research-article

Geo-indistinguishability: differential privacy for location-based systems

Authors:

Miguel E. Andrés,

Nicolás E. Bordenabe,

Konstantinos Chatzikokolakis,

Catuscia PalamidessiAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 901 - 914

https://doi.org/10.1145/2508859.2516735

Published: 04 November 2013 Publication History

Abstract

The growing popularity of location-based systems, allowing unknown/untrusted servers to easily collect huge amounts of information regarding users' location, has recently started raising serious privacy concerns. In this paper we introduce geoind, a formal notion of privacy for location-based systems that protects the user's exact location, while allowing approximate information -- typically needed to obtain a certain desired service -- to be released.

This privacy definition formalizes the intuitive notion of protecting the user's location within a radius $r$ with a level of privacy that depends on r, and corresponds to a generalized version of the well-known concept of differential privacy. Furthermore, we present a mechanism for achieving geoind by adding controlled random noise to the user's location.

We describe how to use our mechanism to enhance LBS applications with geo-indistinguishability guarantees without compromising the quality of the application results. Finally, we compare state-of-the-art mechanisms from the literature with ours. It turns out that, among all mechanisms independent of the prior, our mechanism offers the best privacy guarantees.

References

[1]

Pew Internet & American Life Project.http://pewinternet.org/Reports/2012/Location-based-services.aspx.

[2]

Google Places API. https://developers.google. com/places/documentation/.

[3]

Vodafone Mobile data usage Stats. http://www.vodafone.ie/internet-broadband/internet-on-your-mobile/usage/.

[4]

M. Andrés, N. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. Geo-indistinguishability: Differential privacy for location-based systems. Technical report, 2012. http://arxiv.org/abs/1212.1984.

[5]

C. A. Ardagna, M. Cremonini, E. Damiani, S. D. C. di Vimercati, and P. Samarati. Location privacy protection through obfuscation-based techniques. In Proc. of DAS, volume 4602 of LNCS, pages 47--60. Springer, 2007.

Digital Library

[6]

B. Bamba, L. Liu, P. Pesti, and T. Wang. Supporting anonymous location queries in mobile environments with privacygrid. In Proc. of WWW, pages 237--246. ACM, 2008.

Digital Library

[7]

A. Blum, K. Ligett, and A. Roth. A learning theory approach to non-interactive database privacy. In Proc. of STOC, pages 609--618. ACM, 2008.

Digital Library

[8]

K. Chatzikokolakis, E. Andrés, Miguel, E. Bordenabe, Nicolás, and C. Palamidessi. Broadening the scope of Differential Privacy using metrics. In Proc. of PETS, volume 7981 of LNCS, pages 82--102. Springer, 2013.

[9]

Z. Chen. Energy-efficient Information Collection and Dissemination in Wireless Sensor Networks. PhD thesis, University of Michigan, 2009.

Digital Library

[10]

R. Cheng, Y. Zhang, E. Bertino, and S. Prabhakar. Preserving user location privacy in mobile data management infrastructures. In Proc. of PET, volume 4258 of LNCS, pages 393--412. Springer, 2006.

Digital Library

[11]

R. Dewri. Local differential perturbations: Location privacy under approximate knowledge attackers. IEEE Trans. on Mobile Computing, 99(PrePrints):1, 2012.

Digital Library

[12]

J. E. Dobson and P. F. Fisher. Geoslavery. Technology and Society Magazine, IEEE, 22(1):47--52, 2003.

[13]

M. Duckham and L. Kulik. A formal model of obfuscation and negotiation for location privacy. In Proc. of PERVASIVE, volume 3468 of LNCS, pages 152--170. Springer, 2005.

Digital Library

[14]

C. Dwork. Differential privacy. In Proc. of ICALP, volume 4052 of LNCS, pages 1--12. Springer, 2006.

Digital Library

[15]

C. Dwork. A firm foundation for private data analysis. Communications of the ACM, 54(1):86--96, 2011.

Digital Library

[16]

C. Dwork, M. Hardt, T. Pitassi, O. Reingold, and R. S. Zemel. Fairness through awareness. In Proc. of ITCS, pages 214--226. ACM, 2012.

Digital Library

[17]

C. Dwork, F. Mcsherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Proc. of TCC, volume 3876 of LNCS, pages 265--284. Springer, 2006.

Digital Library

[18]

I. Gazeau, D. Miller, and C. Palamidessi. Preserving differential privacy under finite-precision semantics. In Proc. of QAPL, volume 117 of EPTCS, pages 1--18. OPA, 2013.

[19]

B. Gedik and L. Liu. Location privacy in mobile systems: A personalized anonymization model. In Proc. of ICDCS, pages 620--629. IEEE, 2005.

Digital Library

[20]

G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan. Private queries in location based services: anonymizers are not necessary. In Proc. of SIGMOD, pages 121--132. ACM, 2008.

Digital Library

[21]

M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In Proc. of MobiSys. USENIX, 2003.

Digital Library

[22]

S.-S. Ho and S. Ruan. Differential privacy for location pattern mining. In Proc. of SPRINGL, pages 17--24. ACM, 2011.

Digital Library

[23]

B. Hoh and M. Gruteser. Protecting location privacy through path confusion. In Proc. of SecureComm, pages 194--205. IEEE, 2005.

Digital Library

[24]

A. Khoshgozaran and C. Shahabi. Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy. In Proc. of SSTD, volume 4605 of LNCS, pages 239--257. Springer, 2007.

Digital Library

[25]

H. Kido, Y. Yanagisawa, and T. Satoh. Protection of location privacy using dummies for location-based services. In Proc. of ICDE Workshops, page 1248, 2005.

Digital Library

[26]

J. Krumm. A survey of computational location privacy. Personal and Ubiquitous Computing, 13(6):391--399, 2009.

Digital Library

[27]

K. Lange and J. S. Sinsheimer. Normal/independent distributions and their applications in robust regression. J. of Comp. and Graphical Statistics, 2(2):175--198, 1993.

[28]

A. Machanavajjhala, D. Kifer, J. M. Abowd, J. Gehrke, and L. Vilhuber. Privacy: Theory meets practice on the map. In Proc. of ICDE, pages 277--286. IEEE, 2008.

Digital Library

[29]

I. Mironov. On significance of the least significant bits for differential privacy. In Proc. of CCS, pages 650--661. ACM, 2012.

Digital Library

[30]

M. F. Mokbel, C.-Y. Chow, and W. G. Aref. The new casper: Query processing for location services without compromising privacy. In Proc. of VLDB, pages 763--774. ACM, 2006.

Digital Library

[31]

J. Reed and B. C. Pierce. Distance makes the types grow stronger: a calculus for differential privacy. In Proc. of ICFP, pages 157--168. ACM, 2010.

Digital Library

[32]

A. Roth and T. Roughgarden. Interactive privacy via the median mechanism. In Proc. of STOC, pages 765--774, 2010.

Digital Library

[33]

P. Shankar, V. Ganapathy, and L. Iftode. Privately querying location-based services with sybilquery. In Proc. of UbiComp, pages 31--40. ACM, 2009.

Digital Library

[34]

K. G. Shin, X. Ju, Z. Chen, and X. Hu. Privacy protection for users of location-based services. IEEE Wireless Commun, 19(2):30--39, 2012.

[35]

R. Shokri, G. Theodorakopoulos, J.-Y. L. Boudec, and J.-P. Hubaux. Quantifying location privacy. In Proc. of S&P, pages 247--262. IEEE, 2011.

Digital Library

[36]

R. Shokri, G. Theodorakopoulos, C. Troncoso, J.-P. Hubaux, and J.-Y. L. Boudec. Protecting location privacy: optimal strategy against localization attacks. In Proc. of CCS, pages 617--627. ACM, 2012.

Digital Library

[37]

M. Terrovitis. Privacy preservation in the dissemination of location data. SIGKDD Explorations, 13(1):6--18, 2011.

Digital Library

[38]

M. Xue, P. Kalnis, and H. Pung. Location diversity: Enhanced privacy protection in location based services. In Proc. of LoCA, volume 5561 of LNCS, pages 70--87. Springer, 2009.

Digital Library

[39]

M. L. Yiu, C. S. Jensen, X. Huang, and H. Lu. Spacetwist: Managing the trade-offs among location privacy, query performance, and query accuracy in mobile services. In Proc. of ICDE, pages 366--375. IEEE, 2008.

Digital Library

Cited By

Yao ZTan LYi JFu LZhang ZTan XXie JShe KYang PWu WYe DYu Z(2024)Sensitive Data Privacy Protection of Carrier in Intelligent Logistics SystemSymmetry10.3390/sym1601006816:1(68)Online publication date: 4-Jan-2024
https://doi.org/10.3390/sym16010068
Kim J(2024)Effective Route Recommendation Leveraging Differentially Private Location DataMathematics10.3390/math1219297712:19(2977)Online publication date: 25-Sep-2024
https://doi.org/10.3390/math12192977
Kim J(2024)Improving Data Utility in Privacy-Preserving Location Data Collection via Adaptive Grid PartitioningElectronics10.3390/electronics1315307313:15(3073)Online publication date: 3-Aug-2024
https://doi.org/10.3390/electronics13153073
Show More Cited By

Index Terms

Geo-indistinguishability: differential privacy for location-based systems
1. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Network security
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Recommendations

Protecting Locations with Differential Privacy under Temporal Correlations
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Concerns on location privacy frequently arise with the rapid development of GPS enabled devices and location-based applications. While spatial transformation techniques such as location perturbation or generalization have been studied extensively, most ...
Velocity-Aware Geo-Indistinguishability
CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

Location Privacy-Preserving Mechanisms (LPPMs) have been proposed to mitigate the risks of privacy disclosure yielded from location sharing. However, due to the nature of this type of data, spatio-temporal correlations can be leveraged by an adversary to ...
A Geo-indistinguishable Location Privacy Preservation Scheme for Location-Based Services in Vehicular Networks
Algorithms and Architectures for Parallel Processing
Abstract
In vehicular networks, the location-based services (LBSs) are very popular and essential for most vehicular applications. However, large number of location information sharing may raise location privacy leakage of in-vehicle users. Since the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

743
Total Citations
View Citations
5,262
Total Downloads

Downloads (Last 12 months)497
Downloads (Last 6 weeks)39

Reflects downloads up to 06 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yao ZTan LYi JFu LZhang ZTan XXie JShe KYang PWu WYe DYu Z(2024)Sensitive Data Privacy Protection of Carrier in Intelligent Logistics SystemSymmetry10.3390/sym1601006816:1(68)Online publication date: 4-Jan-2024
https://doi.org/10.3390/sym16010068
Kim J(2024)Effective Route Recommendation Leveraging Differentially Private Location DataMathematics10.3390/math1219297712:19(2977)Online publication date: 25-Sep-2024
https://doi.org/10.3390/math12192977
Kim J(2024)Improving Data Utility in Privacy-Preserving Location Data Collection via Adaptive Grid PartitioningElectronics10.3390/electronics1315307313:15(3073)Online publication date: 3-Aug-2024
https://doi.org/10.3390/electronics13153073
Mao LXu Z(2024)Differential Privacy Preservation for Continuous Release of Real-Time Location DataEntropy10.3390/e2602013826:2(138)Online publication date: 3-Feb-2024
https://doi.org/10.3390/e26020138
He LLiu JDu P(2024)A strategy to balance location privacy and positioning accuracyPLOS ONE10.1371/journal.pone.030444619:5(e0304446)Online publication date: 30-May-2024
https://doi.org/10.1371/journal.pone.0304446
Wiedemann NJanowicz KRaubal MKounadi O(2024)Where you go is who you are: a study on machine learning based semantic privacy attacksJournal of Big Data10.1186/s40537-024-00888-811:1Online publication date: 12-Mar-2024
https://doi.org/10.1186/s40537-024-00888-8
Hong YLi JLin YHu QLi X(2024)Trajectory-aware privacy-preserving method with local differential privacy in crowdsourcingEURASIP Journal on Information Security10.1186/s13635-024-00177-02024:1Online publication date: 2-Sep-2024
https://doi.org/10.1186/s13635-024-00177-0
Lin Y(2024)Moving beyond anonymity: Embracing a collective approach to location privacy in data-intensive geospatial analyticsEnvironment and Planning F10.1177/263498252312240293:1-2(45-63)Online publication date: 26-Jan-2024
https://doi.org/10.1177/26349825231224029
Mokbel MSakr MXiong LZüfle AAlmeida JAnderson TAref WAndrienko GAndrienko NCao YChawla SCheng RChrysanthis PFei XGhinita GGraser AGunopulos DJensen CKim JKim KKröger PKrumm JLauer JMagdy ANascimento MRavada SRenz MSacharidis DSalim FSarwat MSchoemans MShahabi CSpeckmann BTanin ETeng XTheodoridis YTorp KTrajcevski Gvan Kreveld MWenk CWerner MWong RWu SXu JYoussef MZeinalipour DZhang MZimányi E(2024)Mobility Data Science: Perspectives and ChallengesACM Transactions on Spatial Algorithms and Systems10.1145/365215810:2(1-35)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3652158
Zhao YDu JChen J(2024)Scenario-based Adaptations of Differential Privacy: A Technical SurveyACM Computing Surveys10.1145/365115356:8(1-39)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3651153
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents