Location Privacy with Randomness Consistency

Abstract

Location-Based Social Network (LBSN) applications that support geo-location-based posting and queries to provide location-relevant information to mobile users are increasingly popular, but pose a location-privacy risk to posts. We investigated existing LBSNs and location privacy mechanisms, and found a powerful potential attack that can accurately locate users with relatively few queries, even when location data is well secured and location noise is applied. Our technique defeats previously proposed solutions including fake-location detection and query rate limits.To protect systems from this attack, we propose a simple, scalable, yet effective defense that quantizes the map into squares using hierarchical subdivision, consistently returns the same random result to multiple queries from the same square for posts from the same user, and responds to queries with different distance thresholds in a correlated manner, limiting the information gained by attackers, and ensuring that an attacker can never accurately know the quantized square containing a user. Finally, we verify the performance of our defense and analyze the trade-offs through comprehensive simulation in realistic settings. Surprisingly, our results show that in many environments, privacy level and user accuracy can be tuned using two independent parameters; in the remaining environments, a single parameter adjusts the tradeoff between privacy level and user accuracy. We also thoroughly explore the parameter space to provide guidance for actual deployments.