Feeling based location privacy protection for location based services
1 / 23

Feeling-based Location Privacy Protection for Location-based Services - PowerPoint PPT Presentation

  • Uploaded on

CS587x Lecture Department of Computer Science Iowa State University Ames, IA 50011. Feeling-based Location Privacy Protection for Location-based Services. Location-based Services. Dilemma. Users have to report their locations to LBS providers

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Feeling-based Location Privacy Protection for Location-based Services' - tyme

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Feeling based location privacy protection for location based services

CS587x Lecture

Department of Computer Science

Iowa State University

Ames, IA 50011

Feeling-based Location Privacy Protection for Location-based Services


  • Users have to report their locations to LBS providers

  • LBS providers may abuse the collected location data

Location exposure presents significant threats
Location Exposure Presents Significant Threats

  • Threat1: Anonymity of service use

    • A user may not want to be identified as the subscriber

  • E.g., where is the nearest

  • Threat2: Location privacy

    • A user may not want to reveal where she is

  • E.g., a query is sent from

Restricted space identification

  • A user’s location can be correlated to her identity

  • E.g., a location belonging to a private property indicates the user is most likely the property owner


  • A single location sample may not be linked to an individual, but a time-series sequence will do


  • Once the user is identified

  • All her visits may be disclosed

Location depersonalization
Location Depersonalization

  • Protect anonymous use of service

    • Cloak the service user with her neighbors

    • Location privacy leak

  • Protect location privacy

    • Cloak the service user with nearby footprints

    • Adversary cannot know who’s there when the service is requested


  • Privacy modeling

    • Users specify their desired privacy with a number K

    • Privacy is about personal feeling, and it is difficult for users to choose a K value

  • Robustness

    • Just ensuring each cloaking region has been visited by K people may NOT provide protection at level K

      • It has to do with footprints distribution

Our solution

  • Feeling-based modeling

    • A user specifies a public region

      • A spatial region which a user feels comfortable that it is reported as her location should she request a service inside it

    • The public region becomes her privacy requirement

      • All location reported on her behalf will be at least as popular as the public region she identifies


  • How to measure the privacy level of a region?

  • The privacy level is determined by

    • Number of visitors

    • Footprints distribution

  • A good measure should involve both factors


  • We borrow the concept of entropy

    • Entropy of R is computed using the number of footprints in R belonging to different users

    • Entropy of R is E(R) =

      • Its value denotes the amount of information needed for the adversary to identify the client


Popularity of R is P(R) = 2E(R)

Its value denotes the actual number of users among which the client is indistinguishable

Popularity is a good measure of privacy

More visitors – higher popularity

More evener distribution – higher popularity

Location cloaking with our privacy model
Location Cloaking with Our Privacy Model

  • Sporadic LBSs

    • Each location update is independent

    • Cloaking strategy: Ensuring each reported location is a region which has a popularity no less than P(R)

  • Continuous LBSs

    • A sequence of location updates which form a trajectory

    • The strategy for sporadic LBSs may not work

      • Adversary may identify the common set of visitors

P populous trajectory
P-Populous Trajectory

  • We should compute the popularity of cloaking boxes with respect to a common user set, called cloaking set

    • Only the footprints of users in the cloaking set are considered in entropy computation

    • Entropy w.r.t. cloaking set U is

    • Popularity w.r.t. U is PU(R) = 2Eu(R)

  • P-Populous Trajectory(PPT)

    • The popularity of each cloaking box in the trajectory w.r.t. a cloaking set is no less than P(R)

Footprint indexing
Footprint Indexing

  • Grid-based pyramid structure

    • 4i-1 cells at level i

    • Cells at the bottom level keep the footprint index

Trajectory cloaking
Trajectory Cloaking

  • To receive an LBS, a client needs to submit

    • Public region R

    • Travel bound B

    • Location updates repeatedly during her travel

  • In response, the server will

    • Generate a cloaking box for each location update

    • Ensure the sequence of cloaking boxes form a PPT


  • How to find the cloaking set?

    • Basic solution: Finding the users who have footprints closest to the service-user

  • Resolution becomes worse

  • There may exist another cloaking set which leads to a finer average resolution

Selecting cloaking set

  • Observation

    • Popular user: Who have footprints spanning the entire travel bound B

    • Cloaking with popular users tends to have a fine cloaking resolution

      • Easy to find their footprints close to the service user no matter where she moves

  • Idea

    • Use the most popular users as the cloaking set

Finding most popular users

  • l-popular : the user has visited all cells at level l overlapping with B

  • Larger l : more popular user

  • E.g.

  • u1, u2, u3 : 2-popular

  • u2, u3 : 3-popular

  • u3: 4-popular

  • Strategy: Sort users by the level l, and choose the most popular ones as the cloaking set

Cloaking client s location
Cloaking Client’s Location

  • Let S be the cloaking set, p be the client’s location, we cloak p in three steps

    • Find closest footprints to p for each user in S

    • Compute the minimal bounding box of these footprints, say b

    • Calculate PS(b)

      • If PS(b) < P(R), for each user find her closest footprint to p among her footprints outside b, and goto 2.

      • If PS(b) ≥ P(R), b is reported as the client’s location


  • We implement two other strategies for comparison

    • Naive cloaks each location independently

    • Plain selects cloaking set by finding footprints closest to service user’s start position

  • Performance metrics

    • Cloaking area

  • Protection level


  • Location privacy aware gateway (LPAG)

    • A prototype which involves location privacy protection into a real LBS system

    • Two software components

  • LBS system: Spatial messaging


  • Feeling-based privacy modeling for location privacy protection in LBSs

    • Public region instead of K value

  • Trajectory cloaking

    • Algorithm, simulation, experiment

  • Future work

    • Investigate attacks other than restricted space identification

      • Observation implication attack