# Spatial Bloom Filters: Enabling Privacy in Location-Aware Applications

## Abstract

The wide availability of inexpensive positioning systems made it possible to embed them into smartphones and other personal devices. This marked the beginning of location-aware applications, where users request personalized services based on their geographic position. The location of a user is, however, highly sensitive information: the user’s privacy can be preserved if only the minimum amount of information needed to provide the service is disclosed at any time. While some applications, such as navigation systems, are based on the users’ movements and therefore require constant tracking, others only require knowledge of the user’s position in relation to a set of points or areas of interest. In this paper we focus on the latter kind of services, where location information is essentially used to determine membership in one or more geographic sets. We address this problem using Bloom Filters (BF), a compact data structure for representing sets. In particular, we present an extension of the original Bloom filter idea: the Spatial Bloom Filter (SBF). SBF’s are designed to manage spatial and geographical information in a space efficient way, and are well-suited for enabling privacy in location-aware applications. We show this by providing two multi-party protocols for privacy-preserving computation of location information, based on the known homomorphic properties of public key encryption schemes. The protocols keep the user’s exact position private, but allow the provider of the service to learn when the user is close to specific points of interest, or inside predefined areas. At the same time, the points and areas of interest remain oblivious to the user.

## Keywords

Location privacy Bloom filters Secure multi-party computation## Notes

### Acknowledgments

The authors would like to acknowledge Marco Miani for the code used in producing Fig. 4.

## Supplementary material

## References

- 1.Avoine, G., Calderoni, L., Delvaux, J., Maio, D., Palmieri, P.: Passengers information in public transport and privacy: can anonymous tickets prevent tracking? Int. J. Inf. Manag.
**34**(5), 682–688 (2014)CrossRefGoogle Scholar - 2.Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM
**13**(7), 422–426 (1970)CrossRefzbMATHGoogle Scholar - 3.Blum, J.R., Greencorn, D.G., Cooperstock, J.R.: Smartphone sensor reliability for augmented reality applications. In: Zheng, K., Li, M., Jiang, H. (eds.) MobiQuitous 2012. LNICST, vol. 120, pp. 127–138. Springer, Heidelberg (2013) CrossRefGoogle Scholar
- 4.Blumberg, A.J., Eckersly, P.: On locational privacy, and how to avoid losing it forever, April 2009. https://www.eff.org/wp/locational-privacy
- 5.Calderoni, L., Maio, D., Palmieri, P.: Location-aware mobile services for a smart city: design, implementation and deployment. JTAER
**7**(3), 74–87 (2012)Google Scholar - 6.Charles, D., Chellapilla, K.: Bloomier filters: a second look. In: Halperin, D., Mehlhorn, K. (eds.) ESA 2008. LNCS, vol. 5193, pp. 259–270. Springer, Heidelberg (2008) CrossRefGoogle Scholar
- 7.Chazelle, B., Kilian, J., Rubinfeld, R., Tal, A.: The bloomier filter: an efficient data structure for static support lookup tables. In: SODA, pp. 30–39. SIAM (2004)Google Scholar
- 8.Jiazhu, D., Zhilong, L.: A location authentication scheme based on proximity test of location tags. In: ICINS 2013, pp. 1–6 (2013)Google Scholar
- 9.Kikuchi, H., Sakuma, J.: Bloom filter bootstrap: Privacy-preserving estimation of the size of an intersection. JIP
**22**(2), 388–400 (2014)Google Scholar - 10.Kulik, L.: Privacy for real-time location-based services. SIGSPATIAL Spec.
**1**(2), 9–14 (2009)CrossRefGoogle Scholar - 11.de Montjoye, Y.-A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep.
**3**(1376) (2013). doi: 10.1038/srep01376 - 12.Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: NDSS. The Internet Society (2011)Google Scholar
- 13.Nielsen, J.D., Pagter, J.I., Stausholm, M.B.: Location privacy via actively secure private proximity testing. In: PerCom Workshops, pp. 381–386. IEEE (2012)Google Scholar
- 14.Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 223. Springer, Heidelberg (1999) CrossRefGoogle Scholar
- 15.Pan, X., Meng, X.: Preserving location privacy without exact locations in mobile services. Front. Comput. Sci.
**7**(3), 317–340 (2013)CrossRefMathSciNetGoogle Scholar - 16.Saldamli, G., Chow, R., Jin, H., Knijnenburg, B.P.: Private proximity testing with an untrusted server. In: WISEC, pp. 113–118. ACM (2013)Google Scholar
- 17.Shu, X., Yao, D.D.: Data leak detection as a service. In: Keromytis, A.D., Di Pietro, R. (eds.) SecureComm 2012. LNICST, vol. 106, pp. 222–240. Springer, Heidelberg (2013) CrossRefGoogle Scholar
- 18.Sun, J., Zhang, R., Zhang, Y.: Privacy-preserving spatiotemporal matching. In: INFOCOM, pp. 800–808. IEEE (2013)Google Scholar
- 19.Tonicelli, R., David, B.M., de Morais Alves, V.: Universally composable private proximity testing. In: Boyen, X., Chen, X. (eds.) ProvSec 2011. LNCS, vol. 6980, pp. 222–239. Springer, Heidelberg (2011) CrossRefGoogle Scholar
- 20.von Watzdorf, S., Michahelles, F.: Accuracy of positioning data on smartphones. In: LocWeb, p. 2. ACM (2010)Google Scholar
- 21.Wicker, S.B.: The loss of location privacy in the cellular age. Commun. ACM
**55**(8), 60–68 (2012)CrossRefGoogle Scholar - 22.Zakhary, S., Radenkovic, M., Benslimane, A.: The quest for location-privacy in opportunistic mobile social networks. In: IWCMC, pp. 667–673. IEEE (2013)Google Scholar
- 23.Zheng, Y., Li, M., Lou, W., Hou, Y.T.: SHARP: private proximity test and secure handshake with cheat-proof location tags. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 361–378. Springer, Heidelberg (2012) CrossRefGoogle Scholar