Skip to main content
Log in

Location privacy: going beyond K-anonymity, cloaking and anonymizers

  • Published:
Knowledge and Information Systems Aims and scope Submit manuscript

Abstract

With many location-based services, it is implicitly assumed that the location server receives actual users locations to respond to their spatial queries. Consequently, information customized to their locations, such as nearest points of interest can be provided. However, there is a major privacy concern over sharing such sensitive information with potentially malicious servers, jeopardizing users’ private information. The anonymity- and cloaking-based approaches proposed to address this problem cannot provide stringent privacy guarantees without incurring costly computation and communication overhead. Furthermore, they require a trusted intermediate anonymizer to protect user locations during query processing. This paper proposes a fundamental approach based on private information retrieval to process range and K-nearest neighbor queries, the prevalent queries used in many location-based services, with stronger privacy guarantees compared to those of the cloaking and anonymity approaches. We performed extensive experiments on both real-world and synthetic datasets to confirm the effectiveness of our approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Al-Muhtadi J, Campbell RH, Kapadia A, Mickunas MD, Yi S (2002) Routing through the mist: privacy preserving communication in ubiquitous computing environments. In: ICDCS’02, Austria, pp 74–83

  2. Arnold TW, van Doorn L (2004) The IBM PCIXCC: a new cryptographic coprocessor for the IBM eServer. IBM J Res Dev 48(3–4): 475–488

    Article  Google Scholar 

  3. Asonov D (2004) Querying databases privately: a new approach to private information retrieval, vol 3128. Lecture notes in computer science. Springer, Berlin

    Google Scholar 

  4. Asonov D, Freytag JC (2002) Almost optimal private information retrieval. In: PET’02, San Francisco, CA, pp 209–223

  5. Bamba B, Liu L, Pesti P, Wang T (2008) Supporting anonymous location queries in mobile environments with privacygrid. In: WWW’08, Beijin, China, pp 237–246

  6. Bhattacharjee B, Abe N, Goldman K, Zadrozny B, Chillakuru VR, del Carpio M, Apte C (2006) Using secure coprocessors for privacy preserving collaborative data mining and analysis. In: DaMoN’06, Chicago, IL, p 1

  7. Bouganim L, Pucheral P (2002) Chip-secured data access: confidential data on untrusted servers. In: VLDB’02, Hong Kong, China, pp 131–142

  8. Cabbies threaten strike over GPS systems. http://www.cnn.com/2007/TECH/08/01/gps.taxi.strike.ap/index.html

  9. Chor B, Kushilevitz E, Goldreich O, Sudan M (1998) Private information retrieval. J ACM 45(6): 965–981

    Article  MATH  MathSciNet  Google Scholar 

  10. Damiani E, Vimercati SDC, Jajodia S, Paraboschi S, Samarati P (2003) Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS’03, Washingtion, DC, pp 93–102

  11. Faloutsos C, Roseman S (1989) Fractals for secondary key retrieval. In: PDS’89, New York, NY, pp 247–252

  12. Gedik B, Liu L (2005) A customizable k-anonymity model for protecting location privacy. In: ICDS’05, Columbus, OH, pp 620–629

  13. Ghinita G, Kalnis P, Skiadopoulos S (2007) PRIVE: anonymous location-based queries in distributed mobile systems. In: WWW’07, Alberta CA, pp 371–380

  14. Ghinita G, Kalnis P, Khoshgozaran A, Shahabi C, Tan K-L (2008) Private queries in location based services: anonymizers are not necessary. In: SIGMOD’08, Vancouver, Canada, pp 121–132

  15. Gonzalez MC, Hidalgo CA, Barabasi A (2008) Understanding individual human mobility patterns. Nature 453: 779–782

    Article  Google Scholar 

  16. Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: MobiSys’03, San Francisco, CA, pp 31–42

  17. Hengartner U (2007) Hiding location information from location-based services. In: MDM’07, Mannheim, Germany, pp 268–272

  18. Iliev A, Smith SW, (2004) Private information storage with logarithm-space secure hardware. In: International information security workshops, Toulouse, France, pp 201–216

  19. Iliev A, Smith S (2005a) Protecting client privacy with trusted computing at the server. IEEE Secur Priv 3(2): 20–28

    Article  Google Scholar 

  20. Iliev A, Smith S (2005b) More efficient secure function evaluation using tiny trusted third parties. In: TR2005-551

  21. Indyk P, Woodruff DP (2006) Polylogarithmic private approximations and efficient matching. In: TCC’06, New York, NY, pp 245–264

  22. Jiang S, Smith S, Minami K (2001) Securing web servers against insider attack. In: ACSAC’01, Washington, DC, pp 265

  23. Kalashnikov DV, Prabhakar S, Hambrusch SE (2004) Main memory evaluation of monitoring queries over moving objects. Distrib Parallel Databases 15(2): 117–135

    Article  Google Scholar 

  24. Kalnis P, Ghinita G, Mouratidis K, Papadias D (2006) Preserving anonymity in location based services. A technical report

  25. Khoshgozaran A, Shahabi C (2007) Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy. In: SSTD’07, Boston, MA, pp 239–257

  26. Khoshgozaran A, Shirani-Mehr H, Shahabi C (2008) SPIRAL, a scalable private information retrieval approach to location privacy. In: The 2nd international workshop on privacy-aware location-based mobile services (PALMS). In conjunction with MDM’08, Beijing, China

  27. Kushilevitz E, Ostrovsky R (1997) Replication is not needed: single database, computationally private information retrieval. In: FOCS’97, Miami Beach, Florida, pp 364–373

  28. Mokbel MF, Chow C-Y, Aref WG (2006)The new casper: query processing for location services without compromising privacy. In: VLDB’06, Seoul, Korea, pp 763–774

  29. Mykletun E, Tsudik G (2005) Incorporating a secure coprocessor in the database-as-a-service model. In: IWIAć605, College Park, MD, pp 38–44

  30. Online data gets personal: cell phone records for sale. http://www.washingtonpost.com/wpdyn/content/article/2005/07/07/AR2005070701862_pf.html

  31. Qiu L, Li Y, Wu X (2008) Protecting business intelligence and customer privacy while outsourcing data mining tasks. Knowl Inf Syst 17(1): 99–120

    Article  Google Scholar 

  32. Sion R, Carbunar B (2007) On the computational practicality of private information retrieval. In: NDSS’07, San Diego, CA

  33. Smith S (1996) Secure coprocessing applications and research issues. Los Alamos unclassified release LAUR −96-2805, Los Alamos National Laboratory

  34. Smith SW, Safford D (2000) Practical private information retrieval with secure coprocessors. Technical report, IBM

  35. Teng Z, Du W (2009) A hybrid multi-group approach for privacy-preserving data mining. Knowl Inf Syst 19(2): 133–157

    Article  Google Scholar 

  36. The IBM 4764 PCI-X cryptographic coprocessor, (April 2008). http://www-03.ibm.com/security/cryptocards/pcixcc/overperformance.shtml

  37. Wang S, Ding X, Deng RH, Bao F (2006) Private information retrieval using trusted hardware. In: ESORICS’06, Germany, pp 49–64

  38. Wang K, Fung BCM, Yu PS (2007) Handicapping attacker’s confidence: an alternative to k-anonymization. Knowl Inf Syst 11(3): 345–368

    Article  Google Scholar 

  39. Warrior J, McHenry E, McGee K (2003) They know where you are. IEEE Spectr 40(7): 20–25

    Article  Google Scholar 

  40. Wireless location privacy: law and policy in the U.S., EU and Japan. http://www.isoc.org/briefings/015/briefing15.pdf

  41. Xiong X, Mokbel MF, Aref WG (2005) Sea-cnn: scalable processing of continuous k-nearest neighbor queries in spatio-temporal databases. In: ICDE’05, Tokyo, Japan, pp 643–654

  42. Yiu ML, Jensen CS, Huang X, Lu H (2008) Spacetwist: managing the trade-offs among location privacy, query performance, and query accuracy in mobile services. In: ICDE’08, Cancun, Mexico, pp 366–375

  43. Yu X, Pu KQ, Koudas N (2005) Monitoring k-nearest neighbor queries over moving objects. In: ICDE’05, Tokyo, Japan, pp 631–642

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ali Khoshgozaran.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Khoshgozaran, A., Shahabi, C. & Shirani-Mehr, H. Location privacy: going beyond K-anonymity, cloaking and anonymizers. Knowl Inf Syst 26, 435–465 (2011). https://doi.org/10.1007/s10115-010-0286-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10115-010-0286-z

Keywords

Navigation