Location security- Where to enforce?

Abstract

Enforcing security in location based services is very crucial in the current mobile world. Past literature has examined both location and identity obfuscation techniques in order to optimally trade off security/privacy with utility- this primarily addresses the 'how to enforce location security problem', however, it does not address the 'where to enforce location security problem'. This paper examines the 'where' problem and in particular, examines tradeoffs between enforcing location security at a device vs. Enforcing location security at an edge location server. This paper also sketches an implementation of location security solutions at both the device and the edge location server and presents detailed experiments using real mobility and user profile data sets collected from various data sources (taxicabs, Smartphones). Our results show that while device-based solutions do not require trust in the edge location server, they either suffer from high false positive rate (about 25% probability of not meeting the desired security requirement) or low utility (about 600 meters higher error in obfuscated location data).