Decentralized Enforcement of k-Anonymity for Location Privacy Using Secret Sharing

Protection of location privacy by reducing the accuracy of location data, until a desired level of privacy (e.g., measured as k-anonymity) is reached, is a well-known concept that is typically implemented using a privacy proxy. To eliminate the risks associated with a central, trusted party, we propose a generic method to enforce k-anonymity of location data in a decentralized way, using a distributed secret sharing algorithm and the concept of location and time specific keys. We describe our method in the context of a system for privacy-friendly traffic flow analysis, in which participants report origin, destination, start and end time of their trips. In order to protect their privacy the accuracy of time and location information is reduced, until it applies to at least k distinct trips. No trusted, central party is required to determine how much the accuracy of each trip report must be reduced. The participants establish location and time specific keys via vehicle-to-vehicle (V2V) communication at the beginning and end of their trips. They use these keys to encrypt trip reports with several levels of accuracy, and uploaded them to a central, untrusted database. The keys are published using a secret sharing algorithm that allows their reconstruction, once at least k shares of the same key have been uploaded. Consequently, trip reports become available automatically, after k vehicles have made "the same trip"(same origin, destination, start and end time) with respect to a certain accuracy level.