On the differential privacy of dynamic location obfuscation with personalized error bounds
release_kyysoj4upjglfcb22wxih7lkmy
by
Zhang Shun, Duan Benfei, Chen Zhili, Zhong Hong
2022
Abstract
Geo-indistinguishability and expected inference error are two complementary
notions for location privacy. The joint guarantee of differential privacy
(indistinguishability) and distortion privacy (inference error) limits the
information leakage. In this paper, we analyze the differential privacy of
PIVE, a dynamic location obfuscation mechanism proposed by Yu, Liu and Pu (NDSS
2017), and show that PIVE fails to offer either of the privacy guarantees on
adaptive Protection Location Sets (PLSs) as claimed. Specifically, we
demonstrate that different PLSs could intersect with one another due to the
defined search algorithm, and then different apriori locations in the same PLS
could have different protection diameters. As a result, we can show that the
proof of local differential privacy for PIVE is problematic. Besides, the
condition introduced in PIVE is confirmed to be not sufficient for bounding
expected inference errors in general, which makes the user-defined inference
error threshold invalid. To address these issues, we propose a couple of
correction approaches, analyze theoretically their satisfied privacy
characteristics and detail their respective merits and demerits.
In text/plain
format
Archived Files and Locations
application/pdf 5.3 MB
file_xf4l5fluebeqdbi26kcsnxssi4
|
arxiv.org (repository) web.archive.org (webarchive) |
2101.12602v3
access all versions, variants, and formats of this works (eg, pre-prints)