Long Beach, CA, USA
Mar. 1, 2010 to Mar. 6, 2010
Richard Hull , IBM T.J. Watson Research Center, Hawthorne, NY 10532 USA
Avinash Vyas , Bell Labs Research, Alcatel-Lucent, Murray Hill, NJ 07974 USA
Alin Deutsch , Department of Computer Science and Engineering, UCSD, La Jolla, CA 92093 USA
Sender anonymity in location-based services (LBS) attempts to hide the identity of a mobile device user who sends requests to the LBS provider for services in her proximity (e.g. “find the nearest gas station” etc.). The goal is to keep the requester's interests private even from attackers who (via hacking or subpoenas) gain access to the request and to the locations of the mobile user and other nearby users at the time of the request. In an LBS context, the best-studied privacy guarantee is known as sender k-anonymity. We show that state-of-the art solutions for sender k-anonymity defend only against naive attackers who have no knowledge of the anonymization policy that is in use. We strengthen the privacy guarantee to defend against more realistic “policy-aware” attackers. We describe a polynomial algorithm to obtain an optimum anonymization policy. Our implementation and experiments show that the policy-aware sender k-anonymity has potential for practical impact, being efficiently enforceable, with limited reduction in utility when compared to policy-unaware guarantees.
Richard Hull, Avinash Vyas, Alin Deutsch, "Policy-aware sender anonymity in location based services", ICDE, 2010, 2013 IEEE 29th International Conference on Data Engineering (ICDE), 2013 IEEE 29th International Conference on Data Engineering (ICDE) 2010, pp. 133-144, doi:10.1109/ICDE.2010.5447823