The cloaked-centroid protocol: location privacy protection for a group of users of location-based services

Abstract

Several techniques have been recently proposed to protect user location privacy while accessing location-based services (LBSs). However, applying these techniques to protect location privacy for a group of users would lead to user privacy leakage and query inefficiency. In this paper, we propose a two-phase protocol, we name Cloaked-Centroid, which is designed specifically to protect location privacy for a group of users. We identify location privacy issues for a group of users who may ask an LBS for a meeting place that is closest to the group centroid. Our protocol relies on spatial cloaking, an anonymous veto network and a conference key establishment protocol. In the first phase, member locations are cloaked into a single region based on their privacy profiles, and then, a single query is submitted to an LBS. In the second phase, a special secure multiparty computation extracts the meeting point result from the received answer set. Our protocol is resource aware, taking into account the LBS overhead and the communication cost, i.e., the number of nearest neighbor queries sent to a service provider and the number of returned points of interests. Regarding privacy, Cloaked-Centroid protects the location privacy of each group member from those in the group and from anyone outside the group, including the LBS. Moreover, our protocol provides result-set anonymity, which prevents LBS providers and other possible attackers from learning the meeting place location. Extensive experiments show that the proposed protocol is efficient in terms of computation and communication costs. A security analysis shows the resistance of the protocol against collusion, disruption and background knowledge attacks in a malicious model.