Thwarting Longitudinal Location Exposure Attacks in Advertising Ecosystem via Edge Computing

Abstract

As geo-location data has been increasingly adopted as a high-profile feature in targeted advertising, exposing user real locations to untrusted cloud services or advertisers has raised severe privacy concerns. To protect location privacy with formal guarantee, a wide-stretched line of recent studies focuses on injecting controlled geo-indistinguishability (geo-IND) noise as per each location exposure. However, in advertising, over the course of 2 years, a single user can report and contribute near 1k location data points on average, which allows a longitudinal attacker to infer some statistics from the perturbed locations.In this study, we demonstrate the above-mentioned privacy risk via revealing an inference attack mechanism, coined as a longitudinal location exposure attack. This novel attack illustrates the possibility of recovering 75%∼90% of user top-1 locations (within only 200-meter range) among 37k users. In light of this deficiency, we propose a novel edge-assisted location privacy protection system, entitled Edge-PrivLocAd, that is adapted to location-based advertising. The novelty of Edge-PrivLocAd stems from our n-fold Gaussian mechanism, which adds permanent noise to the statistical user location profile and thus can defend against longitudinal attackers while balancing the privacy-utility trade-off. In addition, our system incorporates a posterior-based sampling technique into the location re-mapping process, that boosts location utility without privacy loss. We develop a fully-functioning prototype and empirically evaluate the proposed system. Our experimental results show that Edge-PrivLocAd is practical and scalable in real-world scenarios.