When location-based services (LBS) are delivered, location data should be protected against honest-but-curious LBS providers, them being quasi-identifiers. One of the existing approaches to achieving this goal is location k-Anonymity, which leverages the presence of a trusted party, called location trusted service (LTS), playing the role of anonymizer. A drawback of this approach is that the location trusted service is a single point of failure and traces all the users. Moreover, the protection is completely nullified if a global passive adversary is allowed, able to monitor the flow of messages, as the source of the query can be identified despite location k-Anonymity. In this paper, we propose a distributed and hierarchical LTS model, overcoming both the above drawbacks. Moreover, position notification is used as cover traffic to hide queries and multicast is minimally adopted to hide responses, to keep k-Anonymity also against the global adversary, thus enabling the possibility that LBS are delivered within social networks.
A Distributed Location Trusted Service Achieving k-Anonymity against the Global Adversary / Buccafurri, F.; De Angelis, V.; Idone, M. F.; Labrini, C.. - 2021-:(2021), pp. 133-138. (Intervento presentato al convegno 22nd IEEE International Conference on Mobile Data Management, MDM 2021 nel 2021) [10.1109/MDM52706.2021.00029].
A Distributed Location Trusted Service Achieving k-Anonymity against the Global Adversary
Buccafurri F.;De Angelis V.;Idone M. F.;Labrini C.
2021-01-01
Abstract
When location-based services (LBS) are delivered, location data should be protected against honest-but-curious LBS providers, them being quasi-identifiers. One of the existing approaches to achieving this goal is location k-Anonymity, which leverages the presence of a trusted party, called location trusted service (LTS), playing the role of anonymizer. A drawback of this approach is that the location trusted service is a single point of failure and traces all the users. Moreover, the protection is completely nullified if a global passive adversary is allowed, able to monitor the flow of messages, as the source of the query can be identified despite location k-Anonymity. In this paper, we propose a distributed and hierarchical LTS model, overcoming both the above drawbacks. Moreover, position notification is used as cover traffic to hide queries and multicast is minimally adopted to hide responses, to keep k-Anonymity also against the global adversary, thus enabling the possibility that LBS are delivered within social networks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
