Privacy and Accountability for Location-Based Aggregate Statistics

Raluca Ada Popa, Andrew Blumberg, Hari Balakrishnan, Frank Li
18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011

A significant and growing class of location-based mobile applications aggregate position data from individual devices at a server and compute aggregate statistics over these position streams. Because these devices can be linked to the movement of individuals, there is significant danger that the aggregate computation will violate the location privacy of individuals. This paper develops and evaluates PrivStats, a system for computing aggregate statistics over location data that simultaneously achieves two properties: first, provable guarantees on location privacy even in the face of any side information about users known to the server, and second, privacy-preserving accountability (i.e., protection against abusive clients uploading large amounts of spurious data). PrivStats achieves these properties using a new protocol for uploading and aggregating data anonymously as well as an efficient zero-knowledge proof of knowledge protocol we developed from scratch for accountability. We implemented our system on Nexus One smartphones and commodity servers. Our experimental results demonstrate that PrivStats is a practical system: computing a common aggregate (e.g., count) over the data of 10,000 clients takes less than 0.46 s at the server and the protocol has modest latency (0.6 s) to upload data from a Nexus phone. We also validated our protocols on real driver traces from the CarTel project.

[PDF (553KB)]

Bibtex Entry:

   author =       "Raluca Ada Popa and Andrew Blumberg and Hari Balakrishnan and Frank Li",
   title =        "{Privacy and Accountability for Location-Based Aggregate Statistics}",
   booktitle =    {18th ACM Conference on Computer and Communications Security (CCS)},
   year =         {2011},
   month =        {October},
   address =      {Chicago, IL}