Location obfuscation functions generated by existing systems for ensuring location privacy are monolithic and do not allow users to customize their obfuscation range. This can lead to the user being mapped in undesirable locations (e.g., shady neighborhoods) to the location-requesting services. Modifying the obfuscation function generated by a centralized server on the user side can result in poor privacy as the original function is not robust against such updates. Users themselves might find it challenging to understand the parameters involved in obfuscation mechanisms (e.g., obfuscation range and granularity of location representation) and therefore struggle to set realistic trade-offs between privacy, utility, and customization. In this paper, we propose a new framework called, CORGI, i.e., CustOmizable Robust Geo-Indistinguishability, which generates location obfuscation functions that are robust against user customization while providing strong privacy guarantees based on the Geo-Indistinguishability paradigm. CORGI utilizes a tree representation of a given region to assist users in specifying their privacy and customization requirements. The server side of CORGI takes these requirements as inputs and generates an obfuscation function that satisfies Geo-Indistinguishability requirements and is robust against customization on the user side. The obfuscation function is returned to the user who can then choose to update the obfuscation function (e.g., obfuscation range, granularity of location representation). The experimental results on a real dataset demonstrate that CORGI can efficiently generate obfuscation matrices that are more robust to the customization by users.
翻译:确保定位隐私的现有系统生成的模糊位置模糊功能,确保位置隐私的现有系统产生的模糊功能是单一的,不允许用户自定义其模糊度范围。 这可能导致用户在不受欢迎的地点(例如,隐蔽的邻居)到定位请求服务中被映射。 修改由中央服务器在用户侧面产生的模糊功能, 可能导致隐私差, 因为原始功能对此类更新并不强大。 用户自己可能会发现, 要理解模糊度机制( 例如, 模糊度范围和位置代表的颗粒度) 所涉及的参数, 并因此不允许用户自定义其模糊度范围。 因此, 这可能导致用户在不合适的地点( 例如, 模糊度范围和颗粒度) 试图在隐私、 用途和定制之间设定现实的取舍。 在本文中, 我们提议了一个名为 CORGI 的新框架, 即 CostOmoformal Robustable Robbbbcation 功能, 它产生与用户自定义的稳性定义功能, 并且可以提供基于地理易读性模型的强有力的隐私保障。 CORGI 的侧代表使用特定用户的可帮助用户在定义和自定义功能上解化。