Distributed and Parallel Databases

, Volume 32, Issue 1, pp 91–118 | Cite as

Anonymizing continuous queries with delay-tolerant mix-zones over road networks

  • Balaji Palanisamy
  • Ling Liu
  • Kisung Lee
  • Shicong Meng
  • Yuzhe Tang
  • Yang Zhou


This paper presents a delay-tolerant mix-zone framework for protecting the location privacy of mobile users against continuous query correlation attacks. First, we describe and analyze the continuous query correlation attacks (CQ-attacks) that perform query correlation based inference to break the anonymity of road network-aware mix-zones. We formally study the privacy strengths of the mix-zone anonymization under the CQ-attack model and argue that spatial cloaking or temporal cloaking over road network mix-zones is ineffective and susceptible to attacks that carry out inference by combining query correlation with timing correlation (CQ-timing attack) and transition correlation (CQ-transition attack) information. Next, we introduce three types of delay-tolerant road network mix-zones (i.e., temporal, spatial and spatio-temporal) that are free from CQ-timing and CQ-transition attacks and in contrast to conventional mix-zones, perform a combination of both location mixing and identity mixing of spatially and temporally perturbed user locations to achieve stronger anonymity under the CQ-attack model. We show that by combining temporal and spatial delay-tolerant mix-zones, we can obtain the strongest anonymity for continuous queries while making acceptable tradeoff between anonymous query processing cost and temporal delay incurred in anonymous query processing. We evaluate the proposed techniques through extensive experiments conducted on realistic traces produced by GTMobiSim on different scales of geographic maps. Our experiments show that the proposed techniques offer high level of anonymity and attack resilience to continuous queries.


Location privacy Mobile computing 


  1. 1.
    Amini, S., Lindqvist, J., Hong, J., Lin, J., Toch, E., Sadeh, N.: Cache’: caching location-enhanced content to improve user privacy. In: Mobisys (2011) Google Scholar
  2. 2.
    Ardagna, C., Cremonini, M., Vimercati, S., Samarati, P.: An obfuscation-based approach for protecting location privacy. In: IEEE TDSC (2011) Google Scholar
  3. 3.
    Bamba, B., Liu, L., Pesti, P., Wang, T.: Supporting anonymous location queries in mobile environments with PrivacyGrid. In: WWW (2008) Google Scholar
  4. 4.
    Beresford, A., Stajano, F.: Location privacy in pervasive computing. IEEE Pervasive Computing (2003) Google Scholar
  5. 5.
    Bettini, C., Mascetti, S., Wang, X., Freni, D., Jajodia, S.: Anonymity and historical-anonymity in location-based services. In: Privacy in Location-Based Applications: Introduction, Research Issues and Applications. Lecture Notes of Computer Science, vol. 5599. Springer, Berlin (2009) CrossRefGoogle Scholar
  6. 6.
    Buttyan, L., Holczer, T., Vajda, I.: On the effectiveness of changing pseudonyms to provide location privacy in VANETs. In: ESAS (2007) Google Scholar
  7. 7.
    Chow, C., Mokbel, M.: Enabling private continuous queries for revealed user locations. In: SSTD (2007) Google Scholar
  8. 8.
    Chow, C., Mokbel, M., Bao, J., Liu, X.: Query-aware location anonymization for road networks. In: Geoinformatica, July 2011 Google Scholar
  9. 9.
    Dewri, R., Ray, I., Ray, I., Whitley, D.: Query m-invariance: preventing query disclosures in continuous location-based services. In: MDM (2010) Google Scholar
  10. 10.
    Freudiger, J., Raya, M., Félegyhazi, M., Papadimitratos, P., Hubaux, J.-P.: Mix-zones for location privacy in vehicular networks. In: WiN-ITS (2007) Google Scholar
  11. 11.
    Freudiger, J., Shokri, R., Hubaux, J.-P.: On the optimal placement of mix zones. In: PETS (2009) Google Scholar
  12. 12.
    Gedik, B., Liu, L.: Location privacy in mobile systems: a personalized anonymization model. In: ICDCS (2005) Google Scholar
  13. 13.
    U.S. Geological Survey.
  14. 14.
    Ghinita, G., Kalnis, P., Khoshgozaran, A., Shahabi, C., Tan, K.: Private queries in location based services: anonymizers are not necessary. In: SIGMOD (2008) Google Scholar
  15. 15.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: MobiSys (2003) Google Scholar
  16. 16.
    Meyerowitz, J., Choudhury, R.: Hiding stars with fireworks: location privacy through camouflage. In: MOBICOM (2009) Google Scholar
  17. 17.
    Mokbel, M., Chow, C., Aref, W.: The new casper: query processing for location services without compromising privacy. In: VLDB (2006) Google Scholar
  18. 18.
    Palanisamy, B., Liu, L.: MobiMix: protecting location privacy with mix-zones over road networks. In: ICDE (2011) Google Scholar
  19. 19.
    Pan, X., Meng, X., Xu, J.: Distortion based anonymity for continuous queries in location based mobile services. In: GIS (2009) Google Scholar
  20. 20.
    Pesti, P., Bamba, B., Doo, M., Liu, L., Palanisamy, B., Weber, M.: GTMobiSIM: a mobile trace generator for road networks (2009).
  21. 21.
    Shmatikov, V., Wang, M.: Timing analysis in low-latency mix networks: attacks and defenses. In: ESORICS (2006) Google Scholar
  22. 22.
    Wang, T., Liu, L.: Privacy-aware mobile services over road networks. In: VLDB (2009) Google Scholar
  23. 23.
    Wang, T., Liu, L.: Execution assurance for massive computing tasks. IEICE Trans. Inf. Syst. E93-D(6) (June 2010), Special session on Info-Plosion Google Scholar
  24. 24.
    Williams, P., Sion, R.: Usable PIR. In: NDSS (2008) Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Balaji Palanisamy
    • 1
  • Ling Liu
    • 2
  • Kisung Lee
    • 2
  • Shicong Meng
    • 3
  • Yuzhe Tang
    • 2
  • Yang Zhou
    • 2
  1. 1.School of Information SciencesUniversity of PittsburghPittsburghUSA
  2. 2.College of ComputingGeorgia Institute of TechnologyAtlantaUSA
  3. 3.IBM T.J. Watson Research CenterHawthorneUSA

Personalised recommendations