

  • [15] H. Liu, X. Li, H. Li, J. Ma, and X. Ma, “Spatiotemporal correlation-aware dummy-based privacy protection scheme for location-based services,” in INFOCOM 2017-IEEE Conference on Computer Communications, IEEE, pp. 1–9, IEEE, 2017.

  • [16] J. Krumm, “Inference attacks on location tracks,” in International Conference on Pervasive Computing, pp. 127–143, Springer, 2007.

  • [17] R. Shokri, “Privacy games: Optimal user-centric data obfuscation,” Proceedings on Privacy Enhancing Technologies, vol. 2015, no. 2, pp. 299–315, 2015.

  • [18] R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. Le Boudec, “Protecting location privacy: optimal strategy against localization attacks,” in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 617–627, ACM, 2012.

  • [19] S. Oya, C. Troncoso, and F. Pérez-González, “Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms,” in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1959–1972, ACM, 2017.

  • [20] N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi, “Optimal geo-indistinguishable mechanisms for location privacy,” in Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pp. 251–262, ACM, 2014.

  • [21] M. Wernke, P. Skvortsov, F. Dürr, and K. Rothermel, “A classification of location privacy attacks and approaches,” Personal and ubiquitous computing, vol. 18, no. 1, pp. 163–175, 2014.

  • [22] M. Kubicka, A. Cela, H. Mounier, and S.-I. Niculescu, “Comparative Study and Application-Oriented Classification of Vehicular Map-Matching Methods,” IEEE Intelligent Transportation Systems Magazine, vol. 10, no. 2, pp. 150–166, 2018.

  • [23] R. Shokri, G. Theodorakopoulos, and C. Troncoso, “Privacy games along location traces: A game-theoretic framework for optimizing location privacy,” ACM Transactions on Privacy and Security (TOPS), vol. 19, no. 4, p. 11, 2017.

  • [24] T. Murakami, “Expectation-Maximization Tensor Factorization for Practical Location Privacy Attacks,” Proceedings on Privacy Enhancing Technologies, vol. 2017, no. 4, pp. 138–155, 2017.

  • [25] M. Hashemi and H. A. Karimi, “A critical review of real-time map-matching algorithms: Current issues and future directions,” Computers, Environment and Urban Systems, vol. 48, pp. 153–165, 2014.

  • [26] P. Newson and J. Krumm, “Hidden Markov map matching through noise and sparseness,” in Proceedings of the 17th ACM SIGSPATIAL international conference on advances in geographic information systems, pp. 336–343, ACM, 2009.

  • [27] G. R. Jagadeesh and T. Srikanthan, “Online map-matching of noisy and sparse location data with hidden markov and route choice models,” IEEE Transactions on Intelligent Transportation Systems, vol. 18, no. 9, pp. 2423–2434, 2017.

  • [28] E. W. Dijkstra, “A note on two problems in connexion with graphs,” Numerische mathematik, vol. 1, no. 1, pp. 269–271, 1959.

  • [29] M. Piorkowski, N. Sarafijanovic-Djukic, and M. Grossglauser, “A parsimonious model of mobile partitioned networks with clustering,” in 2009 First International Communication Systems and Networks and Workshops, pp. 1–10, IEEE, 2009.

  • [30] L. Moreira-Matias, J. Gama, M. Ferreira, J. Mendes-Moreira, and L. Damas, “Predicting taxi–passenger demand using streaming data,” IEEE Transactions on Intelligent Transportation Systems, vol. 14, no. 3, pp. 1393–1402, 2013.

  • [31] Y. Zheng, L. Zhang, X. Xie, and W.-Y. Ma, “Mining interesting locations and travel sequences from GPS trajectories,” in Proceedings of the 18th international conference on World wide web, pp. 791–800, ACM, 2009.

  • [32] C. Y. Goh, J. Dauwels, N. Mitrovic, M. T. Asif, A. Oran, and P. Jaillet, “Online map-matching based on hidden markov model for real-time traffic sensing applications,” in Intelligent Transportation Systems (ITSC), 2012 15th International IEEE Conference on, pp. 776–781, IEEE, 2012.

  • [33] “Geolife gps trajectories.” https://www.microsoft.com/enus/download/details.aspx?id=52367, 2012. [Online; Accessed: 2019-12-12].

  • [34] M. Piorkowski, N. Sarafijanovic-Djukic, and M. Grossglauser, “CRAWDAD dataset epfl/mobility (v. 2009-02-24).” Downloaded from https://crawdad.org/epfl/mobility/20090224, Feb. 2009. [Online; Accessed: 2019-12-12].

  • [35] “Taxi service trajectory prediction challenge @ ecml pkdd 2015.” http://www.geolink.pt/ecmlpkdd2015-challenge/dataset.html, 2015. [Online; Accessed: 2019-12-12].

  • [36] G. Boeing, “OSMnx: New methods for acquiring, constructing, analyzing, and visualizing complex street networks,” Computers, Environment and Urban Systems, vol. 65, pp. 126–139, 2017.

  • [37] T. Murakami and H. Watanabe, “Localization attacks using matrix and tensor factorization,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 8, pp. 1647–1660, 2016.

  • [38] K. Chatzikokolakis, C. Palamidessi, and M. Stronati, “A predictive differentially-private mechanism for mobility traces,” in International Symposium on Privacy Enhancing Technologies Symposium, pp. 21–41, Springer, 2014.

  • [39] Y.-A. De Montjoye, C. A. Hidalgo, M. Verleysen, and V. D. Blondel, “Unique in the crowd: The privacy bounds of human mobility,” Scientific reports, vol. 3, p. 1376, 2013.

  • [40] C. Song, Z. Qu, N. Blumm, and A.-L. Barabási, “Limits of predictability in human mobility,” Science, vol. 327, no. 5968, pp. 1018–1021, 2010.

  • [41] C. Bettini, X. S. Wang, and S. Jajodia, “Protecting privacy against location-based personal identification,” in Workshop on Secure Data Management, pp. 185–199, Springer, 2005.

  • [42] V. Primault, S. B. Mokhtar, C. Lauradoux, and L. Brunie, “Differentially Private Location Privacy in Practice,” in Third Workshop on Mobile Security Technologies (MoST) 2014, 2014.

  • [43] E. Herder, P. Siehndel, and R. Kawase, “Predicting user locations and trajectories,” in International Conference on User Modeling, Adaptation, and Personalization, pp. 86–97, Springer, 2014.

  • [44] R. Al-Dhubhani and J. M. Cazalas, “An adaptive geoindistinguishability mechanism for continuous lbs queries,” Wireless Networks, pp. 1–19, 2017.

OPEN ACCESS

Journal + Issues

Search