Go to TMC 2022 homepageEclipse: Preserving Differential Location Privacy Against Long-Term Observation Attacks
Abstract: Mechanisms built upon geo-indistinguishability render location privacy, where a user can submit obfuscated locations to Location-Based Service providers but still be able to correctly utilize services. However, these mechanisms are vulnerable under inference attacks. Particularly, with background knowledge of a user’s obfuscated locations, an attacker can infer actual locations by carrying out long-term observation attacks. Unfortunately, how to defend long-term observation attacks in the field of differential location privacy remains open. In this paper, we first demonstrate the vulnerabilities of existing mechanisms under long-term observation attacks. In light of these vulnerabilities, we devise a novel mechanism, referred to as Eclipse, which bridges the gap between location protection and usability of services. Specifically, we harness geo-indistinguishability and <inline-formula><tex-math notation="LaTeX">$k$</tex-math></inline-formula> -anonymity to obfuscate locations and hide each location based on an anonymity set. As a result, our mechanism effectively perturbs the distribution of locations and suppresses leakage under long-term observation attacks. Moreover, the set of possible outputs is utilized to minimize the impacts to usability and correctness. We formally define and rigorously prove the security of the proposed mechanism by leveraging differential privacy. Moreover, we implement the proposed mechanism and conduct a series of experiments on real-world datasets to demonstrate its efficacy and efficiency.
0 Replies
Loading