Towards Modeling Wireless Location Privacy

  • Leping Huang
  • Hiroshi Yamane
  • Kanta Matsuura
  • Kaoru Sezaki
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3856)


The lack of a formal model in wireless location privacy protection research makes it difficult to evaluate new location privacy protection proposals, and difficult to utilize existing research results in anonymous communication into this new problem. In this paper, we analyze a wireless location privacy protection system (WLP 2 S), and generalize it to a MIX based formal model, which includes a MIX, a set of MIX’s user, and a intruder of MIX. In addition, we also use information theory approach to define anonymity and measures of this model, and describe the characteristics of observation process in WLP 2 S in detail. Two benefits arise from our model. Firstly, it provides a means of evaluating the privacy level of proposed location privacy protection protocols. We use the measures of proposed formal model to study the performance of our novel silent period technique. Simulation results reveal the role of many parameters-such as users’ mobility pattern and intruders’ tracking accuracy- on users’ privacy level. The results shed more light on improving our defense protocol. Secondly, our approach provides a link between existing defense and attack protocols in MIX research and the new location privacy protection problem. By utilizing the formal model, we conducted preliminary studies in identifying potential attacks, and improve the performance of existing defense protocol. This study results an extension of existing defense protocols. Those simulation and analytical results demonstrates the promising potential of our model.


Access Point Tracking Algorithm Wireless Local Area Network Mobility Model Silent Period 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bandara, U., Hasegawa, M., Inoue, M., Morikawa, H., Aoyama, T.: Design and implementation of a bluetooth signal strength based location sensing system. In: Proc. of IEEE Radio and Wireless Conference (RAWCON 2004), Atlanta, U.S.A. (2004)Google Scholar
  2. 2.
    Bahl, P., Padmanabhan, V.: Radar: an in-building rf-based user location and tracking system. In: Proc. of IEEE INFOCOM 2000, Tel-Aviv, Israel, vol. 2, pp. 775–784 (2000)Google Scholar
  3. 3.
    Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing 2, 46–55 (2003)CrossRefGoogle Scholar
  4. 4.
    Bluetooth SIG: Bluetooth 1.2 draft 4 (2003)Google Scholar
  5. 5.
    Huang, L., Matsuura, K., Yamane, H., Sezaki, K.: Enhancing wireless location privacy using silent period. In: Proc. of IEEE Wireless Communications and Networking Conference (WCNC 2005), NL, U.S. (2005)Google Scholar
  6. 6.
    Guvenc, I., Abdallah, C., Jordan, R., Dedeoglu, O.: Enhancements to RSS based indoor tracking systems using kalman filter. In: Proc. of Intl. Signal Processing Conf. (ISPC), Dallas, TX, U.S. (2003)Google Scholar
  7. 7.
    Pahlavan, K., Li, X., Makela, J.: Indoor geolocation science and technology. IEEE Communications Magazine 40, 112–118 (2002)CrossRefGoogle Scholar
  8. 8.
    Gruteser, M., Grunwald, D.: Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. In: Proc. of first ACM international workshop on Wireless mobile applications and services on WLAN hotspots (WMASH 2003), San Diego, CA, USA (2003)Google Scholar
  9. 9.
    Gruteser, M., Grunwald, D.: A methodological assessment of location privacy risks in wireless hotspot networks. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 10–24. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. of ACM MobiSys 2003, San Francisco, CA, USA, USENIX, pp. 31–42 (2003)Google Scholar
  11. 11.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24, 84–88 (1981)CrossRefGoogle Scholar
  12. 12.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Díaz, C., Serjantov, A.: Generalising mixes. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 18–31. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Mauw, S., Verschuren, J.H.S., de Vink, E.P.: A formalization of anonymity and onion routing. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 109–124. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Syverson, P.F., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, p. 96. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Steinbrecher, S., Köpsell, S.: Modelling unlinkability. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 32–47. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Hughes, D., Shmatikov, V.: Information hiding, anonymity and privacy: A modular approach. Journal of Computer Security 12, 3–36 (2004)CrossRefGoogle Scholar
  19. 19.
    Yamazaki, K., Sezaki, K.: Spatio-temporal addressing scheme for mobile ad hoc networks. In: Proc. of IEEE TENCON 2004, Chiang Mai, Thailand (2004)Google Scholar
  20. 20.
    Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: Active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1, 66–92 (1998)CrossRefGoogle Scholar
  23. 23.
    Shmatikov, V.: Probabilistic model checking of an anonymity system. Journal of Computer Security 12, 355–377 (2004)CrossRefMATHGoogle Scholar
  24. 24.
    Toilers Group, (Online):

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Leping Huang
    • 1
    • 2
  • Hiroshi Yamane
    • 2
  • Kanta Matsuura
    • 2
  • Kaoru Sezaki
    • 2
  1. 1.Nokia Research Center JapanTokyoJapan
  2. 2.University of TokyoTokyoJapan

Personalised recommendations