Reversible spatio-temporal perturbation for protecting location privacy

Abstract

Ubiquitous deployment of low-cost mobile positioning devices and widespread use of high-speed wireless networks have resulted in a rapid growth of location-based applications. While location-based services provide a wide range of life enhancing experiences to users, the exposure of location information poses significant privacy risks that can invade the users’ location privacy. Location privacy risks can be mitigated using location anonymization techniques that perturb the raw location of users to make the location indistinguishable from that of a set of other users. A fundamental limitation of traditional location anonymization techniques is that they are developed as unidirectional techniques that fail to support multi-level control of access to location data when data users have different access privileges on the exposed location information. As a result, location information once perturbed cannot be reduced in terms of anonymity or degree of perturbation even when some data users have access to fine granular information in the exposed data. Recent techniques on reversible spatial cloaking techniques employ data anonymization keys to perturb a user’s location in a pseudo-random manner such that the anonymized location information can be de-anonymized later using the anonymization keys. While reversible spatial cloaking provides support for multi-level location privacy, their performance is limited by their adopted spatial cloaking model in which the location perturbation occurs solely in the spatial domain without considering the temporal domain. Hence, reversible spatial location cloaking techniques obtain lower success rate and lower spatial resolution of the perturbed location leading to unreliable anonymization and lower service quality. This paper presents a new suite of reversible cloaking techniques that reversibly perturb location information of users using a spatio-temporal cloaking model, allowing data perturbation to occur along both spatial and temporal dimensions while still ensuring that the spatio-temporal expansion process is reversible when suitable access keys are provided. The proposed model achieves higher success rate and higher spatial resolution compared to reversible spatial cloaking. We compare our techniques through extensive experiments on real road networks. The results show that our techniques offer better QoS performance than the existing approaches and demonstrate strong attack resilience against adversarial attacks.