Protecting Spatiotemporal Event Privacy in Continuous Location-Based Services

Location privacy-preserving mechanisms (LPPMs) have been extensively studied for protecting users' location privacy by releasing a perturbed location to third parties such as location-based service providers. However, when a user's perturbed locations are released continuously, existing LPPMs may not protect the sensitive information about the user's real-world activities, such as visited hospital in the last week or regularly commuting between location A and location B every weekday (it is easy to infer that location A and location B may be home and office), which we call it spatiotemporal event. In this paper, we first formally define spatiotemporal event as Boolean expressions between location and time predicates, and then we define epsilon-spatiotemporal event privacy by extending the notion of differential privacy. Second, to understand how much spatiotemporal event privacy that existing LPPMs can provide, we design computationally efficient algorithms to quantify the spatiotemporal event privacy leakage of state-of-the-art LPPMs. It turns out that the existing LPPMs may not adequately protect spatiotemporal event privacy. Third, we propose a framework, PriSTE, to transform an existing LPPM into one protecting spatiotemporal event privacy by calibrating the LPPM's privacy budgets. Our experiments on real-life and synthetic data verified that the proposed method is effective and efficient.

Automated summary

This paper introduces the concept of spatiotemporal events and ε-spatiotemporal event privacy, and highlights the potential weaknesses in existing LPPMs in protecting this type of privacy. It presents a framework, PriSTE, to enhance existing LPPMs to provide better protection for spatiotemporal event privacy by adjusting privacy budgets. Experiments conducted on real-life and synthetic data confirm the effectiveness and efficiency of the proposed method.