@conference {289, title = {Geo-Indistinguishability: Differential Privacy for Location-Based Systems}, booktitle = {20th ACM Conference on Computer and Communications Security}, year = {2013}, publisher = {ACM}, organization = {ACM}, address = {Berlin, Germany}, abstract = {The growing popularity of location-based systems, allowing unknown/untrusted servers to easily collect and process huge amounts of users{\textquoteright} information regarding their location, has recently started raising serious concerns about the privacy of this kind of sensitive information. In this paper we study geo-indistinguishability, a formal notion of privacy for location-based systems that protects the exact location of a user, while still allowing approximate information - typically needed to obtain a certain desired service - to be released. Our privacy definition formalizes the intuitive notion of protecting the user{\textquoteright}s location within a radius r with a level of privacy that depends on r. We present three equivalent characterizations of this notion, one of which corresponds to a generalized version of the well-known concept of differential privacy. Furthermore, we present a perturbation technique for achieving geo-indistinguishability by adding controlled random noise to the user{\textquoteright}s location, drawn from a planar Laplace distribution. We demonstrate the applicability of our technique through two case studies: First, we show how to enhance applications for location-based services with privacy guarantees by implementing our technique on the client side of the application. Second, we show how to apply our technique to sanitize location-based sensible information collected by the US Census Bureau.}, doi = {10.1145/2508859.2516735}, url = {http://hal.inria.fr/hal-00766821}, author = {Miguel E. Andr{\'e}s and Nicolas E. Bordenabe and Konstantinos Chatzikokolakis and Catuscia Palamidessi} }