A Location Privacy Attack Based on the Location Sharing Mechanism with Erroneous Distance in Geosocial Networks

Geographical social networks (GSN) is an emerging research area. For example, Foursquare, Yelp, and WeChat are all well-known service providers in this field. These applications are also known as location-based services (LBS). Previous studies have suggested that these location-based services may expose user location information. In order to ensure the privacy of the user’s location data, the service provider may provide corresponding protection mechanisms for its applications, including spatial cloaking, fuzzy location information, etc., so that the user’s real location cannot be easily cracked. It has been shown that if the positioning data provided by the user is not accurate enough, it is still difficult for an attacker to obtain the user’s true location. Taking this factor into consideration, our attack method is divided into two stages for the entire attack process: (1) Search stage: cover the area where the targeted user is located with unit discs, and then calculate the minimum dominating set. Use the triangle positioning method to find the minimum precision disc. (2) Inference phase: Considering the existence of errors, an Error-Adjusted Space Partition Attack Algorithm (EASPAA) was proposed during the inference phase. Improved the need for accurate distance information to be able to derive the user’s true location. In this study, we focus on the Location Sharing Mechanism with Maximal Coverage Limit to implement the whole attack. Experimental results show that the proposed method still can accurately infer the user’s real location even when there is an error in the user’s location information.

Download Full-text

Privacy vs. Reward in Indoor Location-Based Services

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2016-0031 ◽

2016 ◽

Vol 2016 (4) ◽

pp. 102-122 ◽

Cited By ~ 3

Author(s):

Kassem Fawaz ◽

Kyu-Han Kim ◽

Kang G. Shin

Keyword(s):

Location Privacy ◽

Indoor Localization ◽

Service Providers ◽

Location Based Services ◽

Location Information ◽

Privacy Concerns ◽

Indoor Location ◽

Location Data ◽

Personalized Services ◽

Privacy Risks

AbstractWith the advance of indoor localization technology, indoor location-based services (ILBS) are gaining popularity. They, however, accompany privacy concerns. ILBS providers track the users’ mobility to learn more about their behavior, and then provide them with improved and personalized services. Our survey of 200 individuals highlighted their concerns about this tracking for potential leakage of their personal/private traits, but also showed their willingness to accept reduced tracking for improved service. In this paper, we propose PR-LBS (Privacy vs. Reward for Location-Based Service), a system that addresses these seemingly conflicting requirements by balancing the users’ privacy concerns and the benefits of sharing location information in indoor location tracking environments. PR-LBS relies on a novel location-privacy criterion to quantify the privacy risks pertaining to sharing indoor location information. It also employs a repeated play model to ensure that the received service is proportionate to the privacy risk. We implement and evaluate PR-LBS extensively with various real-world user mobility traces. Results show that PR-LBS has low overhead, protects the users’ privacy, and makes a good tradeoff between the quality of service for the users and the utility of shared location data for service providers.

Download Full-text

ILSSPP: Intelligent location sharing system with privacy preserving features for smart cities

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-219102 ◽

2021 ◽

pp. 1-12

Author(s):

Gokay Saldamli ◽

Richard Chow ◽

Hongxia Jin

Keyword(s):

Service Providers ◽

Smart Cities ◽

User Interaction ◽

Privacy Preserving ◽

Location Based Services ◽

Third Party ◽

Location Information ◽

Fine Grained ◽

Location Sharing ◽

Social Network Structure

Social networking services are increasingly accessed through mobile devices. This trend has prompted services such as Facebook and Google+to incorporate location as a de facto feature of user interaction. At the same time, services based on location such as Foursquare and Shopkick are also growing as smartphone market penetration increases. In fact, this growth is happening despite concerns (growing at a similar pace) about security and third-party use of private location information (e.g., for advertising). Nevertheless, service providers have been unwilling to build truly private systems in which they do not have access to location information. In this paper, we describe an architecture and a trial implementation of a privacy-preserving location sharing system called ILSSPP. The system protects location information from the service provider and yet enables fine grained location-sharing. One main feature of the system is to protect an individual’s social network structure. The pattern of location sharing preferences towards contacts can reveal this structure without any knowledge of the locations themselves. ILSSPP protects locations sharing preferences through protocol unification and masking. ILSSPP has been implemented as a standalone solution, but the technology can also be integrated into location-based services to enhance privacy.

Download Full-text

Locally differentially private continuous location sharing with randomized response

International Journal of Distributed Sensor Networks ◽

10.1177/1550147719870379 ◽

2019 ◽

Vol 15 (8) ◽

pp. 155014771987037 ◽

Cited By ~ 2

Author(s):

Xingxing Xiong ◽

Shubo Liu ◽

Dan Li ◽

Jun Wang ◽

Xiaoguang Niu

Keyword(s):

Location Privacy ◽

Differential Privacy ◽

Service Providers ◽

Mobile Network ◽

Temporal Correlation ◽

Location Information ◽

Continuous Location ◽

Randomized Response ◽

Fifth Generation ◽

Location Sharing

With the growing popularity of fifth-generation-enabled Internet of Things devices with localization capabilities, as well as on-building fifth-generation mobile network, location privacy has been giving rise to more frequent and extensive privacy concerns. To continuously enjoy services of location-based applications, one needs to share his or her location information to the corresponding service providers. However, these continuously shared location information will give rise to significant privacy issues due to the temporal correlation between locations. In order to solve this, we consider applying practical local differential privacy to private continuous location sharing. First, we introduce a novel definition of [Formula: see text]-local differential privacy to capture the temporal correlations between locations. Second, we present a generalized randomized response mechanism to achieve [Formula: see text]-local differential privacy for location privacy preservation, which obtains the upper bound of error, and serve it as the basic building block to design a unified private continuous location sharing framework with an untrusted server. Finally, we conduct experiments on the real-world Geolife dataset to evaluate our framework. The results show that generalized randomized response significantly outperforms planar isotropic mechanism in the context of utility.

Download Full-text

Location Based Services for Sharing Using Trusted Server

International Journal for Research in Engineering Application & Management ◽

10.35291/2454-9150.2020.0365 ◽

2020 ◽

pp. 68-73

Keyword(s):

Social Networks ◽

Location Privacy ◽

Location Based Services ◽

Location Information ◽

Location Based Service ◽

Privacy Concerns ◽

Computational Overhead ◽

Location Sharing ◽

Current Location ◽

Cryptographic Primitive

The main aim of location-sharing is to provide current location information to their designated users. Nowadays, Location Based Service (LBS) has become one of the popular services which are provided by social networks. As LBS activity makes use of the user's identity and current location information, an appropriate path has to be utilized to protect the location privacy. However, as per our knowledge, there is no access to protecting the location sharing with the complete privacy of the location. To consider this issue, we put forward a new cryptographic primitive functional pseudonym for location sharing that make sure privacy of the data. Also, the proposed approach notably reduces the computational overhead of users by delegating part of the computation for location sharing to a server, therefore it is endurable. The primitive can be widely used in many MOSNs to authorize LBS with enhanced privacy and sustainability. As a result, it will contribute to proliferate LBS by eliminating user's privacy concerns.

Download Full-text

Enhancing Location Privacy in Location-Based Services

Intelligent Technologies and Techniques for Pervasive Computing - Advances in Computational Intelligence and Robotics ◽

10.4018/978-1-4666-4038-2.ch013 ◽

2013 ◽

pp. 238-250

Author(s):

Constantinos Delakouridis

Keyword(s):

Mobile Phones ◽

Location Privacy ◽

Service Providers ◽

Personal Information ◽

Mobile User ◽

Location Based Services ◽

Location Information ◽

Position Information ◽

Privacy Requirements ◽

Privacy Issues

Location-based services are receiving signification attention over the last few years due to the increasing use of mobile devices. At the same time, location privacy is important, since position information is considered personal information. Thus, in order to address this issue, several mechanisms have been proposed protecting the mobile user. In this chapter, the authors present an architecture to shield the location of a mobile user and preserve the anonymity on the service delivery. This architecture relies on un-trusted entities to distribute segments of anonymous location information, and authorizes other entities to combine these portions and derive the actual location of a user. The chapter describes how the architecture takes into account the location privacy requirements, and how it is used by the end users’ devices, e.g., mobile phones, for the dissemination of location information to service providers. Furthermore, it notes privacy issues for further discussion and closes with proposed exercises.

Download Full-text

Complying with Privacy Legislation: From Legal Text to Implementation of Privacy-Aware Location-Based Services

ISPRS International Journal of Geo-Information ◽

10.3390/ijgi7110442 ◽

2018 ◽

Vol 7 (11) ◽

pp. 442 ◽

Cited By ~ 1

Author(s):

Mehrnaz Ataei ◽

Auriol Degbelo ◽

Christian Kray ◽

Vitor Santos

Keyword(s):

Data Privacy ◽

Location Privacy ◽

Service Providers ◽

Location Based Services ◽

Legal Text ◽

General Data Protection Regulation ◽

Location Data ◽

Privacy Laws ◽

Technical Issues ◽

General Data

An individual’s location data is very sensitive geoinformation. While its disclosure is necessary, e.g., to provide location-based services (LBS), it also facilitates deep insights into the lives of LBS users as well as various attacks on these users. Location privacy threats can be mitigated through privacy regulations such as the General Data Protection Regulation (GDPR), which was introduced recently and harmonises data privacy laws across Europe. While the GDPR is meant to protect users’ privacy, the main problem is that it does not provide explicit guidelines for designers and developers about how to build systems that comply with it. In order to bridge this gap, we systematically analysed the legal text, carried out expert interviews, and ran a nine-week-long take-home study with four developers. We particularly focused on user-facing issues, as these have received little attention compared to technical issues. Our main contributions are a list of aspects from the legal text of the GDPR that can be tackled at the user interface level and a set of guidelines on how to realise this. Our results can help service providers, designers and developers of applications dealing with location information from human users to comply with the GDPR.

Download Full-text

Enabling Location Privacy Preservation in MANETs Based on Distance, Angle, and Spatial Cloaking

Electronics ◽

10.3390/electronics9030458 ◽

2020 ◽

Vol 9 (3) ◽

pp. 458

Author(s):

Nanlan Jiang ◽

Sai Yang ◽

Pingping Xu

Keyword(s):

Privacy Preservation ◽

Location Privacy ◽

Differential Privacy ◽

Geographic Routing ◽

Base Station ◽

Wireless Channel ◽

Location Based Services ◽

Location Information ◽

Communication Overhead ◽

Spatial Cloaking

Preserving the location privacy of users in Mobile Ad hoc Networks (MANETs) is a significant challenge for location information. Most of the conventional Location Privacy Preservation (LPP) methods protect the privacy of the user while sacrificing the capability of retrieval on the server-side, that is, legitimate devices except the user itself cannot retrieve the location in most cases. On the other hand, applications such as geographic routing and location verification require the retrievability of locations on the access point, the base station, or a trusted server. Besides, with the development of networking technology such as caching technology, it is expected that more and more distributed location-based services will be deployed, which results in the risk of leaking location information in the wireless channel. Therefore, preserving location privacy in wireless channels without losing the retrievability of the real location is essential. In this paper, by focusing on the wireless channel, we propose a novel LPP enabled by distance (ranging result), angle, and the idea of spatial cloaking (DSC-LPP) to preserve location privacy in MANETs. DSC-LPP runs without the trusted third party nor the traditional cryptography tools in the line-of-sight environment, and it is suitable for MANETs such as the Internet of Things, even when the communication and computation capabilities of users are limited. Qualitative evaluation indicates that DSC-LPP can reduce the communication overhead when compared with k-anonymity, and the computation overhead of DSC-LPP is limited when compared with conventional cryptography. Meanwhile, the retrievability of DSC-LPP is higher than that of k-anonymity and differential privacy. Simulation results show that with the proper design of spatial divisions and parameters, other legitimate devices in a MANET can correctly retrieve the location of users with a high probability when adopting DSC-LPP.

Download Full-text

An Efficient and Privacy-Preserving Multiuser Cloud-Based LBS Query Scheme

Security and Communication Networks ◽

10.1155/2018/4724815 ◽

2018 ◽

Vol 2018 ◽

pp. 1-11 ◽

Cited By ~ 5

Author(s):

Lu Ou ◽

Hui Yin ◽

Zheng Qin ◽

Sheng Xiao ◽

Guangyi Yang ◽

...

Keyword(s):

Location Privacy ◽

Security Analysis ◽

Privacy Preserving ◽

Location Based Services ◽

Third Party ◽

Location Information ◽

User Privacy ◽

User Revocation ◽

And Performance ◽

Cloud Infrastructures

Location-based services (LBSs) are increasingly popular in today’s society. People reveal their location information to LBS providers to obtain personalized services such as map directions, restaurant recommendations, and taxi reservations. Usually, LBS providers offer user privacy protection statement to assure users that their private location information would not be given away. However, many LBSs run on third-party cloud infrastructures. It is challenging to guarantee user location privacy against curious cloud operators while still permitting users to query their own location information data. In this paper, we propose an efficient privacy-preserving cloud-based LBS query scheme for the multiuser setting. We encrypt LBS data and LBS queries with a hybrid encryption mechanism, which can efficiently implement privacy-preserving search over encrypted LBS data and is very suitable for the multiuser setting with secure and effective user enrollment and user revocation. This paper contains security analysis and performance experiments to demonstrate the privacy-preserving properties and efficiency of our proposed scheme.

Download Full-text

On the Use of Optimal Stopping Theory for Secret Sharing Scheme Update

Intelligent Technologies and Techniques for Pervasive Computing - Advances in Computational Intelligence and Robotics ◽

10.4018/978-1-4666-4038-2.ch015 ◽

2013 ◽

pp. 276-295 ◽

Cited By ~ 1

Author(s):

Constantinos Delakouridis ◽

Leonidas Kazatzopoulos

Keyword(s):

Secret Sharing ◽

Information Disclosure ◽

Location Privacy ◽

Location Based Services ◽

Location Information ◽

Cloud Infrastructure ◽

Location Update ◽

Location Services ◽

Optimal Thresholds ◽

Cryptographic Techniques

The location privacy issue has been addressed thoroughly so far. Cryptographic techniques, k-anonymity-based approaches, spatial obfuscation methods, mix-zones, pseudonyms, and dummy location signals have been proposed to enhance location privacy. In this chapter, the authors propose an approach, called STS (Share The Secret) that segments and distributes the location information to various, non-trusted, entities from where it will be reachable by authenticated location services. This secret sharing approach prevents location information disclosure even in situation where there is a direct observation of the target. The proposed approach facilitates end-users or location-based services to classify flexible privacy levels for different contexts of operation. The authors provide the optimal thresholds to alter the privacy policy levels when there is a need for relaxing or strengthening the required privacy. Additionally, they discuss the robustness of the proposed approach against various adversary models. Finally, the authors evaluate the approach in terms of computational and energy efficiency, using real mobile applications and location update scenarios over a cloud infrastructure, which is used to support storage and computational tasks.

Download Full-text

Prophet: A Context-Aware Location Privacy-Preserving Scheme in Location Sharing Service

Discrete Dynamics in Nature and Society ◽

10.1155/2017/6814832 ◽

2017 ◽

Vol 2017 ◽

pp. 1-11 ◽

Cited By ~ 1

Author(s):

Jiaxing Qu ◽

Guoyin Zhang ◽

Zhou Fang

Keyword(s):

Location Privacy ◽

Behavior Patterns ◽

Location Information ◽

Context Aware ◽

Mobile Social Networks ◽

New Class ◽

Privacy Threats ◽

Temporal Correlations ◽

Location Sharing ◽

State Classification

Location sharing service has become an indispensable part in mobile social networks. However, location sharing may introduce a new class of privacy threats ranging from localizing an individual to profiling and identifying him based on the places he shared. Although users may avoid releasing geocontent in sensitive locations, it does not necessarily prevent the adversary from inferring users’ privacy through space-temporal correlations and historical information. In this paper, we design a Prophet framework, which provides an effective security scheme for users sharing their location information. First, we define fingerprint identification based on Markov chain and state classification to describe the users’ behavior patterns. Then, we propose a novel location anonymization mechanism, which adopts a ε-indistinguishability strategy to protect user’s sensitive location information published. Finally, experimental results are given to illustrate good performance and effectiveness of the proposed scheme.

Download Full-text