As location-based services emerge, many people feel exposed to high privacy threats. Privacy protection is a major challenge for such applications. A broadly used approach is perturbation, which adds an ar- tificial noise to positions and returns an obfuscated measurement to the requester. Our main finding is that, unless the noise is chosen properly, these methods do not withstand attacks based on probabilistic analysis. In this paper, we define a strong adversary model that uses probability calculus to de-obfuscate the location measurements. Such a model has general applicability and can evaluate the resistance of a generic location- obfuscation technique. We then propose UniLO, an obfuscation operator which resists to such an adversary. We prove the resistance through for- mal analysis. We finally compare the resistance of UniLO with respect to other noise-based obfuscation operators.
Uniform Obfuscation for Location Privacy
DINI, GIANLUCA;PERAZZO, PERICLE
2012-01-01
Abstract
As location-based services emerge, many people feel exposed to high privacy threats. Privacy protection is a major challenge for such applications. A broadly used approach is perturbation, which adds an ar- tificial noise to positions and returns an obfuscated measurement to the requester. Our main finding is that, unless the noise is chosen properly, these methods do not withstand attacks based on probabilistic analysis. In this paper, we define a strong adversary model that uses probability calculus to de-obfuscate the location measurements. Such a model has general applicability and can evaluate the resistance of a generic location- obfuscation technique. We then propose UniLO, an obfuscation operator which resists to such an adversary. We prove the resistance through for- mal analysis. We finally compare the resistance of UniLO with respect to other noise-based obfuscation operators.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.