Query m-Invariance: Preventing Query Disclosures in Continuous Location-Based Services

Location obfuscation using cloaking regions preserves location anonymity by hiding the true user among a set of other equally likely users. Furthermore, a cloaking region should also guarantee that the type of queries issued by users within the region are mutually diverse enough. The first requirement is fulfilled by satisfying location k-anonymity while the second one is ensured by satisfying query l-diversity. However, these two models are not sufficient to prevent the association of queries to users when the service depends on continuous location updates. Successive cloaking regions for a user may be k-anonymous and query l-diverse but still be prone to correlation attacks. In this paper, we provide a formal analysis of the privacy risks involved in a continuous location-based service, and show how continuous queries can invalidate the privacy guarantees provided by k-anonymity and l-diversity. Drawing upon the principle of m-invariance in database privacy, we show how query m-invariance can provide location and query privacy in continuous services.

[1]  Sushil Jajodia,et al.  ProvidentHider: An Algorithm to Preserve Historical k-Anonymity in LBS , 2009, 2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware.

[2]  Yufei Tao,et al.  M-invariance: towards privacy preserving re-publication of dynamic datasets , 2007, SIGMOD '07.

[3]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[4]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[5]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[6]  Marco Gruteser,et al.  Protecting privacy, in continuous location-tracking applications , 2004, IEEE Security & Privacy Magazine.

[7]  Roger Barga,et al.  Proceedings of the 22nd International Conference on Data Engineering Workshops, ICDE 2006, 3-7 April 2006, Atlanta, GA, USA , 2006, ICDE Workshops.

[8]  Chi-Yin Chow,et al.  Enabling Private Continuous Queries for Revealed User Locations , 2007, SSTD.

[9]  Sushil Jajodia,et al.  Preserving Anonymity of Recurrent Location-Based Queries , 2009, 2009 16th International Symposium on Temporal Representation and Reasoning.

[10]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[11]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[12]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[13]  Marco Gruteser,et al.  USENIX Association , 1992 .

[14]  Proceedings of the 23rd International Conference on Data Engineering Workshops, ICDE 2007, 15-20 April 2007, Istanbul, Turkey , 2007, ICDE Workshops.

[15]  Xian Liu,et al.  Encoding and Decoding the Hilbert Order , 1996, Softw. Pract. Exp..

[16]  Ying Cai,et al.  Location anonymity in continuous location-based services , 2007, GIS.

[17]  Kien A. Hua,et al.  Query l-diversity in Location-Based Services , 2009, 2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware.

[18]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[19]  Marco Gruteser,et al.  Protecting Location Privacy Through Path Confusion , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).