Personalized Location Privacy Research Articles

A Personalized Location Privacy Protection System in Mobile Crowdsourcing

A Personalized Location Privacy Protection System in Mobile Crowdsourcing

Combining blockchain and crowd-sensing for location privacy protection in Internet of vehicles

With the rapid development of Internet of Vehicles (IoV), crowd-sensing based on IoV is widely used in various fields. Traditional crowd-sensing uses a third-party service platform for information interaction, which has problems of worker location privacy leakage and imbalanced participation task fairness. To solve these problems, this paper proposes a combination of blockchain and crowd-sensing for location privacy protection (BCS-LPP) method in IoV. First, blockchain is introduced into BCS-LPP to prevent the leakage of user information by third-party service platforms. Second, providing workers with personalized location privacy level options, combined with Geohash encoding and order-preserving encryption to safeguard the confidentiality of workers' location privacy information. Finally, the fairness of worker participation in tasks and the quality of sensing data are guaranteed by verifying the sensing locations submitted by workers. Using real datasets, BCS-LPP is compared with existing schemes through experimental simulation. BCS-LPP can better ensure the quality of sensing data, protect workers' location privacy information, and enhance the fairness of user participation in tasks.

PPVC: Towards a Personalized Local Differential Privacy-Preserving Scheme for V2G Charging Networks

The rapid development of electric vehicles provides users with convenience of life. When users enjoy the V2G charging service, privacy leakage of their charging location is a crucial security issue. Existing privacy-preserving algorithms for EV access to charging locations suffer from the problem of nondefendable background knowledge attacks and privacy attacks by untrustworthy third parties. We propose a personalized location privacy protection scheme (PPVC) based on differential privacy to meet users’ personalized EV charging requirements while protecting their privacy. First, by constructing a decision matrix, PPVC describes recommended routes’ utility and privacy effects. Then, a utility model is constructed based on the multiattribute theory. The user’s privacy preferences are integrated into the model to provide the route with the best utility. Finally, considering the privacy preference needs of users, the Euclidean distance share is used to assign appropriate privacy budgets to users and determine the generation range of false locations to generate the service request location with the highest utility. The experimental results show that the proposed personalized location privacy protection scheme can meet the service demands of users while reasonably protecting their privacy to provide higher service quality. Compared with existing solutions, PPVC improves the charging efficiency by up to 25%, and 8% at the same privacy protection level.

Personalized Location Privacy Trading in Double Auction for Mobile Crowdsensing

Personalized Location Privacy Trading in Double Auction for Mobile Crowdsensing

Personalized Location Privacy Protection for Location-Based Services in Vehicular Networks

Location-based services (LBSs) are widely used in vehicular networks. Privacy leakage from LBS is a key issue to be solved. However, the existing schemes fail to provide differentiated protection for users’ different locations, which may lead to the leakage of location information. In this paper, we propose a personalized location privacy protection scheme based on differential privacy to protect the privacy of location-based services in vehicular networks. Firstly, we propose a normalized decision matrix to describe the efficiency and the privacy effect of navigation recommendations. We then establish a utility model integrated with users’ privacy preferences to compute the effective driving route. Secondly, for different service request locations in the driving route, we define sensitivity distance as an index to quantify their privacy requirements. The privacy budget will be added to the service request location to generate a false location. Moreover, due to the limitation of road range in the driving route, if the privacy budget value allocated is small enough, the false location generated by the Plane Laplace will be deviated. As a result, the attacker can deduce users’ real request locations. Consequently, considering the factors of trajectory leakage, attack strategy and QoS, we establish a multi-objective optimization model to optimize the false location. Based on the real data set, we conduct a series of comparison simulations to evaluate the performance of the proposed scheme. The experimental results demonstrate that our scheme can satisfy users’ personalized services needs and provide an optimal solution to privacy and QoS.

MAPP: An efficient multi-location task allocation framework with personalized location privacy-protecting in spatial crowdsourcing

Due to its wide coverage and strong scalability, spatial crowdsourcing (SC) has become a research hotspot in recent years. In order to assign tasks to closer workers, it is necessary for workers to provide accurate locations to the server. However, it will result in the leakage of the participants’ location privacy. Existing works provide each worker with the same level of location privacy protection, which cannot meet the different privacy requirements of various workers. In addition, most works assume that the tasks are single-location tasks, and do not consider multi-location tasks. In this paper, we propose the Multi-location Task Allocation Problem with personalized location privacy protection (MLTAP). As far as we know, we are the first to study MLTAP. We propose a Multi-location task Allocation framework with Personalized location Privacy-protecting (MAPP). In order to allocate tasks efficiently, we use the R-tree to store workers and minimum bounding rectangle to represent multi-location tasks, thus filtering the unreachable workers for tasks. To better eliminate the adverse effect of location confusion, the SC server sorts candidate workers by the ranking metrics and allocates multi-location tasks efficiently. Finally, we conduct experiments to verify that MAPP has good performance in terms of utility.

Personalized Location Privacy With Road Network-Indistinguishability

The proliferation of location-based services (LBS) leads to increasing concern about location privacy. Location obfuscation is a promising privacy-preserving technique but yet to be adequately tailored for vehicles in road networks. Existing obfuscation schemes are based primarily on the Euclidean distances and can lead to infeasible results, e.g., off-road locations. In this paper, we define Road Network-Indistinguishability (RN-I) to evaluate obfuscation-based location privacy-preserving schemes in road networks. To protect drivers’ location privacy in road networks, we propose a Personalized Location Privacy-Preserving (PLPP) scheme and prove it achieves RN-I. The PLPP scheme employs a dual-obfuscation algorithm, consisting of a connection perturbation and an interval perturbation, to obfuscate on-road locations. An efficient personalization algorithm is designed for the PLPP scheme to fine-tune location privacy budgets for capturing drivers’ sensitive locations and privacy requirements. Experiments upon two real-world datasets confirm the location privacy-preserving capability, data utility, and efficiency of the proposed PLPP scheme.

A location-based privacy-preserving oblivious sharing scheme for indoor navigation

In recent years, with the rapid development of wireless communication technology and mobile devices, etc., indoor localization and navigation using WiFi sensing are increasingly being widely employed in life. On this basis, various applications of location-based services have been rapidly developed. However, when users enjoy the location query service of LBS providers, there is a risk of exposing personal information and location privacy simultaneously. In particular, the sensitive information about users based on their location privacy can be inferred by malicious users. Therefore, how to implement location hiding, query privacy protection and query result feedback at the same time is one of the crucial issues of LBS privacy protection. A novel oblivious data sharing scheme employing the designed 1-out-of-n oblivious transfer protocol is proposed to achieve an efficient location-based service for users while effectively hiding location coordinates and protecting the privacy of users and servers. In addition, once a user accesses the same keyword several times, the server is bound to be able to master the accessed frequency of keywords. For this reason, the string length-based transformation algorithm based on private information retrieval is designed and added as a part of OT protocol, which effectively reduces the communication overhead and ensures the privacy of required keywords. The security and performance analysis indicate that the proposed protocol can be instantiated in indoor navigation with high security and efficiency.

Location-privacy preserving partial nearby friends querying in urban areas

This work studies the location-privacy preserving proximity querying in the context of proximity-based services (PBSs), a special kind of location-based services (LBSs). The users register with the trusted PBS provider and specify their own personalized location privacy profile to be enforced against the curious friends (other registered users). Due to the urban area constraint, the user mobility is only on the city road network which is modeled as a weighted directed graph. The users share their own precise locations with the PBS provider and also query the nearby friends, the metric of which is defined on the shortest path on the graph. The proposed location privacy model ensures the location anonymity of the friends on the graph. To this end, two anonymity models, called weak location k-anonymity and strong location k-anonymity, are introduced to protect against the identified consecutive attack scenarios. The attack scenarios model the belief of the attacker (the query issuer) on the whereabouts of the friends. The PBS provider simulates the belief of each attacker on every users’ whereabouts and suppresses some friends from the query result to ensure the location anonymity of each and every user at all times. Effective and efficient algorithms, needing no cryptographic protocols, have been developed to provide weak/strong location k-anonymity. An extensive experimental evaluation, mainly addressing the issues of privacy/utility tradeoff and runtime efficiency, on two real graphs with a simulated mobility is presented.

A Road Truncation-Based Location Privacy-Preserving Method against Side-Weight Inference Attack

Taking advantage of precise positioning technology, location-based service (LBS) has brought a lot of convenience to people’s daily life and made the city smarter. However, the LBS applications also bring some challenges to personal location privacy protection. In order to obtain services from LBS providers, users have to upload their queries including sensitive information, such as identities and locations. This information may be leaked out by the LBS providers or even eavesdropped on by malicious adversaries, which may cause privacy leakage. To tackle this problem, many solutions have been investigated under the assumption that users are uniformly distributed. However, the users are not always uniformly distributed in real-world situations. For a side-weight inference attack, the adversary would infer that the target user is more likely to belong to the road section with more users, resulting in performance deterioration. In this paper, we investigate the issue of location privacy preservation against side-weight inference attack for non-uniform distributed road network. Meanwhile, we consider the cost function of LBS and formulate the object as a mixed integer programming problem. Then, we propose a road truncation-based scheme to protect location privacy. The road section with high user density is designed to be truncated. Finally, simulation results show that our scheme meets the demand for privacy protection at a low cost. As a result, our scheme is proven to protect users’ location privacy effectively and efficiently.

Personalized Location Privacy Protection Based on Vehicle Movement Regularity in Vehicular Networks

Currently, the issue of location privacy has been attracting increasing attention. In traditional pseudonym-based solutions, the pseudonym age of each vehicle increases at the same rate and vehicles change their pseudonyms when they meet vehicles, which also want to change pseudonyms at the same location. However, we observe that according to the individual characteristics of each vehicle’s owner, the movement of each vehicle is regular, i.e., there are some locations that vehicles visit frequently, and some locations that they rarely visit. Evidently, pseudonym change strategies for these locations are different. To address these issues, we propose a sensitivity-based pseudonym change mechanism, which can take full advantage of the regularity of a vehicle’s movement, thereby achieving personalized location privacy. A pseudonym age analytical model is used to quantify the achieved location privacy. Furthermore, we propose a new metric to measure the level of personalized location privacy protection. The results of the performance evaluation demonstrate that our approach significantly outperforms existing approaches in realizing personalized location privacy.

A Framework for Personalized Location Privacy

Location privacy has been one of the most important research areas over recent years, and many location Privacy Preserving Mechanisms (PPMs) have been proposed. Each PPM typically achieves certain tradeoffs between privacy protection and resource consumption, and no PPM performs perfectly in all cases. Instead of designing one PPM that works for all cases, this paper studies how to make the best use of multiple single PPMs for location privacy protection in different scenarios. In particular, we propose a general framework called SmartGuard, which dynamically selects the best privacy preservation strategy for a user based on her preferences and the current status of her mobile device. SmartGuard quantifies user privacy under various scenarios, models the effects of different PPMs on several key factors such as the remaining battery level and network bandwidth, and then recommends the best privacy strategy for the user. To illustrate how our SmartGuard works, we apply it to a specific scenario of LBSs and implement it on Android based phones. Evaluation results show that our solution outperforms existing PPMs under various scenarios.

Preserving personalized location privacy in ride-hailing service

Ride-hailing service has become a popular means of transportation due to its convenience and low cost. However, it also raises privacy concerns. Since riders' mobility information including the pick-up and drop-off location is tracked, the service provider can infer sensitive information about the riders such as where they live and work. To address these concerns, we propose location privacy preserving techniques that efficiently match riders and drivers while preserving riders' location privacy. We first propose a baseline solution that allows a rider to select the driver who is the closest to his pick-up location. However, with some side information, the service provider can launch location inference attacks. To overcome these attacks, we propose an enhanced scheme that allows a rider to specify his privacy preference. Novel techniques are designed to preserve rider's personalized privacy with limited loss of matching accuracy. Through trace-driven simulations, we compare our enhanced privacy preserving solution to existing work. Evaluation results show that our solution provides much better ride matching results that are close to the optimal solution, while preserving personalized location privacy for riders.

Constructing dummy query sequences to protect location privacy and query privacy in location-based services

Location-based services (LBS) have become an important part of people’s daily life. However, while providing great convenience for mobile users, LBS result in a serious problem on personal privacy, i.e., location privacy and query privacy. However, existing privacy methods for LBS generally take into consideration only location privacy or query privacy, without considering the problem of protecting both of them simultaneously. In this paper, we propose to construct a group of dummy query sequences, to cover up the query locations and query attributes of mobile users and thus protect users’ privacy in LBS. First, we present a client-based framework for user privacy protection in LBS, which requires not only no change to the existing LBS algorithm on the server-side, but also no compromise to the accuracy of a LBS query. Second, based on the framework, we introduce a privacy model to formulate the constraints that ideal dummy query sequences should satisfy: (1) the similarity of feature distribution, which measures the effectiveness of the dummy query sequences to hide a true user query sequence; and (2) the exposure degree of user privacy, which measures the effectiveness of the dummy query sequences to cover up the location privacy and query privacy of a mobile user. Finally, we present an implementation algorithm to well meet the privacy model. Besides, both theoretical analysis and experimental evaluation demonstrate the effectiveness of our proposed approach, which show that the location privacy and attribute privacy behind LBS queries can be effectively protected by the dummy queries generated by our approach.

COMP: Online Control Mechanism for Profit Maximization in Privacy- Preserving Crowdsensing

As a novel sensing paradigm, crowdsensing has gained great attention due to large-scale user participation, low cost and wide data source, replacing traditional sensor based sensing in intelligent transportation, environmental monitoring, urban public management, etc. In crowdsensing, however, user privacy leakage is a common but fatal problem, where the participants in crowdsensing might not provide their data if their sensing data expose their personal private information or even lead to malicious attacks. Additionally, it is still challenging for the platform to consider the randomness of sensing task arrival, the dynamic participation of participants and the complexity of task allocation. To this end, an online control mechanism is presented to maximize the profit of platform while guaranteeing system stability and providing personalized location privacy protection. By exploiting Lyapunov optimization theory, we transform the optimization problem into a queue stability problem, decomposing it into three subproblems further. Through rigorous theoretical analysis, we prove that our time-averaged profit is approximately optimal. We also carry out extensive simulations to verify the superiority of our proposed mechanism.

Personalized Location Privacy Protection for Location-Based Services in Vehicular Networks

With the development of vehicular network, location-based services (LBSs) provide increasing diversified services for drivers and passengers. When users enjoy the services, users' location needs to be constantly updated to service providers, which causes the location information to be speculated and attacked by attackers. However, existing schemes don't provide differentiated protection for users' different locations, which may lead to the leakage of location information. Therefore, we propose a location privacy protection method to satisfy users' personalized privacy needs with reasonable protection of their privacy. Firstly, we define a normalized decision matrix to describe the efficiency and privacy effects of a route, and establish a multi-attribute utility function to quantify the utility of different routes for route selection. Then, according to users' personalized privacy protection need, we allocate the privacy budget for each query location on the selected route based on the distance between it and his nearest sensitive location. Experimental results demonstrate that compared to existing methods, our scheme can meet the user's service requirements and achieve better service quality under the conditions of reasonable protection of their privacy.

False Trajectory Privacy Protection Scheme Based on Location Service

When the user applies for a location continuous query service, the user location privacy may be revealed due to different types of trajectory identification. A false trajectory privacy protection scheme is proposed, which uses the real-time generation of similar trajectories to protect the user’s personal location privacy. The false location set is established by initial anonymous location selection, similar trajectory location calculation and generated location selection. The false location is used to form a false trajectory similar to the real location trajectory, which reduces the probability of attacker identification and achieves real-time trajectory anonymity based on location service. Finally, the effectiveness of the scheme is verified by performance analysis and experimental results.

Intelligent pseudo‐location recommendation for protecting personal location privacy

SummaryIndividuals' right to privacy includes control over access to their location information. With the advent of location‐based services and personal transport services (such as ridesharing), the risk of location privacy breaches is increased greatly. The potential negative effects of location privacy leakages include spam location‐based service flooding, threats to personal safety (such as physical attacks), and intrusion related to access to private places (such as homes and hospitals). Therefore, protecting the privacy of users' real locations is becoming increasingly important. This is often achieved using a pseudo‐location near the real location, but existing pseudo‐location generators, such as NRand and the uniform random method, suffer from statistical inference, which can infer the obfuscation domain to cover the real location. In this paper, we propose an intelligent pseudo‐location recommendation (IPLR) method to reduce the risk of a statistical inference attack. In IPLR, we generate a random substitute of the real location to attract the adversary and thus hide the real location. Then, the pseudo‐location is generated in the neighborhood of the random substitute location following a normal distribution; the random substitute location is changed frequently to confuse attackers. In particular, we define three levels of location privacy, ie, address level, street level, and district level, to evaluate the effectiveness of the IPLR method. Our experimental study using simulation data demonstrates that the proposed IPLR method achieves lower risk of location privacy leakage and higher probabilities of safety in all three levels of location privacy than NRand and the random method. It also demonstrates the effectiveness of the proposed IPLR to balance location privacy and service quality.

A Method of Sanitizing Privacy-Sensitive Sequence Pattern Networks Mined From Trajectories Released

Mobility patterns mined from released trajectories can help to allocate resources and provide personalized services, although these also pose a threat to personal location privacy. As the existing sanitization methods cannot deal with the problems of location privacy inference attacks based on privacy-sensitive sequence pattern networks, the authors proposed a method of sanitizing the privacy-sensitive sequence pattern networks mined from trajectories released by identifying and removing influential nodes from the networks. The authors conducted extensive experiments and the results were shown that by adjusting the parameter of the proportional factors, the proposed method can thoroughly sanitize privacy-sensitive sequence pattern networks and achieve the optimal values for security degree and connectivity degree measurements. In addition, the performance of the proposed method was shown to be stable for multiple networks with basically the same privacy-sensitive node ratio and be scalable for batches of networks with different sensitive nodes ratios.

Personalized Privacy-Preserving Task Allocation for Mobile Crowdsensing

Location information of workers are usually required for optimal task allocation in mobile crowdsensing, which however raises severe concerns of location privacy leakage. Although many approaches have been proposed to protect the locations of users, the location protection for task allocation in mobile crowdsensing has not been well explored. In addition, to the best of our knowledge, none of existing privacy-preserving task allocation mechanisms can provide personalized location protection considering different protection demands of workers. In this paper, we propose a personalized privacy-preserving task allocation framework for mobile crowdsensing that can allocate tasks effectively while providing personalized location privacy protection. The basic idea is that each worker uploads the obfuscated distances and personal privacy level to the server instead of its true locations or distances to tasks. In particular, we propose a Probabilistic Winner Selection Mechanism (PWSM) to minimize the total travel distance with the obfuscated information from workers, by allocating each task to the worker who has the largest probability of being closest to it. Moreover, we propose a Vickrey Payment Determination Mechanism (VPDM) to determine the appropriate payment to each winner by considering its movement cost and privacy level, which satisfies the truthfulness, profitability, and probabilistic individual rationality. Extensive experiments on the real-world datasets demonstrate the effectiveness of the proposed mechanisms.