A classification of location privacy attacks and approaches

Abstract

In recent years, location-based services have become very popular, mainly driven by the availability of modern mobile devices with integrated position sensors. Prominent examples are points of interest finders or geo-social networks such as Facebook Places, Qype, and Loopt. However, providing such services with private user positions may raise serious privacy concerns if these positions are not protected adequately. Therefore, location privacy concepts become mandatory to ensure the user’s acceptance of location-based services. Many different concepts and approaches for the protection of location privacy have been described in the literature. These approaches differ with respect to the protected information and their effectiveness against different attacks. The goal of this paper is to assess the applicability and effectiveness of location privacy approaches systematically. We first identify different protection goals, namely personal information (user identity), spatial information (user position), and temporal information (identity/position + time). Secondly, we give an overview of basic principles and existing approaches to protect these privacy goals. In a third step, we classify possible attacks. Finally, we analyze existing approaches with respect to their protection goals and their ability to resist the introduced attacks.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

References

  1. 1.

    Abul O, Bonchi F, Nanni M (2008) Never walk alone: uncertainty for anonymity in moving objects databases. In: Proceedings of the 24th international conference on data engineering (ICDE ’08), Washington, DC, USA, pp 376–385

  2. 2.

    Ardagna C, Cremonini M, Damiani E, De Capitani di Vimercati S, Samarati P (2007) Location privacy protection through obfuscation-based techniques. In: Proceedings of the 21st annual IFIP WG 11.3 working conference on data and applications security, Redondo Beach, CA, USA, pp 47–60

  3. 3.

    Ardagna CA, Cremonini M, Gianini G (2009) Landscape-aware location-privacy protection in location-based services. J Syst Archit 55(4):243–254

    Article  Google Scholar 

  4. 4.

    Bamba B, Liu L, Pesti P, Wang T (2008) Supporting anonymous location queries in mobile environments with privacygrid. In: Proceeding of the 17th international conference on world wide web (WWW ’08), Beijing, China, pp 237–246

  5. 5.

    Barker K, Askari M, Banerjee M, Ghazinour K, Mackas B, Majedi M, Pun S, Williams A (2009) A data privacy taxonomy. In: Proceedings of the 26th British national conference on databases: dataspace: the final frontier (BNCOD 26), Birmingham, UK, pp 42–54

  6. 6.

    Beresford AR, Stajano F (2003) Location privacy in pervasive computing. IEEE Pervasive Comput 2(1):46–55

    Article  Google Scholar 

  7. 7.

    Beresford AR, Stajano F (2004) Mix zones: user privacy in location-aware services. In: Proceedings of the second IEEE annual conference on pervasive computing and communications workshops (PerCom ’04 Workshops), pp 127–131

  8. 8.

    Bettini C, Mascetti S, Wang XS, Freni D, Jajodia S (2009) Anonymity and historical-anonymity in location-based services. In: Bettini C, Jajodia S, Samarati P, Wang X (eds) Privacy in location-based applications, lecture notes in computer science, vol 5599. Springer, Berlin, pp 1–30

  9. 9.

    Bettini C, Wang X, Jajodia S (2005) Protecting privacy against location-based personal identification. In: Jonker W, Petkovic M (eds) Secure data management, lecture notes in computer science, vol 3674. Springer, Berlin, pp 185–199

  10. 10.

    Chan CW, Chang CC (2005) A scheme for threshold multi-secret sharing. Appl Math Comput 166:1–14

    Article  MATH  MathSciNet  Google Scholar 

  11. 11.

    Cheng R, Zhang Y, Bertino E, Prabhakar S (2006) Preserving user location privacy in mobile data management infrastructures. In: Proceedings of the 6th international conference on privacy enhancing technologies (PET ’06), pp 393–412. Springer, Berlin

  12. 12.

    Chow CY, Mokbel MF (2011) Trajectory privacy in location-based services and data publication. SIGKDD Explor 13(1):19–29

    Article  Google Scholar 

  13. 13.

    Chow CY, Mokbel MF, Liu X (2011) Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments. GeoInformatica 15(2):351–380

    Article  Google Scholar 

  14. 14.

    Damiani ML, Bertino E, Silvestri C (2009) Protecting location privacy against spatial inferences: the probe approach. In: Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 international workshop on security and privacy in GIS and LBS (SPRINGL ’09), Seattle, Washington, pp 32–41

  15. 15.

    Damiani ML, Bertino E, Silvestri C (2010) The probe framework for the personalized cloaking of private locations. Trans Data Priv 3(2):123–148

    MathSciNet  Google Scholar 

  16. 16.

    Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: Proceedings of the third international conference on pervasive computing (Pervasive ’05), Munich, Germany, pp 152–170

  17. 17.

    Dürr F, Skvortsov P, Rothermel K (2011) Position sharing for location privacy in non-trusted systems. In: Proceedings of the 9th IEEE international conference on pervasive computing and communications (PerCom ’11), Seattle, USA, pp 189 –196

  18. 18.

    Facebook (2012) Places. http://www.facebook.com/places

  19. 19.

    Foursquare (2012) http://www.foursquare.com

  20. 20.

    Gedik B, Liu L (2005) Location privacy in mobile systems: a personalized anonymization model. In: Proceedings of the 25th IEEE international conference on distributed computing systems (ICDCS ’05), pp 620–629

  21. 21.

    Gedik B, Liu L (2008) Protecting location privacy with personalized k-anonymity: architecture and algorithms. IEEE Trans Mob Comput 7(1):1–18

    Article  Google Scholar 

  22. 22.

    Ghinita G, Damiani ML, Silvestri C, Bertino E (2009) Preventing velocity-based linkage attacks in location-aware applications. In: Proceedings of the 17th ACM SIGSPATIAL international conference on advances in geographic information systems (GIS ’09), Seattle, Washington, pp 246–255

  23. 23.

    Ghinita G, Kalnis P, Khoshgozaran A, Shahabi C, Tan KL (2008) Private queries in location based services: anonymizers are not necessary. In: Proceedings of the 2008 ACM SIGMOD international conference on management of data (SIGMOD ’08), Vancouver, Canada, pp 121–132

  24. 24.

    Ghinita G, Kalnis P, Skiadopoulos S (2007) Mobihide: a mobile peer-to-peer system for anonymous location-based queries. In: Proceedings of the 10th international conference on advances in spatial and temporal databases (SSTD ’07), Boston, MA, USA, pp 221–238

  25. 25.

    Ghinita G, Kalnis P, Skiadopoulos S (2007) Prive: anonymous location-based queries in distributed mobile systems. In: Proceedings of the 16th international conference on world wide web (WWW ’07), Banff, Alberta, Canada, pp 371–380

  26. 26.

    Gilbert P, Cox LP, Jung J, Wetherall D (2010) Toward trustworthy mobile sensing. In: Proceedings of the 11th workshop on mobile computing systems and applications (HotMobile ’10), Annapolis, Maryland, pp 31–36

  27. 27.

    Golle P, Partridge K (2009) On the anonymity of home/work location pairs. In: Proceedings of the 7th international conference on pervasive computing (Pervasive ’09), Nara, Japan, pp 390–397

  28. 28.

    Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st international conference on mobile systems, applications and services (MobiSys ’03), San Francisco, California, pp 31–42

  29. 29.

    Gutscher A (2006) Coordinate transformation—a solution for the privacy problem of location based services? In: Proceedings of the 20th international conference on parallel and distributed processing (IPDPS ’06), Rhodes Island, Greece, pp 354–354

  30. 30.

    Hashem T, Kulik L, Zhang R (2010) Privacy preserving group nearest neighbor queries. In: Proceedings of the 13th international conference on extending database technology (EDBT ’10), Lausanne, Switzerland, pp 489–500

  31. 31.

    Hoh B, Gruteser M, Herring R, Ban J, Work D, Herrera JC, Bayen AM, Annavaram M, Jacobson Q (2008) Virtual trip lines for distributed privacy-preserving traffic monitoring. In: Proceeding of the 6th international conference on mobile systems, applications, and services (MobiSys ’08), Breckenridge, CO, USA, pp 15–28

  32. 32.

    Hoh B, Gruteser M, Xiong H, Alrabady A (2007) Preserving privacy in gps traces via uncertainty-aware path cloaking. In: Proceedings of the 14th ACM conference on computer and communications security (CCS ’07), Alexandria, Virginia, USA, pp 161–171

  33. 33.

    Hu H, Xu J (2009) Non-exposure location anonymity. In: Proceedings of the 25th IEEE international conference on data engineering (ICDE ’09), pp 1120–1131

  34. 34.

    Kalnis P, Ghinita G, Mouratidis K, Papadias D (2007) Preventing location-based identity inference in anonymous spatial queries. IEEE Trans Knowl Data Eng 19(12):1719–1733

    Article  Google Scholar 

  35. 35.

    Khoshgozaran A, Shahabi C (2010) A taxonomy of approaches to preserve location privacy in location-based services. Int J Comput Sci Eng 5(2):86–96

    Article  Google Scholar 

  36. 36.

    Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: Proceedings of the international conference on pervasive services (ICPS ’05), pp 88–97

  37. 37.

    Krumm J (2007) Inference attacks on location tracks. In: Proceedings of the 5th international conference on pervasive computing (Pervasive ’07). Springer, Toronto, pp 127–143

  38. 38.

    Krumm J (2009) A survey of computational location privacy. Pers Ubiquit Comput 13(6):391–399

    Article  Google Scholar 

  39. 39.

    Lee JG, Han J, Whang KY (2007) Trajectory clustering: a partition-and-group framework. In: Proceedings of the 2007 ACM SIGMOD international conference on management of data (SIGMOD ’07), Beijing, China, pp 593–604

  40. 40.

    Li N, Li T, Venkatasubramanian S (2007) t-closeness: privacy beyond k-anonymity and l-diversity. In: Proceedings of the 23rd IEEE international conference on data engineering (ICDE ’07), pp 106–115

  41. 41.

    Loopt (2012) http://www.loopt.com

  42. 42.

    Machanavajjhala A, Kifer D, Gehrke J, Venkitasubramaniam M (2007) L-diversity: privacy beyond k-anonymity. ACM Trans Knowl Discov Data 1(3):3

    Google Scholar 

  43. 43.

    Marias G, Delakouridis C, Kazatzopoulos L, Georgiadis P (2005) Location privacy through secret sharing techniques. In: Proceedings of the 1st international IEEE WoWMoM workshop on trust, security and privacy for ubiquitous computing (WOWMOM ’05), pp 614–620

  44. 44.

    Mascetti S, Bettini C, Wang XS, Freni D, Jajodia S (2009) Providenthider: an algorithm to preserve historical k-anonymity in lbs. In: Proceedings of the 10th IEEE international conference on mobile data management (MDM ’09), pp 172–181. Taipei, Taiwan

  45. 45.

    Mascetti S, Freni D, Bettini C, Wang XS, Jajodia S (2011) Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies. VLDB J 20(4):541–566

    Article  Google Scholar 

  46. 46.

    Mokbel MF (2007) Privacy in location-based services: State-of-the-art and research directions. In: Proceedings of the 8th international conference on mobile data management (MDM ’07), p 228

  47. 47.

    Mokbel MF, Chow CY, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: Proceedings of the 32nd international conference on very large data bases (VLDB ’06), Seoul, Korea, pp 763–774

  48. 48.

    Palanisamy B, Liu L (2011) Mobimix: protecting location privacy with mix-zones over road networks. In: Proceedings of the 27th IEEE international conference on data engineering (ICDE ’11), pp 494–505

  49. 49.

    Pedreschi D, Bonchi F, Turini F, Verykios VS, Atzori M, Malin B, Moelans B, Saygin Y (2008) Privacy protection: regulations and technologies, opportunities and threats. In: Mobility, data mining and privacy. Springer, Berlin, pp 101–119

  50. 50.

    Privacy Rights Clearinghouse (2012) Privacy rights clearinghouse. http://www.privacyrights.org/data-breach

  51. 51.

    Qype (2012) http://www.qype.com

  52. 52.

    Shankar P, Ganapathy V, Iftode L (2009) Privately querying location-based services with sybilquery. In: Proceedings of the 11th international conference on ubiquitous computing (UbiComp ’09), Orlando, Florida, USA, pp 31–40

  53. 53.

    Shokri R, Theodorakopoulos G, Le Boudec J, Hubaux J (2011) Quantifying location privacy. In: Proceedings of the 31st IEEE symposium on security and privacy (SP ’11), Berleley/Oakland, California, USA, pp 247–262

  54. 54.

    Skvortsov P, Dürr F, Rothermel K (2012) Map-aware position sharing for location privacy in non-trusted systems. In: Proceedings of the 10th international conference on pervasive computing (Pervasive ’12), Newcastle, UK, pp 388–405

  55. 55.

    Solanas A, Domingo-Ferrer J, Martínez-Ballesté A (2008) Location privacy in location-based services: beyond ttp-based schemes. In: International workshop on privacy in location-based applications (PiLBA ’08), Malaga, Spain

  56. 56.

    Solanas A, Sebé F, Domingo-Ferrer J (2008) Micro-aggregation-based heuristics for p-sensitive k-anonymity: one step beyond. In: Proceedings of the 2008 international workshop on privacy and anonymity in information society (PAIS ’08), Nantes, France, pp 61–69

  57. 57.

    Talukder N, Ahamed SI (2010) Preventing multi-query attack in location-based services. In: Proceedings of the third ACM conference on wireless network security (WiSec ’10), Hoboken, New Jersey, USA, pp 25–36

  58. 58.

    Terrovitis M, Mamoulis N (2008) Privacy preservation in the publication of trajectories. In: Proceedings of the 9th international conference on mobile data management (MDM ’08), Beijing, China, pp 65–72

  59. 59.

    Wang T, Liu L (2009) From data privacy to location privacy. In: Tsai JJP, Yu PS (eds) Machine learning in cyber trust: security, privacy, and reliability, chap 9. Springer, Berlin, pp 217–247

  60. 60.

    Wernke M, Dürr F, Rothermel K (2012) PShare: position sharing for location privacy based on multi-secret sharing. In: Proceedings of the 10th IEEE international conference on pervasive computing and communications (PerCom ’12), Lugano, Switzerland, pp 153–161

  61. 61.

    Yiu ML, Jensen CS, Møller J, Lu H (2011) Design and analysis of a ranking approach to private location-based services. ACM Trans Database Syst 36(2):1–42

    Article  Google Scholar 

  62. 62.

    Zhang C, Huang Y (2009) Cloaking locations for anonymous location based services: a hybrid approach. Geoinformatica 13(2):159–182

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Marius Wernke.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Wernke, M., Skvortsov, P., Dürr, F. et al. A classification of location privacy attacks and approaches. Pers Ubiquit Comput 18, 163–175 (2014). https://doi.org/10.1007/s00779-012-0633-z

Download citation

Keywords

  • Location-based services
  • Location privacy
  • Protection goals
  • Principles
  • Adversary
  • Attacks
  • Classification
  • Approaches