Gaining Location Privacy from Service Flexibility: A Bayesian Game Theoretic Approach

Shu Hong, Lingjie Duan, Jianwei Huang
{"title":"Gaining Location Privacy from Service Flexibility: A Bayesian Game Theoretic Approach","authors":"Shu Hong, Lingjie Duan, Jianwei Huang","doi":"10.1109/PST52912.2021.9647853","DOIUrl":null,"url":null,"abstract":"When using location-based services (LBSs), a user obtains points-of-interest $(\\text{P}\\text{o}\\text{I})$ information by providing the LBS platform with his current geo-location. Such a search also leads to potential privacy leakage if an adversary has access to his geo-data. Traditional k-anonymity mechanisms instruct a user to bear the overhead to report his current location together with k-1 dummy locations to confuse the adversary, which only work well given a large number k. Aware of the common practices that a user is actually flexible in service requirement (e.g., as long as the searched PoIs are within his walking distance), we propose a novel approach to help the user gain location privacy from service flexibility for the case of a small number k. By analyzing the strategic interaction between the user and the adversary in a Bayesian game, we prove that the user with service flexibility should never report his real location for searching PoIs nearby. Instead, he should jointly use all k dummy locations to confuse the adversary’s inference of his real location. Take $k=2$ for example, we manage to show that if the adversary is not likely to access both dummy geo-data, the user should report the two dummy locations at two opposite directions of his real location, and otherwise at the same direction. Perhaps surprisingly, our approach may enable the user to benefit from the adversary’s access to more geo-data. Finally, extensive simulations using some real data show that our mechanism obviously outperforms k anonymity mechanism especially under a small number k.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 18th International Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST52912.2021.9647853","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

When using location-based services (LBSs), a user obtains points-of-interest $(\text{P}\text{o}\text{I})$ information by providing the LBS platform with his current geo-location. Such a search also leads to potential privacy leakage if an adversary has access to his geo-data. Traditional k-anonymity mechanisms instruct a user to bear the overhead to report his current location together with k-1 dummy locations to confuse the adversary, which only work well given a large number k. Aware of the common practices that a user is actually flexible in service requirement (e.g., as long as the searched PoIs are within his walking distance), we propose a novel approach to help the user gain location privacy from service flexibility for the case of a small number k. By analyzing the strategic interaction between the user and the adversary in a Bayesian game, we prove that the user with service flexibility should never report his real location for searching PoIs nearby. Instead, he should jointly use all k dummy locations to confuse the adversary’s inference of his real location. Take $k=2$ for example, we manage to show that if the adversary is not likely to access both dummy geo-data, the user should report the two dummy locations at two opposite directions of his real location, and otherwise at the same direction. Perhaps surprisingly, our approach may enable the user to benefit from the adversary’s access to more geo-data. Finally, extensive simulations using some real data show that our mechanism obviously outperforms k anonymity mechanism especially under a small number k.
从服务灵活性中获取位置隐私:贝叶斯博弈论方法
当使用基于位置的服务(LBS)时,用户通过向LBS平台提供他当前的地理位置来获得兴趣点$(\text{P}\text{o}\text{I})$信息。如果对手可以访问他的地理数据,这样的搜索也会导致潜在的隐私泄露。传统的k-匿名机制要求用户承担报告其当前位置和k-1个虚拟位置的开销,以迷惑对手,这只有在k很大的情况下才有效。意识到用户在服务需求上实际上是灵活的(例如,只要搜索的点在他的步行距离内)。我们提出了一种新颖的方法来帮助用户在k较小的情况下从服务灵活性中获得位置隐私。通过分析用户与对手在贝叶斯博弈中的策略交互,我们证明了具有服务灵活性的用户在搜索附近的点时不应该报告他的真实位置。相反,他应该联合使用所有k个虚拟位置来混淆对手对他的真实位置的推断。以$k=2$为例,我们设法表明,如果攻击者不太可能访问两个虚拟地理数据,用户应该在与其真实位置相反的两个方向报告两个虚拟位置,否则在同一方向报告。也许令人惊讶的是,我们的方法可能使用户能够从对手对更多地理数据的访问中受益。最后,使用一些真实数据进行的大量模拟表明,我们的机制明显优于k匿名机制,特别是在k很小的情况下。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信