Databases Reference
In-Depth Information
if they know that very accurate information about their location and service
requests is stored. Moreover, in most countries each operator has a very large
number of customers, and hence a collection of data that may be more than
sucient to implement some of the defense techniques we are proposing.
Fig. 2.
A general reference scenario
The format of a request is represented by the following triple:
IdData, ST Data, SSData
•
IdData
contains the exact user identity in the original request; when the
request is generalized it is either empty or it contains a pseudo-id.
•
STData
contains spatio-temporal information about the location of the
user performing the requests, and the time the request was issued. For
the sake of simplicity, we assume that this information is a point in 3-
dimensional space (with time being the third dimension) for the original
request, and a region in the same space for the generalized request.
•
SSData
contains parameters characterizing the required service and ser-
vice provider.
2.2 Static case
Most of the approaches presented so far in the literature [9, 16, 11, 3] have
proposed techniques to ensure a user's privacy in the case in which the at-
tacker can acquire a single request issued by that user. More specifically, these
approaches assume that:
•
the attacker is not able to
link
a set of requests i.e., to understand that
the requests have been issued by the same (anonymous) user;
•
the attacker is not able to derive private information about the issuer of a
request from the requests issued by other users.
In general, we can distinguish privacy threats according to two orthogonal
dimensions: a) threats in
static
versus
dynamic
cases, b) threats involving re-
quests from a single user (
single-issuer
case) versus threats involving requests
from different users (
multiple-issuer
case).
