基于相似路径的位置隐私保护方法

目前,基于位置隐私的保护技术大多针对用户进行单次LBS请求进行设计,只考虑保护当前真实用户所在位置,而忽略了真实用户连续多次查询时存在的协作用户交叠导致真实用户位置泄露的情况,进而攻击者可根据真实用户位置点进行轨迹预测,最终获取真实用户运动轨迹,导致真实用户位置隐私的泄露.本文针对上述情况,在用户发起连续LBS请求时,提出了基于相似路径的位置隐私保护方法（LPBSP）,首先通过网格结构中历史用户密度进行一定均衡处理,使之符合真实的环境条件;然后对前后相邻时刻构造的相似路径进行轨迹偏移度、速度相似度等进行一定条件约束,使其更加贴近真实用户,从而混淆攻击者,达到位置隐私保护的目的,最后本文通过实验对比验证了本文在匿名成功率、执行时间及位置隐私保护度方面的可行性.     

L2P2: A location-label based approach for privacy preserving in LBS

The developments in positioning and mobile communication technology have made the location-based service (LBS) applications more and more popular. For privacy reasons and due to lack of trust in the LBS providers, k-anonymity and l-diversity techniques have been widely used to preserve privacy of users in distributed LBS architectures in Internet of Things (IoT). However, in reality, there are scenarios where the locations of users are identical or similar/near each other in IoT. In such scenarios the k locations selected by k-anonymity technique are the same and location privacy can be easily compromised or leaked. To address the issue of privacy preservation, in this paper, we introduce the location labels to distinguish locations of mobile users to sensitive and ordinary locations. We design a location-label based (LLB) algorithm for protecting location privacy of users while minimizing the response time for LBS requests. We also evaluate the performance and validate the correctness of the proposed algorithm through extensive simulations.     

Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

A context-aware scheme for privacy-preserving location-based services

We address issues related to privacy protection in location-based services (LBSs). Most existing privacy-preserving LBS techniques either require a trusted third-party (anonymizer) or use cryptographic protocols that are computationally and communicationally expensive. Our design of privacy-preserving techniques is principled on not requiring a trusted third-party while being highly efficient in terms of time and space complexities. The problem has two interesting and challenging characteristics: First, the degree of privacy protection and LBS accuracy depends on the context, such as population and road density, around a user’s location. Second, an adversary may violate a user’s location privacy in two ways: (i) based on the user’s location information contained in the LBS query payload and (ii) by inferring a user’s geographical location based on the device’s IP address. To address these challenges, we introduce CAP, a context-aware privacy-preserving LBS system with integrated protection for both data privacy and communication anonymity. We have implemented CAP and integrated it with Google Maps, a popular LBS system. Theoretical analysis and experimental results validate CAP’s effectiveness on privacy protection, LBS accuracy, and communication QoS (Quality-of-Service).     

基于本地差分隐私的众包隐私保护方法

在移动互联网发展的今天,基于位置服务（LBS）技术在移动互联上取得显著进展。针对个人用户进行精确定位时,数据信息隐私存在着泄露风险的问题,本文提出一种基于本地化差分隐私的地理不可区分性的扰动方法。在用户的真实位置数据信息流出客户端前采用地理不可区分性位置扰动方式,作用于真实位置以得到近似位置数据,服务器端收到后制成二级区域网格图,之后采用差分隐私对该图的工人计数进行扰动,最后在空间范围查询下进行实验验证,并与满足ε-本地化差分隐私扰动算法进行对比,精确度提高2.7%,同时与平均划分隐私预算分配方式进行实验对比,提高区域计数精确度4.57%。     

基于高效假轨迹的隐私保护算法研究

为了解决LBS服务中用户轨迹隐私泄露的问题,提出了一种基于高效假轨迹的隐私保护算法。首先,该方案综合考虑用户所处区域的背景信息,以划分网格的方式,统计每个网格的历史服务请求概率,确保生成的每一个假位置与对应真实位置具有相同的历史服务请求概率;其次,结合网格历史服务请求概率并通过万有引力定律模型计算出用户位置转移概率;最后,生成与真实位置转移概率最相近的k-1条假轨迹实现K-匿名。实验结果表明,该方案能够更有效地保护用户的轨迹隐私。     

k-Nearest Neighbor Query Processing Algorithms for a Query Region in Road Networks

Recent development of wireless communication technologies and the popularity of smart phones are making location-based services (LBS) popular. However, requesting queries to LBS servers with users’ exact locations may threat the privacy of users. Therefore, there have been many researches on generating a cloaked query region for user privacy protection. Consequently, an effcient query processing algorithm for a query region is required. So, in this paper, we propose k-nearest neighbor query (k-NN) processing algorithms for a query region in road networks. To effciently retrieve k-NN points of interest (POIs), we make use of the Island index. We also propose a method that generates an adaptive Island index to improve the query processing performance and storage usage. Finally, we show by our performance analysis that our k-NN query processing algorithms outperform the existing k-Range Nearest Neighbor (kRNN) algorithm in terms of network expansion cost and query processing time.     

Preference-oriented mining techniques for location-based store search

With the development of wireless telecommunication technologies, a number of studies have been done on the issues of location-based services due to wide applications. Among them, one of the active topics is the location-based search. Most of previous studies focused on the search of nearby stores, such as restaurants, hotels, or shopping malls, based on the user’s location. However, such search results may not satisfy the users well for their preferences. In this paper, we propose a novel data mining-based approach, named preference-oriented location-based search (POLS), to efficiently search for k nearby stores that are most preferred by the user based on the user’s location, preference, and query time. In POLS, we propose two preference learning algorithms to automatically learn user’s preference. In addition, we propose a ranking algorithm to rank the nearby stores based on user’s location, preference, and query time. To the best of our knowledge, this is the first work on taking temporal location-based search with automatic user preference learning into account simultaneously. Through experimental evaluations on the real dataset, the proposed approach is shown to deliver excellent performance.     

k-Nearest neighbor query processing algorithm for cloaking regions towards user privacy protection in location-based services

Due to the advancement of wireless internet and mobile positioning technology, the application of location-based services (LBSs) has become popular for mobile users. Since users have to send their exact locations to obtain the service, it may lead to several privacy threats. To solve this problem, a cloaking method has been proposed to blur users’ exact locations into a cloaked spatial region with a required privacy threshold (k). With the cloaked region, an LBS server can carry out a k-nearest neighbor (k-NN) search algorithm. Some recent studies have proposed methods to search k-nearest POIs while protecting a user’s privacy. However, they have at least one major problem, such as inefficiency on query processing or low precision of retrieved result. To resolve these problems, in this paper, we propose a novel k-NN query processing algorithm for a cloaking region to satisfy both requirements of fast query processing time and high precision of the retrieved result. To achieve fast query processing time, we propose a new pruning technique based on a 2D-coodinate scheme. In addition, we make use of a Voronoi diagram for retrieving the nearest POIs efficiently. To satisfy the requirement of high precision of the retrieved result, we guarantee that our k-NN query processing algorithm always contains the exact set of k nearest neighbors. Our performance analysis shows that our algorithm achieves better performance in terms of query processing time and the number of candidate POIs compared with other algorithms.     

移动用户位置隐私保护方案研究

随着基于位置的服务（ LBS）的发展,如何保证用户在使用位置服务时的隐私安全,已成为一个亟待解决的问题。文中对主流的位置隐私保护技术进行了分析和比较。在此基础上,针对移动用户的位置隐私保护,提出了一种基于中心服务器的位置隐私保护方案。该方案针对隐私保护需求的差异性,考虑区域的敏感等级,对敏感区域采用K-匿名和假名进行保护,同时运用脚印来辅助匿名。该方案能在不降低位置服务质量的前提下,有效地保护移动用户位置隐私。     

Anonymizing bag-valued sparse data by semantic similarity-based clustering

Web query logs provide a rich wealth of information, but also present serious privacy risks. We preserve privacy in publishing vocabularies extracted from a web query log by introducing vocabulary k-anonymity, which prevents the privacy attack of re-identification that reveals the real identities of vocabularies. A vocabulary is a bag of query-terms extracted from queries issued by a user at a specified granularity. Such bag-valued data are extremely sparse, which makes it hard to retain enough utility in enforcing k-anonymity. To the best of our knowledge, the prior works do not solve such a problem, among which some achieve a different privacy principle, for example, differential privacy, some deal with a different type of data, for example, set-valued data or relational data, and some consider a different publication scenario, for example, publishing frequent keywords. To retain enough data utility, a semantic similarity-based clustering approach is proposed, which measures the semantic similarity between a pair of terms by the minimum path distance over a semantic network of terms such as WordNet, computes the semantic similarity between two vocabularies by a weighted bipartite matching, and publishes the typical vocabulary for each cluster of semantically similar vocabularies. Extensive experiments on the AOL query log show that our approach can retain enough data utility in terms of loss metrics and in frequent pattern mining.     

两种基于Quad-Tree的匿名算法

基于位置的服务（LBS）给人们带来巨大便利的同时可能导致位置隐私的泄露。为了保护用户的位置隐私,一种有效的方法是将用户的精确位置匿名成一个空间区域,现有基于Quad-Tree的匿名算法导致匿名时间较长并且准确度较低。提出两种匿名算法QFC和SWC,与传统的匿名算法（Casper）相比,QFC算法在保持匿名准确度相同的情况下,可以减少CPU时间;SWC算法以牺牲一定的CPU时间为代价,可以达到较高的匿名准确度。     

Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments

This paper tackles a privacy breach in current location-based services (LBS) where mobile users have to report their exact location information to an LBS provider in order to obtain their desired services. For example, a user who wants to issue a query asking about her nearest gas station has to report her exact location to an LBS provider. However, many recent research efforts have indicated that revealing private location information to potentially untrusted LBS providers may lead to major privacy breaches. To preserve user location privacy, spatial cloaking is the most commonly used privacy-enhancing technique in LBS. The basic idea of the spatial cloaking technique is to blur a user’s exact location into a cloaked area that satisfies the user specified privacy requirements. Unfortunately, existing spatial cloaking algorithms designed for LBS rely on fixed communication infrastructure, e.g., base stations, and centralized/distributed servers. Thus, these algorithms cannot be applied to a mobile peer-to-peer (P2P) environment where mobile users can only communicate with other peers through P2P multi-hop routing without any support of fixed communication infrastructure or servers. In this paper, we propose a spatial cloaking algorithm for mobile P2P environments. As mobile P2P environments have many unique limitations, e.g., user mobility, limited transmission range, multi-hop communication, scarce communication resources, and network partitions, we propose three key features to enhance our algorithm: (1) An information sharing scheme enables mobile users to share their gathered peer location information to reduce communication overhead; (2) A historical location scheme allows mobile users to utilize stale peer location information to overcome the network partition problem; and (3) A cloaked area adjustment scheme guarantees that our spatial cloaking algorithm is free from a “center-of-cloaked-area” privacy attack. Experimental results show that our P2P spatial cloaking algorithm is scalable while guaranteeing the user’s location privacy protection.     

Dynamic path privacy protection framework for continuous query service over road networks

Many applications of location based services (LBSs), it is useful or even necessary to ensure that LBSs services determine their location. For continuous queries where users report their locations periodically, attackers can infer more about users’ privacy by analyzing the correlations of their query samples. The causes of path privacy problems, which emerge because the communication by different users in road network using location based services so, attacker can track continuous query information. LBSs, albeit useful and convenient, pose a serious threat to users’ path privacy as they are enticed to reveal their locations to LBS providers via their queries for location-based information. Traditional path privacy solutions designed in Euclidean space can be hardly applied to road network environment because of their ignorance of network topological properties. In this paper, we proposed a novel dynamic path privacy protection scheme for continuous query service in road networks. Our scheme also conceals DPP (Dynamic Path Privacy) users’ identities from adversaries; this is provided in initiator untraceability property of the scheme. We choose the different attack as our defending target because it is a particularly challenging attack that can be successfully launched without compromising any user or having access to any cryptographic keys. The security analysis shows that the model can effectively protect the user identity anonymous, location information and service content in LBSs. All simulation results confirm that our Dynamic Path Privacy scheme is not only more accurate than the related schemes, but also provide better locatable ratio where the highest it can be around 95 % of unknown nodes those can estimate their position. Furthermore, the scheme has good computation cost as well as communication and storage costs.Simulation results show that Dynamic Path Privacy has better performances compared to some related region based algorithms such as IAPIT scheme, half symmetric lens based localization algorithm (HSL) and sequential approximate maximum a posteriori (AMAP) estimator scheme.     

现实环境中基于虚拟用户的LBS位置隐匿方法

当前,基于位置服务LBS的应用得到了广泛的发展,并极大地方便了人们的生活。然而,位置也可能泄露大量用户隐私,这使得关于位置隐私的保护变得尤其重要。虽然现有技术在很大程度上解决了隐私保护问题,但在效果上还未能达到预期目标。对此,提出了一种基于现实环境的隐私保护方法Dummy-Ex,通过生成一系列虚拟用户,并构建逼真的移动轨迹,从而实现隐私保护的目的。实验表明,此方法在安全性和有效性方面都能达到较好的效果。     

LBS中基于移动终端的连续查询用户轨迹隐匿方法*

为减少现有LBS(基于位置的服务)机制给用户位置信息和个人隐私泄露带来的威胁,提出并实现了一个基于移动智能终端的连续查询用户运动轨迹保护方案.该方法利用移动终端来规划虚拟路径,以减少用户在连续查询中的隐私泄露,且不需要第三方服务器提供位置匿名服务,由用户自主决定何时启动位置隐匿机制.实验证明,提出的方法有效地隐匿了连续查询用户的位置及轨迹信息.     

位置服务中用户轨迹的隐私度量

针对一种流行的用户轨迹隐私保护方法——Silent Cascade,提出一种新的轨迹隐私度量方法.该度量方法将用户运动轨迹用带权无向图描述,并从信息熵的角度计算用户的轨迹隐私水平.已有文献指出,当攻击者拥有新的背景知识时,任何一种隐私保护方法都会受到隐私威胁.因此,将攻击者的背景知识分级融入到度量方法中,隐私度量的结果由对背景知识的假设和相应的轨迹隐私水平值组成,并提出(KUL(Ki+Ki-).KL(Ki+Ki-))联系规则的方法来描述对背景知识的假设.模拟实验结果表明,此度量方法为移动用户和轨迹隐私保护方法的设计者提供了一个有价值的工具,能够准确地评估在攻击者具有可变背景知识情况下,用户的轨迹隐私水平.     

k-匿名下通过本地差分隐私实现位置隐私保护

针对用户位置隐私保护过程中攻击者利用背景知识等信息发起攻击的问题,提出一种面向移动终端的位置隐私保护方法。该方案通过利用k-匿名和本地差分隐私技术进行用户位置保护,保证隐私和效用的权衡。结合背景知识构造匿名集,通过改进的Hilbert曲线对k-匿名集进行分割,使用本地差分隐私算法RAPPOR扰动划分后的位置集,最后将生成的位置集发送给位置服务提供商获取服务。在真实数据集上与已有的方案从用户位置保护、位置可用性和时间开销方面进行对比,实验结果显示,所提方案在确保LBS服务质量的同时,也增强了位置隐私保护的程度。     

位置服务社交网络用户行为相似性分析

基于位置的社交网络(LBSN)能够支持用户分享地理位置信息,网站中保存用户访问真实世界地理位置的记录构成用户的行为轨迹,但LBSN用户相似性的分析并没有从用户的地理位置轨迹上加以考虑。为此,提出基于划分层次,在不同的邻域半径下密度聚类的方法,探索基于位置的服务(LBS)平台上用户地理位置上相似性的度量。该方法在不同空间位置比例尺下观察用户访问各个聚类区域的次数,进而利用向量空间模型(VSM)计算用户在各个层级的相似性,最终以不同权重叠加各层级的用户相似性值,得出用户在地理空间行为上的相似性。基于国内某大型位置社交网站真实用户数据的实验结果表明,该方法能有效识别出访问地理位置相似的用户。     

基于连续查询的用户轨迹k-匿名隐私保护算法

随着移动服务和移动网络的持续发展,基于LBS的连续查询服务被广泛应用。基于单点的K-匿名位置隐私保护算法已经不能满足连续查询下用户位置隐私需求。针对用户轨迹隐私保护提出新的保护方法,该方法采用不可信第三方中心匿名器,用户获取自己的真实位置后首先在客户端进行模糊处理,然后提交给第三方匿名器,第三方匿名器根据用户的隐私需求结合用户某时刻的真实位置信息生成虚假用户,然后根据历史数据生成虚假轨迹。为了进一步提高虚假轨迹与用户真实轨迹的相似性,该算法提出了虚假轨迹生成的两个约束条件：虚假轨迹距用户真实轨迹的距离约束和相似性约束。经大量实验证明,该算法与传统的不同时刻K-匿名算法相比,不仅可以满足连续查询的用户轨迹隐私保护而且可以满足基于快照的LBS用户位置隐私保护。