Abstract
Mix-zones are recognized as an alternative and complementary approach to spatial cloaking based location privacy protection. Unlike spatial cloaking techniques that perturb the location resolution through location k-anonymization, mix-zones break the continuity of location exposure by ensuring that users’ movements cannot be traced while they are inside a mix-zone. In this paper we provide an overview of some known attacks that make mix-zones on road networks vulnerable and discuss a set of counter measures to make road network mix-zones attack-resilient. Concretely, we categorize the vulnerabilities of road network mix-zones into two classes: one due to the road network characteristics and user mobility, and the other due to the temporal, spatial and semantic correlations of location queries. We propose efficient road network mix-zone construction techniques that are resilient to attacks based on road network characteristics. Furthermore, we enhance the road network mix-zone framework with the concept of delay-tolerant mix-zones that introduce a combination of spatial and temporal shifts in the location exposure of the users to achieve higher anonymity. We study the factors that impact on the effectiveness of each of these attacks and evaluate the efficiency of the counter measures through extensive experiments on traces produced by GTMobiSim at different scales of geographic maps.
Similar content being viewed by others
Notes
The mobile networking service provider has access to the user location information through techniques such as cell tower triangulation.
For the sake of example simplicity, we assume that the users take the average time of 4 s to cross the mix-zone, in a real road intersection, it could actually take slightly longer or shorter time to cross based on the speed of travel.
References
Cuellar JR, Morris JB, Mulligan DK, Peterson J, Polk J (2003) Geopriv requirements. IETF Internet Draft
U.S. Geological Survey. http://www.usgs.gov.
USAToday. Authorities: gps systems used to stalk woman. http://www.usatoday.com/tech/news/2002-12-30-gps-stalkerx.htm
Location Privacy Protection Act of 2001. http://www.techlawjournal.com/cong107/privacy/location/s1164is.asp
Chen A GCreep: google engineer stalked teens, spied on chats. Gawker, September 2010 http://gawker.com/5637234/
Aggarwal C (2005) On k-anonymity and the curse of dimensionality. In: VLDB
Amini S, Lindqvist J, Hong J, Lin J, Toch E, Sadeh N (2011) Cache’: caching location-enhanced content to improve user privacy. In: Mobisys
Ardagna C, Cremonini M, Vimercati S, Samarati P (2011) An obfuscation-based approach for protecting location privacy. In: IEEE TDSC
Bamba B, Liu L, Pesti P, Wang T (2008) Supporting anonymous location queries in mobile environments with PrivacyGrid. In: WWW
Bayardo R, Agrawal R (2005) Data privacy through optimal k-anonymization. In: ICDE
Beresford A, Stajano F (2003) Location privacy in pervasive computing. Pervasive Computing, IEEE
Bettini C, Mascetti S, Wang X, Freni D, Jajodia S (2009) Anonymity and historical-anonymity in location-based services. In: Privacy in location-based applications: introduction, research issues and applications, lecture notes of computer science 5599. Springer
Buttyan L, Holczer T, Vajda I (2007) On the effectiveness of changing pseudonyms to provide location privacy in VANETs. In: ESAS
Chow C, Mokbel M (2007) Enabling private continuous queries for revealed user locations. In: SSTD
Chow C, Mokbel M, Bao J, Liu X (2011) Query-aware location anonymization for road networks. In: Geoinformatica
Dewri R, Ray I, Ray I, Whitley D (2010) Query m-invariance: preventing query disclosures in continuous location-based services. In: MDM
Daz C, Seys S, Claessens J, Preneel B (2002) Towards measuring anonymity. PETS
Freudiger J, Raya M, Félegyhazi M, Papadimitratos P, Hubaux J-P (2007) Mix-zones for location privacy in vehicular networks. In: WiN-ITS
Freudiger J, Shokri R, Hubaux J-P (2009) On the optimal placement of mix zones. In: PETS
Gedik B, Liu L (2005) Location privacy in mobile systems: a personalized anonymization model. In: ICDCS
Ghinita G, Kalnis P, Skiadopoulos S (2007) PRIVE: anonymous location-based queries in distributed mobile systems. In: WWW
Ghinita G, Kalnis P, Kantarcioglu M, Bertino E (2011) Approximate and exact hybrid algorithms for private nearest-neighbor queries with database protection. In: GeoInformatica
Ghinita G, Kalnis P, Khoshgozaran A, Shahabi C, Tan K (2008) Private queries in location based services: anonymizers are not necessary. In: SIGMOD
Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: MobiSys
Hengartner U, Steenkiste P (2003) Protecting access to people location information. In: security in pervasive computing
Hong J, Landay J (2004) An architecture for privacy-sensitive ubiquitous computing. In: Mobisys. pp 177–189
Karger P, Frankel Y (1995) Security and privacy threats to its. In: World Congress on Intelligent Transport Systems
Krumm J (2007) Inference attacks on location tracks. In: PERVASIVE
Machanavajjhala A, Gehrke J, Kifer D, Venkitasubramaniam M (2006) l-Diversity: privacy beyond k-Anonymity. In: ICDE
Meyerowitz J, Choudhury R (2009) Hiding stars with fireworks: location privacy through camouflage. In: MOBICOM
Mokbel M, Chow C, Aref W (2006) The new casper: query processing for location services without compromising privacy. In: VLDB
Mouratidis K, Yiu M (2010) Anonymous query processing in road networks. In: TKDE
Pesti P, Bamba B, Doo M, Liu L, Palanisamy B, Weber M (2009) GTMobiSIM: a mobile trace generator for road networks. College of computing, georgia institute of technology. http://code.google.com/p/gt-mobisim/
Palanisamy B, Liu L (2011) MobiMix: protecting location privacy with mix-zones over road networks. In: ICDE
Palanisamy B, Liu L Attack-resilient mix-zones over road networks: architecture and algorithms. Georgia Tech Technical Report
Pan X, Meng X, Xu J (2009) Distortion based anonymity for continuous queries in location based mobile services. In: GIS
Serjantov A, Danezis G (2002) Towards an information theoretic metric for anonymity. PETS
Shmatikov V, Wang M (2006) Timing analysis in low-latency mix networks: attacks and defenses. In: ESORICS
Toth G, Hornak Z, Vajda F (2004) Measuring anonymity revisited. In: Norsec
Wang T, Liu L (2009) Privacy-aware mobile services over road networks. In: VLDB
Wang T, Liu L (2010) Execution assurance for massive computing tasks. In: IEICE transactions on information and systems, Vol. E93-D, No. 6, Special session on Info-Plosion
Williams P, Sion R (2008) Usable PIR. In: NDSS
Acknowledgments
This work is partially sponsored by grants from NSF CISE NetSE program, SaTC program, and a grant from Intel ISTC on Cloud Computing and also by an IBM PhD fellowship for the first author.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Palanisamy, B., Liu, L. Effective mix-zone anonymization techniques for mobile travelers. Geoinformatica 18, 135–164 (2014). https://doi.org/10.1007/s10707-013-0194-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10707-013-0194-y