Databases Reference
In-Depth Information
class of location privacy problem and can refer to identity privacy and/or
position privacy.
The above three privacy categories pose different requirements that are
fulfilled by different techniques. The heterogeneity of location privacy prob-
lems results then in a lack of a general solution able to satisfy all the privacy
requirements. In the following, different classes of techniques are discussed
and analyzed.
3.1 Location Privacy Techniques
Location privacy techniques can be partitioned into three main classes
that correspond to the different types of location privacy above-mentioned:
anonymity-based
,
policy-based
,and
obfuscation-based
. These classes are par-
tially overlapped in scope and could be potentially suitable to cover re-
quirements coming from one or more of the categories of location privacy.
Anonymity-based and obfuscation-based techniques can be usually regarded
as dual categories. While anonymity-based techniques have been primarily
defined to protect identity privacy and are less suitable for protecting posi-
tion privacy, obfuscation-based techniques are well suited for position pro-
tection and less appropriate for identity protection. Anonymity-based and
obfuscation-based techniques are well-suited for protecting path privacy. Nev-
ertheless, more studies and proposals have been focused on anonymity-based
rather than on obfuscation-based techniques. Policy-based techniques are in
general suitable for all the location privacy categories; however, they can be
dicult to understand and manage for end users.
Anonymity-based techniques
This class of techniques focus both on identity privacy and path privacy pro-
tection [4, 5, 6, 20]. Beresford and Stajano [4, 21] propose a
mix zone
model
and employs an anonymity service based on an infrastructure that delays and
reorders messages from subscribers within pre-defined zones. The mix zone
model is based on a trusted middleware positioned between location systems
and third party applications, which is responsible for limiting the information
collected by applications. An application selects a set of
application zones
rep-
resenting application interests in specific geographic areas, such as hospital,
supermarket, and so on. Users register interest in a specific set of applications
and the middleware limits the location information that such applications
can receive to the locations inside the application zones. Each user has one or
more unregistered geographical regions, called
mix zones
, where users cannot
be tracked, that is, when a user enters a mix zone her identity is mixed with
all other users in the same mix zone. The mix zones model is then aimed
at protecting long-term user movements still allowing the interaction with
many location-based services. However, the effectiveness of such a solution is
