Database Reference
In-Depth Information
An
obfuscated
position (another term for cloaked region) is a coarse region
including the exact user's location. Therefore the service provider does know
that the user is located in the cloaked region, but has no clue where exactly
the user is located. A popular obfuscation method, which is often used in
commercial applications, replaces the actual position with a predefined region
chosen in a taxonomy of locations at different granularities, for example,
street, zip code area, city. Unfortunately, predefined locations can be too
broad to ensure an appropriate quality of service, for example, a zip code
region can cover an area of few squared kilometers, or conversely can be
too small to provide privacy guarantees, for example, a short street. Another
simple method obfuscates the position with a circle of user-defined radius
and random center containing the actual position. In other solutions, the size
of the obfuscated region can be the result of a trade-off between privacy and
position accuracy. Moreover, the transmission of the position can be also
delayed a while to cloak the temporal dimension.
Cryptographic protocols
define techniques for the secure collaboration of
different parties. An example of cryptographic protocol used for privacy
protection in LBS is PIR (private information retrieval). This technique allows
users to issue a query without disclosing to the LBS provider the information
that is requested as well as the information being returned. In this sense this
technique protects both the identity and the location. The method ensures
the maximum privacy. However, it incurs high computational costs and can
be only applied to certain categories of queries, for example, the retrieval of
stationary objects (i.e., nonmobile objects).
One specific problem that may arise when the position is obfuscated by a coarse
region is that consecutive positions in the user's trajectory are correlated, that is,
the presence in one region constrains the position in the subsequent regions. This
information can be exploited to prune the obfuscated regions and more precisely
delimitate the user's position. To prevent this inference when the maximum
speed of the user is known (e.g., the user can be a pedestrian, a car driver, a
cyclist, and so on) and the movement is frequently sampled, that is, the position
is continuously reported, an approach is to modify the position in space and
time before it is released. This form of privacy leak is also called
velocity-based
linkage attack
.
Semantic Location Privacy
Semantic location privacy is a form of location privacy that aims at prevent-
ing data collectors from identifying the semantic locations in which users
stay, for example, hospitals, religious buildings, and so on. Forestalling this
type of inference is important for the construction of privacy-aware semantic
trajectories.
