A Spatiotemporal Model of Strategies and Counter Strategies for Location Privacy Protection

  • Matt Duckham
  • Lars Kulik
  • Athol Birtley
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4197)


Safeguarding location privacy is becoming a critical issue in location-based services and location-aware computing generally. Two drawbacks of many previous models of location privacy are: 1) the models only consider a person’s location privacy protection, but not the invasion of location privacy by external agents; and 2) the models are static and do not consider the spatiotemporal aspects of movement. We argue that, to be complete, any model of location privacy needs to enable the analysis and identification of techniques both to protect and to invade an individual’s location privacy over time. One way to protect an individual’s location privacy is to minimize the information revealed about a person’s location, termed obfuscation. This paper presents an explicitly spatiotemporal model of location privacy that models a third party’s limited knowledge of a mobile individual’s location. We identify two core strategies that a third party can use to refine its knowledge, so potentially invading that mobile individual’s location privacy. A global refinement strategy uses the entire history of knowledge about an agent’s location in a single step. A local refinement strategy iteratively constructs refined knowledge over time. We present a formal model of global and local refinement operators, and show how this formal model can be translated into a computational model in a simulation environment.


Ubiquitous Computing Pervasive Computing Location Privacy Knowledge Function Geographic Environment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 2(1), 46–55 (2003)CrossRefGoogle Scholar
  2. 2.
    Cormen, T.H., Leiserson, C.E., Rivest, R.L.: Introduction to Algorithms. MIT Press, Cambridge (2001)zbMATHGoogle Scholar
  3. 3.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation Onion router. In: Proc. 13th USENIX Security Symposium (2004)Google Scholar
  4. 4.
    Duckham, M., Kulik, L.: A formal model of obfuscation and negotiation for location privacy. In: Gellersen, H.-W., Want, R., Schmidt, A. (eds.) PERVASIVE 2005. LNCS, vol. 3468, pp. 152–170. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Duckham, M., Kulik, L.: Simulation of obfuscation and negotiation for location privacy. In: Cohn, A.G., Mark, D.M. (eds.) COSIT 2005. LNCS, vol. 3693, pp. 31–48. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Duckham, M., Kulik, L.: Location privacy and location-aware computing. In: Drummond, J., Billen, R., Forrest, D., João, E. (eds.) Dynamic and Mobile GIS: Investigating Change in Space and Time, vol. 3, CRC Press, Boca Raton (2006)Google Scholar
  7. 7.
    Duri, S., Gruteser, M., Liu, X., Moskowitz, P., Perez, R., Singh, M., Tang, J.-M.: Framework for security and privacy in automotive telematics. In: Proc. 2nd International Workshop on Mobile Commerce, pp. 25–32. ACM Press, New York (2002)CrossRefGoogle Scholar
  8. 8.
    Espinoza, F., Persson, P., Sandin, A., Nyström, H., Cacciatore, E., Bylund, M.: GeoNotes: Social and navigational aspects of location-based information systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 2–17. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Görlach, W.W., Terpstra, A., Heinemann, A.: Survey on location privacy in pervasive computing. In: Proc. First Workshop on Security and Privacy at the Conference on Pervasive Computing (SPPC) (2004)Google Scholar
  10. 10.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. MobiSys 2003, pp. 31–42 (2003)Google Scholar
  11. 11.
    Gruteser, M., Grunwald, D.: A methodological assessment of location privacy risks in wireless hotspot networks. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 10–24. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Hong, J.I., Landay, J.A.: An architecture for privacy-sensitive ubiquitous computing. In: Proc. 2nd International Conference on Mobile Systems, Applications, and Services, pp. 177–189. ACM Press, New York (2004)CrossRefGoogle Scholar
  13. 13.
    Jensen, C.S.: Database aspects of location-based services. In: Schiller, J., Voisard, A. (eds.) Location-based services, ch. 5, pp. 27–39. Morgan Kaufmann, San Francisco (2004)Google Scholar
  14. 14.
    Kaasinen, E.: User needs for location-aware mobile services. Personal and Ubiquitous Computing 7(1), 70–79 (2003)CrossRefGoogle Scholar
  15. 15.
    Langheinrich, M.: Privacy by design—principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Langheinrich, M.: A privacy awareness system for ubiquitous computing environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 237–245. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Muntz, R.R., Barclay, T., Dozier, J., Faloutsos, C., Maceachren, A.M., Martin, J.L., Pancake, C.M., Satyanarayanan, M.: IT Roadmap to a Geospatial Future. The National Academies Press, Washington (2003)Google Scholar
  18. 18.
    Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity - A proposal for terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Schilit, B.N., Hong, J.I., Gruteser, M.: Wireless location privacy protection. IEEE Computer 36(12), 135–137 (2003)Google Scholar
  20. 20.
    Snekkenes, E.: Concepts for personal location privacy policies. In: Proc. 3rd ACM conference on Electronic Commerce, pp. 48–57. ACM Press, New York (2001)CrossRefGoogle Scholar
  21. 21.
    Westin, A.F.: Privacy and freedom. Atheneum, New York (1967)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Matt Duckham
    • 1
  • Lars Kulik
    • 2
  • Athol Birtley
    • 2
  1. 1.Department of GeomaticsUniversity of MelbourneVictoriaAustralia
  2. 2.Department of Computer Science and Software EngineeringUniversity of MelbourneVictoriaAustralia

Personalised recommendations