Quantifying Location Privacy

It is a well-known fact that the progress of personal communication devices leads to serious concerns about privacy in general, and location privacy in particular. As a response to these issues, a number of Location-Privacy Protection Mechanisms (LPPMs) have been proposed during the last decade. However, their assessment and comparison remains problematic because of the absence of a systematic method to quantify them. In particular, the assumptions about the attacker’s model tend to be incomplete, with the risk of a possibly wrong estimation of the users’ location privacy. In this paper, we address these issues by providing a formal framework for the analysis of LPPMs; it captures, in particular, the prior information that might be available to the attacker, and various attacks that he can perform. The privacy of users and the success of the adversary in his location-inference attacks are two sides of the same coin. We revise location privacy by giving a simple, yet comprehensive, model to formulate all types of location-information disclosure attacks. Thus, by formalizing the adversary’s performance, we propose and justify the right metric to quantify location privacy. We clarify the difference between three aspects of the adversary’s inference attacks, namely their accuracy, certainty, and correctness. We show that correctness determines the privacy of users. In other words, the expected estimation error of the adversary is the metric of users’ location privacy. We rely on well-established statistical methods to formalize and implement the attacks in a tool: the Location-Privacy Meter that measures the location privacy of mobile users, given various LPPMs. In addition to evaluating some example LPPMs, by using our tool, we assess the appropriateness of some popular metrics for location privacy: entropy and k-anonymity. The results show a lack of satisfactory correlation between these two metrics and the success of the adversary in inferring the users’ actual locations.

Published in:
2011 Ieee Symposium On Security And Privacy (Sp 2011), 247-262
Presented at:
IEEE Symposium on Security and Privacy (S&P), Oakland, CA, USA, May 22-25
Ieee Computer Soc Press, Customer Service Center, Po Box 3014, 10662 Los Vaqueros Circle, Los Alamitos, Ca 90720-1264 Usa

  • LPM's Binary (debug) x64: lpm-debug-0.14a-x64-binary - TAR.GZ; LPM's Binary (debug) x86: lpm-debug-0.14a-x86-binary - TAR.GZ; LPM's Binary (release) x64: lpm-release-0.14a-x64-binary - TAR.GZ; LPM's Binary (release) x86: lpm-release-0.14a-x86-binary - TAR.GZ; LPM's Manual: LPM-QuickStart-0.14a - PDF; LPM's Old Binary (release) x64: lpm-release-0.10b-x64 - TAR.GZ; LPM's Old Binary (release) x86: lpm-release-0.10b-x86 - TAR.GZ; LPM's Source Code: lpm-source-0.14a - TAR.GZ; Publisher's version: ShokriTLH_SP11 - PDF; Slides: Shokri_Oakland11_2 - PPT; Shokri_Oakland11 - PDF;
  • Export as: BibTeX | MARC | MARCXML | DC | EndNote | NLM | RefWorks | RIS
  • View as: MARC | MARCXML | DC
  • Add to your basket:

 Record created 2011-03-29, last modified 2019-12-05

LPM's Binary (debug) x64:
Download fulltextTAR.GZ
LPM's Binary (debug) x86:
Download fulltextTAR.GZ
LPM's Binary (release) x64:
Download fulltextTAR.GZ
LPM's Binary (release) x86:
Download fulltextTAR.GZ
LPM's Manual:
Download fulltextPDF
LPM's Old Binary (release) x64:
Download fulltextTAR.GZ
LPM's Old Binary (release) x86:
Download fulltextTAR.GZ
LPM's Source Code:
Download fulltextTAR.GZ
Publisher's version:
Download fulltextPDF
Shokri_Oakland11_2 - Download fulltextPPT
Shokri_Oakland11 - Download fulltextPDF
Rate this document:

Rate this document:
(Not yet reviewed)