research-article

Protecting Against Velocity-Based, Proximity-Based, and External Event Attacks in Location-Centric Social Networks

Authors:
Gabriel Ghinita

University of Massachusetts Boston, MA, USA

University of Massachusetts Boston, MA, USA
View Profile

,
Maria Luisa Damiani

University of Milan, Italy, Milan, Italy

University of Milan, Italy, Milan, Italy
View Profile

,
Claudio Silvestri

University of Venice, Italy, Venice, Italy

University of Venice, Italy, Venice, Italy
View Profile

,
Elisa Bertino

Purdue University

Purdue University
View Profile

Authors Info & Claims

ACM Transactions on Spatial Algorithms and Systems Volume 2 Issue 2Article No.: 8pp 1–36https://doi.org/10.1145/2910580

Published:21 June 2016Publication History

ACM Transactions on Spatial Algorithms and Systems

Abstract

Mobile devices with positioning capabilities allow users to participate in novel and exciting location-based applications. For instance, users may track the whereabouts of their acquaintances in location-aware social networking applications (e.g., Foursquare). Furthermore, users can request information about landmarks in their proximity. Such scenarios require users to report their coordinates to other parties, which may not be fully trusted. Reporting precise locations may result in serious privacy violations, such as disclosure of lifestyle details, sexual orientation, and so forth. A typical approach to preserve location privacy is to generate a cloaking region (CR) that encloses the user position. However, if locations are continuously reported, an attacker can correlate CRs from multiple timestamps to accurately pinpoint the user position within a CR.

In this work, we protect against a broad range of attacks that breach location privacy using knowledge about (1) maximum user velocity, (2) external events that may occur outside the process of self-reporting locations (e.g., social network posts tagged by peers), and (3) information about mutual proximity between users. Assume user u who reports two consecutive cloaked regions A and B. We consider two distinct protection scenarios: in the first case, the attacker does not have information about the sensitive locations on the map, and the objective is to ensure that u can reach some point in B from any point in A; in the second case, the attacker knows the placement of sensitive locations, and the objective is to ensure that u can reach any point in B from any point in A. We propose spatial and temporal cloaking transformations to preserve user privacy, and we show experimentally that privacy can be achieved without significant quality-of-service deterioration.

References

Miguel E. Andrés, Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2013. Geo-indistinguishability: Differential privacy for location-based systems. In 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). Google ScholarDigital Library
Mikhail J. Atallah. 1998. Algorithms and Theory of Computation Handbook. CRC Press. Google ScholarDigital Library
Konstantinos Chatzikokolakis, Miguel E. Andrés, Nicolás Emilio Bordenabe, and Catuscia Palamidessi. 2013. Broadening the scope of differential privacy using metrics. In Symposium HotPets 2013. Online version: http://freehaven.net/anonbib/papers/pets2013/paper_57.pdf.Google ScholarCross Ref
Konstantinos Chatzikokolakis, Catuscia Palamidessi, and Marco Stronati. 2014. A predictive differentially-private mechanism for mobility traces. In Proceedings of Privacy Enhancing Technologies - 14th International Symposium (PETS’14).Google ScholarCross Ref
Reynold Cheng, Yu Zhang, Elisa Bertino, and Sunil Prabhakar. 2006. Preserving user location privacy in mobile data management infrastructures. In Proceedings of Privacy Enhancing Technologies Symposium (PETS’06). Google ScholarDigital Library
Maria Luisa Damiani. 2014. Location privacy models in mobile applications: Conceptual view and research directions. GeoInformatica 18, 4 (2014), 819--842. Google ScholarDigital Library
Maria Luisa Damiani, Elisa Bertino, and Claudio Silvestri. 2010. The PROBE framework for the personalized cloaking of private locations. Transactions on Data Privacy 3, 2 (2010), 123--148. Google ScholarDigital Library
Maria Luisa Damiani, Claudio Silvestri, and Elisa Bertino. 2011. Fine-grained cloaking of sensitive positions in location-sharing applications. IEEE Pervasive Computing 10, 4 (2011), 64--72. Google ScholarDigital Library
Mark de Berg, Marc van Kreveld, Mark Overmars, and Otfried Schwarzkopf. 2000. Computational Geometry: Algorithms and Applications (2nd ed.). Springer-Verlag. Google ScholarCross Ref
Cynthia Dwork. 2006. Differential privacy. In Proceedings of Automata, Languages and Programming, 33rd International Colloquium (ICALP’06). Springer, 1--12. Google ScholarDigital Library
Fox News. 2004. Man Accused of Stalking Ex-Girlfriend With GPS. http://www.foxnews.com/story/0,2933,131487,00.html. (Sept. 4, 2004).Google Scholar
Dario Freni, Carmen Ruiz Vicente, Sergio Mascetti, Claudio Bettini, and Christian Jensen. 2010. Preserving location and absence privacy in geo-social networks. In Proceedings of the 19th ACM International Conference on Information and Knowledge Management (CIKM’10). Google ScholarDigital Library
Bugra Gedik and Ling Liu. 2005. Location privacy in mobile systems: A personalized anonymization model. In Proceedings of International Conference on Distributed Computing Systems (ICDCS’05). Google ScholarDigital Library
Gabriel Ghinita. 2013. Privacy for Location-Based Services. Morgan & Claypool Publishers. Google ScholarDigital Library
Gabriel Ghinita, Panos Kalnis, Ali Khoshgozaran, Cyrus Shahabi, and Kian Lee Tan. 2008. Private queries in location based services: Anonymizers are not necessary. In Proceedings of ACM SIGMOD Conference (SIGMOD’08). Google ScholarDigital Library
Marco Gruteser and Dirk Grunwald. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In Proceedings of USENIX MobiSys. Google ScholarDigital Library
Marco Gruteser and Xuan Liu. 2004. Protecting privacy in continuous location-tracking applications. IEEE Security and Privacy 2, 2 (2004), 28--34. Google ScholarDigital Library
Jeff Henrikson. 1999. Completeness and total boundedness of the Hausdorff metric. MIT Undergraduate Journal of Mathematics 1 (1999), 69--80.Google Scholar
Panos Kalnis, Gabriel Ghinita, Kyriakos Mouratidis, and Dimitris Papadias. 2007. Preserving location-based identity inference in anonymous spatial queries. IEEE Transactions on Knowledge and Data Engineering 19, 12 (2007), 1719--1733. Google ScholarDigital Library
Ali Khoshgozaran and Cyrus Shahabi. 2007. Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy. In Proceedings of International Symposium on Spatial and Temporal Databases (SSTD’07). Google ScholarDigital Library
Hidetoshi Kido, Yutaka Yanagisawa, and Tetsuji Satoh. 2005. An anonymous communication technique using dummies for location-based services. In Proceedings of International Conference on Pervasive Services (ICPS’05). 88--97.Google ScholarCross Ref
John Krumm. 2009. A survey of computational location privacy. Personal and Ubiquitous Computing 13, 6 (2009), 391--399. Google ScholarDigital Library
Yanhui Li, Ye Yuan, Guoren Wang, Lei Chen, and Jiajia Li. 2016. Semantic-aware location privacy preservation on road networks. In Proceedings of International Conference on Database Systems for Advanced Applications (DASFAA’16). Google ScholarDigital Library
Mohamed F. Mokbel, Chi Yin Chow, and Walid G. Aref. 2006. The new Casper: Query processing for location services without compromising privacy. In Proceedings of Very Large Databases (VLDB’06). Google ScholarDigital Library
Alexandra-Mihaela Olteanu, Kvin Huguenin, Reza Shokri, and Jean-Pierre Hubaux. 2014. Quantifying the effect of co-location information on location privacy. In Proceedings of Privacy Enhancing Technologies Symposium (PETS’14).Google ScholarCross Ref
Carmen Ruiz-Vicente, Dario Freni, Claudio Bettini, and Christian Jensen. 2011. Location-related privacy in geo-social networks. IEEE Internet Computing 15 (2011), 20--27. Google ScholarDigital Library
Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011. Quantifying location privacy. In Proceedings of IEEE Symposium on Security and Privacy. Google ScholarDigital Library
Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2012. Protecting location privacy: Optimal strategy against localization attacks. In Proceedings of ACM Conference on Computer and Communications Security (CCS’12). Google ScholarDigital Library
Reza Shokri, Carmela Troncoso, Claudia Diaz, Julien Freudiger, and Jean-Pierre Hubaux. 2010. Unraveling an old cloak: K-anonymity for location privacy. In Proceedings of ACM Workshop on Privacy in the Electronic Society. Google ScholarDigital Library
George Theodorakopoulos, Reza Shokri, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2014. Prolonging the hide-and-seek game: Optimal trajectory privacy for location-based services. In Proceedings of Workshop on Privacy in the Electronic Society. Google ScholarDigital Library
Toby Xu and Ying Cai. 2009. Feeling-based location privacy protection for location-based services. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). Google ScholarDigital Library
Emre Yigitoglu, Maria Luisa Damiani, Osman Abul, and Claudio Silvestri. 2012. Privacy-preserving sharing of sensitive semantic locations under road-network constraints. In Proceedings of IEEE International Conference on Mobile Data Management (MDM’12). Google ScholarDigital Library
Man Lung Yiu, Christian Jensen, Xuegang Huang, and Hua Lu. 2008. SpaceTwist: Managing the trade-offs among location privacy, query performance, and query accuracy in mobile services. In Proceedings of IEEE International Conference on Data Engineering (ICDE’08). Google ScholarDigital Library

Index Terms

Protecting Against Velocity-Based, Proximity-Based, and External Event Attacks in Location-Centric Social Networks
1. Information systems
  1. Data management systems
  2. Information systems applications

Recommendations

Preventing velocity-based linkage attacks in location-aware applications
GIS '09: Proceedings of the 17th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

Mobile devices with positioning capabilities allow users to participate in novel and exciting location-based applications. For instance, users may track the whereabouts of their acquaintances in location-aware social networking applications, e.g., ...
Read More
Protecting location privacy using location semantics
KDD '11: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining

As the use of mobile devices increases, a location-based service (LBS) becomes increasingly popular because it provides more convenient context-aware services. However, LBS introduces problematic issues for location privacy due to the nature of the ...
Read More
Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms

Continued advances in mobile networks and positioning technologies have created a strong market push for location-based applications. Examples include location-aware emergency response, location-based advertisement, and location-based entertainment. An ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Spatial Algorithms and Systems Volume 2, Issue 2
Invited Papers from ACM SIGSPATIAL
July 2016
107 pages
ISSN:2374-0353
EISSN:2374-0361
DOI:10.1145/2960926
Editor:
Hanan Samet
University of Maryland, College Park
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 21 June 2016
- Accepted: 1 March 2016
- Revised: 1 January 2016
- Received: 1 March 2015
Published in tsas Volume 2, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Location privacy
location-aware social networks
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 297
  Total Downloads
- Downloads (Last 12 months)13
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Protecting Against Velocity-Based, Proximity-Based, and External Event Attacks in Location-Centric Social Networks

ACM Transactions on Spatial Algorithms and Systems

Abstract

References

Cited By

Index Terms

Recommendations

Preventing velocity-based linkage attacks in location-aware applications

Protecting location privacy using location semantics

Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms