Knowledge and Information Systems

, Volume 45, Issue 3, pp 589–615 | Cite as

The Cloaked-Centroid protocol: location privacy protection for a group of users of location-based services

  • Maede Ashouri-Talouki
  • Ahmad Baraani-Dastjerdi
  • Ali Aydın Selçuk
Regular Paper


Several techniques have been recently proposed to protect user location privacy while accessing location-based services (LBSs). However, applying these techniques to protect location privacy for a group of users would lead to user privacy leakage and query inefficiency. In this paper, we propose a two-phase protocol, we name Cloaked-Centroid, which is designed specifically to protect location privacy for a group of users. We identify location privacy issues for a group of users who may ask an LBS for a meeting place that is closest to the group centroid. Our protocol relies on spatial cloaking, an anonymous veto network and a conference key establishment protocol. In the first phase, member locations are cloaked into a single region based on their privacy profiles, and then, a single query is submitted to an LBS. In the second phase, a special secure multiparty computation extracts the meeting point result from the received answer set. Our protocol is resource aware, taking into account the LBS overhead and the communication cost, i.e., the number of nearest neighbor queries sent to a service provider and the number of returned points of interests. Regarding privacy, Cloaked-Centroid protects the location privacy of each group member from those in the group and from anyone outside the group, including the LBS. Moreover, our protocol provides result-set anonymity, which prevents LBS providers and other possible attackers from learning the meeting place location. Extensive experiments show that the proposed protocol is efficient in terms of computation and communication costs. A security analysis shows the resistance of the protocol against collusion, disruption and background knowledge attacks in a malicious model.


Location privacy Group privacy Location-based services  Secure multiparty computation 



This work was partially supported by the CyberSpace Research Institute of the Islamic Republic of Iran.


  1. 1.
    Ardagna CA, Cremonini M, De Capitani di Vimercati S et al (2011) An obfuscation-based approach for protecting location privacy. IEEE Trans Dependable Secur Comput (TDSC) 8:13–27CrossRefGoogle Scholar
  2. 2.
    Ashouri-Talouki M, Baraani-Dastjerdi A, Selçuk AA (2012) GLP: a cryptographic approach for group location privacy. Comput Commun 35:1527–1533CrossRefGoogle Scholar
  3. 3.
    Bamba B, Liu L, Pesti P et al (2008) Supporting anonymous location queries in mobile environments with PrivacyGrid. In: Proceedings of world wide web conference (WWW ’08), pp 237–246Google Scholar
  4. 4.
    Bickson D, Reinman T, Dolev D et al (2009) Peer-to-peer secure multi-party numerical computation facing malicious adversaries. Peer-to-Peer Netw Appl J 3:129–144CrossRefGoogle Scholar
  5. 5.
    Boudot F (2000) Efficient proofs that a committed number lies in an interval. In: Proceedings of advances in cryptology (EUROCRYPT’00), pp 431–444Google Scholar
  6. 6.
    Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Springer, Berlin, ISBN 978-3-540-43107-7Google Scholar
  7. 7.
    Burmester M, Desmedt Y (1994) A secure and efficient conference key distribution system. In: Proceedings of advances in cryptology (EUROCRYPT’94), pp 275–286Google Scholar
  8. 8.
    Camenisch J, Michels M (1999) Proving in zero-knowledge that a number is the product of two safe primes. In: Proceedings of advances in cryptology (EUROCRYPT’99), LNCS, vol 1592, pp 106–121Google Scholar
  9. 9.
    Chaum D (1988) The dining cryptographers problem: unconditional sender and recipient untraceability. J Cryptol 1:65–67MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Chen K, Liu L (2011) Geometric data perturbation for privacy preserving outsourced data mining. Knowl Inf Syst 29:657–695CrossRefGoogle Scholar
  11. 11.
    Chow CY, Mokbel MF, Aref WG (2009) Casper*: query processing for location services without compromising privacy. ACM Trans Database Syst 34:1–48CrossRefGoogle Scholar
  12. 12.
    Chow CY, Mokbel MF, Bao J et al (2011) Query-aware location anonymization for road networks. GeoInformatica 15(3):571–607CrossRefGoogle Scholar
  13. 13.
    Chow CY, Mokbel MF (2007) Enabling private continuous queries for revealed user locations. In: Proceedings of international conference on Advances in spatial and temporal databases (SSTD’07), pp 258–273Google Scholar
  14. 14.
    Chow CY, Mokbel MF, Liu X (2006) A peer-to-peer spatial cloaking algorithm for anonymous location-based services. In: Proceedings of the ACM symposium on advances in geographic information systems (GIS’06), pp 171–178Google Scholar
  15. 15.
    Chow CY, Mokbel MF, Liu X (2011) Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments. GeoInformatica 15:351–380CrossRefGoogle Scholar
  16. 16.
    Cramer R, Franklin MK, Schoenmakers B et al (1996) Multi-authority secret-ballot elections with linear work. In: Proceedings of advanced in cryptology (EUROCRYPT’69), pp 72–83Google Scholar
  17. 17.
    Das K, Bhaduri K, Kargupta H (2010) A local asynchronous distributed privacy preserving feature selection algorithm for large peer-to-peer networks. Knowl Inf Syst 24:341–367CrossRefGoogle Scholar
  18. 18.
    Dewri R (2011) Location privacy and attacker knowledge: who are we fighting against? In: Proceeding of 7th international ICST conference on security and privacy in communication networks, SecureComm, London, UKGoogle Scholar
  19. 19.
    Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: Proceedings of international conference on pervasive computing (Pervasive’05), pp 152–170Google Scholar
  20. 20.
    Gedik B, Liu L (2008) Protecting location privacy with personalized k-anonymity: architecture and algorithms. IEEE Trans Mob Comput TMC 7:1–18CrossRefGoogle Scholar
  21. 21.
    Ghinita G, Kalnis P, Skiadopoulos S (2007) MobiHide: a mobile peer-to-peer system for anonymous location-based queries. In: Proceedings of international symposium on advances in spatial and temporal databases (SSTD’07), pp 221–238Google Scholar
  22. 22.
    Ghinita G, Kalnis P, Skiadopoulos S (2007) PRIVÉ: anonymous location-based queries in distributed mobile systems. In: Proceedings of international conference on world wide web (WWW’07), pp 371–389Google Scholar
  23. 23.
    Ghinita G, Kalnis P, Kantarcioglu M et al (2009) A hybrid technique for private location-based queries with database protection. In: Proceedings of international symposium on advances in spatial and temporal databases (SSTD’09). LNCS, vol 5644, pp 98–116Google Scholar
  24. 24.
    Ghinita G, Kalnis P, Khoshgozaran A et al (2008) Private queries in location based services: Anonymizers are not necessary. In: Proceedings of the ACM international conference on management of data (SIGMOD’08), pp 121–132Google Scholar
  25. 25.
    Goldreich O, Micali S, Wigderson A (1987) How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the nineteenth annual ACM conference on theory of computing (STOC’87), pp 218–229Google Scholar
  26. 26.
    Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of MobiSys, pp 31–42Google Scholar
  27. 27.
    Gruteser M, Schelle G, Jain A et al (2003) Privacy-aware location sensor networks. In: Proceedings of USENIX workshop on hot topics in operating systems (HOTOS’03)Google Scholar
  28. 28.
    Hao F, Zielinski P (2006) A 2-round anonymous veto protocol. In: Proceedings of the 14th international workshop on security protocols, Cambridge. LNCS, vol 5087, pp 202–211Google Scholar
  29. 29.
    Hao F, Zielinski P (2009) The power of anonymous veto in public discussion. Trans Comput Sci IV 5430:41–52CrossRefGoogle Scholar
  30. 30.
    Hashem T and Kulik L (2007) Safeguarding location privacy in wireless ad-hoc networks. In: Proceedings of international conference on ubiquitous computing (Ubicomp’07), pp 372–390Google Scholar
  31. 31.
    Hashem T, Kulik L, Zhang R (2010) Privacy preserving group nearest neighbor queries. In: Proceedings of international conference on extending database technology (EDBT’10), pp 489–500Google Scholar
  32. 32.
    Hu H, Xu J (2009) Non-exposure location anonymity. In: Proceedings of IEEE international conference on data engineering (ICDE’09), pp 1120–1131Google Scholar
  33. 33.
    Kalnis P, Ghinita G, Mouratidis K et al (2007) Preventing location-based identity inference in anonymous spatial queries. IEEE Trans Knowl Data Eng (IEEE TKDE) 19:1719–1733CrossRefGoogle Scholar
  34. 34.
    Khoshgozaran A, Shahabi C, Shirani-Mehr H (2011) Location privacy: going beyond K-anonymity, cloaking and anonymizers. Knowl Inf Syst 26:435–465CrossRefGoogle Scholar
  35. 35.
    Khoshgozaran A, Shahabi C (2007) Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy. In: Proceedings of international conference on advances in spatial and temporal databases (SSTD’07), pp 239–257Google Scholar
  36. 36.
    Kiayias A, Yung M (2003) Non-interactive zero-sharing with applications to private distributed decision making. In: Proceedings of financial cryptography. LNCS, vol 2742, pp 303–320Google Scholar
  37. 37.
    Langheinrich M (2002) A privacy awareness system for ubiquitous computing environments. In: Proceedings of the 4th international conference on ubiquitous computing (UbiComp’02), pp 237–245Google Scholar
  38. 38.
    Lee B, Oh J, Yu H et al. (2011) Protecting location privacy using location semantics. In: Proceedings of ACM international conference on knowledge discovery and data mining (KDD’11), pp 1289–1297Google Scholar
  39. 39.
    Lindell Y, Pinkas B (2002) Privacy preserving data mining. J Cryptol 15(3):177–206MathSciNetCrossRefMATHGoogle Scholar
  40. 40.
    Mao W (1998) Guaranteed correct sharing of integer factorization with off-line shareholders. In: Proceedings of public key cryptography (PKC’98), pp 27–42Google Scholar
  41. 41.
    Menezes AJ, Van Oorschot PC, Vanstone SA (1997) Handbook of applied cryptography. CRC Press, Boca RatonMATHGoogle Scholar
  42. 42.
    Mokbel MF (2008) Privacy-preserving location services. In: Proceedings of IEEE international conference on data engineering (ICDM’08), Pisa, Italy (3-hours tutorial)Google Scholar
  43. 43.
    Mokbel MF, Chow CY, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: Proceedings of the 32nd international conference on very large data bases (VLDB’06), pp 763–774Google Scholar
  44. 44.
    Mokbel MF (2007) Privacy in location-based services: state-of-the-art and research directions. In: IEEE international conference on mobile data management, MDM 2007, Mannheim, Germany (3-hours tutorial)Google Scholar
  45. 45.
    Olumofin F, Tysowski PK, Goldberg I et al (2010) Achieving efficient query privacy for location based services. In: Proceedings of the 10th international conference on privacy enhancing technologies (PETS’10), pp 93–110Google Scholar
  46. 46.
    Paillier P, Pointcheval D (1999) Efficient public-key cryptosystems provably secure against active adversaries. In: Advances in cryptology (ASIACRYPT’99), pp 165–179Google Scholar
  47. 47.
    Papadias D, Tao Y, Mouratidis K et al (2005) Aggregate nearest neighbor queries in spatial databases. ACM Trans Database Syst (TODS) 30:529–576CrossRefGoogle Scholar
  48. 48.
    Peng K, Bao F (2010) Batch range proof for practical small ranges. In: Proceedings of the AFRICACRYPT. LNCS, vol 6055, pp 114–130Google Scholar
  49. 49.
    Pieprzyk J, Hardjono T, Seberry J (2003) Fundamentals of computer security. Springer, Berlin, ISBN 978-3-540-43101-5Google Scholar
  50. 50.
    Pohlig S, Hellman M (1978) An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans Inf Theory 24:106–110MathSciNetCrossRefMATHGoogle Scholar
  51. 51.
    Ramakrishnan R, Gehrke J (2009) Database Manag Syst, 3rd edn. WCB/McGraw-Hill, New YorkGoogle Scholar
  52. 52.
    Reed MG, Syverson PF, Goldschlag DM (1998) Anonymous connections and onion routing. IEEE J Sel Areas Commun 16:482–494CrossRefGoogle Scholar
  53. 53.
    Sakuma J, Kobayashi S (2010) Large-scale k-means clustering with user-centric privacy-preservation. Knowl Inf Syst 25:253–279CrossRefGoogle Scholar
  54. 54.
    Schnorr CP (1991) Efficient signature generation by smart cards. J Cryptol 4:161–174MathSciNetCrossRefMATHGoogle Scholar
  55. 55.
    Solanas A, Domingo-Ferrer J, Martínez-Ballesté A (2008) Location privacy in location-based services: beyond TTP-based schemes. In: Proceeding of 1st international workshop on privacy in location-based applications (PILBA) within 13th European symposium on research in computer security (ESORICS), pp 12–23Google Scholar
  56. 56.
    Solanas A, Martínez-Ballesté A (2008) A TTP-free protocol for location privacy in location-based services. Comput Commun 31:1181–1191CrossRefGoogle Scholar
  57. 57.
    Strassman M, Collier C (2004) Case study: the development of the find friends application. In: Schiller JH, Voisard A (eds) Location-based services. Morgan Kaufmann, Los Altos, pp 27–40CrossRefGoogle Scholar
  58. 58.
    Tai CH, Yu PS, Yang DN et al (2011) Privacy-preserving social network publication against friendship attacks. In: Proceedings of ACM international conference on knowledge discovery and data mining (KDD’11), pp 1262–1270Google Scholar
  59. 59.
    Yakut I, Polat H (2012) Privacy-preserving hybrid collaborative filtering on cross distributed data. Knowl Inf Syst 30:405–433. doi: 10.1007/s10115-011-0395-3 CrossRefGoogle Scholar
  60. 60.
    Yang B, Nakagawa B, Sato I, Sakuma J (2010) Collusion-resistant privacy-preserving data mining. In: Proceedings of the ACM international conference on knowledge discovery and data mining (KDD’10), pp 483–492Google Scholar
  61. 61.
    Yiu ML, Jensen C, Huang X et al (2008) SpaceTwist: managing the trade-offs among location privacy, query performance, and query accuracy in mobile services. In: Proceedings of IEEE international conference on data engineering (ICDE’08), pp 366–375Google Scholar
  62. 62.
    Zhong G, Goldberg I, Hengartner U (2007) Louis, lester and pierre: three protocols for location privacy. In: Proceedings of privacy enhancing technologies (PET’07), pp 62–76Google Scholar
  63. 63.
    Zhong G, Hengartner U (2009) A distributed k-anonymity protocol for location privacy. In: Proceedings of IEEE international conference on pervasive computing and communications (PerCom’09), pp 253–262Google Scholar
  64. 64.
    Zhou B, Pei J (2011) The k-anonymity and l-diversity approaches for privacy preservation in social networks against neighborhood attacks. Knowl Inf Syst 28:47–77. doi: 10.1007/s10115-010-0311-2 CrossRefGoogle Scholar

Copyright information

© Springer-Verlag London 2014

Authors and Affiliations

  • Maede Ashouri-Talouki
    • 1
  • Ahmad Baraani-Dastjerdi
    • 2
  • Ali Aydın Selçuk
    • 3
  1. 1.Department of IT Engineering, Faculty of Computer EngineeringThe University of IsfahanIsfahanIran
  2. 2.Department of Software Engineering, Faculty of Computer EngineeringThe University of IsfahanIsfahanIran
  3. 3.Department of Computer EngineeringTOBB University of Economics and TechnologyAnkaraTurkey

Personalised recommendations