Database Reference
In-Depth Information
ity of a user can be used in order to infer their location during successive
time instants. For example, for two successive zones containing a user,
the velocity of the user provides implicit limits on where they may or
may not be found at any given time. The work in [30] protects against
such kinds of privacy attacks. The work in [68] improves these methods
by introducing temporal delays. However, none of these methods can
provably protect privacy, when an adversary knows the system that is
used for anonymization. The work in [74] designs a scheme which can
preserve the privacy of sensitive user locations in the presence of such
powerful background knowledge.
Location privacy systems can also be understood in terms of
Quality of
Service (QoS)
models in response to user location queries. Such models
consider the fact that the use of generalization (eg. spatial and tem-
poral cloaking) and suppression (eg. dropping a trajectory from query
output) for privacy preservation reduces the accuracy of responses to
user-queries. Therefore, a significant amount of research has also been
focussed on performing the privacy-preservation with a focus on main-
taining certain levels of QoS for privacy preservation [17, 67, 125, 149].
These methods generally work with optimizing common models for
k
-
anonymity and
-diversity, with a specific focus on improving the QoS
foruserqueries.
Finally, it has been recognized, that in many mobile sensing applica-
tions, it is not required to collect the individual sensor streams, but one
may only desire to compute the aggregate statistics from these sensors.
For example, many location-based vehicular services are designed into
the national transportation infrastructure in many countries. These in-
clude usage- or congestion-based road pricing, trac law enforcement,
trac monitoring, and vehicle safety systems. Such applications often
require the computation of aggregate statistics, but poorly chosen im-
plementations can result in violations of privacy. For example, the GPS
monitoring of cars as they arrive, or the use of surveillance cameras and
toll transponders can result in privacy violations.
In the context of such applications, the following functionalities need
to be provided:
In many applications, some centralized server needs to compute a
function of a car's
path
, which is essentially a list of time-position
tuples. A system called
VPriv
[134] provides a protocol to compute
path functions in a way, such that it does not reveal anything
more than the result of the function to the server. In addition, an
enforcement mechanism is provided (using random spot checks)
that allows the server and application to handle misbehaving cars.
