A distributed privacy-preserving mechanism for mobile urban sensing applications

In urban sensing applications, participants carry mobile devices that collect sensor readings annotated with spatiotemporal information. However, such annotations put the participants' privacy at stake, as they can reveal their whereabouts and habits to the urban sensing campaign administrators. A solution to protect the participants' privacy is to apply the concept of k-anonymity. In this approach, the reported participants' locations are modified such that at least k-1 other participants appear to share the same location, and hence become indistinguishable from each other. In existing implementations of k-anonymity, the participants need to reveal their precise locations to either a third party or other participants in order to find k-1 other participants. As a result, the participants' location privacy may still be endangered in case of ill-intentioned third-party administrators and/or participants. We tackle this challenge by proposing a novel approach that supports the participants in their search for other participants without disclosing their exact locations to any other parties. To evaluate our approach, we conduct a threat analysis and study its feasibility by means of extensive simulations using a real-world dataset.