Abstract
In recent years, location-based services have become very popular, mainly driven by the availability of modern mobile devices with integrated position sensors. Prominent examples are points of interest finders or geo-social networks such as Facebook Places, Qype, and Loopt. However, providing such services with private user positions may raise serious privacy concerns if these positions are not protected adequately. Therefore, location privacy concepts become mandatory to ensure the user’s acceptance of location-based services. Many different concepts and approaches for the protection of location privacy have been described in the literature. These approaches differ with respect to the protected information and their effectiveness against different attacks. The goal of this paper is to assess the applicability and effectiveness of location privacy approaches systematically. We first identify different protection goals, namely personal information (user identity), spatial information (user position), and temporal information (identity/position + time). Secondly, we give an overview of basic principles and existing approaches to protect these privacy goals. In a third step, we classify possible attacks. Finally, we analyze existing approaches with respect to their protection goals and their ability to resist the introduced attacks.
Similar content being viewed by others
References
Abul O, Bonchi F, Nanni M (2008) Never walk alone: uncertainty for anonymity in moving objects databases. In: Proceedings of the 24th international conference on data engineering (ICDE ’08), Washington, DC, USA, pp 376–385
Ardagna C, Cremonini M, Damiani E, De Capitani di Vimercati S, Samarati P (2007) Location privacy protection through obfuscation-based techniques. In: Proceedings of the 21st annual IFIP WG 11.3 working conference on data and applications security, Redondo Beach, CA, USA, pp 47–60
Ardagna CA, Cremonini M, Gianini G (2009) Landscape-aware location-privacy protection in location-based services. J Syst Archit 55(4):243–254
Bamba B, Liu L, Pesti P, Wang T (2008) Supporting anonymous location queries in mobile environments with privacygrid. In: Proceeding of the 17th international conference on world wide web (WWW ’08), Beijing, China, pp 237–246
Barker K, Askari M, Banerjee M, Ghazinour K, Mackas B, Majedi M, Pun S, Williams A (2009) A data privacy taxonomy. In: Proceedings of the 26th British national conference on databases: dataspace: the final frontier (BNCOD 26), Birmingham, UK, pp 42–54
Beresford AR, Stajano F (2003) Location privacy in pervasive computing. IEEE Pervasive Comput 2(1):46–55
Beresford AR, Stajano F (2004) Mix zones: user privacy in location-aware services. In: Proceedings of the second IEEE annual conference on pervasive computing and communications workshops (PerCom ’04 Workshops), pp 127–131
Bettini C, Mascetti S, Wang XS, Freni D, Jajodia S (2009) Anonymity and historical-anonymity in location-based services. In: Bettini C, Jajodia S, Samarati P, Wang X (eds) Privacy in location-based applications, lecture notes in computer science, vol 5599. Springer, Berlin, pp 1–30
Bettini C, Wang X, Jajodia S (2005) Protecting privacy against location-based personal identification. In: Jonker W, Petkovic M (eds) Secure data management, lecture notes in computer science, vol 3674. Springer, Berlin, pp 185–199
Chan CW, Chang CC (2005) A scheme for threshold multi-secret sharing. Appl Math Comput 166:1–14
Cheng R, Zhang Y, Bertino E, Prabhakar S (2006) Preserving user location privacy in mobile data management infrastructures. In: Proceedings of the 6th international conference on privacy enhancing technologies (PET ’06), pp 393–412. Springer, Berlin
Chow CY, Mokbel MF (2011) Trajectory privacy in location-based services and data publication. SIGKDD Explor 13(1):19–29
Chow CY, Mokbel MF, Liu X (2011) Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments. GeoInformatica 15(2):351–380
Damiani ML, Bertino E, Silvestri C (2009) Protecting location privacy against spatial inferences: the probe approach. In: Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 international workshop on security and privacy in GIS and LBS (SPRINGL ’09), Seattle, Washington, pp 32–41
Damiani ML, Bertino E, Silvestri C (2010) The probe framework for the personalized cloaking of private locations. Trans Data Priv 3(2):123–148
Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: Proceedings of the third international conference on pervasive computing (Pervasive ’05), Munich, Germany, pp 152–170
Dürr F, Skvortsov P, Rothermel K (2011) Position sharing for location privacy in non-trusted systems. In: Proceedings of the 9th IEEE international conference on pervasive computing and communications (PerCom ’11), Seattle, USA, pp 189 –196
Facebook (2012) Places. http://www.facebook.com/places
Foursquare (2012) http://www.foursquare.com
Gedik B, Liu L (2005) Location privacy in mobile systems: a personalized anonymization model. In: Proceedings of the 25th IEEE international conference on distributed computing systems (ICDCS ’05), pp 620–629
Gedik B, Liu L (2008) Protecting location privacy with personalized k-anonymity: architecture and algorithms. IEEE Trans Mob Comput 7(1):1–18
Ghinita G, Damiani ML, Silvestri C, Bertino E (2009) Preventing velocity-based linkage attacks in location-aware applications. In: Proceedings of the 17th ACM SIGSPATIAL international conference on advances in geographic information systems (GIS ’09), Seattle, Washington, pp 246–255
Ghinita G, Kalnis P, Khoshgozaran A, Shahabi C, Tan KL (2008) Private queries in location based services: anonymizers are not necessary. In: Proceedings of the 2008 ACM SIGMOD international conference on management of data (SIGMOD ’08), Vancouver, Canada, pp 121–132
Ghinita G, Kalnis P, Skiadopoulos S (2007) Mobihide: a mobile peer-to-peer system for anonymous location-based queries. In: Proceedings of the 10th international conference on advances in spatial and temporal databases (SSTD ’07), Boston, MA, USA, pp 221–238
Ghinita G, Kalnis P, Skiadopoulos S (2007) Prive: anonymous location-based queries in distributed mobile systems. In: Proceedings of the 16th international conference on world wide web (WWW ’07), Banff, Alberta, Canada, pp 371–380
Gilbert P, Cox LP, Jung J, Wetherall D (2010) Toward trustworthy mobile sensing. In: Proceedings of the 11th workshop on mobile computing systems and applications (HotMobile ’10), Annapolis, Maryland, pp 31–36
Golle P, Partridge K (2009) On the anonymity of home/work location pairs. In: Proceedings of the 7th international conference on pervasive computing (Pervasive ’09), Nara, Japan, pp 390–397
Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st international conference on mobile systems, applications and services (MobiSys ’03), San Francisco, California, pp 31–42
Gutscher A (2006) Coordinate transformation—a solution for the privacy problem of location based services? In: Proceedings of the 20th international conference on parallel and distributed processing (IPDPS ’06), Rhodes Island, Greece, pp 354–354
Hashem T, Kulik L, Zhang R (2010) Privacy preserving group nearest neighbor queries. In: Proceedings of the 13th international conference on extending database technology (EDBT ’10), Lausanne, Switzerland, pp 489–500
Hoh B, Gruteser M, Herring R, Ban J, Work D, Herrera JC, Bayen AM, Annavaram M, Jacobson Q (2008) Virtual trip lines for distributed privacy-preserving traffic monitoring. In: Proceeding of the 6th international conference on mobile systems, applications, and services (MobiSys ’08), Breckenridge, CO, USA, pp 15–28
Hoh B, Gruteser M, Xiong H, Alrabady A (2007) Preserving privacy in gps traces via uncertainty-aware path cloaking. In: Proceedings of the 14th ACM conference on computer and communications security (CCS ’07), Alexandria, Virginia, USA, pp 161–171
Hu H, Xu J (2009) Non-exposure location anonymity. In: Proceedings of the 25th IEEE international conference on data engineering (ICDE ’09), pp 1120–1131
Kalnis P, Ghinita G, Mouratidis K, Papadias D (2007) Preventing location-based identity inference in anonymous spatial queries. IEEE Trans Knowl Data Eng 19(12):1719–1733
Khoshgozaran A, Shahabi C (2010) A taxonomy of approaches to preserve location privacy in location-based services. Int J Comput Sci Eng 5(2):86–96
Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: Proceedings of the international conference on pervasive services (ICPS ’05), pp 88–97
Krumm J (2007) Inference attacks on location tracks. In: Proceedings of the 5th international conference on pervasive computing (Pervasive ’07). Springer, Toronto, pp 127–143
Krumm J (2009) A survey of computational location privacy. Pers Ubiquit Comput 13(6):391–399
Lee JG, Han J, Whang KY (2007) Trajectory clustering: a partition-and-group framework. In: Proceedings of the 2007 ACM SIGMOD international conference on management of data (SIGMOD ’07), Beijing, China, pp 593–604
Li N, Li T, Venkatasubramanian S (2007) t-closeness: privacy beyond k-anonymity and l-diversity. In: Proceedings of the 23rd IEEE international conference on data engineering (ICDE ’07), pp 106–115
Loopt (2012) http://www.loopt.com
Machanavajjhala A, Kifer D, Gehrke J, Venkitasubramaniam M (2007) L-diversity: privacy beyond k-anonymity. ACM Trans Knowl Discov Data 1(3):3
Marias G, Delakouridis C, Kazatzopoulos L, Georgiadis P (2005) Location privacy through secret sharing techniques. In: Proceedings of the 1st international IEEE WoWMoM workshop on trust, security and privacy for ubiquitous computing (WOWMOM ’05), pp 614–620
Mascetti S, Bettini C, Wang XS, Freni D, Jajodia S (2009) Providenthider: an algorithm to preserve historical k-anonymity in lbs. In: Proceedings of the 10th IEEE international conference on mobile data management (MDM ’09), pp 172–181. Taipei, Taiwan
Mascetti S, Freni D, Bettini C, Wang XS, Jajodia S (2011) Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies. VLDB J 20(4):541–566
Mokbel MF (2007) Privacy in location-based services: State-of-the-art and research directions. In: Proceedings of the 8th international conference on mobile data management (MDM ’07), p 228
Mokbel MF, Chow CY, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: Proceedings of the 32nd international conference on very large data bases (VLDB ’06), Seoul, Korea, pp 763–774
Palanisamy B, Liu L (2011) Mobimix: protecting location privacy with mix-zones over road networks. In: Proceedings of the 27th IEEE international conference on data engineering (ICDE ’11), pp 494–505
Pedreschi D, Bonchi F, Turini F, Verykios VS, Atzori M, Malin B, Moelans B, Saygin Y (2008) Privacy protection: regulations and technologies, opportunities and threats. In: Mobility, data mining and privacy. Springer, Berlin, pp 101–119
Privacy Rights Clearinghouse (2012) Privacy rights clearinghouse. http://www.privacyrights.org/data-breach
Qype (2012) http://www.qype.com
Shankar P, Ganapathy V, Iftode L (2009) Privately querying location-based services with sybilquery. In: Proceedings of the 11th international conference on ubiquitous computing (UbiComp ’09), Orlando, Florida, USA, pp 31–40
Shokri R, Theodorakopoulos G, Le Boudec J, Hubaux J (2011) Quantifying location privacy. In: Proceedings of the 31st IEEE symposium on security and privacy (SP ’11), Berleley/Oakland, California, USA, pp 247–262
Skvortsov P, Dürr F, Rothermel K (2012) Map-aware position sharing for location privacy in non-trusted systems. In: Proceedings of the 10th international conference on pervasive computing (Pervasive ’12), Newcastle, UK, pp 388–405
Solanas A, Domingo-Ferrer J, Martínez-Ballesté A (2008) Location privacy in location-based services: beyond ttp-based schemes. In: International workshop on privacy in location-based applications (PiLBA ’08), Malaga, Spain
Solanas A, Sebé F, Domingo-Ferrer J (2008) Micro-aggregation-based heuristics for p-sensitive k-anonymity: one step beyond. In: Proceedings of the 2008 international workshop on privacy and anonymity in information society (PAIS ’08), Nantes, France, pp 61–69
Talukder N, Ahamed SI (2010) Preventing multi-query attack in location-based services. In: Proceedings of the third ACM conference on wireless network security (WiSec ’10), Hoboken, New Jersey, USA, pp 25–36
Terrovitis M, Mamoulis N (2008) Privacy preservation in the publication of trajectories. In: Proceedings of the 9th international conference on mobile data management (MDM ’08), Beijing, China, pp 65–72
Wang T, Liu L (2009) From data privacy to location privacy. In: Tsai JJP, Yu PS (eds) Machine learning in cyber trust: security, privacy, and reliability, chap 9. Springer, Berlin, pp 217–247
Wernke M, Dürr F, Rothermel K (2012) PShare: position sharing for location privacy based on multi-secret sharing. In: Proceedings of the 10th IEEE international conference on pervasive computing and communications (PerCom ’12), Lugano, Switzerland, pp 153–161
Yiu ML, Jensen CS, Møller J, Lu H (2011) Design and analysis of a ranking approach to private location-based services. ACM Trans Database Syst 36(2):1–42
Zhang C, Huang Y (2009) Cloaking locations for anonymous location based services: a hybrid approach. Geoinformatica 13(2):159–182
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wernke, M., Skvortsov, P., Dürr, F. et al. A classification of location privacy attacks and approaches. Pers Ubiquit Comput 18, 163–175 (2014). https://doi.org/10.1007/s00779-012-0633-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-012-0633-z