This Article 
 Bibliographic References 
 Add to: 
A Privacy-Preserving Location Monitoring System for Wireless Sensor Networks
January 2011 (vol. 10 no. 1)
pp. 94-107
Chi-Yin Chow, University of Minnesota, Minneapolis
Mohamed F. Mokbel, University of Minnesota, Minneapolis
Tian He, University of Minnesota, Minneapolis
Monitoring personal locations with a potentially untrusted server poses privacy threats to the monitored individuals. To this end, we propose a privacy-preserving location monitoring system for wireless sensor networks. In our system, we design two in-network location anonymization algorithms, namely, resource and quality-aware algorithms, that aim to enable the system to provide high-quality location monitoring services for system users, while preserving personal location privacy. Both algorithms rely on the well-established k-anonymity privacy concept, that is, a person is indistinguishable among k persons, to enable trusted sensor nodes to provide the aggregate location information of monitored persons for our system. Each aggregate location is in a form of a monitored area A along with the number of monitored persons residing in A, where A contains at least k persons. The resource-aware algorithm aims to minimize communication and computational cost, while the quality-aware algorithm aims to maximize the accuracy of the aggregate locations by minimizing their monitored areas. To utilize the aggregate location information to provide location monitoring services, we use a spatial histogram approach that estimates the distribution of the monitored persons based on the gathered aggregate location information. Then, the estimated distribution is used to provide location monitoring services through answering range queries. We evaluate our system through simulated experiments. The results show that our system provides high-quality location monitoring services for system users and guarantees the location privacy of the monitored persons.

[1] A. Harter, A. Hopper, P. Steggles, A. Ward, and P. Webster, "The Anatomy of a Context-Aware Application," Proc. ACM MobiCom, 1999.
[2] N.B. Priyantha, A. Chakraborty, and H. Balakrishnan, "The Cricket Location-Support System," Proc. ACM MobiCom, 2000.
[3] B. Son, S. Shin, J. Kim, and Y. Her, "Implementation of the Real-Time People Counting System Using Wireless Sensor Networks," Int'l J. Multimedia and Ubiquitous Eng., vol. 2, no. 2, pp. 63-80, 2007.
[4] Onesystems Technologies, "Counting People in Buildings," content&task=view&id=10 , 2009.
[5] Traf-Sys Inc., "People Counting Systems," http://www.trafsys. com/products/people-counters thermal-sensor.aspx, 2009.
[6] M. Gruteser, G. Schelle, A. Jain, R. Han, and D. Grunwald, "Privacy-Aware Location Sensor Networks," Proc. Ninth Conf. Hot Topics in Operating Systems (HotOS), 2003.
[7] G. Kaupins and R. Minch, "Legal and Ethical Implications of Employee Location Monitoring," Proc. 38th Ann. Hawaii Int'l Conf. System Sciences (HICSS), 2005.
[8] Location Privacy Protection Act of 2001, http://www. privacy/locations1164is.asp, 2010.
[9] Title 47 United States Code Section 222 (h) (2), http://frwebgate. getdoc.cgi?dbname=browse_usc&docid= Cite:+47USC222 , 2009.
[10] D. Culler and M.S. Deborah Estrin, "Overview of Sensor Networks," Computer, vol. 37, no. 8, pp. 41-49, Aug. 2004.
[11] A. Perrig, R. Szewczyk, V. Wen, D.E. Culler, and J.D. Tygar, "SPINS: Security Protocols for Sensor Networks," Proc. ACM MobiCom, 2001.
[12] J. Kong and X. Hong, "ANODR: Anonymous on Demand Routing with Untraceable Routes for Mobile Ad-Hoc Networks," Proc. ACM MobiHoc, 2003.
[13] P. Kamat, Y. Zhang, W. Trappe, and C. Ozturk, "Enhancing Source-Location Privacy in Sensor Network Routing," Proc. 25th IEEE Int'l Conf. Distributed Computing Systems (ICDCS), 2005.
[14] S. Guo, T. He, M.F. Mokbel, J.A. Stankovic, and T.F. Abdelzaher, "On Accurate and Efficient Statistical Counting in Sensor-Based Surveillance Systems," Proc. Fifth IEEE Int'l Conf. Mobile Ad Hoc and Sensor Systems (MASS), 2008.
[15] K. Bohrer, S. Levy, X. Liu, and E. Schonberg, "Individualized Privacy Policy Based Access Control," Proc. Sixth Int'l Conf. Electronic Commerce Research (ICECR), 2003.
[16] E. Snekkenes, "Concepts for Personal Location Privacy Policies," Proc. Third ACM Conf. Electronic Commerce (EC), 2001.
[17] L. Sweeney, "Achieving $k$ -Anonymity Privacy Protection Using Generalization and Suppression," Int'l J. Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no. 5, pp. 571-588, 2002.
[18] H. Kido, Y. Yanagisawa, and T. Satoh, "An Anonymous Communication Technique Using Dummies for Location-Based Services," Proc. Int'l Conf. Pervasive Services (ICPS), 2005.
[19] B. Bamba, L. Liu, P. Pesti, and T. Wang, "Supporting Anonymous Location Queries in Mobile Environments with Privacygrid," Proc. Int'l Conf. World Wide Web (WWW), 2008.
[20] C. Bettini, S. Mascetti, X.S. Wang, and S. Jajodia, "Anonymity in Location-Based Services: Towards a General Framework," Proc. Int'l Conf. Mobile Data Management (MDM), 2007.
[21] C.-Y. Chow, M.F. Mokbel, and X. Liu, "A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location-Based Services," Proc. 14th Ann. ACM Int'l Symp. Advances in Geographic Information Systems (GIS), 2006.
[22] B. Gedik and L. Liu, "Protecting Location Privacy with Personalized K-Anonymity: Architecture and Algorithms," IEEE Trans. Mobile Computing, vol. 7, no. 1, pp. 1-18, Jan. 2008.
[23] G. Ghinita, P. Kalnis, and S. Skiadopoulos, "PRIVÉ: Anonymous Location-Based Queries in Distributed Mobile Systems," Proc. Int'l Conf. World Wide Web (WWW), 2007.
[24] G. Ghinita1, P. Kalnis, and S. Skiadopoulos, "MobiHide: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries," Proc. Int'l Symp. Spatial and Temporal Databasess (SSTD), 2007.
[25] M. Gruteser and D. Grunwald, "Anonymous Usage of Location-Based Services through Spatial and Temporal Cloaking," Proc. ACM MobiSys, 2003.
[26] P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias, "Preventing Location-Based Identity Inference in Anonymous Spatial Queries," IEEE Trans. Knowledge and Data Eng., vol. 19, no. 12, pp. 1719-1733, Dec. 2007.
[27] M.F. Mokbel, C.-Y. Chow, and W.G. Aref, "The New Casper: Query Processing for Location Services without Compromising Privacy," Proc. Int'l Conf. Very Large Data Bases (VLDB), 2006.
[28] T. Xu and Y. Cai, "Exploring Historical Location Data for Anonymity Preservation in Location-Based Services," Proc. IEEE INFOCOM, 2008.
[29] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, "Private Queries in Location Based Services: Anonymizers Are Not Necessary," Proc. ACM SIGMOD, 2008.
[30] W. He, X. Liu, H. Nguyen, K. Nahrstedt, and T. Abdelzaher, "PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks," Proc. IEEE INFOCOM, 2007.
[31] M. Shao, S. Zhu, W. Zhang, and G. Cao, "pDCS: Security and Privacy Support for Data-Centric Sensor Networks," Proc. IEEE INFOCOM, 2007.
[32] B. Carbunar, Y. Yu, W. Shi, M. Pearce, and V. Vasudevan, "Query Privacy in Wireless Sensor Networks," Proc. Fourth Ann. IEEE Comm. Soc. Conf. Sensor, Mesh and Ad Hoc Comm. and Networks (SECON), 2007.

Index Terms:
Location privacy, wireless sensor networks, location monitoring system, aggregate query processing, spatial histogram.
Chi-Yin Chow, Mohamed F. Mokbel, Tian He, "A Privacy-Preserving Location Monitoring System for Wireless Sensor Networks," IEEE Transactions on Mobile Computing, vol. 10, no. 1, pp. 94-107, Jan. 2011, doi:10.1109/TMC.2010.145
Usage of this product signifies your acceptance of the Terms of Use.