, Volume 15, Issue 3, pp 571–607

Query-aware location anonymization for road networks


  • Chi-Yin Chow
    • Department of Computer ScienceCity University of Hong Kong
    • Department of Computer Science and EngineeringUniversity of Minnesota
  • Jie Bao
    • Department of Computer Science and EngineeringUniversity of Minnesota
  • Xuan Liu
    • IBM Thomas J. Watson Research Center

DOI: 10.1007/s10707-010-0117-0

Cite this article as:
Chow, C., Mokbel, M.F., Bao, J. et al. Geoinformatica (2011) 15: 571. doi:10.1007/s10707-010-0117-0


Recently, several techniques have been proposed to protect the user location privacy for location-based services in the Euclidean space. Applying these techniques directly to the road network environment would lead to privacy leakage and inefficient query processing. In this paper, we propose a new location anonymization algorithm that is designed specifically for the road network environment. Our algorithm relies on the commonly used concept of spatial cloaking, where a user location is cloaked into a set of connected road segments of a minimum total length \({\cal L}\) including at least \({\cal K}\) users. Our algorithm is “query-aware” as it takes into account the query execution cost at a database server and the query quality, i.e., the number of objects returned to users by the database server, during the location anonymization process. In particular, we develop a new cost function that balances between the query execution cost and the query quality. Then, we introduce two versions of our algorithm, namely, pure greedy and randomized greedy, that aim to minimize the developed cost function and satisfy the user specified privacy requirements. To accommodate intervals with a high workload, we introduce a shared execution paradigm that boosts the scalability of our location anonymization algorithm and the database server to support large numbers of queries received in a short time period. Extensive experimental results show that our algorithms are more efficient and scalable than the state-of-the-art technique, in terms of both query execution cost and query quality. The results also show that our algorithms have very strong resilience to two privacy attacks, namely, the replay attack and the center-of-cloaked-area attack.


Location privacyShared executionLocation-based servicesSpatial network databasesGIS

Copyright information

© Springer Science+Business Media, LLC 2010