20 20

Transactions on
Data Privacy
Foundations and Technologies

http://www.tdp.cat


Articles in Press

Accepted articles here

Latest Issues

Year 2017

Volume 10 Issue 2
Volume 10 Issue 1

Year 2016

Volume 9 Issue 3
Volume 9 Issue 2
Volume 9 Issue 1

Year 2015

Volume 8 Issue 3
Volume 8 Issue 2
Volume 8 Issue 1

Year 2014

Volume 7 Issue 3
Volume 7 Issue 2
Volume 7 Issue 1

Year 2013

Volume 6 Issue 3
Volume 6 Issue 2
Volume 6 Issue 1

Year 2012

Volume 5 Issue 3
Volume 5 Issue 2
Volume 5 Issue 1

Year 2011

Volume 4 Issue 3
Volume 4 Issue 2
Volume 4 Issue 1

Year 2010

Volume 3 Issue 3
Volume 3 Issue 2
Volume 3 Issue 1

Year 2009

Volume 2 Issue 3
Volume 2 Issue 2
Volume 2 Issue 1

Year 2008

Volume 1 Issue 3
Volume 1 Issue 2
Volume 1 Issue 1


Volume 9 Issue 1


Differential Privacy Models for Location-Based Services

Ehab ElSalamouny(a),(b), Sebastien Gambs(c),(*)

Transactions on Data Privacy 9:1 (2016) 15 - 48

Abstract, PDF

(a) INRIA, France.

(b) Faculty of Computers and Informatics, Suez Canal University, Egypt.

(c) Université du Québec à Montréeal (UQAM), Canada.

e-mail:ehab.m.s @gmail.com; gambs.sebastien @uqam.ca


Abstract

In this paper, we consider the adaptation of differential privacy to the context of location-based services (LBSs), which personalize the information provided to a user based on his current position. Assuming that the LBS provider is queried with a perturbed version of the position of the user instead of his exact one, we rely on differential privacy to quantify the level of indistinguishability (i.e., privacy) provided by this perturbation with respect to the user's position. In this setting, the adaptation of differential privacy can lead to various models depending on the precise form of indistinguishability required. We discuss the set of properties that hold for these models in terms of privacy, utility and also implementation issues. More precisely, we first introduce and analyze one of these models, the (D, e)-location privacy, which is directly inspired from the standard differential privacy model. In this context, we describe a general probabilistic model for obfuscation mechanisms for the locations whose output domain is the Euclidean space E2. In this model, we characterize the satisfiability conditions of (D, e)-location privacy for a particular mechanism and also measure its utility with respect to an arbitrary loss function. Afterwards, we present and analyze symmetric mechanisms in which all locations are perturbed in a unified manner through a noise function, focusing in particular on circular noise functions. We prove that, under certain assumptions, the circular functions are rich enough to provide the same privacy and utility levels as other more complex (i.e., non-circular) noise functions, while being easier to implement. Finally, we extend our results to a generalized notion for location privacy, called l-privacy capturing both (D, e)-location privacy and also the notion of e-geo-indistinguishability recently introduced by Andrés, Bordenabe, Chatzikokolakis and Palamidessi.

* Corresponding author.

Follow us




Supports










ISSN: 1888-5063; ISSN (Digital): 2013-1631; D.L.:B-11873-2008; Web Site: http://www.tdp.cat/
Contact: Transactions on Data Privacy; Vicenç Torra; U. of Skövde; PO Box 408; 54128 Skövde; (Sweden); e-mail:tdp@tdp.cat

 


Vicenç Torra, Last modified: 07 : 08 July 18 2016.