Skip to main content
Log in

Cloaking locations for anonymous location based services: a hybrid approach

  • Published:
GeoInformatica Aims and scope Submit manuscript


An important privacy issue in Location Based Services is to hide a user’s identity while still provide quality location based services. Previous work has addressed the problem of locational \(\mathcal{K}\)-anonymity either based on centralized or decentralized schemes. However, a centralized scheme relies on an anonymizing server (AS) for location cloaking, which may become the performance bottleneck when there are large number of clients. More importantly, holding information in a centralized place is more vulnerable to malicious attacks. A decentralized scheme depends on peer communication to cloak locations and is more scalable. However, it may pose too much computation and communication overhead to the clients. The service fulfillment rate may also be unsatisfied especially when there are not enough peers nearby. This paper proposes a new hybrid framework called HiSC that balances the load between the AS and mobile clients. HiSC partitions the space into base cells and a mobile client claims a surrounding area consisting of base cells. The number of mobile clients in the surrounding cells is kept and updated at both client and AS sides. A mobile client can either request cloaking service from the centralized AS or use a peer-to-peer approach for spatial cloaking based on personalized privacy, response time, and service quality requirements. HiSC can elegantly distribute the work load between the AS and the mobile clients by tuning one system parameter base cell size and two client parameters - surrounding cell size and tolerance count. By integrating salient features of two schemes, HiSC successfully preserves query anonymity and provides more scalable and consistent service. Both the AS and the clients can enjoy much less work load. Additionally, we propose a simple yet effective random range shifting algorithm to prevent possible privacy leakage that would exist in the original P2P approach. Our experiments show that HiSC can elegantly balance the work load based on privacy requirements and client distribution. HiSC provides close to optimal service quality. Meanwhile, it reduces the response time by more than an order of magnitude from both the P2P scheme and the centralized scheme when anonymity level(value of \(\mathcal{K}\)) or number of clients is large. It also reduces the update message cost of the AS by nearly 6 times and the peer searching message cost of the clients by more than an order of magnitude.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others


  1. For writing convenience, we will use s m to represent both m’s surrounding cell and the size of the cell.

  2. The formula is only an estimation and used for tuning guidelines. Due to RRS and other factors, the actual size could be different.


  1. Snekkenes E (2001) Concepts for personal location privacy policies. In: EC ’01: proceedings of the 3rd ACM conference on Electronic Commerce. ACM, pp 48–57

  2. Langheinrich M (2001) Privacy by design—principles of privacy-aware ubiquitous systems. In: UbiComp ’01: proceedings of the 3rd international conference on ubiquitous computing. Springer-Verlag, pp 273–291

  3. Duri S, Gruteser M, Liu X, Moskowitz P, Perez R, Singh M, Tang, JM (2002) Framework for security and privacy in automotive telematics. In: WMC ’02: proceedings of the 2nd international workshop on mobile commerce. ACM, pp 25–32

  4. Ardagna CA, Cremonini M, Damiani E, di Vimercati SDC, Samarati P (2006) Supporting location-based conditions in access control policies. In: ASIACCS ’06: proceedings of the 2006 ACM symposium on information, computer and communications security. ACM, pp 212–222

  5. Zibuschka J, Scherner T, Fritsch L, Rannenberg K, Goethe JW (2006) Towards a unified interface for privacy regulation-conformant location-based services. In: W3C workshop on languages for privacy policy negotiation and semantics-driven enforcement. Ispra/Italy, October 2006

  6. Sweeney L (2002) k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness and Knowl-based Syst 10(5):557–570

    Article  Google Scholar 

  7. Sweeney L (2002) Achieving k-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzziness and Knowl-based Syst 10(5):571–588

    Article  Google Scholar 

  8. Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: MobiSys ’03: proceedings of the 1st international conference on mobile systems, applications and services. ACM, pp 31–42

  9. Gedik B, Liu L (2005) Location privacy in mobile systems: a personalized anonymization model. In: ICDCS ’05: proceedings of the 25th IEEE international conference on distributed computing systems. IEEE Computer Society, pp 620–629

  10. Kalnis P, Ghinita G, Mouratidis K, Papadias D (2006) Preserving anonymity in location based services. Technical report, National University of Singapore

  11. Mokbel MF, Chow CY, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: VLDB ’06: proceedings of the 32nd international conference on very large data bases. VLDB Endowment, pp 763–774

  12. Hoh B, Gruteser M (2005) Protecting location privacy through path confusion. In: SECURECOMM ’05: proceedings of the first international conference on security and privacy for emerging areas in communications networks (SECURECOMM’05). IEEE Computer Society, pp 194–205

  13. Cheng R, Zhang Y, Bertino E, Prabhakar S (2006) Preserving user location privacy in mobile data management infrastructures. In: PET ’06: 6th workshop on privacy enhancing technologies

  14. Ghinita G, Kalnis P, Skiadopoulos S (2007) Prive: anonymous location-based queries in distributed mobile systems. In: WWW ’07: proceedings of the 16th international conference on world wide web. ACM, pp 371–380

  15. Ghinita G, Kalnis P, Skiadopoulos S (2007) Mobihide: a mobile peer-to-peer system for anonymous location-based queries. In: SSTD ’07: 10th international symposium on advances in spatial and temporal databases. Springer, pp 221–238

  16. Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: Pervasive 05’: third international conference on pervasive computing. pp 152–170

  17. Schilit BN, LaMarca A, Borriello G, Griswold WG, McDonald D, Lazowska E, Balachandran A, Hong J, Iverson V (2003) Challenge: ubiquitous location-aware computing and the “place lab” initiative. In: WMASH ’03: proceedings of the 1st ACM international workshop on wireless mobile applications and services on WLAN hotspots. ACM Press, pp 29–35

  18. Chow CY, Mokbel MF, Liu X (2006) A peer-to-peer spatial cloaking algorithm for anonymous location-based service. In: GIS ’06: proceedings of the 14th annual ACM international symposium on advances in geographic information systems. ACM, pp 171–178

  19. Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: ICPS ’05: proceedings of IEEE international conference on pervasive services. July 2005, pp 88–97

  20. Bayardo RJ, Agrawal R (2005) Data privacy through optimal k-anonymization. In: ICDE ’05: proceedings of the 21st international conference on data engineering (ICDE’05). IEEE Computer Society, pp 217–228

  21. LeFevre K, DeWitt DJ, Ramakrishnan R (2006) Mondrian multidimensional k-anonymity. In: ICDE ’06: proceedings of the 22nd international conference on data engineering (ICDE’06). IEEE Computer Society, p 25

  22. LeFevre K, DeWitt DJ, Ramakrishnan R (2005) Incognito: efficient full-domain k-anonymity. In: SIGMOD ’05: proceedings of the 2005 ACM SIGMOD international conference on management of data. ACM, pp 49–60

  23. Beresford AR, Stajano F (2004) Mix zones: user privacy in location-aware services. In: Second IEEE annual conference on pervasive computing and communications workshops. March 2004

  24. Brinkhoff T (2002) A framework for generating network-based moving objects. Geoinformatica 6(2):153–180

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Chengyang Zhang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhang, C., Huang, Y. Cloaking locations for anonymous location based services: a hybrid approach. Geoinformatica 13, 159–182 (2009).

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: