Privacy Protection in Location-based Services
[we started this line of research in 2004]



Location-based services (LBS) have  attracted a lot of interest from both industry and research. Currently, the most popular commercial service is probably car navigation, but many other services are being offered and more are being experimented, as less expensive location aware devices are reaching the market. Consciously or unconsciously, many users are ready to give up one more piece of their private information in order to access the new services. Many other users, however, are concerned with releasing their exact location as part of the service request or with releasing the information of having used a particular service. To safeguard user privacy while rendering useful services is a critical issue on the growth path of the emerging LBS.

An obvious defense against privacy threats is to eliminate from the request any data that can directly reveal the issuer's identity, possibly using a pseudonym whenever this is required (e.g., for billing through a third party). Unfortunately, simply dropping the issuer's personal identification data may not be sufficient to anonymize the request. For example, the location and time information in the request may be used, with the help of external knowledge, to restrict the possible user to a small group issuers. This problem is well-known for the release of data in databases tables. In that case, the problem is to protect the association between the identity of an individual and a tuple containing her sensitive data; the attributes whose values could possibly be used to restrict the candidate identities for a given tuple are called quasi-identifiers.



The overall objective of this research project is to allow users to access LBSs while guaranteeing that some private information, defined by the users, are not revealed to a potential adversary. Ideally, privacy protection should not impact on the quality of service or on the computational and communication cost of the service. However, the results obtained so far in this research area show that privacy protection necessarily results in a degradation of the quality of service and/or in communication and computation overheads. So, the general objective is to design privacy protection techniques that result in an acceptable degradation of the quality of service and in tolerable overheads.

In order to address the general objective, we identified several subproblems that we addressed in our previous work:

  • the identification of the privacy threats that may occur while accessing a LBS [1, 2, 8];

  • the definition of a general adversary model and the specification of classes of attacks that adversaries with different knowledge can perform [3, 4];

  • the definition of privacy protection techniques against the different classes of attacks [3, 4, 5];

  • the evaluation of the impact of the privacy protection techniques on the quality of service and on the system performances [3, 5, 6];

  • the definition of simulated user movements that can be used in the evaluation of the privacy protection techniques [7].


Our early publications in this area (for all publications see dblp)

[1] Claudio Bettini, Sergio Mascetti, X. Sean Wang. Privacy Issues in Location-based Services. In Encyclopedia of GIS, Shekhar, Shashi; Xiong, Hui (Eds.), Springer, 2008. ISBN: 978-0-387-30858-6

[2] Claudio Bettini, Sergio Mascetti, X. Sean Wang. Privacy Protection through Anonymity in Location-based Services. In Handbook of Database Security: Applications and Trends, Gertz, Michael; Jajodia, Sushil (Eds.), Springer, 2008. ISBN: 978-0-387-48532-4

[3] Sergio Mascetti, Claudio Bettini, Dario Freni X. Sean Wang. Spatial Generalization Algorithms for LBS Privacy Preservation, Journal of Location Based Services, 2(1), 2008

[4] C. Bettini, S. Mascetti, X. S. Wang, S. Jajodia Anonymity in Location-based Services: Towards a General Framework, in Proc. of 8th International Conference on Mobile Data Management , IEEE Computer Society, 2007.

[5] Sergio Mascetti, Claudio Bettini, X. Sean Wang, Dario Freni, Sushil Jajodia Preserving Anonymity in Location-based Services When Requests from the Same Issuer May Be Correlated. DICo Technical Report n. 23-07, University of Milan, Italy, 2007.

[6] Sergio Mascetti and Claudio Bettini. A comparison of spatial generalization algorithms for lbs privacy preservation. In Proc. of the 1st International Workshop on Privacy-Aware Location-based Mobile Services (PALMS). IEEE Computer Society, 2007.

[7] Sergio Mascetti, Dario Freni, Claudio Bettini, Sean Wang, and Sushil Jajodia. On the Impact of User Movement Simulations in the Evaluation of LBS Privacy-Preserving Techniques. In Proc. of the 1st International Workshop on Privacy in Location-Based Applications (PiLBA). 2008.

[8] C. Bettini, X. S. Wang, S. Jajodia. Protecting Privacy Against Location-based Personal Identification. Proc. of the 2nd VLDB Workshop on Secure Data Management (SDM ’05), W. Jonker and M. Petkovic (Eds.), LNCS 3674, pp. 185-199, Springer-Verlag Berlin Heidelberg 2005.


This project was partially supported by National Science Foundation (NSF) under grant N. CNS-0716567, and by Italian MIUR under grant InterLink II04C0EC1D.