TY - GEN
T1 - Geo-indistinguishability
T2 - 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
AU - Andrés, Miguel E.
AU - Bordenabe, Nicolás E.
AU - Chatzikokolakis, Konstantinos
AU - Palamidessi, Catuscia
PY - 2013/12/9
Y1 - 2013/12/9
N2 - The growing popularity of location-based systems, allowing unknown/untrusted servers to easily collect huge amounts of information regarding users' location, has recently started raising serious privacy concerns. In this paper we introduce geoind, a formal notion of privacy for location-based systems that protects the user's exact location, while allowing approximate information - typically needed to obtain a certain desired service - to be released. This privacy definition formalizes the intuitive notion of protecting the user's location within a radius r with a level of privacy that depends on r, and corresponds to a generalized version of the well-known concept of differential privacy. Furthermore, we present a mechanism for achieving geoind by adding controlled random noise to the user's location. We describe how to use our mechanism to enhance LBS applications with geo-indistinguishability guarantees without compromising the quality of the application results. Finally, we compare state-of-the-art mechanisms from the literature with ours. It turns out that, among all mechanisms independent of the prior, our mechanism offers the best privacy guarantees.
AB - The growing popularity of location-based systems, allowing unknown/untrusted servers to easily collect huge amounts of information regarding users' location, has recently started raising serious privacy concerns. In this paper we introduce geoind, a formal notion of privacy for location-based systems that protects the user's exact location, while allowing approximate information - typically needed to obtain a certain desired service - to be released. This privacy definition formalizes the intuitive notion of protecting the user's location within a radius r with a level of privacy that depends on r, and corresponds to a generalized version of the well-known concept of differential privacy. Furthermore, we present a mechanism for achieving geoind by adding controlled random noise to the user's location. We describe how to use our mechanism to enhance LBS applications with geo-indistinguishability guarantees without compromising the quality of the application results. Finally, we compare state-of-the-art mechanisms from the literature with ours. It turns out that, among all mechanisms independent of the prior, our mechanism offers the best privacy guarantees.
KW - differential privacy
KW - location obfuscation
KW - location privacy
KW - location-based services
KW - planar laplace distribution
U2 - 10.1145/2508859.2516735
DO - 10.1145/2508859.2516735
M3 - Conference contribution
AN - SCOPUS:84889037772
SN - 9781450324779
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 901
EP - 914
BT - CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Y2 - 4 November 2013 through 8 November 2013
ER -