Abstract
An important privacy issue in Location Based Services is to hide a user’s identity while still provide quality location based services. Previous work has addressed the problem of locational \(\mathcal{K}\)-anonymity either based on centralized or decentralized schemes. However, a centralized scheme relies on an anonymizing server (AS) for location cloaking, which may become the performance bottleneck when there are large number of clients. More importantly, holding information in a centralized place is more vulnerable to malicious attacks. A decentralized scheme depends on peer communication to cloak locations and is more scalable. However, it may pose too much computation and communication overhead to the clients. The service fulfillment rate may also be unsatisfied especially when there are not enough peers nearby. This paper proposes a new hybrid framework called HiSC that balances the load between the AS and mobile clients. HiSC partitions the space into base cells and a mobile client claims a surrounding area consisting of base cells. The number of mobile clients in the surrounding cells is kept and updated at both client and AS sides. A mobile client can either request cloaking service from the centralized AS or use a peer-to-peer approach for spatial cloaking based on personalized privacy, response time, and service quality requirements. HiSC can elegantly distribute the work load between the AS and the mobile clients by tuning one system parameter base cell size and two client parameters - surrounding cell size and tolerance count. By integrating salient features of two schemes, HiSC successfully preserves query anonymity and provides more scalable and consistent service. Both the AS and the clients can enjoy much less work load. Additionally, we propose a simple yet effective random range shifting algorithm to prevent possible privacy leakage that would exist in the original P2P approach. Our experiments show that HiSC can elegantly balance the work load based on privacy requirements and client distribution. HiSC provides close to optimal service quality. Meanwhile, it reduces the response time by more than an order of magnitude from both the P2P scheme and the centralized scheme when anonymity level(value of \(\mathcal{K}\)) or number of clients is large. It also reduces the update message cost of the AS by nearly 6 times and the peer searching message cost of the clients by more than an order of magnitude.
Similar content being viewed by others
Notes
For writing convenience, we will use s m to represent both m’s surrounding cell and the size of the cell.
The formula is only an estimation and used for tuning guidelines. Due to RRS and other factors, the actual size could be different.
References
Snekkenes E (2001) Concepts for personal location privacy policies. In: EC ’01: proceedings of the 3rd ACM conference on Electronic Commerce. ACM, pp 48–57
Langheinrich M (2001) Privacy by design—principles of privacy-aware ubiquitous systems. In: UbiComp ’01: proceedings of the 3rd international conference on ubiquitous computing. Springer-Verlag, pp 273–291
Duri S, Gruteser M, Liu X, Moskowitz P, Perez R, Singh M, Tang, JM (2002) Framework for security and privacy in automotive telematics. In: WMC ’02: proceedings of the 2nd international workshop on mobile commerce. ACM, pp 25–32
Ardagna CA, Cremonini M, Damiani E, di Vimercati SDC, Samarati P (2006) Supporting location-based conditions in access control policies. In: ASIACCS ’06: proceedings of the 2006 ACM symposium on information, computer and communications security. ACM, pp 212–222
Zibuschka J, Scherner T, Fritsch L, Rannenberg K, Goethe JW (2006) Towards a unified interface for privacy regulation-conformant location-based services. In: W3C workshop on languages for privacy policy negotiation and semantics-driven enforcement. Ispra/Italy, October 2006
Sweeney L (2002) k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness and Knowl-based Syst 10(5):557–570
Sweeney L (2002) Achieving k-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzziness and Knowl-based Syst 10(5):571–588
Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: MobiSys ’03: proceedings of the 1st international conference on mobile systems, applications and services. ACM, pp 31–42
Gedik B, Liu L (2005) Location privacy in mobile systems: a personalized anonymization model. In: ICDCS ’05: proceedings of the 25th IEEE international conference on distributed computing systems. IEEE Computer Society, pp 620–629
Kalnis P, Ghinita G, Mouratidis K, Papadias D (2006) Preserving anonymity in location based services. Technical report, National University of Singapore
Mokbel MF, Chow CY, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: VLDB ’06: proceedings of the 32nd international conference on very large data bases. VLDB Endowment, pp 763–774
Hoh B, Gruteser M (2005) Protecting location privacy through path confusion. In: SECURECOMM ’05: proceedings of the first international conference on security and privacy for emerging areas in communications networks (SECURECOMM’05). IEEE Computer Society, pp 194–205
Cheng R, Zhang Y, Bertino E, Prabhakar S (2006) Preserving user location privacy in mobile data management infrastructures. In: PET ’06: 6th workshop on privacy enhancing technologies
Ghinita G, Kalnis P, Skiadopoulos S (2007) Prive: anonymous location-based queries in distributed mobile systems. In: WWW ’07: proceedings of the 16th international conference on world wide web. ACM, pp 371–380
Ghinita G, Kalnis P, Skiadopoulos S (2007) Mobihide: a mobile peer-to-peer system for anonymous location-based queries. In: SSTD ’07: 10th international symposium on advances in spatial and temporal databases. Springer, pp 221–238
Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: Pervasive 05’: third international conference on pervasive computing. pp 152–170
Schilit BN, LaMarca A, Borriello G, Griswold WG, McDonald D, Lazowska E, Balachandran A, Hong J, Iverson V (2003) Challenge: ubiquitous location-aware computing and the “place lab” initiative. In: WMASH ’03: proceedings of the 1st ACM international workshop on wireless mobile applications and services on WLAN hotspots. ACM Press, pp 29–35
Chow CY, Mokbel MF, Liu X (2006) A peer-to-peer spatial cloaking algorithm for anonymous location-based service. In: GIS ’06: proceedings of the 14th annual ACM international symposium on advances in geographic information systems. ACM, pp 171–178
Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: ICPS ’05: proceedings of IEEE international conference on pervasive services. July 2005, pp 88–97
Bayardo RJ, Agrawal R (2005) Data privacy through optimal k-anonymization. In: ICDE ’05: proceedings of the 21st international conference on data engineering (ICDE’05). IEEE Computer Society, pp 217–228
LeFevre K, DeWitt DJ, Ramakrishnan R (2006) Mondrian multidimensional k-anonymity. In: ICDE ’06: proceedings of the 22nd international conference on data engineering (ICDE’06). IEEE Computer Society, p 25
LeFevre K, DeWitt DJ, Ramakrishnan R (2005) Incognito: efficient full-domain k-anonymity. In: SIGMOD ’05: proceedings of the 2005 ACM SIGMOD international conference on management of data. ACM, pp 49–60
Beresford AR, Stajano F (2004) Mix zones: user privacy in location-aware services. In: Second IEEE annual conference on pervasive computing and communications workshops. March 2004
Brinkhoff T (2002) A framework for generating network-based moving objects. Geoinformatica 6(2):153–180
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhang, C., Huang, Y. Cloaking locations for anonymous location based services: a hybrid approach. Geoinformatica 13, 159–182 (2009). https://doi.org/10.1007/s10707-008-0047-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10707-008-0047-2