Modeling privacy approaches for location based services
Introduction
With the wide availability of location-aware devices and advancement of positioning technologies like Global Positioning Systems (GPS) to determine exact locations of users and objects of interest, a new class of applications called locationbased services (LBS) have become highly popular. These applications can vary from utility applications like finding points of interest, friends currently present in ones vicinity to serious applications like sending alarm messages during emergency etc. One of the main concern in using these services, is that they require revealing ones location which may allow an adversary to infer sensitive information about the user. To address the privacy concerns of LBS, a number of approaches have been proposed, popular among them are those approaches that implement the concept of k-anonymity. In this approach, the key idea is to find a set of k users confined in a given geographical area such that they are indistinguishable from one another, thus protecting the identity of the user.
Central to the idea of k-anonymity in LBS is a trusted third party (TTP) which is delegated with the task of anonymization. When a LBS query arrives at the TTP, it finds other users in the vicinity of the user and sends the obfuscation area to the LBS server. This is known as cloaking or position obfuscation. The different LBS privacy approaches using k-anonymity basically differ in the way how the other users are selected. These approaches make an unrealistic, implicit assumption that the other users are readily available. However, in practice queries for anonymization will arrive at unpredictable times and when they arrive other users may not be available. For example in Clique–Cloak [1] approach, whenever a query arrives it is checked if the location point of the user forms a clique with other users. In such a case, the first users will always have to wait. Thus the natural question that arise is how long a LBS query may have to wait before it can be served, for how long will the TTP be busy in computation and so on. The existing k-anonymity approaches consider different performance parameters like success rate, amount of privacy level achieved, etc. but do not consider parameters like average response time of a query which is very important as the queries are fired in real time and users want fast response.
Although the idea of k-anonymity has been well established [1], [2] and effectively deployed to solve the upcoming challenges of location privacy [3], [4], no mathematical model are available to evaluate them. The contribution of our work can be summarized as follows:
- (i)
Modeling of k-anonymity privacy approaches: Our first aim is to develop a mathematical framework that can be used to evaluate k-anonymity privacy approaches in terms of request-to-response time of a query, the number of queries present in the TTP, length of a busy period and length of an idle period. Next we adapt this framework to model specific privacy approaches available in literature.
- (ii)
Experimental validation of the model: The second goal of our work is to experimentally compute the performance parameters estimated using our mathematical model and compare the results.
- (iii)
Comparative analysis: The last objective is to compare the various k-anonymity approaches available in literature based on our proposed model. The result of our analysis show that the bottom-up privacy approach clearly outperforms the top-down approach. Bulk processing privacy approaches have the nice proper of generating cloaking area with high spatial resolutions, however, they have higher turnaround time and low anonymization probability rate.
In this work, we use the concept of single service systems and bulk service systems of Queueing theory to model the k-anonymity LBS privacy approaches that uses a TTP. In order to demonstrate our approach, we apply the concept to some well-known k-anonymity LBS privacy approaches [1], [5], [6], [7]. Results show that our mathematical model as compared to experimental results has a high accuracy with an error percentage of about 2.5%.
The remainder of our work is organized as follows. Section 2 reviews state-of-the-art in location services, privacy threats and defense mechanisms. The background of our work is presented in Section 3. In Section 4, we describe how queuing theory can be used to model the k-anonymity privacy approaches. The proposed queuing model is given in Section 5. Experimental results are given in Section 6 and finally the concluding remarks are given in Section 7.
Section snippets
Prior art
Location based services make use of a user’s location information to provide personalized information service to the user. There are many application scenarios of LBS like navigation services, emergency services etc. that have enjoyed great commercial success. However, many users fear that the location information may be misused to intrude into their privacy, like determine their political inclination, health problems, friends and acquaintances, etc. The techniques proposed to preserve the
Location based services
LBSs [25] are information services that exploit a mobile user’s current location to provide value added information. The basic components of a LBS system are mobile devices, LBS server or service provider and the content provider as shown in Fig. 1. This model matches most approaches described in literature. The mobile devices are tools used by users to access LBS services, to send requests and retrieve results. The user sends the location-based query to the LBS server through a communication
Modeling LBS privacy approaches using queueing system
In this work, we model LBS privacy approaches using Queueing theory, so as to analyze the algorithm of these approaches and compare their performance by evaluating various performance metrics. The generic LBS service model shown in Fig. 1 can be represented by a more specific system model shown in Fig. 2. In the system model, the TTP is replaced by a queueing system. In the proposed system model, LBS requests issued by mobile users arrive into the queueing system according to a Poisson process
Queueing model for existing k-anonymity privacy approaches
All existing TTP-based privacy approaches in location based services can be model using M/G/1 queueing system where the distribution of service time G will be exponential or Markovian M in case of single processing system and bulk Markovian Mk in case of bulk processing approaches. All single processing approaches can be modeled using M/M/1 model. These are the generic model for their category with different value of μ for different approaches. For illustration we model one approach from each
Experimental results
In this section, we evaluate the privacy approaches that we have modeled in terms of the queuing theory performance metrics : request-to-response time (or turn around time) and queue length. These metrics are computed analytically using our derived equations. Further we validate our theoretical findings with experimental results. The experiment considers a total of 5000 users uniformly distributed over an area of 8 × 8 m2. To account for user mobility, we used the Minnesota Traffic Generator
Conclusion and future work
In this work, we proposed a queueing theory based model to analyze the performance of privacy approaches used in location based services. We used the model to analyze some well-known k-anonymity based privacy approaches. The basic task involved in measuring the characteristics of these privacy approaches involves modeling the processing time or service rate. We show that the single query processing approaches - top-down and bottom-up privacy, can be modeled using the standard M/M/1 queueing
Pratima Biswas is a research scholar in the department of Computer Science and Engineering, IIT Patna. She is a recipient of the Rajiv Gandhi national fellowship. Her area of interest is computer security in general and privacy issues in computer applications in particular.
References (33)
- et al.
Protecting location privacy with personalized k-anonymity: architecture and algorithms
IEEE Trans. Mob. Comput.
(2008) - et al.
Location privacy in mobile systems: a personalized anonymization model
Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDCS)
(2005) - et al.
A Voronoi-based location privacy-preserving method for continuous query in LBS
Int. J. Distrib. Sens. Taylor & Francis, Inc. Netw.
(2015) - et al.
A k-anonymity based schema for location privacy preservation
IEEE Trans. Sustain. Comput.
(2017) - et al.
Anonymous usage of location based services through spatial and temporal cloaking
Proceedings of the 1st International Conference on Mobile Systems, Applications and Services (MobiSys)
(2003) - et al.
The new casper: query processing for location services without compromising privacy
Proceedings of the 32nd International Conference on Very Large Databases (VLDB)
(2006) - et al.
Protecting location privacy against location-dependent attacks in mobile services
IEEE Trans. Knowl. Data Eng.
(2008) Location privacy-an overview
2008 7th International Conference on Mobile Business
(2008)- et al.
Location privacy protection through obfuscation-based techniques
- et al.
A classification of location privacy attacks and approaches
Pers. Ubiquitous Comput.
(2014)
A survey of the current trends of privacy techniques employed in protecting the location privacy of users in LBSS
2nd International Conference on Anti-Cyber Crimes (ICACC)
Processing private queries over untrusted data cloud through privacy homomorphism
2011 IEEE 27th International Conference on Data Engineering
Secure kNN queries over encrypted data: dimensionality is not always a curse
2017 IEEE 33rd International Conference on Data Engineering (ICDE)
On the optimal placement of mix zones
Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
Pseudonym changing strategy with multiple mix zones for trajectory privacy protection in road networks
Int. J. Commun. Syst. E3437 IJCS-16-0802.R2
Protecting privacy, in continuous location-tracking applications
IEEE Secur. Privacy
Cited by (6)
A evaluation model of relative influence among landmarks considering distance constraint
2021, Cehui Xuebao/Acta Geodaetica et Cartographica SinicaFog-assisted privacy preservation scheme for location-based services based on trust relationship
2020, International Journal of Grid and High Performance ComputingA Traffic Density Estimation Model Based on Crowdsourcing Privacy Protection
2020, ACM Transactions on Intelligent Systems and TechnologyComparison of Location Privacy Protection Schemes in VANETs
2019, Proceedings - 2019 12th International Symposium on Computational Intelligence and Design, ISCID 2019Subspace k-anonymity algorithm for location-privacy preservation based on locality-sensitive hashing
2019, Intelligent Data Analysis
Pratima Biswas is a research scholar in the department of Computer Science and Engineering, IIT Patna. She is a recipient of the Rajiv Gandhi national fellowship. Her area of interest is computer security in general and privacy issues in computer applications in particular.
Dr. Ashok Singh Sairam obtained his Ph.D. degree from Indian Institute Technology Guwahati, India in 2009. Currently he is working as an Associate Professor in the department of Mathematics at Indian Institute of Technology Guwahati, India. His research interests are in the area of computer networks and network security. He has worked on research projects and consultancy in the area of Internet of Things, Denial of Service (DoS) attacks and measurement of available bandwidth. He is a IEEE senior member. He has published more than 40 research papers in international journals and conferences.