DPIVE: A Regionalized Location Obfuscation Scheme with Personalized Privacy Levels

TL;DR

DPIVE introduces a regionalized, personalized location obfuscation scheme that enhances privacy protection by customizing privacy levels for different regions, correcting previous frameworks, and demonstrating superior performance on public datasets.

Contribution

It proposes DPIVE, a novel regionalized location obfuscation mechanism with personalized privacy sensitivities, improving upon prior models and enabling fine-grained privacy control.

Findings

DPIVE outperforms existing methods on skewed location data.

The two-phase approach effectively partitions locations and assigns personalized privacy levels.

Experiments validate the superior privacy preservation and utility balance of DPIVE.

Abstract

The popularity of cyber-physical systems is fueling the rapid growth of location-based services. This poses the risk of location privacy disclosure. Effective privacy preservation is foremost for various mobile applications. Recently, geo-indistinguishability and expected inference error are proposed for limiting location leakages. In this paper, we argue that personalization means regionalization for geo-indistinguishability, and we propose a regionalized location obfuscation mechanism called DPIVE with personalized utility sensitivities. This substantially corrects the differential and distortion privacy problem of PIVE framework proposed by Yu et al. on NDSS 2017. We develop DPIVE with two phases. In Phase I, we determine disjoint sets by partitioning all possible positions such that different locations in the same set share the Protection Location Set (PLS). In Phase II, we construct a probability distribution matrix in which the rows corresponding to the same PLS have their own sensitivity of utility (PLS diameter). Moreover, by designing QK-means algorithm for more search space in 2-D space, we improve DPIVE with refined location partition and present fine-grained personalization, enabling each location to have its own privacy level endowed with a customized privacy budget. Experiments with two public datasets demonstrate that our mechanisms have the superior performance, typically on skewed locations.