The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January (2008 vol.7)
pp: 1-18
ABSTRACT
Continued advances in mobile networks and positioning technologies have created a strong market push for location-based applications. Examples include location-aware emergency response, location-based advertisement, and location-based entertainment. An important challenge in wide deployment of location-based services (LBSs) is the privacy-aware management of location information, providing safeguards for location privacy of mobile clients against vulnerabilities for abuse. This paper describes a scalable architecture for protecting location privacy from various privacy threats resulting from uncontrolled usage of LBSs. This architecture includes the development of a personalized location anonymization model and a suite of location perturbation algorithms. A unique characteristic of our location privacy architecture is the use of a flexible privacy personalization framework to support location k-anonymity for a wide range of mobile clients with context-sensitive privacy requirements. This framework enables each mobile client to specify the minimum level of anonymity it desires and the maximum temporal and spatial tolerances it is willing to accept when requesting for k-anonymity preserving LBSs. We devise an efficient message perturbation engine to implement the proposed location privacy framework. The prototype we develop is designed to be run by the anonymity server on a trusted platform and performs location anonymization on LBS request messages of mobile clients, such as identity removal and spatio-temporal cloaking of location information. We study the effectiveness of our location cloaking algorithms under various conditions using realistic location data that is synthetically generated from real road maps and traffic volume data. Our experiments show that the personalized location k-anonymity model together with our location perturbation engine can achieve high resilience to location privacy threats without introducing any significant performance penalty.
INDEX TERMS
k-anonymity, Location Privacy, Location-based Applications, Mobile Computing Systems
CITATION
Buğra Gedik, Ling Liu, "Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms", IEEE Transactions on Mobile Computing, vol.7, no. 1, pp. 1-18, January 2008, doi:10.1109/TMC.2007.1062
REFERENCES
[1] G. Orwell, 1984. Everyman's Library, Nov. 1992.
[2] D.W. Gage, Lifelog, http://www.darpa.mil/ipto/Programs lifelog /, Jan. 2004.
[3] Computer Science and Telecommunications Board, IT Roadmap to a Geospatial Future. Nat'l Academics Press, Nov. 2003.
[4] NextBus Inc., http:/www.nextbus.com/, Jan. 2004.
[5] G. Abowd, C. Atkeson, J. Hong, S. Long, R. Kooper, and M. Pinkerton, “CyberGuide: A Mobile Context-Aware Tour Guide,” ACM Wireless Networks, vol. 3, no. 5, pp. 421-433, 1997.
[6] J. Reed, K. Krizman, B. Woerner, and T. Rappaport, “Challenges and Progress in Meeting the E-911 Requirement for Location Service,” IEEE Personal Comm. Magazine, vol. 5, no. 3, pp. 30-37, 1998.
[7] R. Want, A. Hopper, V. Falcao, and J. Gibbons, “The Active Badge Location System,” ACM Trans. Information Systems, vol. 10, no. 1, pp. 91-102, 1992.
[8] M. Gruteser and D. Grunwald, “Anonymous Usage of Location-Based Services through Spatial and Temporal Cloaking,” Proc. ACM Int'l Conf. Mobile Systems, Applications, and Services (MobiSys'03), 2003.
[9] S. Duri, M. Gruteser, X. Liu, P. Moskowitz, R. Perez, M. Singh, and J.-M. Tang, “Framework for Security and Privacy in Automotive Telematics,” Proc. Int'l Workshop Mobile Commerce, 2002.
[10] P. Samarati and L. Sweeney, “Protecting Privacy when Disclosing Information: k-Anonymity and Its Enforcement through Generalization and Suppression,” Proc. IEEE Symp. Research in Security and Privacy, 1998.
[11] P. Samarati, “Protecting Respondent's Privacy in Microdata Release,” IEEE Trans. Knowledge and Data Eng., vol. 13, no. 6, pp.1010-1027, 2001.
[12] L. Sweeney, “k-Anonymity: A Model for Protecting Privacy,” Int'l J. Uncertainty, Fuzziness, and Knowledge-Based Systems, vol. 10, no. 5, pp. 557-570, 2002.
[13] B. Gedik and L. Liu, “A Customizable k-Anonymity Model for Protecting Location Privacy,” Proc. IEEE Int'l Conf. Distributed Computing Systems (ICDCS '05), pp. 620-629, 2005.
[14] M. Reiter and A.D. Rubin, “Crowds: Anonymity for Web Transactions,” ACM Trans. Information and System Security, vol. 1, no. 1, pp. 66-92, 1998.
[15] D. Goldschlag, M. Reed, and P. Syverson, “Onion Routing for Anonymous and Private Internet Connections,” Comm. ACM, vol. 42, no. 2, pp. 9-41, 1999.
[16] R. Cheng, D.V. Kalashnikov, and S. Prabhakar, “Evaluating Probabilistic Queries over Imprecise Data,” Proc. ACM Int'l Conf. Management of Data (Sigmod '03), pp. 551-562, 2003.
[17] N. Beckmann, H.-P. Kriegel, R. Schneider, and B. Seeger, “${\rm R}^{\ast}\hbox{-}\rm Tree$ : An Efficient and Robust Access Method for Points and Rectangles,” Proc. ACM Int'l Conf. Management of Data (Sigmod '90), pp.322-331, 1990.
[18] A. Meyerson and R. Williams, “On the Complexity of Optimal k-Anonymity,” Proc. ACM Symp. Principles of Database Systems (PODS '04), pp. 223-228, 2004.
[19] G. Aggarwal, T. Feder, K. Kenthapadi, R. Motwani, R. Panigrahy, D. Thomas, and A. Zhu, “Anonymizing Tables,” Proc. Int'l Conf. Database Theory (ICDT '05), pp. 246-258, 2005.
[20] US Department of the Interior, US Geological Survey Web Page, http:/www.usgs.gov/, Nov. 2003.
[21] Mid-Continent Mapping Center, Spatial Data Transfer Format, http://mcmcweb.er.usgs.govsdts/, Nov. 2003.
[22] SVG Working Group, Scalable Vector Graphics Format, http://www.w3.org/GraphicsSVG/, Nov. 2003.
[23] Global Mapper Software LLC, Global Mapper Web Page, http:/www.globalmapper.com/, Nov. 2003.
[24] A. Sahuguet, R. Hull, D.F. Lieuwen, and M. Xiong, “Enter Once, Share Everywhere: User Profile Management in Converged Networks,” Proc. Biennial Conf. Innovative Data Systems Research (CIDR '03), 2003.
[25] A.D. Friedman and L.J. Hoffman, “Towards a Fail-Safe Approach to Secure Databases,” Proc. IEEE Symp. Security and Privacy, 1980.
[26] D. Dobkin, A.K. Jones, and R.J. Lipton, “Secure Databases: Protection against User Influence,” ACM Trans. Database Systems, vol. 4, no. 1, pp. 97-106, 1979.
[27] F.Y. Chin and G. Ozsoyoglu, “Auditing and Inference Control in Statistical Databases,” IEEE Trans. Software Eng., vol. 8, no. 6, pp.574-582, 1982.
[28] J. Schlorer, “Information Loss in Partitioned Statistical Databases,” Computer J., vol. 26, no. 3, pp. 218-223, 1983.
[29] S.P. Reiss, “Practical Data Swapping: The First Steps,” ACM Trans. Database Systems, vol. 9, no. 1, pp. 20-37, 1984.
[30] J.F. Traub, Y. Yemini, and H. Wozniakowski, “The Statistical Security of a Statistical Database,” ACM Trans. Database Systems, vol. 9, no. 4, pp. 672-679, 1984.
[31] D.E. Denning, “Secure Statistical Databases with Random Sample Queries,” ACM Trans. Database Systems, vol. 5, no. 3, pp. 291-315, 1980.
[32] L.L. Beck, “A Security Mechanism for Statistical Databases,” ACM Trans. Database Systems, vol. 5, no. 3, pp. 316-338, 1980.
[33] B. Hore, S. Mehrotra, and G. Tsudik, “A Privacy-Preserving Index for Range Queries,” Proc. Int'l Conf. Very Large Data Bases (VLDB'04), pp. 720-731, 2004.
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool