It is a well-known fact that the progress of personal communication devices leads to serious concerns about privacy in general, and location privacy in particular. As a response to these issues, a number of Location-Privacy Protection Mechanisms (LPPMs) have been proposed during the last decade. However, their assessment and comparison remain problematic because of the absence of a systematic method to quantify them. In particular, the assumptions about the attacker's model tend to be incomplete, with the risk of a possibly wrong estimation of the users' location privacy.
In this work, we address these issues by providing a formal framework for the analysis of LPPMs; it captures, in particular, the prior information that might be available to the attacker, and various attacks that he can perform. The privacy of users and the success of the adversary in his location-inference attacks are two sides of the same coin. We revise location privacy by giving a simple, yet comprehensive, probabilistic framework to formulate and evaluate various types of location-information disclosure attacks. We also propose and justify the right metric to quantify location privacy, and show its superiority to existing metrics such as k-anonymity and entropy.
The result of this research will be presented at the IEEE Symposium on Security and Privacy (S&P), and the Privacy Enhancing Technologies Symposium (PETS) 2011.
Reza Shokri is a Ph.D. student in the computer and communication science department at EPFL, Switzerland. His research agenda revolves around privacy enhancement technologies. Recently, he has been working on defining, formalizing, and quantifying location privacy. More information is available at http://people.epfl.ch/reza.shokri.