Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

Constructing dummy query sequences to protect location privacy and query privacy in location-based services

World Wide Web - Location-based services (LBS) have become an important part of people’s daily life. However, while providing great convenience for mobile users, LBS result in a serious...     

LBS的一种隐私保护模型

移动位置服务(LBS)是一个分布式多方参与的系统,给移动商业应用带来了一个快速发展的时机,但由于其拥有访问私人信息的权利,以至于也给它们的用户隐私带来很大的风险.为此,通过对能够有效保护用户隐私的模型进行了研究,提出了一个体系结构和一个协议,协议中使用一个位置中间件把来自LBS供应商提供的用户关心的区域信息和来自移动运营商的用户位置信息进行匹配.结果表明,该协议使得隐私友好的服务成为可能,而且仍然是高效率.     

An optimal query strategy for protecting location privacy in location-based services

In this paper, an optimal query strategy is proposed for location privacy in location-based services (LBSs) from a game-theoretic perspective. Distributed location privacy metrics are proposed, and a user-centric model is proposed, in which users make their own decisions to protect their location privacy. In addition, the mobile users’ cooperation is formalized as a query strategy selection optimizing problem by using the framework of Bayesian games. Based on the analysis of Bayesian Nash Equilibria, a User Query Strategy Optimization Algorithm (UQSOA) is designed to help users achieve optimized utilities. We perform simulations to assess the privacy protection effectiveness of our approach and validate the theoretical properties of the UQSOA algorithm.     

Long-term location privacy protection for location-based services in mobile cloud computing

The popularity of mobile devices, especially intelligent mobile phones, significantly prompt various location-based services (LBSs) in cloud systems. These services not only greatly facilitate people’s daily lives, but also cause serious threats that users’ location information may be misused or leaked by service providers. The dummy-based privacy protection techniques have significant advantages over others because they neither rely on trusted servers nor need adequate number of trustworthy peers. Existing dummy-based location privacy protection schemes, however, cannot yet provide long-term privacy protection. In this paper, we propose four principles for the dummy-based long-term location privacy protection (LT-LPP). Based on the principles, we propose a set of long-term consistent dummy generation algorithms for the LT-LPP. Our approach is built on soft computing techniques and can balance the preferred privacy protection and computing cost. Comprehensive experimental results demonstrate that our approach is effective to both long-term privacy protection and fake path generation for LBSs in mobile clouds.     

Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments

This paper tackles a privacy breach in current location-based services (LBS) where mobile users have to report their exact location information to an LBS provider in order to obtain their desired services. For example, a user who wants to issue a query asking about her nearest gas station has to report her exact location to an LBS provider. However, many recent research efforts have indicated that revealing private location information to potentially untrusted LBS providers may lead to major privacy breaches. To preserve user location privacy, spatial cloaking is the most commonly used privacy-enhancing technique in LBS. The basic idea of the spatial cloaking technique is to blur a user’s exact location into a cloaked area that satisfies the user specified privacy requirements. Unfortunately, existing spatial cloaking algorithms designed for LBS rely on fixed communication infrastructure, e.g., base stations, and centralized/distributed servers. Thus, these algorithms cannot be applied to a mobile peer-to-peer (P2P) environment where mobile users can only communicate with other peers through P2P multi-hop routing without any support of fixed communication infrastructure or servers. In this paper, we propose a spatial cloaking algorithm for mobile P2P environments. As mobile P2P environments have many unique limitations, e.g., user mobility, limited transmission range, multi-hop communication, scarce communication resources, and network partitions, we propose three key features to enhance our algorithm: (1) An information sharing scheme enables mobile users to share their gathered peer location information to reduce communication overhead; (2) A historical location scheme allows mobile users to utilize stale peer location information to overcome the network partition problem; and (3) A cloaked area adjustment scheme guarantees that our spatial cloaking algorithm is free from a “center-of-cloaked-area” privacy attack. Experimental results show that our P2P spatial cloaking algorithm is scalable while guaranteeing the user’s location privacy protection.     

A knowledge infrastructure for intelligent query answering in location-based services

Intelligent query answering in Location-based Services refers to their capability to provide mobile users with personalized and contextualized answers. Personalization is expected to lead to answers that better match user’s interests, as inferable from the user’s profile. Contextualization aims at not selecting answers that for some reason would not be appropriate at the time and place of the user query. These goals are beyond the current state of art in LBS, or are provided based on ad hoc solutions specific to the application at hand. This paper reports on the results of an investigation aiming at defining the knowledge infrastructure that should be developed within the LBS to make it capable of returning intelligent answers. We first discuss the data management features that make LBS different from other query answering systems. Next we propose a data infrastructure that builds on the idea of modular ontologies. We explain how the relevant knowledge may be incrementally set up and dynamically maintained based on an application-independent approach. Last we show how this knowledge is used to reformulate user’s queries via personalized and contextualized rewriting.     

Landscape-aware location-privacy protection in location-based services

Mobile network providers have developed a variety of location-based services (LBSs), such as friend-finder, point of interest services, emergency rescue and many other safety and security services. The protection of location-privacy has consequently become a key aspect to the success of LBSs, since users consider their own physical location and movements highly privacy-sensitive, and demand for solutions able to protect such an information in a variety of environments. The idea behind location-privacy protection is that the individual should be able to set the level at which the location information is released to avoid undesired exploitation by a potential attacker: one of the approaches to this problem is given by the application of spatial obfuscation techniques, actuated by a trusted agent, and consisting in artificial perturbations of the location information collected by sensing technologies, before its disclosure to third parties. In many situations, however, landscape/map information can help a third party to perform Bayesian inference over spatially obfuscated data and to refine the user’s location estimate up to a violation of the original user’s location-privacy requirements. The goal of this paper is to provide a map-dependent obfuscation procedure that enables the release of the maximum possible user’s location information, that does not lead to a violation of the original user’s location-privacy requirements, even when refined through map-based inference.     

From location to location pattern privacy in location-based services

Location privacy is extensively studied in the context of location-based services (LBSs). Typically, users are assigned a location privacy profile and the precise locations are cloaked so that the privacy profile is not compromised. Though being well-defined for snapshot location privacy, these solutions require additional precautions and patches in case of consecutive LBS requests on the user trajectory. The attacker can exploit some background knowledge like maximum velocity to compromise the privacy profile. To protect against this kind of location privacy attacks, PROBE (Damiani et al. in Trans Data Priv 3(2):123–148, 2010)-like systems constantly check location privacy violations and alter requests as necessary. Clearly, the location privacy is defined in terms of snapshot locations. Observing that there are usually user-specific movement patterns existing in the shared LBS requests, this work extends location privacy to location pattern privacy. We present a framework where user-specific sensitive movement patterns are defined and sanitized in offline and online fashions, respectively. Our solution uses an efficient dynamic programming approach to decide on and to prevent sensitive pattern disclosure. An extensive experimental evaluation has been carried out too.     

Continuous visible nearest neighbor query processing in spatial databases

In this paper, we identify and solve a new type of spatial queries, called continuous visible nearest neighbor (CVNN) search. Given a data set P, an obstacle set O, and a query line segment q in a two-dimensional space, a CVNN query returns a set of \({\langle p, R\rangle}\) tuples such that \({p \in P}\) is the nearest neighbor to every point r along the interval \({R \subseteq q}\) as well as p is visible to r. Note that p may be NULL, meaning that all points in P are invisible to all points in R due to the obstruction of some obstacles in O. In contrast to existing continuous nearest neighbor query, CVNN retrieval considers the impact of obstacles on visibility between objects, which is ignored by most of spatial queries. We formulate the problem, analyze its unique characteristics, and develop efficient algorithms for exact CVNN query processing. Our methods (1) utilize conventional data-partitioning indices (e.g., R-trees) on both P and O, (2) tackle the CVNN search by performing a single query for the entire query line segment, and (3) only access the data points and obstacles relevant to the final query result by employing a suite of effective pruning heuristics. In addition, several interesting variations of CVNN queries have been introduced, and they can be supported by our techniques, which further demonstrates the flexibility of the proposed algorithms. A comprehensive experimental evaluation using both real and synthetic data sets has been conducted to verify the effectiveness of our proposed pruning heuristics and the performance of our proposed algorithms.     

Efficient mutual nearest neighbor query processing for moving object trajectories

Given a set D of trajectories, a query object q, and a query time extent Γ, a mutual (i.e., symmetric) nearest neighbor (MNN) query over trajectories finds from D, the set of trajectories that are among the k₁ nearest neighbors (NNs) of q within Γ, and meanwhile, have q as one of their k₂ NNs. This type of queries is useful in many applications such as decision making, data mining, and pattern recognition, as it considers both the proximity of the trajectories to q and the proximity of q to the trajectories. In this paper, we first formalize MNN search and identify its characteristics, and then develop several algorithms for processing MNN queries efficiently. In particular, we investigate two classes of MNN queries, i.e., MNN_P and MNN_T queries, which are defined with respect to stationary query points and moving query trajectories, respectively. Our methods utilize the batch processing and reusing technology to reduce the I/O cost (i.e., number of node/page accesses) and CPU time significantly. In addition, we extend our techniques to tackle historical continuous MNN (HCMNN) search for moving object trajectories, which returns the mutual nearest neighbors of q (for a specified k₁ and k₂) at any time instance of Γ. Extensive experiments with real and synthetic datasets demonstrate the performance of our proposed algorithms in terms of efficiency and scalability.     

An efficient continuous k-nearest neighbor query processing scheme for multimedia data sharing and transmission in location based services

The continuous k-nearest neighbor query is one of the most important query types to share multimedia data or to continuously identify transportable users in LBS. Various methods have been proposed to efficiently process the continuous k-NN query. However, most of the existing methods suffer from high computation time and larger memory requirement because they unnecessarily access cells to find the nearest cells on a grid index. Furthermore, most methods do not consider the movement of a query. In this paper, we propose a new processing scheme to process the continuous k nearest neighbor query for efficiently support multimedia data sharing and transmission in LBS. The proposed method uses the patterns of the distance relationships among the cells in a grid index. The basic idea is to normalize the distance relationships as certain patterns. Using this approach, the proposed scheme significantly improves the overall performance of the query processing. It is shown through various experiments that our proposed method outperforms the existing methods in terms of query processing time and storage overhead.

     

Protecting query privacy with differentially private <Emphasis Type="Italic">k</Emphasis>-anonymity in location-based services

Nowadays, location-based services (LBS) are facilitating people in daily life through answering LBS queries. However, privacy issues including location privacy and query privacy arise at the same time. Existing works for protecting query privacy either work on trusted servers or fail to provide sufficient privacy guarantee. This paper combines the concepts of differential privacy and k-anonymity to propose the notion of differentially private k-anonymity (DPkA) for query privacy in LBS. We recognize the sufficient and necessary condition for the availability of 0-DPkA and present how to achieve it. For cases where 0-DPkA is not achievable, we propose an algorithm to achieve ??-DPkA with minimized ??. Extensive simulations are conducted to validate the proposed mechanisms based on real-life datasets and synthetic data distributions.     

大型社交网络的差分隐私保护算法

为解决大型社交网络隐私保护中的复杂度过高及可用性差的问题,提出一种基于随机投影及差分隐私的社交网络隐私保护算法。利用随机投影对社交网络图的邻接矩阵进行指定投影数量的降维,进一步在降维后的矩阵中加入少量高斯噪声生成待发布矩阵。该算法满足(ε,δ)-差分隐私定义且能保持用户间欧氏距离的可计算性不变。实验和对比分析结果表明,该算法较传统差分隐私能大幅提升数据可用性且计算复杂性较小,适用于大规模社交网络隐私保护。     

Dynamic path privacy protection framework for continuous query service over road networks

Many applications of location based services (LBSs), it is useful or even necessary to ensure that LBSs services determine their location. For continuous queries where users report their locations periodically, attackers can infer more about users’ privacy by analyzing the correlations of their query samples. The causes of path privacy problems, which emerge because the communication by different users in road network using location based services so, attacker can track continuous query information. LBSs, albeit useful and convenient, pose a serious threat to users’ path privacy as they are enticed to reveal their locations to LBS providers via their queries for location-based information. Traditional path privacy solutions designed in Euclidean space can be hardly applied to road network environment because of their ignorance of network topological properties. In this paper, we proposed a novel dynamic path privacy protection scheme for continuous query service in road networks. Our scheme also conceals DPP (Dynamic Path Privacy) users’ identities from adversaries; this is provided in initiator untraceability property of the scheme. We choose the different attack as our defending target because it is a particularly challenging attack that can be successfully launched without compromising any user or having access to any cryptographic keys. The security analysis shows that the model can effectively protect the user identity anonymous, location information and service content in LBSs. All simulation results confirm that our Dynamic Path Privacy scheme is not only more accurate than the related schemes, but also provide better locatable ratio where the highest it can be around 95 % of unknown nodes those can estimate their position. Furthermore, the scheme has good computation cost as well as communication and storage costs.Simulation results show that Dynamic Path Privacy has better performances compared to some related region based algorithms such as IAPIT scheme, half symmetric lens based localization algorithm (HSL) and sequential approximate maximum a posteriori (AMAP) estimator scheme.     

Personality traits and concern for privacy: an empirical study in the context of location-based services

For more than a century, concern for privacy (CFP) has co-evolved with advances in information technology. The CFP refers to the anxious sense of interest that a person has because of various types of threats to the person's state of being free from intrusion. Research studies have validated this concept and identified its consequences. For example, research has shown that the CFP can have a negative influence on the adoption of information technology; but little is known about factors likely to influence such concern. This paper attempts to fill that gap. Because privacy is said to be a part of a more general ‘right to one's personality’, we consider the so-called ‘Big Five’ personality traits (agreeableness, extraversion, emotional stability, openness to experience, and conscientiousness) as factors that can influence privacy concerns. Protection motivation theory helps us to explain this influence in the context of an emerging pervasive technology: location-based services. Using a survey-based approach, we find that agreeableness, conscientiousness, and openness to experience each affect the CFP. These results have implications for the adoption, the design, and the marketing of highly personalized new technologies.     

面向无线传感器网络的数据完整性和隐私保护融合算法

无线传感器网络(WSNs)作为物联网的重要组成部分,在实际应用中,希望在得到精确数据融合结果的同时,又能保护数据信息的隐私性和完整性。为此,提出一种新的数据融合完整性保护算法,在增添私有种子对节点采集数据进行隐私保护的基础上,利用复数的虚部数据与采集到的真实数据呈非线性关系,有效地实现信息完整性的鉴别。性能分析和仿真结果表明:该算法可以在较低数据通信开销与计算开销的前提下,应对恶意节点的各种攻击,提供更有效更可靠的数据完整性保护。     

基于可变长标签的链上隐私保护算法

在以太坊私链上实现了一套用于隐蔽信息传输的算法,并详细介绍了如何在区块链平台上进行可变长标签隐私信息的传递.不同于传统信道传输机制的定向传输、明文显示,天然的链上交易机制可以构造出一套密文传送、不定向传输、隐蔽接收的算法,从身份隐私和交易隐私两个角度进一步地提升信息传输的隐蔽性和安全性.文章为链上的隐蔽信道传输技术提供...     

DART+: Direction-aware bichromatic reverse k nearest neighbor query processing in spatial databases

This article presents a novel type of queries in spatial databases, called the direction-aware bichromatic reverse k nearest neighbor(DBRkNN) queries, which extend the bichromatic reverse nearest neighbor queries. Given two disjoint sets, P and S, of spatial objects, and a query object q in S, the DBRkNN query returns a subset P′ of P such that k nearest neighbors of each object in P′ include q and each object in P′ has a direction toward q within a pre-defined distance. We formally define the DBRkNN query, and then propose an efficient algorithm, called DART, for processing the DBRkNN query. Our method utilizes a grid-based index to cluster the spatial objects, and the B⁺-tree to index the direction angle. We adopt a filter-refinement framework that is widely used in many algorithms for reverse nearest neighbor queries. In the filtering step, DART eliminates all the objects that are away from the query object more than a pre-defined distance, or have an invalid direction angle. In the refinement step, remaining objects are verified whether the query object is actually one of the k nearest neighbors of them. As a major extension of DART, we also present an improved algorithm, called DART+, for DBRkNN queries. From extensive experiments with several datasets, we show that DART outperforms an R-tree-based naive algorithm in both indexing time and query processing time. In addition, our extension algorithm, DART+, also shows significantly better performance than DART.