Privacy-enhanced Location-based Access Control

  • C.A. Ardagna
  • M. Cremonini
  • S. De Capitani di Vimercati
  • P. Samarati


Advancements in location technologies reliability and precision are fostering the development of location-based services that make use of the location information of users. An increasingly important category of such services is represented by Location-based Access Control (LBAC) systems that integrate traditional access control mechanisms with access conditions based on the physical position of users and other attributes related to the users location. Since privacy is extremely important for users, protection of their location information is paramount to the success of such emerging location-based services.

In this chapter, we first present an overview of Location-based Access Control systems and then characterize the location privacy protection problem. We then discuss the main techniques that have been proposed to protect location information, focusing on the obfuscation-based techniques. We conclude the chapter by showing a privacy-aware LBAC architecture and describing how a location-based access control policy can be evaluated.


Access Control Location Information Location Measurement Privacy Protection Location Privacy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Duckham, M., Kulik, L.: Location privacy and location-aware computing. In: Dynamic & Mobile GIS: Investigating Change in Space and Time. Taylor & Francis (2006) 34–51Google Scholar
  2. 2.
    Lee, J.W.: Location-tracing sparks privacy concerns. Korea Times., 16 November 2004. Accessed 22 December 2006Google Scholar
  3. 3.
    Foxs News: Man Accused of Stalking Ex-Girlfriend With GPS.,2933,131487,00.html, 04 September 2004. Accessed 22 March 2007Google Scholar
  4. 4.
    Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 2(1) (2003) 46–55CrossRefGoogle Scholar
  5. 5.
    Bettini, C., Wang, X., Jajodia, S.: Protecting privacy against location-based personal identification. In: Proc. of the 2nd VLDB Workshop on Secure Data Management, LNCS 3674, Springer-Verlag (2005)Google Scholar
  6. 6.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. of the 1st International Conference on Mobile Systems, Applications, and Services. (May 2003)Google Scholar
  7. 7.
    Duckham, M., Kulik, L.: A formal model of obfuscation and negotiation for location privacy. In: Proc. of the 3rd International Conference PERVASIVE 2005, Munich, Germany (May 2005)Google Scholar
  8. 8.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: K-Anonymity. In: Security in Decentralized Data Management. Springer (2007)Google Scholar
  9. 9.
    Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Transactions on Knowledge and Data Engineering 13(6) (2001) 1010–1027Google Scholar
  10. 10.
    Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Supporting location-based conditions in access control policies. In: Proc. of the ACM Symposium on Information, Computer and Communications Security (ASIACCS’06), Taipei, Taiwan (March 2006)Google Scholar
  11. 11.
    Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3) (2002) 241–272Google Scholar
  12. 12.
    Marsit, N., Hameurlain, A., Mammeri, Z., Morvan, F.: Query processing in mobile environments: a survey and open problems. In: Proc. of the 1st International Conference on Distributed Framework for Multimedia Applications (DFMA’05), Besancon, France (February 2005)Google Scholar
  13. 13.
    Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2) (June 2001) 214–260CrossRefGoogle Scholar
  14. 14.
    OASIS: eXtensible Access Control Markup Language (XACML) Version 1.0. (2003)Google Scholar
  15. 15.
    van der Horst, T., Sundelin, T., Seamons, K., Knutson, C.: Mobile trust negotiation: Authentication and authorization in dynamic mobile networks. In: Proc. of the 8th IFIP Conference on Communications and Multimedia Security, Lake Windermere, England (September 2004)Google Scholar
  16. 16.
    Gedik, B., Liu, L.: Location privacy in mobile systems: A personalized anonymization model. In: Proc. of the 25th International Conference on Distributed Computing Systems (IEEE ICDCS 2005), Columbus, Ohio (June 2005)Google Scholar
  17. 17.
    Gruteser, M., Bredin, J., Grunwald, D.: Path privacy in location-aware computing. In: Proc. of the Second International Conference on Mobile Systems, Application and Services (MobiSys2004), Boston, Massachussetts, USA (June 2004)Google Scholar
  18. 18.
    Gruteser, M., Liu, X.: Protecting privacy in continuous location-tracking applications. IEEE Security & Privacy Magazine 2(2) (March-April 2004) 28–34Google Scholar
  19. 19.
    Ho, B., Gruteser, M.: Protecting location privacy through path confusion. In: Proc. of IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), Athens, Greece (September 2005)Google Scholar
  20. 20.
    Mokbel, M., Chow, C.Y., Aref, W.: The new casper: Query processing for location services without compromising privacy. In: Proceedings of the 32nd International Conference on Very Large Data Bases, Korea (September 2006) 763–774Google Scholar
  21. 21.
    Beresford, A.R., Stajano, F.: Mix zones: User privacy in location-aware services. In: Proc. of the 2nd IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMWӰ4). (2004)Google Scholar
  22. 22.
    Hauser, C., Kabatnik, M.: Towards Privacy Support in a Global Location Service. In: Proc. of the IFIP Workshop on IP and ATM Traffic Management (WATM/EUNICE 2001), Paris, France (March 2001)Google Scholar
  23. 23.
    Geopriv: Geographic Location/Privacy. (September 2006)Google Scholar
  24. 24.
    Hong, D., Yuan, M., Shen, V.Y.: Dynamic privacy management: a plug-in service for the middleware in pervasive computing. In: Proc. of the 7th International Conference on Human Computer Interaction with Mobile Devices & Services (MobileHCI’05), Salzburg, Austria (2005)Google Scholar
  25. 25.
    Langheinrich, M.: A privacy awareness system for ubiquitous computing environments. In Borriello, G., Holmquist, L.E., eds.: Proc. of the 4th International Conference on Ubiquitous Computing (Ubicomp 2002). (September 2002) 237–245Google Scholar
  26. 26.
    W3C: Platform for privacy preferences (p3p) project. (April 2002)Google Scholar
  27. 27.
    Duckham, M., Kulik, L.: Simulation of obfuscation and negotiation for location privacy. In: Proc. of Conference On Spatial Information Theory (COSIT 2005). (September 2005) 31–48Google Scholar
  28. 28.
    Openwave: Openwave Location Manager. (2006)Google Scholar
  29. 29.
    Bellavista, P., Corradi, A., Giannelli, C.: Efficiently managing location information with privacy requirements in wi-fi networks: a middleware approach. In: Proc. of the International Symposium on Wireless Communication Systems (ISWCS’05), Siena, Italy (September 2005)Google Scholar
  30. 30.
    Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Managing privacy in LBAC systems. In: Proc. of the Second IEEE International Symposium on Pervasive Computing and Ad Hoc Communications (PCAC-07), Niagara Falls, Canada (May 2007)Google Scholar
  31. 31.
    Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: A middleware architecture for integrating privacy preferences and location accuracy. In: Proc. of the 22nd IFIP TC-11 International Information Security Conference (SEC 2007), Sandton, South Africa (May 2007)Google Scholar
  32. 32.
    Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, S.: Location privacy protection through obfuscation-based techniques. In: Proc. of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, USA (July 2007)Google Scholar
  33. 33.
    Atluri, V., Shin, H.: Efficient enforcement of security policies based on tracking of mobile users. In: Proc. of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France (July-August 2006) 237–251Google Scholar
  34. 34.
    Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Location-based metadata and negotiation protocols for LBAC in a one-to-many scenario. In: Proc. of the Workshop on Security and Privacy in Mobile and Wireless Networking (SecPri_MobiWi 2006), Coimbra, Portugal (May 2006)Google Scholar

Copyright information

© Springer Science+Business Media, LLC. 2008

Authors and Affiliations

  • C.A. Ardagna
    • 1
  • M. Cremonini
    • 1
  • S. De Capitani di Vimercati
    • 1
  • P. Samarati
    • 1
  1. 1.Dipartimento di Tecnologie dell’InformazioneUniversità degli Studi di MilanoItaly

Personalised recommendations