ABSTRACT
In the last years we have witnessed the appearance of a variety of strategies to design optimal location privacy-preserving mechanisms, in terms of maximizing the adversary's expected error with respect to the users' whereabouts. In this work, we take a closer look at the defenses created by these strategies and show that, even though they are indeed optimal in terms of adversary's correctness, not all of them offer the same protection when looking at other dimensions of privacy. To avoid "bad" choices, we argue that the search for optimal mechanisms must be guided by complementary criteria. We provide two example auxiliary metrics that help in this regard: the conditional entropy, that captures an information-theoretic aspect of the problem; and the worst-case quality loss, that ensures that the output of the mechanism always provides a minimum utility to the users. We describe a new mechanism that maximizes the conditional entropy and is optimal in terms of average adversary error, and compare its performance with previously proposed optimal mechanisms using two real datasets. Our empirical results confirm that no mechanism fares well on every privacy criteria simultaneously, making apparent the need for considering multiple privacy dimensions to have a good understanding of the privacy protection a mechanism provides.
Supplemental Material
- Berker Aăır, Kévin Huguenin, Urs Hengartner, and Jean-Pierre Hubaux. 2016. On the Privacy Implications of Location Semantics. Proceedings on Privacy Enhancing Technologies 2016, 4 (2016), 165--183. Google ScholarCross Ref
- Miguel E Andrés, Nicolás E Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2013. Geo-indistinguishability: Differential privacy for location-based systems. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 901--914.Google ScholarDigital Library
- Alastair R. Beresford and Frank Stajano. 2003. Location Privacy in Pervasive Computing. IEEE Pervasive Computing 2, 1 (2003), 46--55. Google ScholarDigital Library
- Igor Bilogrevic, Kévin Huguenin, Stefan Mihaila, Reza Shokri, and Jean-Pierre Hubaux. 2015. Predicting users' motivations behind location check-ins and utility implications of privacy protection mechanisms. In 22nd Network and Distributed System Security Symposium (NDSS). Google ScholarCross Ref
- Nicolás E Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2014. Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 251--262.Google ScholarDigital Library
- Konstantinos Chatzikokolakis, Ehab Elsalamouny, and Catuscia Palamidessi. 2016. Practical Mechanisms for Location Privacy. (2016).Google Scholar
- Konstantinos Chatzikokolakis, Catuscia Palamidessi, and Marco Stronati. 2015. Constructing elastic distinguishability metrics for location privacy. Proceedings on Privacy Enhancing Technologies 2015, 2 (2015), 156--170. Google ScholarCross Ref
- Thomas M Cover and Joy A Thomas. 2012. Elements of information theory. John Wiley & Sons.Google Scholar
- Cynthia Dwork. 2006. Differential Privacy. In Automata, Languages and Pro- gramming, 33rd International Colloquium, ICALP 2006 (Lecture Notes in Computer Science), Michele Bugliesi, Bart Preneel, Vladimiro Sassone, and Ingo Wegener (Eds.), Vol. 4052. Springer, 1--12. Google ScholarDigital Library
- Cynthia Dwork. 2008. Differential privacy: A survey of results. In International Conference on Theory and Applications of Models of Computation. Springer, 1--19. Google ScholarCross Ref
- Kassem Fawaz, Huan Feng, and Kang G. Shin. 2015. Anatomization and Protection of Mobile Apps' Location Privacy Threats. In 24th USENIX Security Symposium, Jaeyeon Jung and Thorsten Holz (Eds.). USENIX Association, 753--768.Google Scholar
- Kassem Fawaz and Kang G. Shin. 2014. Location Privacy Protection for Smart-phone Users. In ACM SIGSAC Conference on Computer and Communications Security, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM, 239--250.Google Scholar
- Julien Freudiger, Reza Shokri, and Jean-Pierre Hubaux. 2012. Evaluating the privacy risk of location-based services. In Financial Cryptography and Data Security. Springer, 31--46. Google ScholarDigital Library
- Sébastien Gambs, Marc-Olivier Killijian, and Miguel Núñez del Prado Cortez. 2011. Show Me How You Move and I Will Tell You Who You Are. Transactions on Data Privacy 4, 2 (2011), 103--126.Google ScholarDigital Library
- Bugra Gedik and Ling Liu. 2005. Location Privacy in Mobile Systems: A Per- sonalized Anonymization Model. In 25th International Conference on Distributed Computing Systems (ICDCS. IEEE Computer Society, 620--629.Google Scholar
- Philippe Golle and Kurt Partridge. 2009. On the Anonymity of Home/Work Loca- tion Pairs. In International Conference on Pervasive Computing (LNCS), Hideyuki Tokuda, Michael Beigl, Adrian Friday, A. J. Bernheim Brush, and Yoshito Tobe (Eds.), Vol. 5538. Springer, 390--397. Google ScholarDigital Library
- Marco Gruteser and Dirk Grunwald. 2003. Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In International conference on Mobile systems, applications and services. ACM, 31--42. Google ScholarDigital Library
- B. Hoh and M. Gruteser. 2005. Protecting Location Privacy Through Path Confusion. In International Conference on Security and Privacy for Emerging Areas in Communications Networks. 194--205. https://doi.org/10.1109/SECURECOMM. 2005.33Google Scholar
- H. Kido, Y. Yanagisawa, and T. Satoh. 2005. An anonymous communication technique using dummies for location-based services. In Pervasive Services, 2005. ICPS '05. Proceedings. International Conference on. 88--97. Google ScholarCross Ref
- John Krumm. 2007. Inference Attacks on Location Tracks. In 5th International Conference on Pervasive Computing (LNCS), Anthony LaMarca, Marc Langhein-rich, and Khai N. Truong (Eds.), Vol. 4480. Springer, 127--143. Google ScholarCross Ref
- Hua Lu, Christian S. Jensen, and Man Lung Yiu. 2008. PAD: privacy-area aware, dummy-based location privacy in mobile services. In ACM International Workshop on Data Engineering for Wireless and Mobile Access. ACM, 16--23. https://doi.org/ 10.1145/1626536.1626540 Google ScholarDigital Library
- Changsha Ma and Chang Wen Chen. 2014. Nearby Friend Discovery with Geo- indistinguishability to Stalkers. Procedia Computer Science 34 (2014), 352--359. Google ScholarCross Ref
- Joseph T. Meyerowitz and Romit Roy Choudhury. 2009. Hiding stars with fire-works: location privacy through camouflage. In 15th Annual International Confer- ence on Mobile Computing and Networking (MOBICOM) , Kang G. Shin, Yongguang Zhang, Rajive Bagrodia, and Ramesh Govindan (Eds.). ACM, 345--356.Google Scholar
- Reza Shokri. 2015. Privacy Games: Optimal User-Centric Data Obfuscation. PoPETs 2015, 2 (2015), 299--315. Google ScholarCross Ref
- Reza Shokri, Julien Freudiger, Murtuza Jadliwala, and Jean-Pierre Hubaux. 2009. A distortion-based metric for location privacy. In ACM Workshop on Privacy in the Electronic Society, WPES, Ehab Al-Shaer and Stefano Paraboschi (Eds.). ACM, 21--30. Google ScholarDigital Library
- Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011. Quantifying location privacy. In Security and privacy (sp), 2011 ieee symposium on. IEEE, 247--262. Google ScholarDigital Library
- Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2012. Protecting location privacy: optimal strategy against localization attacks. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 617--627. Google ScholarDigital Library
- Yu Wang, Dingbang Xu, Xiao He, Chao Zhang, Fan Li, and Bin Xu. 2012. L2P2: Location-aware location privacy protection for location-based services. In INFO-COM, 2012 Proceedings IEEE. 1996--2004. https://doi.org/10.1109/INFCOM.2012. 6195577Google ScholarCross Ref
- Tun-Hao You, Wen-Chih Peng, and Wang-Chien Lee. 2007. Protecting Moving Trajectories with Dummies. In International Conference on Mobile Data Management. 278--282. Google ScholarDigital Library
- Yu Zheng, Lizhu Zhang, Xing Xie, and Wei-Ying Ma. 2009. Mining Interesting Locations and Travel Sequences from GPS Trajectories. In Proceedings of the 18th International Conference on World Wide Web. ACM, 10 Google ScholarDigital Library
Index Terms
- Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving Mechanisms
Recommendations
Anonymous Mutual Authentication Protocol for RFID Tag Without Back-End Database
Mobile Ad-Hoc and Sensor NetworksAbstractRFID, as an emerging technology, has very huge potential in today’s social and business developments. Security and Privacy are one of the important issues in the design of practical RFID protocols. In this paper, we focus on RFID authentication ...
Privacy Games Along Location Traces: A Game-Theoretic Framework for Optimizing Location Privacy
The mainstream approach to protecting the privacy of mobile users in location-based services (LBSs) is to alter (e.g., perturb, hide, and so on) the users’ actual locations in order to reduce exposed sensitive information. In order to be effective, a ...
A differentially private algorithm for location data release
The rise of mobile technologies in recent years has led to large volumes of location information, which are valuable resources for knowledge discovery such as travel patterns mining and traffic analysis. However, location dataset has been confronted ...
Comments