By eavesdropping on a user's query in a sensor network, an adversary can deduce both the user's location and his/her area of interest. In many domains it is desirable to guarantee privacy of both places. We propose an effective way to measure how well issuing a disperse set of k queries protects the user's area of interest. However, issuing k queries instead of one facilitates the adversary determining the user's location. To address that issue, we define a quantitative measure of how much information the k queries leak about the user's location. Experiments reveal that how dispersed the k queries are has no effect on the privacy of the user's location. However, smaller k, randomized routing, and non-broadcast transmission improve the user's location privacy. We also show that compromising nodes in the user's network yields no significant advantage to the adversary over an eavesdropping strategy.
展开▼