Privacy-preserving techniques for location-based services


Recent advances in positioning techniques, small devices, GIS-based services, and ubiquitous connectivity, have enabled a large variety of location-based services able to tailor services according to the location of the individual requiring the service. Location information, however, if on one side is critical for providing customized services, on the other hand, if misused, can lead to privacy breaches. By cross-referencing location information about an individual with other information and by exploiting domain knowledge, an attacker may infer sensitive information about the individual, such as healthcare or financial information. To address such problems, different techniques have been proposed that are based on two main approaches: location cloaking, under which a suitable large region is returned to the service provider instead of the precise user location [1]; location k-anonymization, under which the location of an individual is returned to the service provider only if it is indistinguishable with respect to the location of other k-1 individuals [5, 6]. These techniques have, however, a major drawback in that they do not take into account domain knowledge, and are thus prone to location inference attacks [2]. Given a generalized location of an individual, obtained for example through location cloaking, such an attack exploits the knowledge about the semantics of spatial entities to infer bounds about the location of an individual that are more precise with respect to the generalized location. Another major drawback is that those approaches do not support personalized privacy preferences. We believe that supporting such preferences is crucial in that different individuals have different preferences with respect to which location are considered privacy-sensitive.


Privacy, network architecture, distributed systems, public policy issues

Date of this Version



Newsletter SIGSPATIAL Special SIGSPATIAL Volume 1 Issue 2, July 2009