The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - Jan. (2014 vol.13)
pp: 159-173
Krishna P. N. Puttaswamy , Dept. of Comput. Sci., Univ. of California, Santa Barbara, Santa Barbara, CA, USA
Shiyuan Wang , Dept. of Comput. Sci., Univ. of California, Santa Barbara, Santa Barbara, CA, USA
Troy Steinbauer , Dept. of Comput. Sci., Univ. of California, Santa Barbara, Santa Barbara, CA, USA
Divyakant Agrawal , Dept. of Comput. Sci., Univ. of California, Santa Barbara, Santa Barbara, CA, USA
Amr El Abbadi , Dept. of Comput. Sci., Univ. of California, Santa Barbara, Santa Barbara, CA, USA
Christopher Kruegel , Dept. of Comput. Sci., Univ. of California, Santa Barbara, Santa Barbara, CA, USA
Ben Y. Zhao , Dept. of Comput. Sci., Univ. of California, Santa Barbara, Santa Barbara, CA, USA
ABSTRACT
Using geosocial applications, such as FourSquare, millions of people interact with their surroundings through their friends and their recommendations. Without adequate privacy protection, however, these systems can be easily misused, for example, to track users or target them for home invasion. In this paper, we introduce LocX, a novel alternative that provides significantly improved location privacy without adding uncertainty into query results or relying on strong assumptions about server security. Our key insight is to apply secure user-specific, distance-preserving coordinate transformations to all location data shared with the server. The friends of a user share this user's secrets so they can apply the same transformation. This allows all location queries to be evaluated correctly by the server, but our privacy mechanisms guarantee that servers are unable to see or infer the actual location data from the transformed data or from the data access. We show that LocX provides privacy even against a powerful adversary model, and we use prototype measurements to show that it provides privacy with very little performance overhead, making it suitable for today's mobile devices.
INDEX TERMS
Servers, Privacy, Indexes, Cryptography, Data privacy, Transforms, Mobile computing,location transformation, Servers, Privacy, Indexes, Cryptography, Data privacy, Transforms, Mobile computing, efficiency, Location privacy, security, location-based social applications
CITATION
Krishna P. N. Puttaswamy, Shiyuan Wang, Troy Steinbauer, Divyakant Agrawal, Amr El Abbadi, Christopher Kruegel, Ben Y. Zhao, "Preserving Location Privacy in Geosocial Applications", IEEE Transactions on Mobile Computing, vol.13, no. 1, pp. 159-173, Jan. 2014, doi:10.1109/TMC.2012.247
REFERENCES
[1] M. Motani, V. Srinivasan, and P.S. Nuggehalli, "PeopleNet: Engineering a Wireless Virtual Social Network," Proc. ACM MobiCom, 2005.
[2] M. Hendrickson, "The State of Location-Based Social Networking on the iPhone," http://techcrunch.com/2008/09/28the-state-of-location-based-social-networking-on-the-iphone , 2008.
[3] P. Mohan, V.N. Padmanabhan, and R. Ramjee, "Nericell: Rich Monitoring of Road and Traffic Conditions Using Mobile Smartphones," Proc. Sixth ACM Conf. Embedded Network Sensor Systems, 2008.
[4] G. Ananthanarayanan, V.N. Padmanabhan, L. Ravindranath, and C.A. Thekkath, "Combine: Leveraging the Power of Wireless Peers through Collaborative Downloading," Proc. Fifth Int'l Conf. Mobile Systems, Applications Services, 2007.
[5] M. Siegler, "Foodspotting is a Location-Based Game that Will Make Your Mouth Water," http://techcrunch.com/2010/03/04foodspotting , 2013.
[6] "SCVNGR," http:/www.scvngr.com, 2013.
[7] B. Schilit, J. Hong, and M. Gruteser, "Wireless Location Privacy Protection," Computer, vol. 36, no. 12, pp. 135-137, Dec. 2003.
[8] F. Grace, "Stalker Victims Should Check for GPS," http:/www.cbsnews. com, Feb. 2003.
[9] A. Gendar and A. Lisberg, "How Cell Phone Helped Cops Nail Key Murder Suspect. Secret 'Pings' that Gave Bouncer Away," New York Daily News, Mar. 2006.
[10] "Police: Thieves Robbed Homes Based on Facebook, Social Media Sites," WMUR News, http://www.wmur.com/r/24943582 detail.html , Sept. 2010.
[11] M. Gruteser and D. Grunwald, "Anonymous Usage of Location-Based Services through Spatial and Temporal Cloaking," Proc. First Int'l Conf. Mobile Systems, Applications Services, 2003.
[12] M.F. Mokbel, C.-Y. Chow, and W.G. Aref, "The New Casper: A Privacy-Aware Location-Based Database Server," Proc. IEEE 23rd Int'l Conf. Data Eng., 2007.
[13] B. Gedik and L. Liu, "Location Privacy in Mobile Systems: A Personalized Anonymization Model," Proc. IEEE 25th Int'l Conf. Distributed Computing Systems, 2005.
[14] T. Jiang, H.J. Wang, and Y.-C. Hu, "Preserving Location Privacy in Wireless Lans," Proc. Fifth Int'l Conf. Mobile Systems, Applications Services, 2007.
[15] P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias, "Preventing Location-Based Identity Inference in Anonymous Spatial Queries," IEEE Trans. Knowledge Data Eng., vol. 19, no. 12, pp. 1719-1733, Dec. 2007.
[16] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, "Private Queries in Location Based Services: Anonymizers Are Not Necessary," Proc. ACM SIGMOD Int'l Conf. Management Data, 2008.
[17] S. Papadopoulos, S. Bakiras, and D. Papadias, "Nearest Neighbor Search with Strong Location Privacy," Proc. VLDB Endowment, vol. 3, nos. 1/2, pp. 619-629, Sept. 2010.
[18] A. Narayanan, N. Thiagarajan, M. Lakhani, M. Hamburg, and D. Boneh, "Location Privacy via Private Proximity Testing," Proc. Network Distributed System Security Conf., 2011.
[19] G. Zhong, I. Goldberg, and U. Hengartner, "Louis Lester and Pierre: Three Protocols for Location Privacy," Proc. Seventh Int'l Conf. Privacy Enhancing Technologies, 2007.
[20] N. Daswani and D. Boneh, "Experimenting with Electronic Commerce on the Palmpilot," Proc. Third Int'l Conf. Financial Cryptography, 1999.
[21] A. Khoshgozaran and C. Shahabi, "Blind Evaluation of Nearest Neighbor Queries Using Space Transformation to Preserve Location Privacy," Proc. 10th Int'l Conf. Advances Spatial Temporal Databases, 2007.
[22] G. Ghinita, P. Kalnis, and S. Skiadopoulos, "PRIVE: Anonymous Location-Based Queries in Distributed Mobile Systems," Proc. 16th Int'l Conf. World Wide Web, 2007.
[23] P. Golle and K. Partridge, "On the Anonymity of Home/Work Location Pairs," Proc. Pervasive Computing, 2009.
[24] B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady, "Enhancing Security and Privacy in Traffic-Monitoring Systems," IEEE Pervasive Computing Magazine, vol. 5, no. 4, pp. 38-46, Oct. 2006.
[25] B. Hoh et al., "Preserving Privacy in GPS Traces via Uncertainty-Aware Path Cloaking," Proc. 14th ACM Conf. Computer Comm. Security, 2007.
[26] J. Krumm, "Inference Attacks on Location Tracks," Proc. Fifth Int'l Conf. Pervasive Computing, 2007.
[27] A. Beresford and F. Stajano, "Mix Zones: User Privacy in Location-Aware Services," Proc. IEEE Second Ann. Conf. Pervasive Computing Comm. Workshop, 2004.
[28] M.L. Yiu, C.S. Jensen, X. Huang, and H. Lu, "Spacetwist: Managing the Trade-Offs among Location Privacy Query Performance and Query Accuracy in Mobile Services," Proc. IEEE 24th Int'l Conf. Data Eng., 2008.
[29] D. Lin, E. Bertino, R. Cheng, and S. Prabhakar, "Position Transformation: A Location Privacy Protection Method for Moving Objects," Proc. Int'l Workshop Security Privacy GIS LBS, 2008.
[30] C.-Y. Chow and M.F. Mokbel, "Enabling Private Continuous Queries for Revealed User Locations," Proc. 10th Int'l Conf. Advances Spatial Temporal Databases, pp. 258-275, 2007.
[31] E.O. Turgay, T.B. Pedersen, Y. Saygin, E. Savas, and A. Levi, "Disclosure Risks of Distance Preserving Data Transformations," Proc. 20th Int'l Conf. Scientific Statistical Database Management, 2008.
[32] S. Mascetti, C. Bettini, and D. Freni, "Longitude: Centralized Privacy-Preserving Computation of Users' Proximity," Proc. Sixth VLDB Workshop Secure Data Management, 2009.
[33] S. Mascetti, C. Bettini, D. Freni, X.S. Wang, and S. Jajodia, "Privacy-Aware Proximity Based Services," Proc. Tenth Int'l Conf. Mobile Data Management: Systems, Services Middleware (MDM '09), 2009.
[34] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," Proc. 13th Conf. USENIX Security Symp., 2004.
[35] H. Hu, J. Xu, C. Ren, and B. Choi, "Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism," Proc. IEEE 27th Int'l Conf. Data Eng. (ICDE), 2011.
[36] W.K. Wong, D.W.-L. Cheung, B. Kao, and N. Mamoulis, "Secure kNN Computation on Encrypted Databases," Proc. SIGMOD Int'l Conf. Management (SIGMOD '09), 2009.
[37] R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin, "Persona: An Online Social Network with User Defined Privacy," Proc. ACM SIGCOMM Conf. Data Comm., 2009.
[38] T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno, "Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs," Proc. 17th Conf. Security Symp. (SS '08), 2008.
[39] A. Mislove, K. Gummadi, and P. Druschel, "Exploiting Social Networks for Internet Search," Proc. Fifth Workshop Hot Topics Networks (HotNets '06), 2006.
[40] A. Mislove, A. Post, P. Druschel, and K. Gummadi, "Ostra: Leveraging Trust to Thwart Unwanted Communication," Proc. Fifth USENIX Symp. Networked Systems Design Implementation (NSDI '08), pp. 15-30, 2008.
[41] T. Isdal, M. Piatek, A. Krishnamurthy, and T. Anderson, "Privacy-Preserving P2P Data Sharing with Oneswarm," Proc. ACM SIGCOMM, 2010.
[42] M. Bellare, R. Canetti, and H. Krawczyk, "Keying Hash Functions for Message Authentication," Proc. 16th Ann. Int'l Cryptology Conf. Advances Cryptology, 1996.
[43] B. Greenstein, J. Pang, T. Kohno, S. Seshan, and D. Wetherall, "Improving Wireless Privacy with an Identifier-Free Link Layer Protocol," Proc. ACM MobiSys, 2008.
[44] A. Guttman, "R-Trees: A Dynamic Index Structure for Spatial Searching," Proc. ACM SIGMOD Int'l Conf. Management Data, 1984.
[45] D.P. Group, "R-Tree Java Implementation," http://www. rtreeportal.org/codeRstar-java.zip , 2012.
[46] "Privoxy Web Proxy," http:/www.privoxy.org, 2012.
[47] B. Wong, I. Stoyanov, and E. Sirer, "Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts," Proc. Fourth USENIX Conf. Networked Systems Design Implementation (NSDI '07), 2007.
[48] P. Gill et al., "Dude Where's that IP? Circumventing Measurement-Based IP Geolocation," Proc. 19th USENIX Conf. Security, p. 16, 2010.
[49] J. Manweiler, R. Scudellari, and L.P. Cox, "SMILE: Encounter-Based Trust for Mobile Social Services," Proc. 16th ACM Conf. Computer Comm. Security (CCS '09), 2009.
[50] V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data," Proc. 13th ACM Conf. Computer Comm. Security, 2006.
[51] K.P.N. Puttaswamy, R. Bhagwan, and V.N. Padmanabhan, "Anonygator: Anonymity and Integrity Preserving Data Aggregation," Proc. ACM/IFIP/USENIX 11th Int'l Conf. Middleware (Middleware '10), 2010.
[52] A. Mislove, M. Marcon, K.P. Gummadi, P. Druschel, and B. Bhattacharjee, "Measurement and Analysis of Online Social Networks," Proc. Seventh ACM SIGCOMM Conf. Internet Measurement (IMC '07), Oct. 2007.
58 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool