26 May 2016 - George Theodorakopoulos

Abstract

Location is sensitive information, yet location-based services (e.g. "nearest-restaurant" smartphone apps) need it in order to function. To address the need for privacy, mechanisms have been developed that, in effect, obfuscate the location of users before sending it to the service. However, the designer of any security mechanism should anticipate that the adversary will find out how the mechanism works and will perform an optimal attack against it. I will present research that applies this principle to the design of location-privacy mechanisms. This research uses Bayesian Stackelberg games to model the interaction between the privacy mechanism designer and the adversary, with a twist: The adversary is at the same time the service provider, so privacy must be provided under service quality constraints. This approach can accommodate locations of varying privacy sensitivity, and it can take into account prior knowledge that the adversary may have. The resulting mechanism provides provably optimal privacy against localization attacks.