A context-aware scheme for privacy-preserving location-based services Aniket Pingley a , Wei Yu b , Nan Zhang a,⇑ , Xinwen Fu c , Wei Zhao d a Department of Computer Science, The George Washington University, Washington, DC 20052, USA b Department of Computer and Information Sciences, Towson University, Towson, MD 21252, USA c Department of Computer Science, University of Massachusetts Lowell, Lowell, MA 01854, USA d Department of Computer and Information Science, University of Macau, Macau, China article info Article history: Received 15 July 2011 Received in revised form 28 February 2012 Accepted 4 March 2012 Available online 11 April 2012 Keywords: Location-based service VHC-mapping Locality-preserving abstract We address issues related to privacy protection in location-based services (LBSs). Most existing privacy-preserving LBS techniques either require a trusted third-party (anonymiz- er) or use cryptographic protocols that are computationally and communicationally expen- sive. Our design of privacy-preserving techniques is principled on not requiring a trusted third-party while being highly efficient in terms of time and space complexities. The prob- lem has two interesting and challenging characteristics: First, the degree of privacy protec- tion and LBS accuracy depends on the context, such as population and road density, around a user’s location. Second, an adversary may violate a user’s location privacy in two ways: (i) based on the user’s location information contained in the LBS query payload and (ii) by inferring a user’s geographical location based on the device’s IP address. To address these challenges, we introduce CAP, a context-aware privacy-preserving LBS system with inte- grated protection for both data privacy and communication anonymity. We have imple- mented CAP and integrated it with Google Maps, a popular LBS system. Theoretical analysis and experimental results validate CAP’s effectiveness on privacy protection, LBS accuracy, and communication QoS (Quality-of-Service). Ó 2012 Elsevier B.V. All rights reserved. 1. Introduction Location-based service (LBS) provides a user with contents customized by the user’s current location, such as the nearest restaurants/hotels/clinics, which are retrieved from a spatial database stored remotely in the LBS server. LBS not only serves individual mobile users, but also plays an important role in public safety, transpor- tation, emergency response, and disaster management. With an increasing number of mobile devices featuring built-in Global Positioning System (GPS) technology, LBS has experienced rapid growth in the past few years. According to the ABI research report [1], the number of GPS-enabled LBS subscribers is projected to reach 315 mil- lion by 2013. A request for LBS can be considered a query over the LBS server’s spatial database. For example, a query for the ten nearest four-star hotels can be expressed as the following SQL-like top-k query: SELECT TOP 10 FROM Hotel WHERE STARRATING = 4 ORDER BY DISTANCE (Hotel.Location, userLoc) ASC; where userLoc is the user’s location. Notice that the user’s location is specified as a constant in the ranking function and should be sent along with the query to the LBS server. Despite the benefits provided by LBS, users may not be willing to provide their current location to the LBS server due to concerns on location privacy. Such concerns can be attributed to the seriousness of location disclosure 1389-1286/$ - see front matter Ó 2012 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.comnet.2012.03.022 ⇑ Corresponding author. E-mail addresses: apingley@gwu.edu (A. Pingley), wyu@towson.edu (W. Yu), nzhang10@gwu.edu (N. Zhang), xinwenfu@cs.uml.com (X. Fu), weizhao@umac.mo (W. Zhao). Computer Networks 56 (2012) 2551–2568 Contents lists available at SciVerse ScienceDirect Computer Networks journal homepage: www.elsevier.com/locate/comnet