Optimal noise functions for location privacy on continuous regions

Regular Contribution


Users of location-based services are highly vulnerable to privacy risks since they need to disclose, at least partially, their locations to benefit from these services. One possibility to limit these risks is to obfuscate the location of a user by adding random noise drawn from a noise function. In this paper, we require the noise functions to satisfy a generic location privacy notion called \(\ell \)-privacy, which makes the position of the user in a given region \(\mathcal {X}\) relatively indistinguishable from other points in \(\mathcal {X}\). We also aim at minimizing the loss in the service utility due to such obfuscation. While existing optimization frameworks regard the region \(\mathcal {X}\) restrictively as a finite set of points, we consider the more realistic case in which the region is rather continuous with a nonzero area. In this situation, we demonstrate that circular noise functions are enough to satisfy \(\ell \)-privacy on \(\mathcal {X}\) and equivalently on the entire space without any penalty in the utility. Afterward, we describe a large parametric space of noise functions that satisfy \(\ell \)-privacy on \(\mathcal {X}\), and show that this space has always an optimal member, regardless of \(\ell \) and \(\mathcal {X}\). We also investigate the recent notion of \(\epsilon \)-geo-indistinguishability as an instance of \(\ell \)-privacy and prove in this case that with respect to any increasing loss function, the planar Laplace noise function is optimal for any region having a nonzero area.


Location privacy \(\ell \)-privacy Geo-indistinguishability Symmetric mechanisms Location-based services Noise functions Distinguishability functions 


  1. 1.
    Andrés, M.E., Bordenabe, N.E., Chatzikokolakis, K., Palamidessi, C.: Geo-indistinguishability: differential privacy for location-based systems. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS ’13, pp. 901–914. ACM, New York (2013)Google Scholar
  2. 2.
    Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Comput. 2(1), 46–55 (2003)CrossRefGoogle Scholar
  3. 3.
    Billingsley, P.: Convergence of Probability Measure. Wiley Series in Probability and Statistics: Probability and Statistics, 2nd edn. Wiley, New York (1999)CrossRefGoogle Scholar
  4. 4.
    Bordenabe, N.E., Chatzikokolakis, K., Palamidessi, C.: Optimal geo-indistinguishable mechanisms for location privacy. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pp. 251–262. ACM, New York (2014)Google Scholar
  5. 5.
    Brenner, H., Nissim, K.: Impossibility of differentially private universally optimal mechanisms. In: Proceedings of FOCS, pp. 71–80. IEEE (2010)Google Scholar
  6. 6.
    Chatzikokolakis, K., Palamidessi, C., Stronati, M.: A predictive differentially-private mechanism for mobility traces. In: Proceedings of PETS, LNCS, vol. 8555, pp. 21–41. Springer (2014)Google Scholar
  7. 7.
    Chen, R., Fung, B.C., Desai, B.C., Sossou, N.M.: Differentially private transit data publication: a case study on the montreal transportation system. In: Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’12, pp. 213–221. ACM, New York (2012)Google Scholar
  8. 8.
    Dwork, C.: Differential privacy. In: Proceedings of ICALP, LNCS, vol. 4052, pp. 1–12. Springer (2006)Google Scholar
  9. 9.
    ElSalamouny, E., Chatzikokolakis, K., Palamidessi, C.: A differentially private mechanism of optimal utility for a region of priors. In: Proceedings of the Second International Conference on Principles of Security and Trust, POST’13, pp. 41–62. Springer-Verlag, Berlin, Heidelberg (2013)Google Scholar
  10. 10.
    ElSalamouny, E., Chatzikokolakis, K., Palamidessi, C.: Generalized differential privacy: regions of priors that admit robust optimal mechanisms. In: Horizons of the Mind. A Tribute to Prakash Panangaden: Essays Dedicated to Prakash Panangaden on the Occasion of His 60th Birthday, LNCS, vol. 8464, pp. 292–318. Springer International Publishing (2014)Google Scholar
  11. 11.
    ElSalamouny, E., Gambs, S.: Differential privacy models for location-based services. Trans. Data Priv. 9(1), 15–48 (2016)Google Scholar
  12. 12.
    Freudiger, J., Shokri, R., Hubaux, J.P.: Evaluating the Privacy Risk of Location-Based Services. Springer, Berlin (2012)CrossRefGoogle Scholar
  13. 13.
    Gambs, S., Killijian, M., del Prado Cortez, M.N.: De-anonymization attack on geolocated data. J. Comput. Syst. Sci. 80(8), 1597–1614 (2014)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Gedik, B., Liu, L.: Location privacy in mobile systems: a personalized anonymization model. In: Proceedings of the 25th IEEE International Conference on Distributed Computing Systems, ICDCS ’05, pp. 620–629. IEEE Computer Society, Washington (2005)Google Scholar
  15. 15.
    Geng, Q., Viswanath, P.: The optimal noise-adding mechanism in differential privacy. IEEE Trans. Inf. Theory 62(2), 925–951 (2016)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Geng, Q., Viswanath, P.: Optimal noise adding mechanisms for approximate differential privacy. IEEE Trans. Inf. Theory 62(2), 952–969 (2016)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Ghosh, A., Roughgarden, T., Sundararajan, M.: Universally utility-maximizing privacy mechanisms. In: Proceedings of STOC, pp. 351–360. ACM (2009)Google Scholar
  18. 18.
    Golle, P., Partridge, K.: On the Anonymity of Home/Work Location Pairs. Springer, Berlin (2009)Google Scholar
  19. 19.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, MobiSys ’03, pp. 31–42. ACM, New York (2003)Google Scholar
  20. 20.
    Gupte, M., Sundararajan, M.: Universally optimal privacy mechanisms for minimax agents. In: Proceedings of PODS, pp. 135–146. ACM (2010)Google Scholar
  21. 21.
    Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Enhancing security and privacy in traffic-monitoring systems. IEEE Pervasive Comput. 5(4), 38–46 (2006)CrossRefGoogle Scholar
  22. 22.
    Krumm, J.: Inference Attacks on Location Tracks. Springer, Berlin (2007)CrossRefGoogle Scholar
  23. 23.
    Leskovec, J.: Gowalla. https://snap.stanford.edu/data/loc-gowalla.html (2010). Accessed 2 July 2016
  24. 24.
    Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity—a proposal for terminology. In: Designing Privacy Enhancing Technologies, LNCS, vol. 2009, pp. 1–9. Springer, Berlin (2001)Google Scholar
  25. 25.
    Salamon, D.: Measure and Integration. EMS Textbooks in Mathematics. European Mathematical Society, Zürich (2016)Google Scholar
  26. 26.
    Shokri, R., Theodorakopoulos, G., Danezis, G., Hubaux, J.P., Le Boudec, J.Y.: Quantifying location privacy: The case of sporadic location exposure. In: Proceedings of PETS, LNCS, vol. 6794, pp. 57–76. Springer, Berlin (2011)Google Scholar
  27. 27.
    Shokri, R., Theodorakopoulos, G., Le Boudec, J.Y., Hubaux, J.P.: Quantifying location privacy. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP ’11, pp. 247–262. IEEE Computer Society, Washington (2011)Google Scholar
  28. 28.
    Shokri, R., Theodorakopoulos, G., Troncoso, C., Hubaux, J.P., Le Boudec, J.Y.: Protecting location privacy: optimal strategy against localization attacks. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, pp. 617–627. ACM, New York (2012)Google Scholar
  29. 29.
    Shokri, R., Troncoso, C., Diaz, C., Freudiger, J., Hubaux, J.P.: Unraveling an old cloak: k-anonymity for location privacy. In: Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society, WPES ’10, pp. 115–118. ACM, New York (2010)Google Scholar
  30. 30.
    van der Vaart, A., Wellner, J.: Weak Convergence and Empirical Processes: With Applications to Statistics. Springer Series in Statistics. Springer, New York (1996)CrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  1. 1.INRIAParisFrance
  2. 2.Faculty of Computers and InformaticsSuez Canal UniversityIsmailiaEgypt
  3. 3.Université du Québec à Montréal (UQAM)MontréalCanada

Personalised recommendations