, Volume 13, Issue 2, pp 159–182 | Cite as

Cloaking locations for anonymous location based services: a hybrid approach



An important privacy issue in Location Based Services is to hide a user’s identity while still provide quality location based services. Previous work has addressed the problem of locational \(\mathcal{K}\)-anonymity either based on centralized or decentralized schemes. However, a centralized scheme relies on an anonymizing server (AS) for location cloaking, which may become the performance bottleneck when there are large number of clients. More importantly, holding information in a centralized place is more vulnerable to malicious attacks. A decentralized scheme depends on peer communication to cloak locations and is more scalable. However, it may pose too much computation and communication overhead to the clients. The service fulfillment rate may also be unsatisfied especially when there are not enough peers nearby. This paper proposes a new hybrid framework called HiSC that balances the load between the AS and mobile clients. HiSC partitions the space into base cells and a mobile client claims a surrounding area consisting of base cells. The number of mobile clients in the surrounding cells is kept and updated at both client and AS sides. A mobile client can either request cloaking service from the centralized AS or use a peer-to-peer approach for spatial cloaking based on personalized privacy, response time, and service quality requirements. HiSC can elegantly distribute the work load between the AS and the mobile clients by tuning one system parameter base cell size and two client parameters - surrounding cell size and tolerance count. By integrating salient features of two schemes, HiSC successfully preserves query anonymity and provides more scalable and consistent service. Both the AS and the clients can enjoy much less work load. Additionally, we propose a simple yet effective random range shifting algorithm to prevent possible privacy leakage that would exist in the original P2P approach. Our experiments show that HiSC can elegantly balance the work load based on privacy requirements and client distribution. HiSC provides close to optimal service quality. Meanwhile, it reduces the response time by more than an order of magnitude from both the P2P scheme and the centralized scheme when anonymity level(value of \(\mathcal{K}\)) or number of clients is large. It also reduces the update message cost of the AS by nearly 6 times and the peer searching message cost of the clients by more than an order of magnitude.


Location based service Location privacy Spatial cloaking 


  1. 1.
    Snekkenes E (2001) Concepts for personal location privacy policies. In: EC ’01: proceedings of the 3rd ACM conference on Electronic Commerce. ACM, pp 48–57Google Scholar
  2. 2.
    Langheinrich M (2001) Privacy by design—principles of privacy-aware ubiquitous systems. In: UbiComp ’01: proceedings of the 3rd international conference on ubiquitous computing. Springer-Verlag, pp 273–291Google Scholar
  3. 3.
    Duri S, Gruteser M, Liu X, Moskowitz P, Perez R, Singh M, Tang, JM (2002) Framework for security and privacy in automotive telematics. In: WMC ’02: proceedings of the 2nd international workshop on mobile commerce. ACM, pp 25–32Google Scholar
  4. 4.
    Ardagna CA, Cremonini M, Damiani E, di Vimercati SDC, Samarati P (2006) Supporting location-based conditions in access control policies. In: ASIACCS ’06: proceedings of the 2006 ACM symposium on information, computer and communications security. ACM, pp 212–222Google Scholar
  5. 5.
    Zibuschka J, Scherner T, Fritsch L, Rannenberg K, Goethe JW (2006) Towards a unified interface for privacy regulation-conformant location-based services. In: W3C workshop on languages for privacy policy negotiation and semantics-driven enforcement. Ispra/Italy, October 2006Google Scholar
  6. 6.
    Sweeney L (2002) k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness and Knowl-based Syst 10(5):557–570CrossRefGoogle Scholar
  7. 7.
    Sweeney L (2002) Achieving k-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzziness and Knowl-based Syst 10(5):571–588CrossRefGoogle Scholar
  8. 8.
    Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: MobiSys ’03: proceedings of the 1st international conference on mobile systems, applications and services. ACM, pp 31–42Google Scholar
  9. 9.
    Gedik B, Liu L (2005) Location privacy in mobile systems: a personalized anonymization model. In: ICDCS ’05: proceedings of the 25th IEEE international conference on distributed computing systems. IEEE Computer Society, pp 620–629Google Scholar
  10. 10.
    Kalnis P, Ghinita G, Mouratidis K, Papadias D (2006) Preserving anonymity in location based services. Technical report, National University of SingaporeGoogle Scholar
  11. 11.
    Mokbel MF, Chow CY, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: VLDB ’06: proceedings of the 32nd international conference on very large data bases. VLDB Endowment, pp 763–774Google Scholar
  12. 12.
    Hoh B, Gruteser M (2005) Protecting location privacy through path confusion. In: SECURECOMM ’05: proceedings of the first international conference on security and privacy for emerging areas in communications networks (SECURECOMM’05). IEEE Computer Society, pp 194–205Google Scholar
  13. 13.
    Cheng R, Zhang Y, Bertino E, Prabhakar S (2006) Preserving user location privacy in mobile data management infrastructures. In: PET ’06: 6th workshop on privacy enhancing technologiesGoogle Scholar
  14. 14.
    Ghinita G, Kalnis P, Skiadopoulos S (2007) Prive: anonymous location-based queries in distributed mobile systems. In: WWW ’07: proceedings of the 16th international conference on world wide web. ACM, pp 371–380Google Scholar
  15. 15.
    Ghinita G, Kalnis P, Skiadopoulos S (2007) Mobihide: a mobile peer-to-peer system for anonymous location-based queries. In: SSTD ’07: 10th international symposium on advances in spatial and temporal databases. Springer, pp 221–238Google Scholar
  16. 16.
    Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: Pervasive 05’: third international conference on pervasive computing. pp 152–170Google Scholar
  17. 17.
    Schilit BN, LaMarca A, Borriello G, Griswold WG, McDonald D, Lazowska E, Balachandran A, Hong J, Iverson V (2003) Challenge: ubiquitous location-aware computing and the “place lab” initiative. In: WMASH ’03: proceedings of the 1st ACM international workshop on wireless mobile applications and services on WLAN hotspots. ACM Press, pp 29–35Google Scholar
  18. 18.
    Chow CY, Mokbel MF, Liu X (2006) A peer-to-peer spatial cloaking algorithm for anonymous location-based service. In: GIS ’06: proceedings of the 14th annual ACM international symposium on advances in geographic information systems. ACM, pp 171–178Google Scholar
  19. 19.
    Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: ICPS ’05: proceedings of IEEE international conference on pervasive services. July 2005, pp 88–97Google Scholar
  20. 20.
    Bayardo RJ, Agrawal R (2005) Data privacy through optimal k-anonymization. In: ICDE ’05: proceedings of the 21st international conference on data engineering (ICDE’05). IEEE Computer Society, pp 217–228Google Scholar
  21. 21.
    LeFevre K, DeWitt DJ, Ramakrishnan R (2006) Mondrian multidimensional k-anonymity. In: ICDE ’06: proceedings of the 22nd international conference on data engineering (ICDE’06). IEEE Computer Society, p 25Google Scholar
  22. 22.
    LeFevre K, DeWitt DJ, Ramakrishnan R (2005) Incognito: efficient full-domain k-anonymity. In: SIGMOD ’05: proceedings of the 2005 ACM SIGMOD international conference on management of data. ACM, pp 49–60Google Scholar
  23. 23.
    Beresford AR, Stajano F (2004) Mix zones: user privacy in location-aware services. In: Second IEEE annual conference on pervasive computing and communications workshops. March 2004Google Scholar
  24. 24.
    Brinkhoff T (2002) A framework for generating network-based moving objects. Geoinformatica 6(2):153–180CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringUniversity of North Texas Research ParkDentonUSA

Personalised recommendations