TY - JOUR
T1 - Privacy for LBSs: On using a footprint model to face the enemy
AU - Conti, Mauro
AU - Pietro, Roberto Di
AU - Marconi, Luciana
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2015/1/1
Y1 - 2015/1/1
N2 - User privacy in Location Based Services (LBSs) is still in need of effective solutions. A new privacy model for LBSs has been recently proposed based on users’ footprints—these being a representation of the amount of time a user spends in a given area. The model is claimed to be independent from the specific knowledge of the adversary about users’ footprints. Despite this claim, we show in this chapter that when the adversary has a knowledge that differs from the one considered for the anonymization procedure, the model is not valid. Further, we generalize this weakness of the model and show that it is highly probable that the footprint model provides: (i) either a privacy level lower than the expected one; or, (ii) a LBS information coarser than what would be required for anonymization purposes.We support our claim via analysis: modeling the footprints data as an hypercube model; with a simple example to grasp the main problem; and, with the study of a real data set of traces of mobile users. Finally, we also investigate which properties must hold for both the anonymiser and the adversary knowledge, in order to guarantee an effective level of user privacy.
AB - User privacy in Location Based Services (LBSs) is still in need of effective solutions. A new privacy model for LBSs has been recently proposed based on users’ footprints—these being a representation of the amount of time a user spends in a given area. The model is claimed to be independent from the specific knowledge of the adversary about users’ footprints. Despite this claim, we show in this chapter that when the adversary has a knowledge that differs from the one considered for the anonymization procedure, the model is not valid. Further, we generalize this weakness of the model and show that it is highly probable that the footprint model provides: (i) either a privacy level lower than the expected one; or, (ii) a LBS information coarser than what would be required for anonymization purposes.We support our claim via analysis: modeling the footprints data as an hypercube model; with a simple example to grasp the main problem; and, with the study of a real data set of traces of mobile users. Finally, we also investigate which properties must hold for both the anonymiser and the adversary knowledge, in order to guarantee an effective level of user privacy.
UR - https://link.springer.com/10.1007/978-3-319-09885-2_10
UR - http://www.scopus.com/inward/record.url?scp=84927139035&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-09885-2_10
DO - 10.1007/978-3-319-09885-2_10
M3 - Article
SN - 1860-949X
VL - 567
SP - 169
EP - 195
JO - Studies in Computational Intelligence
JF - Studies in Computational Intelligence
ER -