Top

International Journal of Information Security

Published in:

28-06-2017 | Regular Contribution

Optimal noise functions for location privacy on continuous regions

Authors: Ehab ElSalamouny, Sébastien Gambs

Published in: International Journal of Information Security | Issue 6/2018

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Users of location-based services are highly vulnerable to privacy risks since they need to disclose, at least partially, their locations to benefit from these services. One possibility to limit these risks is to obfuscate the location of a user by adding random noise drawn from a noise function. In this paper, we require the noise functions to satisfy a generic location privacy notion called \(\ell \)-privacy, which makes the position of the user in a given region \(\mathcal {X}\) relatively indistinguishable from other points in \(\mathcal {X}\). We also aim at minimizing the loss in the service utility due to such obfuscation. While existing optimization frameworks regard the region \(\mathcal {X}\) restrictively as a finite set of points, we consider the more realistic case in which the region is rather continuous with a nonzero area. In this situation, we demonstrate that circular noise functions are enough to satisfy \(\ell \)-privacy on \(\mathcal {X}\) and equivalently on the entire space without any penalty in the utility. Afterward, we describe a large parametric space of noise functions that satisfy \(\ell \)-privacy on \(\mathcal {X}\), and show that this space has always an optimal member, regardless of \(\ell \) and \(\mathcal {X}\). We also investigate the recent notion of \(\epsilon \)-geo-indistinguishability as an instance of \(\ell \)-privacy and prove in this case that with respect to any increasing loss function, the planar Laplace noise function is optimal for any region having a nonzero area.

next article Optimization algorithm for k-anonymization of datasets with low information loss

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Throughout this paper, we denote the space of points (i.e., locations) by \({\mathbb {R}}^2\), while the space of Euclidean vectors is represented by \({\mathbb {E}}^2\).

Uniform \(\rho \)-tightness of a collection of distributions is a stronger version of “tightness” (cf., page 59 in [3]), which is not parametric on \(\rho \), and requires the probability masses to uniformly converge to zero outside any compact subset of \({\mathbb {E}}^2\).

Since the distinguishability is unitless (as it is a ratio between two probabilities), the unit of \(\epsilon \) is the reciprocal of the distance unit (e.g., \(\textit{km}^{-1}\)) and its numerical value depends indeed on the chosen unit for the distance.

Andrés, M.E., Bordenabe, N.E., Chatzikokolakis, K., Palamidessi, C.: Geo-indistinguishability: differential privacy for location-based systems. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS ’13, pp. 901–914. ACM, New York (2013)

Beresford, A.R., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Comput. 2(1), 46–55 (2003)CrossRef

Billingsley, P.: Convergence of Probability Measure. Wiley Series in Probability and Statistics: Probability and Statistics, 2nd edn. Wiley, New York (1999)CrossRef

Bordenabe, N.E., Chatzikokolakis, K., Palamidessi, C.: Optimal geo-indistinguishable mechanisms for location privacy. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pp. 251–262. ACM, New York (2014)

Brenner, H., Nissim, K.: Impossibility of differentially private universally optimal mechanisms. In: Proceedings of FOCS, pp. 71–80. IEEE (2010)

Chatzikokolakis, K., Palamidessi, C., Stronati, M.: A predictive differentially-private mechanism for mobility traces. In: Proceedings of PETS, LNCS, vol. 8555, pp. 21–41. Springer (2014)

Chen, R., Fung, B.C., Desai, B.C., Sossou, N.M.: Differentially private transit data publication: a case study on the montreal transportation system. In: Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’12, pp. 213–221. ACM, New York (2012)

Dwork, C.: Differential privacy. In: Proceedings of ICALP, LNCS, vol. 4052, pp. 1–12. Springer (2006)

ElSalamouny, E., Chatzikokolakis, K., Palamidessi, C.: A differentially private mechanism of optimal utility for a region of priors. In: Proceedings of the Second International Conference on Principles of Security and Trust, POST’13, pp. 41–62. Springer-Verlag, Berlin, Heidelberg (2013)

10.

ElSalamouny, E., Chatzikokolakis, K., Palamidessi, C.: Generalized differential privacy: regions of priors that admit robust optimal mechanisms. In: Horizons of the Mind. A Tribute to Prakash Panangaden: Essays Dedicated to Prakash Panangaden on the Occasion of His 60th Birthday, LNCS, vol. 8464, pp. 292–318. Springer International Publishing (2014)

11.

ElSalamouny, E., Gambs, S.: Differential privacy models for location-based services. Trans. Data Priv. 9(1), 15–48 (2016)

12.

Freudiger, J., Shokri, R., Hubaux, J.P.: Evaluating the Privacy Risk of Location-Based Services. Springer, Berlin (2012)CrossRef

13.

Gambs, S., Killijian, M., del Prado Cortez, M.N.: De-anonymization attack on geolocated data. J. Comput. Syst. Sci. 80(8), 1597–1614 (2014)MathSciNetCrossRef

14.

Gedik, B., Liu, L.: Location privacy in mobile systems: a personalized anonymization model. In: Proceedings of the 25th IEEE International Conference on Distributed Computing Systems, ICDCS ’05, pp. 620–629. IEEE Computer Society, Washington (2005)

15.

Geng, Q., Viswanath, P.: The optimal noise-adding mechanism in differential privacy. IEEE Trans. Inf. Theory 62(2), 925–951 (2016)MathSciNetCrossRef

16.

Geng, Q., Viswanath, P.: Optimal noise adding mechanisms for approximate differential privacy. IEEE Trans. Inf. Theory 62(2), 952–969 (2016)MathSciNetCrossRef

17.

Ghosh, A., Roughgarden, T., Sundararajan, M.: Universally utility-maximizing privacy mechanisms. In: Proceedings of STOC, pp. 351–360. ACM (2009)

18.

Golle, P., Partridge, K.: On the Anonymity of Home/Work Location Pairs. Springer, Berlin (2009)

19.

Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, MobiSys ’03, pp. 31–42. ACM, New York (2003)

20.

Gupte, M., Sundararajan, M.: Universally optimal privacy mechanisms for minimax agents. In: Proceedings of PODS, pp. 135–146. ACM (2010)

21.

Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Enhancing security and privacy in traffic-monitoring systems. IEEE Pervasive Comput. 5(4), 38–46 (2006)CrossRef

22.

Krumm, J.: Inference Attacks on Location Tracks. Springer, Berlin (2007)CrossRef

23.

Leskovec, J.: Gowalla. https://snap.stanford.edu/data/loc-gowalla.html (2010). Accessed 2 July 2016

24.

Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity—a proposal for terminology. In: Designing Privacy Enhancing Technologies, LNCS, vol. 2009, pp. 1–9. Springer, Berlin (2001)

25.

Salamon, D.: Measure and Integration. EMS Textbooks in Mathematics. European Mathematical Society, Zürich (2016)

26.

Shokri, R., Theodorakopoulos, G., Danezis, G., Hubaux, J.P., Le Boudec, J.Y.: Quantifying location privacy: The case of sporadic location exposure. In: Proceedings of PETS, LNCS, vol. 6794, pp. 57–76. Springer, Berlin (2011)CrossRef

27.

Shokri, R., Theodorakopoulos, G., Le Boudec, J.Y., Hubaux, J.P.: Quantifying location privacy. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP ’11, pp. 247–262. IEEE Computer Society, Washington (2011)

28.

Shokri, R., Theodorakopoulos, G., Troncoso, C., Hubaux, J.P., Le Boudec, J.Y.: Protecting location privacy: optimal strategy against localization attacks. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, pp. 617–627. ACM, New York (2012)

29.

Shokri, R., Troncoso, C., Diaz, C., Freudiger, J., Hubaux, J.P.: Unraveling an old cloak: k-anonymity for location privacy. In: Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society, WPES ’10, pp. 115–118. ACM, New York (2010)

30.

van der Vaart, A., Wellner, J.: Weak Convergence and Empirical Processes: With Applications to Statistics. Springer Series in Statistics. Springer, New York (1996)CrossRef

Title: Optimal noise functions for location privacy on continuous regions
Authors: Ehab ElSalamouny
Sébastien Gambs
Publication date: 28-06-2017
Publisher: Springer Berlin Heidelberg
Published in: International Journal of Information Security / Issue 6/2018
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-017-0384-y

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 6/2018

A framework for estimating information security risk assessment method completeness

Optimization algorithm for k-anonymization of datasets with low information loss

Talos: no more ransomware victims with formal methods

DomainProfiler: toward accurate and early discovery of domain names abused in future

Comparing apples with apples: performance analysis of lattice-based authenticated key exchange protocols

OnionDNS: a seizure-resistant top-level domain

Premium Partner