Protecting multi-lateral localization privacy in pervasive environments

Location-based services (LBSs) have raised serious privacy concerns in the society, due to the possibility of leaking a mobile user's location information in enabling location-dependent services. While existing location-privacy studies are mainly focused on preventing the leakage of a user's location in accessing the LBS server, the possible privacy leakage in the calculation of the user's location, i.e., the localization, has been largely ignored. Such a privacy leakage stems from the fact that a localization algorithm typically takes the location of anchors (reference points for localization) as input, and generates the target's location as output. As such, the location of anchors and target could be leaked to others. An adversary could further utilize the leakage of anchor's locations to attack the localization infrastructure and undermine the accurate estimation of the target's location. To address this issue, in this paper, we study the multi-lateral privacy-preserving localization problem, whereby the location of a target is calculated without the need of revealing anchors' location, and the knowledge of the localization outcome, i.e., the target's location, is strictly limited to the target itself. To fully protect the user's privacy, our study protects not only the user's exact location information (the geo-coordinates), but also any side information that may lead to a coarse estimate of the location. We formulate the problem as a secure least-squared-error (LSE) estimation for an overdetermined linear system and develop three privacy-preserving solutions by leveraging combinations of information-hiding and homomorphic encryption. These solutions provide different levels of protection for location-side information and resilience to node collusion and have the advantage of being able to trade a user's privacy requirements for better computation and communication efficiency. Through numerical results, we verify the significant efficiency improvement of the proposed schemes over existing multiparty secure LSE algorithms.