Limits of location privacy under anonymization and obfuscation
Title | Limits of location privacy under anonymization and obfuscation |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Takbiri, N., Houmansadr, A., Goeckel, D. L., Pishro-Nik, H. |
Conference Name | 2017 IEEE International Symposium on Information Theory (ISIT) |
Date Published | jun |
Keywords | anonymization, anonymization-based LBS systems, Computing Theory, data privacy, general Markov Chain model, Human Behavior, human factor, Information Theoretic Privacy, Information theory, Location Based Service (LBS), location privacy, Location Privacy Protecting Mechanism (LPPM), location-based services, Markov chain, Markov processes, Measurement, mobile computing, mobile devices, obfuscation, privacy, pubcrawl, resilience, Resiliency, Scalability, statistical analysis, Time series analysis |
Abstract | The prevalence of mobile devices and location-based services (LBS) has generated great concerns regarding the LBS users' privacy, which can be compromised by statistical analysis of their movement patterns. A number of algorithms have been proposed to protect the privacy of users in such systems, but the fundamental underpinnings of such remain unexplored. Recently, the concept of perfect location privacy was introduced and its achievability was studied for anonymization-based LBS systems, where user identifiers are permuted at regular intervals to prevent identification based on statistical analysis of long time sequences. In this paper, we significantly extend that investigation by incorporating the other major tool commonly employed to obtain location privacy: obfuscation, where user locations are purposely obscured to protect their privacy. Since anonymization and obfuscation reduce user utility in LBS systems, we investigate how location privacy varies with the degree to which each of these two methods is employed. We provide: (1) achievability results for the case where the location of each user is governed by an i.i.d. process; (2) converse results for the i.i.d. case as well as the more general Markov Chain model. We show that, as the number of users in the network grows, the obfuscation-anonymization plane can be divided into two regions: in the first region, all users have perfect location privacy; and, in the second region, no user has location privacy. |
URL | https://ieeexplore.ieee.org/document/8006631/ |
DOI | 10.1109/ISIT.2017.8006631 |
Citation Key | takbiri_limits_2017 |
- markov chain
- Time series analysis
- statistical analysis
- Scalability
- Resiliency
- resilience
- pubcrawl
- privacy
- obfuscation
- mobile devices
- mobile computing
- Measurement
- Markov processes
- anonymization
- location-based services
- Location Privacy Protecting Mechanism (LPPM)
- location privacy
- Location Based Service (LBS)
- information theory
- Information Theoretic Privacy
- human factor
- Human behavior
- general Markov Chain model
- data privacy
- Computing Theory
- anonymization-based LBS systems