Article Preview
TopIntroduction
With this tremendous growth of Internet and mobile phones the term “Location based services” (LBS) has become a buzz word nowadays. Although LBS provide enhanced functionalities and convenience of ubiquitous computing, at the same time they also open up new vulnerabilities that can be exploited to cause security and privacy breaches. For these applications, location of the individual is required. Consequently, they may pose a major privacy threat on its users because of revelation of location. “Privacy protection” for the users of location based services has originated as a relatively new domain for research. Several studies have been proposed for protecting location privacy of a user. Most of them try to prevent disclosure of unnecessary information by techniques that explicitly or implicitly control what information is given to whom and when.
Location obfuscation is a well-known location privacy mechanism based on K-anonymity and spatial cloaking. In obfuscation mechanism based on spatial cloaking, instead of reporting the exact location of client, middleware reports a minimum bounding box/region (MBB/MBR) to untrusted location service provider along with the actual query. This region is called cloaking area/ region which must contain at least K-1 people in addition to query issuer/client. It serves the purpose of hiding the exact location of a client and thus providing more security to client, as client cannot be easily identified within the bounding box.
The computation of cloaking region is done by the anonymization server/ middleware which is considered as a trusted party. Middleware in turn delegates this cloaking area along with query request by client to location service provider (LSP) as shown in Figure 1. The latter executes the query, and returns a superset of the results to the anonymizer. Anonymizer is aware of precise location of the client so it filters out the false positives from the result set accordingly and then forwards the relevant results to the client.
Figure 1.
Flow of Request/Response in Middleware Architecture
There are many techniques available in literature for generation of cloaking areas. K-anonymity based cloaking areas are popular technique which extends the region to satisfy the anonymity requirements by generating cloaking area including other K-1 users (Chow et al, 2006).
There can be more than one cloaking areas for a client (generated using different techniques), most likely these will contain different users as they are covering different geographical regions. K-anonymity taken alone as a privacy measure is not sufficient to protect privacy of a client especially when the profiles of other users present in a cloaking area are diverse. Cloaking area having more similar users in terms of their demographic profiles should be preferred and more useful in terms of providing the security. In an area containing more similar users, difficulty level of adversary to identify a particular user will increase thereby providing more security. Here the idea of security lies in being unidentifiable by the adversary. Intuitively also, it can be said that cloaking area having similar profile users will be more secure as compared to the area generated by taking random profile users.
Notion of K-anonymity has been extended in the existing literature work (Jagwani and Kaushik, 2016) by including the K-1 users who are having more similar profiles as that of client.
It has been proved in the research (Jagwani and Kaushik, 2016) using statistical techniques that cloaking area with similar profile users is more secured. For this cumulative values of profile similarity of various users present in different cloaking areas has been calculated. It has been found through experiments that a cumulative value of similarity of users present in a cloaking area containing similar profiles, is clearly greater than the value of similarity of another cloaking Region (CR) containing random users. In order to show that the difference in cumulative similarity of two cloaking regions is significant enough, T-test along with dummy variable regression technique has been used. Results of T-test clearly established that the difference between aggregated similarity values of cloaking areas is significant and is not negligible. Further, overhead for generating secure cloaking area has also been calculated. But a question which is unanswered till is how much privacy is achieved by taking similar profile users.