Databases Reference
In-Depth Information
handled in a highly secured environment and to be granted only to selected
personnel, according to the laws and regulations in force (rule 3 in Table 2).
Finally, access to statistical data about the network's operation is at a lower
criticality level, whereas they are still private information to be protected, for
example, from disclosure to competitors (rules 4 and 5 in Table 2).
In the following, we discuss location privacy issues and present a location
privacy solution suitable for location-based services along with a privacy-aware
LBAC architecture.
3 Location Privacy
Although location information can be exploited for providing enhanced ser-
vices, the high sensitivity of such an information increases concerns of users
about their privacy. Location privacy can assume several meanings and pursue
different objectives, depending on the services the users are interacting with.
The following categories of location privacy have been identified.
•
Identity privacy.
The main goal is to protect users' identities that could
be directly or indirectly inferred from location information [4, 5, 6, 16].
To this purpose, protection techniques aim at minimizing the disclosure
of the data that can let an attacker infer a user identity, such as home
and work addresses. This type of location privacy is suitable in application
contexts that do not require the identification of the users as a fundamental
information for service provisioning. For instance, many online services
provide a person with the ability to establish a relationship with some other
entities (e.g., anonymous chats) or with some applications (e.g., allergy
warning) without her personal identity being disclosed to that entity. In
this case, the best possible location measurement can be provided to the
others entities but the actual user's identity must be preserved.
•
Position privacy.
The main goal is to protect the position information of
individual users, by perturbing corresponding information and decreasing
the accuracy of location information [7, 8, 9]. Position privacy is suitable
for environments where users' identities are required for a successful ser-
vice provisioning, and less accurate location information does not severely
affect the service quality (e.g., access to services inside a production plant
or friends finder services). A technique that most solutions exploit, either
explicitly or implicitly, consists in reducing the accuracy by scaling a lo-
cation to a coarser granularity (e.g., from meters to hundreds of meters,
from a city block to the whole town).
•
Path privacy.
The main goal is to protect the privacy of information as-
sociated with users motion, such as the path followed while traveling or
walking in a urban area [17, 18, 19]. There are several location-based ser-
vices (e.g., personal navigation systems) that could be exploited to subvert
path privacy or to illicitly track users. Path privacy is the most complex
