This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: A Comparison of Spatial Generalization Algorithms for LBS Privacy Preservation Sergio Mascetti Claudio Bettini DICo, University of Milan, Italy Abstract Spatial generalization has been recently proposed as a technique for the anonymization of requests in location based services. This paper presents the results of an extensive experimental study, considering known gen- eralization algorithms as well as new ones proposed by the authors. 1 Introduction Location-based services (LBS) have been recently attracting a lot of interest both from industry and re- search. When using these services, many users may be concerned with giving up one more piece of their pri- vate information by revealing their exact location, or by releasing the information of having used a partic- ular service. More generally, the association between the real identity of the user issuing a LBS request and the request itself as it reaches the service provider can be considered a privacy threat. Previous works ([3, 6, 5]) showed that simply drop- ping the issuers personal identification data may not be sufficient to anonymize the request. For example, the location and time information contained in the re- quest may be used, with the help of external knowl- edge about the location of certain users, to restrict the group of possible issuers. A notion of spatio-temporal k-anonymity was proposed as a possible solution to guarantee users privacy. The idea is to generalize the location (and time) information contained in a LBS re- quest so that, based on that information, there are at least k potential issuers. This technique implicitly assumes that information about the spatio-temporal position of a sufficient num- ber of potential users of the service is available to the entity performing anonymization. The typical scenario assumes the existence of a Location-aware Trusted Server (LTS) that can gather this information; the LTS receives the LBS requests from the users, it performs the appropriate generalization (also hiding explicitly identifying values), and it forwards the generalized re- quest to a Service Provider (SP). The answer from the SP is also routed through the LTS to be redirected to the specific user with a refined result when possible . The design of a spatio-temporal generalization algo- rithm has two goals: i) to guarantee the users privacy by insuring that a sufficiently large number of poten- tial users have a spatio-temporal position contained in the released region, and ii) to preserve the quality of service by minimizing the generalization. Existing ap- proaches to generalization try to optimize the trade-off between these two goals. As formalized in , the anonymization power of generalization also depends on the assumptions about the knowledge available to the attacker. Most of recent approaches [3, 6, 5] have proposed generalization tech- niques that achieve anonymity even in the pessimistic case in which the attacker may acquire the knowledge about the exact location of each user. However, someabout the exact location of each user....
View Full Document
This note was uploaded on 10/19/2009 for the course CNT 5517 taught by Professor Helal during the Fall '09 term at University of Florida.
- Fall '09