Optimal noise functions for location privacy on continuous regions
share
Users of location-based services (LBSs) are highly vulnerable to privacy risks since they need to disclose, at least partially, their locations to benefit from these services. One possibility to limit these risks is to obfuscate the location of a user by adding random noise drawn from a noise function. In this paper, we require the noise functions to satisfy a generic location privacy notion called ℓ-privacy, which makes the position of the user in a given region X relatively indistinguishable from other points in X. We also aim at minimizing the loss in the service utility due to such obfuscation. While existing optimization frameworks regard the region X restrictively as a finite set of points, we consider the more realistic case in which the region is rather continuous with a non-zero area. In this situation, we demonstrate that circular noise functions are enough to satisfy ℓ-privacy on X and equivalently on the entire space without any penalty in the utility. Afterwards, we describe a large parametric space of noise functions that satisfy ℓ-privacy on X, and show that this space has always an optimal member, regardless of ℓ and X. We also investigate the recent notion of ϵ-geo-indistinguishability as an instance of ℓ-privacy, and prove in this case that with respect to any increasing loss function, the planar Laplace noise function is optimal for any region having a nonzero area.
READ FULL TEXT