Location-based queries enable fundamental services for mobile users. While the benefits of location-based services (LBS) are numerous, exposure of mobile users' locations to untrusted LBS providers may lead to privacy concerns. This paper proposes StarCloak, a utility-aware and attack-resilient location anonymization service for privacy-preserving LBS usage. StarCloak combines several desirable properties. First, unlike conventional approaches which are indifferent to underlying road network structure, StarCloak uses the concept of stars and proposes cloaking graphs for effective location cloaking on road networks. Second, StarCloak supports user-specified k-user anonymity and <formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex>$l$</tex></formula> -segment indistinguishability, for enabling personalized privacy protection and for serving users with varying privacy preferences. Third, StarCloak achieves strong attack-resilience against replay and query injection attacks through randomized star selection and pruning. Finally, to enable efficient query processing with high throughput and low bandwidth overhead, StarCloak makes cost-aware star selection decisions by considering query evaluation and network communication costs. We evaluate StarCloak on two datasets using real-world road networks, under various privacy and utility constraints. Results show that StarCloak achieves improved query success rate and throughput, reduced anonymization time and network usage, and higher attack-resilience in comparison to XStar, its most relevant competitor.
Read full abstract