Query m-Invariance: Preventing Query Disclosures in Continuous Location-Based Services

Dewri, Rinku; Ray, Indrakshi; Whitley, Darrell

doi:10.1109/mdm.2010.52

Cited by 44 publications

(29 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Enforcing properties such as k-anonymity ensures that users will not be uniquely located inside a region in a given period of time. Multiple other suggestions are available on how the cloaking region should be formed [2,7,16,19]. Kalnis et al proposed that all obfuscation methods should satisfy the reciprocity property [13] in order to prevent inversion attacks where knowledge of the underlying anonymizing algorithm can be used to identify the actual user.…”

Section: Related Workmentioning

confidence: 99%

Location Privacy for Rank-based Geo-Query Systems

Eltarjaman

Dewri

Thurimella

2017

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

Abstract:The mobile eco-system is driven by an increasing number of location-aware applications. Consequently, a number of location privacy models have been proposed to prevent the unwanted inference of sensitive information from location traces. A primary focus in these models is to ensure that a privacy mechanism can indeed retrieve results that are geographically the closest. However, geo-query results are, in most cases, ranked using a combination of distance and importance data, thereby producing a result landscape that is periodically flat and not always dictated by distance. A privacy model that does not exploit this structure of geo-query results may enforce weaker levels of location privacy. Towards this end, we explore a formal location privacy principle designed to capture arbitrary similarity between locations, be it distance, or the number of objects common in their result sets. We propose a composite privacy mechanism that performs probabilistic cloaking and exponentially weighted sampling to provide coarse grain location hiding within a tunable area, and finer privacy guarantees under the principle inside this area. We present extensive empirical evidence to supplement claims on the effectiveness of the approach, along with comparative results to assert the stronger privacy guarantees.

show abstract

Section: Related Workmentioning

confidence: 99%

Location Privacy for Rank-based Geo-Query Systems

Eltarjaman

Dewri

Thurimella

2017

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, this type of techniques may lead to large cloaking boxes resulting in higher query processing cost as users may not always move together. [14] identifies that location cloaking algorithms with only k-anonymity and l-diversity guarantee are not effective for continuous LBS and therefore propose query m-invariance as a necessary criterion when dealing with continuous location queries. However, m-invariance based approach is ineffective when the mobile users ask uniquely different CQ services as they move on the road.…”

Section: Related Workmentioning

confidence: 99%

Anonymizing continuous queries with delay-tolerant mix-zones over road networks

Palanisamy

Liu

Lee

et al. 2013

Distrib Parallel Databases

View full text Add to dashboard Cite

This paper presents a delay-tolerant mix-zone framework for protecting the location privacy of mobile users against continuous query correlation attacks. First, we describe and analyze the continuous query correlation attacks (CQ-attacks) that perform query correlation based inference to break the anonymity of road networkaware mix-zones. We formally study the privacy strengths of the mix-zone anonymization under the CQ-attack model and argue that spatial cloaking or temporal cloaking over road network mix-zones is ineffective and susceptible to attacks that carry out inference by combining query correlation with timing correlation (CQ-timing attack) and transition correlation (CQ-transition attack) information. Next, we introduce three types of delay-tolerant road network mix-zones (i.e., temporal, spatial and spatio-temporal) that are free from CQ-timing and CQ-transition attacks and in contrast to conventional mix-zones, perform a combination of both location mixing and identity mixing of spatially and temporally perturbed user locations to achieve stronger anonymity under the CQ-attack model. We show that by combining temporal and spatial delay-tolerant mix-zones, we can obtain the strongest anonymity for continuous queries while making acceptable tradeoff between anonymous query processing cost and temporal delay incurred in anonymous query processing. We evaluate the proposed techniques through extensive experiments conducted on realistic traces produced by GTMobiSim on different scales of geographic maps. Our experiments show that the proposed techniques offer high level of anonymity and attack resilience to continuous queries.

show abstract

“…Riboni et al [38] identify the threat and make use of t-closeness to guarantee that the distance between the distribution over the queries from an issuer's generalised region and that of the whole region is below a threshold. Dewri et al [14] identify a scenario in continuous LBSs which has both associated and recurrent requests. They propose m-invariance to ensure that in addition to k fixed users shared by the associated requests, at least m different queries are generated from each generalised region.…”

Section: Context-aware Privacy Analysismentioning

confidence: 99%

Protecting query privacy in location-based services

Chen

Pang

2013

Geoinformatica

View full text Add to dashboard Cite

The popularity of location-based services (LBSs) leads to severe concerns on users' privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacypreserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts-user prof iles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users' query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users' query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users' privacy requirements This article is a revised and extended version of our two conference papers [7,8].Xihui Chen is supported by an AFR PhD grant from the National Research Fund, Luxembourg.

show abstract

Query m-Invariance: Preventing Query Disclosures in Continuous Location-Based Services

Cited by 44 publications

References 15 publications

Location Privacy for Rank-based Geo-Query Systems

Location Privacy for Rank-based Geo-Query Systems

Anonymizing continuous queries with delay-tolerant mix-zones over road networks

Protecting query privacy in location-based services

Contact Info

Product

Resources

About