Personal and Ubiquitous Computing

, Volume 18, Issue 1, pp 163–175 | Cite as

A classification of location privacy attacks and approaches

  • Marius Wernke
  • Pavel Skvortsov
  • Frank Dürr
  • Kurt Rothermel
Original Article

Abstract

In recent years, location-based services have become very popular, mainly driven by the availability of modern mobile devices with integrated position sensors. Prominent examples are points of interest finders or geo-social networks such as Facebook Places, Qype, and Loopt. However, providing such services with private user positions may raise serious privacy concerns if these positions are not protected adequately. Therefore, location privacy concepts become mandatory to ensure the user’s acceptance of location-based services. Many different concepts and approaches for the protection of location privacy have been described in the literature. These approaches differ with respect to the protected information and their effectiveness against different attacks. The goal of this paper is to assess the applicability and effectiveness of location privacy approaches systematically. We first identify different protection goals, namely personal information (user identity), spatial information (user position), and temporal information (identity/position + time). Secondly, we give an overview of basic principles and existing approaches to protect these privacy goals. In a third step, we classify possible attacks. Finally, we analyze existing approaches with respect to their protection goals and their ability to resist the introduced attacks.

Keywords

Location-based services Location privacy Protection goals Principles Adversary Attacks Classification Approaches 

References

  1. 1.
    Abul O, Bonchi F, Nanni M (2008) Never walk alone: uncertainty for anonymity in moving objects databases. In: Proceedings of the 24th international conference on data engineering (ICDE ’08), Washington, DC, USA, pp 376–385Google Scholar
  2. 2.
    Ardagna C, Cremonini M, Damiani E, De Capitani di Vimercati S, Samarati P (2007) Location privacy protection through obfuscation-based techniques. In: Proceedings of the 21st annual IFIP WG 11.3 working conference on data and applications security, Redondo Beach, CA, USA, pp 47–60Google Scholar
  3. 3.
    Ardagna CA, Cremonini M, Gianini G (2009) Landscape-aware location-privacy protection in location-based services. J Syst Archit 55(4):243–254CrossRefGoogle Scholar
  4. 4.
    Bamba B, Liu L, Pesti P, Wang T (2008) Supporting anonymous location queries in mobile environments with privacygrid. In: Proceeding of the 17th international conference on world wide web (WWW ’08), Beijing, China, pp 237–246Google Scholar
  5. 5.
    Barker K, Askari M, Banerjee M, Ghazinour K, Mackas B, Majedi M, Pun S, Williams A (2009) A data privacy taxonomy. In: Proceedings of the 26th British national conference on databases: dataspace: the final frontier (BNCOD 26), Birmingham, UK, pp 42–54Google Scholar
  6. 6.
    Beresford AR, Stajano F (2003) Location privacy in pervasive computing. IEEE Pervasive Comput 2(1):46–55CrossRefGoogle Scholar
  7. 7.
    Beresford AR, Stajano F (2004) Mix zones: user privacy in location-aware services. In: Proceedings of the second IEEE annual conference on pervasive computing and communications workshops (PerCom ’04 Workshops), pp 127–131Google Scholar
  8. 8.
    Bettini C, Mascetti S, Wang XS, Freni D, Jajodia S (2009) Anonymity and historical-anonymity in location-based services. In: Bettini C, Jajodia S, Samarati P, Wang X (eds) Privacy in location-based applications, lecture notes in computer science, vol 5599. Springer, Berlin, pp 1–30Google Scholar
  9. 9.
    Bettini C, Wang X, Jajodia S (2005) Protecting privacy against location-based personal identification. In: Jonker W, Petkovic M (eds) Secure data management, lecture notes in computer science, vol 3674. Springer, Berlin, pp 185–199Google Scholar
  10. 10.
    Chan CW, Chang CC (2005) A scheme for threshold multi-secret sharing. Appl Math Comput 166:1–14CrossRefMATHMathSciNetGoogle Scholar
  11. 11.
    Cheng R, Zhang Y, Bertino E, Prabhakar S (2006) Preserving user location privacy in mobile data management infrastructures. In: Proceedings of the 6th international conference on privacy enhancing technologies (PET ’06), pp 393–412. Springer, BerlinGoogle Scholar
  12. 12.
    Chow CY, Mokbel MF (2011) Trajectory privacy in location-based services and data publication. SIGKDD Explor 13(1):19–29CrossRefGoogle Scholar
  13. 13.
    Chow CY, Mokbel MF, Liu X (2011) Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments. GeoInformatica 15(2):351–380CrossRefGoogle Scholar
  14. 14.
    Damiani ML, Bertino E, Silvestri C (2009) Protecting location privacy against spatial inferences: the probe approach. In: Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 international workshop on security and privacy in GIS and LBS (SPRINGL ’09), Seattle, Washington, pp 32–41Google Scholar
  15. 15.
    Damiani ML, Bertino E, Silvestri C (2010) The probe framework for the personalized cloaking of private locations. Trans Data Priv 3(2):123–148MathSciNetGoogle Scholar
  16. 16.
    Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: Proceedings of the third international conference on pervasive computing (Pervasive ’05), Munich, Germany, pp 152–170Google Scholar
  17. 17.
    Dürr F, Skvortsov P, Rothermel K (2011) Position sharing for location privacy in non-trusted systems. In: Proceedings of the 9th IEEE international conference on pervasive computing and communications (PerCom ’11), Seattle, USA, pp 189 –196Google Scholar
  18. 18.
    Facebook (2012) Places. http://www.facebook.com/places
  19. 19.
    Foursquare (2012) http://www.foursquare.com
  20. 20.
    Gedik B, Liu L (2005) Location privacy in mobile systems: a personalized anonymization model. In: Proceedings of the 25th IEEE international conference on distributed computing systems (ICDCS ’05), pp 620–629Google Scholar
  21. 21.
    Gedik B, Liu L (2008) Protecting location privacy with personalized k-anonymity: architecture and algorithms. IEEE Trans Mob Comput 7(1):1–18CrossRefGoogle Scholar
  22. 22.
    Ghinita G, Damiani ML, Silvestri C, Bertino E (2009) Preventing velocity-based linkage attacks in location-aware applications. In: Proceedings of the 17th ACM SIGSPATIAL international conference on advances in geographic information systems (GIS ’09), Seattle, Washington, pp 246–255Google Scholar
  23. 23.
    Ghinita G, Kalnis P, Khoshgozaran A, Shahabi C, Tan KL (2008) Private queries in location based services: anonymizers are not necessary. In: Proceedings of the 2008 ACM SIGMOD international conference on management of data (SIGMOD ’08), Vancouver, Canada, pp 121–132Google Scholar
  24. 24.
    Ghinita G, Kalnis P, Skiadopoulos S (2007) Mobihide: a mobile peer-to-peer system for anonymous location-based queries. In: Proceedings of the 10th international conference on advances in spatial and temporal databases (SSTD ’07), Boston, MA, USA, pp 221–238Google Scholar
  25. 25.
    Ghinita G, Kalnis P, Skiadopoulos S (2007) Prive: anonymous location-based queries in distributed mobile systems. In: Proceedings of the 16th international conference on world wide web (WWW ’07), Banff, Alberta, Canada, pp 371–380Google Scholar
  26. 26.
    Gilbert P, Cox LP, Jung J, Wetherall D (2010) Toward trustworthy mobile sensing. In: Proceedings of the 11th workshop on mobile computing systems and applications (HotMobile ’10), Annapolis, Maryland, pp 31–36Google Scholar
  27. 27.
    Golle P, Partridge K (2009) On the anonymity of home/work location pairs. In: Proceedings of the 7th international conference on pervasive computing (Pervasive ’09), Nara, Japan, pp 390–397Google Scholar
  28. 28.
    Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st international conference on mobile systems, applications and services (MobiSys ’03), San Francisco, California, pp 31–42Google Scholar
  29. 29.
    Gutscher A (2006) Coordinate transformation—a solution for the privacy problem of location based services? In: Proceedings of the 20th international conference on parallel and distributed processing (IPDPS ’06), Rhodes Island, Greece, pp 354–354Google Scholar
  30. 30.
    Hashem T, Kulik L, Zhang R (2010) Privacy preserving group nearest neighbor queries. In: Proceedings of the 13th international conference on extending database technology (EDBT ’10), Lausanne, Switzerland, pp 489–500Google Scholar
  31. 31.
    Hoh B, Gruteser M, Herring R, Ban J, Work D, Herrera JC, Bayen AM, Annavaram M, Jacobson Q (2008) Virtual trip lines for distributed privacy-preserving traffic monitoring. In: Proceeding of the 6th international conference on mobile systems, applications, and services (MobiSys ’08), Breckenridge, CO, USA, pp 15–28Google Scholar
  32. 32.
    Hoh B, Gruteser M, Xiong H, Alrabady A (2007) Preserving privacy in gps traces via uncertainty-aware path cloaking. In: Proceedings of the 14th ACM conference on computer and communications security (CCS ’07), Alexandria, Virginia, USA, pp 161–171Google Scholar
  33. 33.
    Hu H, Xu J (2009) Non-exposure location anonymity. In: Proceedings of the 25th IEEE international conference on data engineering (ICDE ’09), pp 1120–1131Google Scholar
  34. 34.
    Kalnis P, Ghinita G, Mouratidis K, Papadias D (2007) Preventing location-based identity inference in anonymous spatial queries. IEEE Trans Knowl Data Eng 19(12):1719–1733CrossRefGoogle Scholar
  35. 35.
    Khoshgozaran A, Shahabi C (2010) A taxonomy of approaches to preserve location privacy in location-based services. Int J Comput Sci Eng 5(2):86–96CrossRefGoogle Scholar
  36. 36.
    Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: Proceedings of the international conference on pervasive services (ICPS ’05), pp 88–97Google Scholar
  37. 37.
    Krumm J (2007) Inference attacks on location tracks. In: Proceedings of the 5th international conference on pervasive computing (Pervasive ’07). Springer, Toronto, pp 127–143Google Scholar
  38. 38.
    Krumm J (2009) A survey of computational location privacy. Pers Ubiquit Comput 13(6):391–399CrossRefGoogle Scholar
  39. 39.
    Lee JG, Han J, Whang KY (2007) Trajectory clustering: a partition-and-group framework. In: Proceedings of the 2007 ACM SIGMOD international conference on management of data (SIGMOD ’07), Beijing, China, pp 593–604Google Scholar
  40. 40.
    Li N, Li T, Venkatasubramanian S (2007) t-closeness: privacy beyond k-anonymity and l-diversity. In: Proceedings of the 23rd IEEE international conference on data engineering (ICDE ’07), pp 106–115Google Scholar
  41. 41.
    Loopt (2012) http://www.loopt.com
  42. 42.
    Machanavajjhala A, Kifer D, Gehrke J, Venkitasubramaniam M (2007) L-diversity: privacy beyond k-anonymity. ACM Trans Knowl Discov Data 1(3):3Google Scholar
  43. 43.
    Marias G, Delakouridis C, Kazatzopoulos L, Georgiadis P (2005) Location privacy through secret sharing techniques. In: Proceedings of the 1st international IEEE WoWMoM workshop on trust, security and privacy for ubiquitous computing (WOWMOM ’05), pp 614–620Google Scholar
  44. 44.
    Mascetti S, Bettini C, Wang XS, Freni D, Jajodia S (2009) Providenthider: an algorithm to preserve historical k-anonymity in lbs. In: Proceedings of the 10th IEEE international conference on mobile data management (MDM ’09), pp 172–181. Taipei, TaiwanGoogle Scholar
  45. 45.
    Mascetti S, Freni D, Bettini C, Wang XS, Jajodia S (2011) Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies. VLDB J 20(4):541–566CrossRefGoogle Scholar
  46. 46.
    Mokbel MF (2007) Privacy in location-based services: State-of-the-art and research directions. In: Proceedings of the 8th international conference on mobile data management (MDM ’07), p 228Google Scholar
  47. 47.
    Mokbel MF, Chow CY, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: Proceedings of the 32nd international conference on very large data bases (VLDB ’06), Seoul, Korea, pp 763–774Google Scholar
  48. 48.
    Palanisamy B, Liu L (2011) Mobimix: protecting location privacy with mix-zones over road networks. In: Proceedings of the 27th IEEE international conference on data engineering (ICDE ’11), pp 494–505Google Scholar
  49. 49.
    Pedreschi D, Bonchi F, Turini F, Verykios VS, Atzori M, Malin B, Moelans B, Saygin Y (2008) Privacy protection: regulations and technologies, opportunities and threats. In: Mobility, data mining and privacy. Springer, Berlin, pp 101–119Google Scholar
  50. 50.
    Privacy Rights Clearinghouse (2012) Privacy rights clearinghouse. http://www.privacyrights.org/data-breach
  51. 51.
    Qype (2012) http://www.qype.com
  52. 52.
    Shankar P, Ganapathy V, Iftode L (2009) Privately querying location-based services with sybilquery. In: Proceedings of the 11th international conference on ubiquitous computing (UbiComp ’09), Orlando, Florida, USA, pp 31–40Google Scholar
  53. 53.
    Shokri R, Theodorakopoulos G, Le Boudec J, Hubaux J (2011) Quantifying location privacy. In: Proceedings of the 31st IEEE symposium on security and privacy (SP ’11), Berleley/Oakland, California, USA, pp 247–262Google Scholar
  54. 54.
    Skvortsov P, Dürr F, Rothermel K (2012) Map-aware position sharing for location privacy in non-trusted systems. In: Proceedings of the 10th international conference on pervasive computing (Pervasive ’12), Newcastle, UK, pp 388–405Google Scholar
  55. 55.
    Solanas A, Domingo-Ferrer J, Martínez-Ballesté A (2008) Location privacy in location-based services: beyond ttp-based schemes. In: International workshop on privacy in location-based applications (PiLBA ’08), Malaga, SpainGoogle Scholar
  56. 56.
    Solanas A, Sebé F, Domingo-Ferrer J (2008) Micro-aggregation-based heuristics for p-sensitive k-anonymity: one step beyond. In: Proceedings of the 2008 international workshop on privacy and anonymity in information society (PAIS ’08), Nantes, France, pp 61–69Google Scholar
  57. 57.
    Talukder N, Ahamed SI (2010) Preventing multi-query attack in location-based services. In: Proceedings of the third ACM conference on wireless network security (WiSec ’10), Hoboken, New Jersey, USA, pp 25–36Google Scholar
  58. 58.
    Terrovitis M, Mamoulis N (2008) Privacy preservation in the publication of trajectories. In: Proceedings of the 9th international conference on mobile data management (MDM ’08), Beijing, China, pp 65–72Google Scholar
  59. 59.
    Wang T, Liu L (2009) From data privacy to location privacy. In: Tsai JJP, Yu PS (eds) Machine learning in cyber trust: security, privacy, and reliability, chap 9. Springer, Berlin, pp 217–247Google Scholar
  60. 60.
    Wernke M, Dürr F, Rothermel K (2012) PShare: position sharing for location privacy based on multi-secret sharing. In: Proceedings of the 10th IEEE international conference on pervasive computing and communications (PerCom ’12), Lugano, Switzerland, pp 153–161Google Scholar
  61. 61.
    Yiu ML, Jensen CS, Møller J, Lu H (2011) Design and analysis of a ranking approach to private location-based services. ACM Trans Database Syst 36(2):1–42CrossRefGoogle Scholar
  62. 62.
    Zhang C, Huang Y (2009) Cloaking locations for anonymous location based services: a hybrid approach. Geoinformatica 13(2):159–182CrossRefGoogle Scholar

Copyright information

© Springer-Verlag London 2012

Authors and Affiliations

  • Marius Wernke
    • 1
  • Pavel Skvortsov
    • 1
  • Frank Dürr
    • 1
  • Kurt Rothermel
    • 1
  1. 1.Institute of Parallel and Distributed SystemsUniversität StuttgartStuttgartGermany

Personalised recommendations