Knowledge and Information Systems

, Volume 26, Issue 3, pp 435–465 | Cite as

Location privacy: going beyond K-anonymity, cloaking and anonymizers

  • Ali KhoshgozaranEmail author
  • Cyrus Shahabi
  • Houtan Shirani-Mehr


With many location-based services, it is implicitly assumed that the location server receives actual users locations to respond to their spatial queries. Consequently, information customized to their locations, such as nearest points of interest can be provided. However, there is a major privacy concern over sharing such sensitive information with potentially malicious servers, jeopardizing users’ private information. The anonymity- and cloaking-based approaches proposed to address this problem cannot provide stringent privacy guarantees without incurring costly computation and communication overhead. Furthermore, they require a trusted intermediate anonymizer to protect user locations during query processing. This paper proposes a fundamental approach based on private information retrieval to process range and K-nearest neighbor queries, the prevalent queries used in many location-based services, with stronger privacy guarantees compared to those of the cloaking and anonymity approaches. We performed extensive experiments on both real-world and synthetic datasets to confirm the effectiveness of our approaches.


Location privacy Spatial databases Location-based services Private information retrieval 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Al-Muhtadi J, Campbell RH, Kapadia A, Mickunas MD, Yi S (2002) Routing through the mist: privacy preserving communication in ubiquitous computing environments. In: ICDCS’02, Austria, pp 74–83Google Scholar
  2. 2.
    Arnold TW, van Doorn L (2004) The IBM PCIXCC: a new cryptographic coprocessor for the IBM eServer. IBM J Res Dev 48(3–4): 475–488CrossRefGoogle Scholar
  3. 3.
    Asonov D (2004) Querying databases privately: a new approach to private information retrieval, vol 3128. Lecture notes in computer science. Springer, BerlinGoogle Scholar
  4. 4.
    Asonov D, Freytag JC (2002) Almost optimal private information retrieval. In: PET’02, San Francisco, CA, pp 209–223Google Scholar
  5. 5.
    Bamba B, Liu L, Pesti P, Wang T (2008) Supporting anonymous location queries in mobile environments with privacygrid. In: WWW’08, Beijin, China, pp 237–246Google Scholar
  6. 6.
    Bhattacharjee B, Abe N, Goldman K, Zadrozny B, Chillakuru VR, del Carpio M, Apte C (2006) Using secure coprocessors for privacy preserving collaborative data mining and analysis. In: DaMoN’06, Chicago, IL, p 1Google Scholar
  7. 7.
    Bouganim L, Pucheral P (2002) Chip-secured data access: confidential data on untrusted servers. In: VLDB’02, Hong Kong, China, pp 131–142Google Scholar
  8. 8.
    Cabbies threaten strike over GPS systems.
  9. 9.
    Chor B, Kushilevitz E, Goldreich O, Sudan M (1998) Private information retrieval. J ACM 45(6): 965–981zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Damiani E, Vimercati SDC, Jajodia S, Paraboschi S, Samarati P (2003) Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS’03, Washingtion, DC, pp 93–102Google Scholar
  11. 11.
    Faloutsos C, Roseman S (1989) Fractals for secondary key retrieval. In: PDS’89, New York, NY, pp 247–252Google Scholar
  12. 12.
    Gedik B, Liu L (2005) A customizable k-anonymity model for protecting location privacy. In: ICDS’05, Columbus, OH, pp 620–629Google Scholar
  13. 13.
    Ghinita G, Kalnis P, Skiadopoulos S (2007) PRIVE: anonymous location-based queries in distributed mobile systems. In: WWW’07, Alberta CA, pp 371–380Google Scholar
  14. 14.
    Ghinita G, Kalnis P, Khoshgozaran A, Shahabi C, Tan K-L (2008) Private queries in location based services: anonymizers are not necessary. In: SIGMOD’08, Vancouver, Canada, pp 121–132Google Scholar
  15. 15.
    Gonzalez MC, Hidalgo CA, Barabasi A (2008) Understanding individual human mobility patterns. Nature 453: 779–782CrossRefGoogle Scholar
  16. 16.
    Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: MobiSys’03, San Francisco, CA, pp 31–42Google Scholar
  17. 17.
    Hengartner U (2007) Hiding location information from location-based services. In: MDM’07, Mannheim, Germany, pp 268–272Google Scholar
  18. 18.
    Iliev A, Smith SW, (2004) Private information storage with logarithm-space secure hardware. In: International information security workshops, Toulouse, France, pp 201–216Google Scholar
  19. 19.
    Iliev A, Smith S (2005a) Protecting client privacy with trusted computing at the server. IEEE Secur Priv 3(2): 20–28CrossRefGoogle Scholar
  20. 20.
    Iliev A, Smith S (2005b) More efficient secure function evaluation using tiny trusted third parties. In: TR2005-551Google Scholar
  21. 21.
    Indyk P, Woodruff DP (2006) Polylogarithmic private approximations and efficient matching. In: TCC’06, New York, NY, pp 245–264Google Scholar
  22. 22.
    Jiang S, Smith S, Minami K (2001) Securing web servers against insider attack. In: ACSAC’01, Washington, DC, pp 265Google Scholar
  23. 23.
    Kalashnikov DV, Prabhakar S, Hambrusch SE (2004) Main memory evaluation of monitoring queries over moving objects. Distrib Parallel Databases 15(2): 117–135CrossRefGoogle Scholar
  24. 24.
    Kalnis P, Ghinita G, Mouratidis K, Papadias D (2006) Preserving anonymity in location based services. A technical reportGoogle Scholar
  25. 25.
    Khoshgozaran A, Shahabi C (2007) Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy. In: SSTD’07, Boston, MA, pp 239–257Google Scholar
  26. 26.
    Khoshgozaran A, Shirani-Mehr H, Shahabi C (2008) SPIRAL, a scalable private information retrieval approach to location privacy. In: The 2nd international workshop on privacy-aware location-based mobile services (PALMS). In conjunction with MDM’08, Beijing, ChinaGoogle Scholar
  27. 27.
    Kushilevitz E, Ostrovsky R (1997) Replication is not needed: single database, computationally private information retrieval. In: FOCS’97, Miami Beach, Florida, pp 364–373Google Scholar
  28. 28.
    Mokbel MF, Chow C-Y, Aref WG (2006)The new casper: query processing for location services without compromising privacy. In: VLDB’06, Seoul, Korea, pp 763–774Google Scholar
  29. 29.
    Mykletun E, Tsudik G (2005) Incorporating a secure coprocessor in the database-as-a-service model. In: IWIAć605, College Park, MD, pp 38–44Google Scholar
  30. 30.
  31. 31.
    Qiu L, Li Y, Wu X (2008) Protecting business intelligence and customer privacy while outsourcing data mining tasks. Knowl Inf Syst 17(1): 99–120CrossRefGoogle Scholar
  32. 32.
    Sion R, Carbunar B (2007) On the computational practicality of private information retrieval. In: NDSS’07, San Diego, CAGoogle Scholar
  33. 33.
    Smith S (1996) Secure coprocessing applications and research issues. Los Alamos unclassified release LAUR −96-2805, Los Alamos National LaboratoryGoogle Scholar
  34. 34.
    Smith SW, Safford D (2000) Practical private information retrieval with secure coprocessors. Technical report, IBMGoogle Scholar
  35. 35.
    Teng Z, Du W (2009) A hybrid multi-group approach for privacy-preserving data mining. Knowl Inf Syst 19(2): 133–157CrossRefGoogle Scholar
  36. 36.
    The IBM 4764 PCI-X cryptographic coprocessor, (April 2008).
  37. 37.
    Wang S, Ding X, Deng RH, Bao F (2006) Private information retrieval using trusted hardware. In: ESORICS’06, Germany, pp 49–64Google Scholar
  38. 38.
    Wang K, Fung BCM, Yu PS (2007) Handicapping attacker’s confidence: an alternative to k-anonymization. Knowl Inf Syst 11(3): 345–368CrossRefGoogle Scholar
  39. 39.
    Warrior J, McHenry E, McGee K (2003) They know where you are. IEEE Spectr 40(7): 20–25CrossRefGoogle Scholar
  40. 40.
    Wireless location privacy: law and policy in the U.S., EU and Japan.
  41. 41.
    Xiong X, Mokbel MF, Aref WG (2005) Sea-cnn: scalable processing of continuous k-nearest neighbor queries in spatio-temporal databases. In: ICDE’05, Tokyo, Japan, pp 643–654Google Scholar
  42. 42.
    Yiu ML, Jensen CS, Huang X, Lu H (2008) Spacetwist: managing the trade-offs among location privacy, query performance, and query accuracy in mobile services. In: ICDE’08, Cancun, Mexico, pp 366–375Google Scholar
  43. 43.
    Yu X, Pu KQ, Koudas N (2005) Monitoring k-nearest neighbor queries over moving objects. In: ICDE’05, Tokyo, Japan, pp 631–642Google Scholar

Copyright information

© Springer-Verlag London Limited 2010

Authors and Affiliations

  • Ali Khoshgozaran
    • 1
    Email author
  • Cyrus Shahabi
    • 1
  • Houtan Shirani-Mehr
    • 1
  1. 1.Department of Computer ScienceUniversity of Southern CaliforniaLos AngelesUSA

Personalised recommendations