TY - JOUR
T1 - A reciprocal framework for spatial K-anonymity
AU - Ghinita, Gabriel
AU - Zhao, Keliang
AU - Papadias, Dimitris
AU - Kalnis, Panos
N1 - KAUST Repository Item: Exported on 2020-10-01
PY - 2010/5
Y1 - 2010/5
N2 - Spatial K-anonymity (SKA) exploits the concept of K-anonymity in order to protect the identity of users from location-based attacks. The main idea of SKA is to replace the exact location of a user U with an anonymizing spatial region (ASR) that contains at least K-1 other users, so that an attacker can pinpoint U with probability at most 1/K. Simply generating an ASR that includes K users does not guarantee SKA. Previous work defined the reciprocity property as a sufficient condition for SKA. However, the only existing reciprocal method, Hilbert Cloak, relies on a specialized data structure. In contrast, we propose a general framework for implementing reciprocal algorithms using any existing spatial index on the user locations. We discuss ASR construction methods with different tradeoffs on effectiveness (i.e., ASR size) and efficiency (i.e., construction cost). Then, we present case studies of applying our framework on top of two popular spatial indices (namely, R*-trees and Quad-trees). Finally, we consider the case where the attacker knows the query patterns of each user. The experimental results verify that our methods outperform Hilbert Cloak. Moreover, since we employ general-purpose spatial indices, the proposed system is not limited to anonymization, but supports conventional spatial queries as well. © 2009 Elsevier B.V. All rights reserved.
AB - Spatial K-anonymity (SKA) exploits the concept of K-anonymity in order to protect the identity of users from location-based attacks. The main idea of SKA is to replace the exact location of a user U with an anonymizing spatial region (ASR) that contains at least K-1 other users, so that an attacker can pinpoint U with probability at most 1/K. Simply generating an ASR that includes K users does not guarantee SKA. Previous work defined the reciprocity property as a sufficient condition for SKA. However, the only existing reciprocal method, Hilbert Cloak, relies on a specialized data structure. In contrast, we propose a general framework for implementing reciprocal algorithms using any existing spatial index on the user locations. We discuss ASR construction methods with different tradeoffs on effectiveness (i.e., ASR size) and efficiency (i.e., construction cost). Then, we present case studies of applying our framework on top of two popular spatial indices (namely, R*-trees and Quad-trees). Finally, we consider the case where the attacker knows the query patterns of each user. The experimental results verify that our methods outperform Hilbert Cloak. Moreover, since we employ general-purpose spatial indices, the proposed system is not limited to anonymization, but supports conventional spatial queries as well. © 2009 Elsevier B.V. All rights reserved.
UR - http://hdl.handle.net/10754/561439
UR - https://linkinghub.elsevier.com/retrieve/pii/S0306437909000994
UR - http://www.scopus.com/inward/record.url?scp=73049087402&partnerID=8YFLogxK
U2 - 10.1016/j.is.2009.10.001
DO - 10.1016/j.is.2009.10.001
M3 - Article
SN - 0306-4379
VL - 35
SP - 299
EP - 314
JO - Information Systems
JF - Information Systems
IS - 3
ER -