A prototypical case of data anonymization is location anonymization: here the most common data anonymization technique { k-anonymity { corresponds to cloaking and consists in providing to the potential attacker a large granularity view of the user location. However the anonymizer should take into account that if the landscape is not neutral - so that some user locations are more likely than others - then the attacker could perform some inferences over the data received and lower substantially the anonymity level with respect to the nominal one, associated to a specific cloak. Data anonymization can be considered a two players' game: given a user position, there are in general several cloaks of a given size that the anonymizer can provide to the potential attacker, furthermore upon receiving a cloak the latter can choose among different points where to deliver an attack; the outcome of the game for each participant depends not only on his own strategy, but also on the strategy of the other player. A specific pair of strategies will be considered a solution to the game if none of the players (who are considered fully rational) could gain benefit by leaving that behavior unilaterally. This solution can be used as a reference solution, to determine the size of the cloak suitable to fulfill specific anonymity constraints, or to determine the relative effectiveness of other obfuscation solutions. This paper extends the results introduced in a previous work and analyzes a new communication scenario.

Gianini, G., Damiani, E. (2008). Cloaking games in location based services. In SWS '08: Proceedings of the 2008 ACM workshop on Secure web services (pp.61-70). Association for Computing Machinery [10.1145/1456492.1456503].

Cloaking games in location based services

Gianini, G;
2008

Abstract

A prototypical case of data anonymization is location anonymization: here the most common data anonymization technique { k-anonymity { corresponds to cloaking and consists in providing to the potential attacker a large granularity view of the user location. However the anonymizer should take into account that if the landscape is not neutral - so that some user locations are more likely than others - then the attacker could perform some inferences over the data received and lower substantially the anonymity level with respect to the nominal one, associated to a specific cloak. Data anonymization can be considered a two players' game: given a user position, there are in general several cloaks of a given size that the anonymizer can provide to the potential attacker, furthermore upon receiving a cloak the latter can choose among different points where to deliver an attack; the outcome of the game for each participant depends not only on his own strategy, but also on the strategy of the other player. A specific pair of strategies will be considered a solution to the game if none of the players (who are considered fully rational) could gain benefit by leaving that behavior unilaterally. This solution can be used as a reference solution, to determine the size of the cloak suitable to fulfill specific anonymity constraints, or to determine the relative effectiveness of other obfuscation solutions. This paper extends the results introduced in a previous work and analyzes a new communication scenario.
paper
Game theory; K-anonymity; Location based services;
English
2008 ACM Workshop on Secure Web Services, SWS'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
2008
Damiani, E; Proctor, S
SWS '08: Proceedings of the 2008 ACM workshop on Secure web services
9781605582924
2008
61
70
none
Gianini, G., Damiani, E. (2008). Cloaking games in location based services. In SWS '08: Proceedings of the 2008 ACM workshop on Secure web services (pp.61-70). Association for Computing Machinery [10.1145/1456492.1456503].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10281/455392
Citazioni
  • Scopus 5
  • ???jsp.display-item.citation.isi??? ND
Social impact