基于经纬网格的递增KNN位置隐私保护查询算法

为了在使用基于位置的服务时用户的位置信息不被不可信的位置服务提供商所泄漏,k-匿名位置隐私保护已被广泛研究.然而在集中匿名器被黑客控制时原k-匿名算法会泄漏所有用户的位置隐私,在进行k个最近邻目标查询时对网络的负载较重,而SpaceTwist算法又不能保证k-匿名.提出了一种基于经纬网格的递增KNN位置隐私保护查询算法,将经典的k-匿名算法与SpaceTwist算法相杂交,并引入经纬网格代替原来精确的位置上报给集中匿名器,从而解决了上述问题.实验证明基于经纬网格的递增KNN查询算法比较节省从集中匿名器到位置服务提供商的服务器之间的网络流量.     

基于密文检索的位置服务用户隐私保护方案

在基于位置服务系统中,为用户提供高质量服务的同时如何很好地保护用户的隐私(身份、行踪以及偏好等)仍然是一个挑战.针对这一挑战,提出了基于密文检索的位置服务用户隐私保护方案.在本方案中,位置服务提供商将其服务数据以及数据向量索引以密文的形式外包给云端,移动用户通过密文查询请求向云端查询所需服务,云端通过用户的查询以及服务数据索引计算出匹配度高的服务数据并返回给用户,整个交互过程都是以密文形式进行,云端以及外界得不到任何明文信息.本方案不依赖集中匿名器和用户协作,最后通过理论以及实验分析表明,本方案以低的计算开销有效地保护了用户的身份、位置以及查询偏好隐私.     

PrivateCheckIn:一种移动社交网络中的轨迹隐私保护方法

移动设备的发展及无线网络的普及促使移动社交网络的出现及发展.签到服务作为移动社交网络中的主流应用,存在着严重的轨迹隐私泄露风险.文中针对签到服务中假名用户的轨迹隐私泄露问题,提出了一种轨迹隐私保护方法PrivateCheckIn.该方法设计了一种签到序列缓存机制,通过为缓存的签到序列建立前缀树、对前缀树进行剪枝及重构形成k-匿名前缀树,遍历k-匿名前缀树得到k-匿名签到序列,达到了轨迹k-匿名的隐私保护效果.文中证明了PrivateCheckIn方法既能保护假名用户的轨迹隐私,又确保损失签到位置最少,有效地保证了用户体验.通过构建前缀树的方式获取轨迹k-匿名集降低了计算代价.最后,文中在真实数据集上与(k,δ)-anonymity 方法进行了充分的对比实验,验证了PrivateCheckIn方法的准确性与有效性.     

基于个人隐私约束的k-匿名模型

传统的数据发布隐私保护研究假设数据发布者持有的电子化数据是原始的、未经过处理的数据.k-匿名模型提出之后,许多匿名化模型主要针对敏感属性提出了各种约束.然而,隐私保护中另一个重要原则是个人的隐私自治.实际应用场景中,个人有选择和决定隐私约束的权利.用户所提供的数据很可能是不完整的或预先经过处理的.围绕非敏感属性上的约束条件定义了一种新颖的匿名化模型:基于个人隐私约束的k-匿名;并设计了一种自上而下的启发式匿名化算法.实验表明,该算法能很好地处理基于个人隐私约束的k-匿名问题,并具有较少的信息损失.     

基于SpaceTwist的K-匿名增量近邻查询位置隐私保护算法

摘 要：随着移动网络的持续进步,基于位置的服务在日常生活中被广泛应用,同时位置隐私保护也成为广大用户所关注的焦点。基于SpaceTwist算法和K-匿名算法,结合路网环境提出一种新的位置隐私保护方法。该方法摆脱第三方可信匿名器,采用客户-服务器体系结构,根据用户的位置隐私需求结合用户所在路网环境设计出用户端匿名区生成算法,并且保证K-匿名。用户端以该匿名区请求基于位置的服务,服务器根据用户请求返回检索点并满足用户期望的K近临结果。根据不同的路网环境和用户隐私需求进行大量实验,证明该算法在满足用户基于位置服务需求的同时提高了对用户位置隐私的保护。     

基于深度学习的位置隐私攻击

随着位置服务的不断发展,位置隐私保护已成为隐私保护研究的一个热点.当前已经提出了一系列位置隐私保护方案,这些隐私保护方案大多是基于空间扰动技术来实现的.然而,现有的位置隐私保护研究存在2方面的问题:首先大部分位置隐私保护方案在进行空间扰动时,未考虑用户轨迹点间复杂的关联关系,这样的位置隐私保护方案通常会低估脱敏轨迹的破...     

邻近敏感区域随机变换的隐私保护方法

针对现有基于位置服务的隐私保护方法缺乏对邻近匿名用户的保护,因而攻击者可利用尚未被保护的匿名用户通过分析剔除的方式识别用户的真实位置,进而造成用户位置隐私泄露的问题,基于邻近敏感区域随机选择计算提出了一种邻近位置保护方法。该方法基于随机变换,实现对用户当前位置及其邻近位置的隐私保护,以此防止攻击者通过剔除的方式识别和获得用户隐私。通过模拟实验比较,可证实该方法具有较好的隐私保护能力和算法适用性。     

路网环境下位置隐私保护技术研究进展

基于位置服务(LBS)在给人们带来方便的同时也引起了越来越多的安全隐患,位置隐私保护成为了学术界和业界关注的焦点.由于大部分用户是沿着道路交通网络移动,研究路网环境下的位置隐私技术更具有现实意义.通过分析路网环境面临隐私泄露的新挑战,从网络扩张匿名技术、X-Star匿名技术、Mix zone匿名技术三个方面对现有路网下的位置隐私技术进行了深入研究,比较了其隐私水平、服务质量等性能指标.最后,总结了路网环境下位置隐私保护技术存在的问题及未来的研究热点.     

基于连续位置服务请求的位置匿名方法的研究

随着无线技术和移动定位技术的蓬勃发展,出现了一种新的研究领域——基于位置的服务(location-based service,LBS)。用户在享受此类服务的时候不得不把自己的精确位置发送给服务提供商,使得用户可能面临位置隐私泄露的危险。位置k-匿名是最常见的位置隐私保护技术之一,通过将用户的精确位置泛化为一个具有k-匿名性质的区域来达到隐私保护的目的。但是在移动用户连续不断发出位置服务请求的场景下,攻击者能够根据用户的历史请求之间的关系推测出用户的隐私。此种状况下,传统的孤立查询的k-匿名模型失效。文章提出了一种更加优化的k-匿名模型,在满足用户指定匿名度的前提下,利用活动区域内用户的历史位置分布情况寻找出现次数最多且位置分布最密集的k-1个用户组成共同匿名集。实验结果表明,该方法在保证用户要求匿名度的前提下能够有效降低共同匿名区域的面积。     

一种轻量级高效的位置服务隐私保护模型

针对基于位置服务中用户位置信息和查询信息隐私易被泄露的安全威胁,基于Geohash地理信息一维编码、Memcached服务器集群,构建了一个轻量级、高效的位置服务隐私保护模型,并加以仿真实现。Geohash编码有效的实现了模糊用户位置的目的,结合Memcached的快照缓存,达到了k-匿名效果,且避免了用户稀疏问题和连续查询带来的易被结合用户背景知识进行关联攻击的问题,用户查询信息、服务端响应信息采用加密传输与存储的机制,应用APP与位置服务提供商实体双向认证,这在一定程度上保证了模型的安全性。二级缓存也提高了系统整体性能,经过仿真实验和数据测量,该模型有较好的性能表现。     

基于位置服务中的连续查询隐私保护研究

近年来,伴随着移动计算技术和无限设备的蓬勃发展,位置服务中的隐私保护研究受到了学术界的广泛关注,提出了很多匿名算法以保护移动用户的隐私信息.但是现有方法均针对snapshot查询,不能适用于连续查询.如果将现有的静态匿名算法直接应用于连续查询,将会产生隐私泄露、匿名服务器工作代价大等问题.针对这些问题,提出了δp-隐私模型和δq-质量模型来均衡隐私保护与服务质量的矛盾,并基于此提出了一种贪心匿名算法.该算法不仅适用于snapshot查询,也适用于连续查询.实验结果证明了算法的有效性.     

Preserving location privacy without exact locations in mobile services

Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking approaches assume that mobile users are trusted. And exact locations are required to protect location privacy, which is exactly the information mobile users want to hide. In this paper, we propose a p-anti-conspiration privacy model to anonymize over semi-honest users. Furthermore, two k*NNG-based cloaking algorithms, vk*NNCA and ek*NNCA, are proposed to protect location privacy without exact locations. The efficiency and effectiveness of the proposed algorithms are validated by a series of carefully designed experiments. The experimental results show that the price paid for location privacy protection without exact locations is small.     

在线社交网络中的位置服务研究进展与趋势

在基于位置的社交网络中, 用户通过发布嵌入了位置数据的媒体信息获得服务, 如位置或好友推荐、旅行路线推荐等。用户和位置都是网络的主体, 位置作为桥梁将用户的虚拟网络世界与现实世界联系起来。综述了基于位置的在线社交网络中的位置信息获取、用户识别、位置识别、信息的共享与传播及位置隐私的相关研究, 预测了基于位置的在线社交网络未来的研究趋势。     

Recommendation of location-based services based on composite measures of trust degree

As more and more users use the mobile terminals of high computing power, the location-based services (LBS) recommendations for mobile users have become an important and interesting topic. Mobile users are eager to get their interested and reliable services quickly. A considerable number of research works have been dedicated to service recommendation based on users’ preferences and locations. In this paper, we study the credibility of recommended services, and propose a set of composite measures on how to provide more reliable services. We further propose the trustworthy Skyline of LBS recommendation in terms of the trust degree based on the newly introduced composite measures to achieve more credibility to provide recommendation services. Experimental results show that our method can recommend desired and trusted services to users.     

L2P2: A location-label based approach for privacy preserving in LBS

The developments in positioning and mobile communication technology have made the location-based service (LBS) applications more and more popular. For privacy reasons and due to lack of trust in the LBS providers, k-anonymity and l-diversity techniques have been widely used to preserve privacy of users in distributed LBS architectures in Internet of Things (IoT). However, in reality, there are scenarios where the locations of users are identical or similar/near each other in IoT. In such scenarios the k locations selected by k-anonymity technique are the same and location privacy can be easily compromised or leaked. To address the issue of privacy preservation, in this paper, we introduce the location labels to distinguish locations of mobile users to sensitive and ordinary locations. We design a location-label based (LLB) algorithm for protecting location privacy of users while minimizing the response time for LBS requests. We also evaluate the performance and validate the correctness of the proposed algorithm through extensive simulations.     

Evaluating the benefits of multimodal interface design for CoMPASS—a mobile GIS

The context of mobility raises many issues for geospatial applications providing location-based services. Mobile device limitations, such as small user interface footprint and pen input whilst in motion, result in information overload on such devices and interfaces which are difficult to navigate and interact with. This has become a major issue as mobile GIS applications are now being used by a wide group of users, including novice users such as tourists, for whom it is essential to provide easy-to-use applications. Despite this, comparatively little research has been conducted to address the mobility problem. We are particularly concerned with the limited interaction techniques available to users of mobile GIS which play a primary role in contributing to the complexity of using such an application whilst mobile. As such, our research focuses on multimodal interfaces as a means to present users with a wider choice of modalities for interacting with mobile GIS applications. Multimodal interaction is particularly advantageous in a mobile context, enabling users of location-based applications to choose the mode of input that best suits their current task and location. The focus of this article concerns a comprehensive user study which demonstrates the benefits of multimodal interfaces for mobile geospatial applications.     

Anonymous Query Processing in Road Networks

The increasing availability of location-aware mobile devices has given rise to a flurry of location-based services (LBSs). Due to the nature of spatial queries, an LBS needs the user position in order to process her requests. On the other hand, revealing exact user locations to a (potentially untrusted) LBS may pinpoint their identities and breach their privacy. To address this issue, spatial anonymity techniques obfuscate user locations, forwarding to the LBS a sufficiently large region instead. Existing methods explicitly target processing in the euclidean space and do not apply when proximity to the users is defined according to network distance (e.g., driving time through the roads of a city). In this paper, we propose a framework for anonymous query processing in road networks. We design location obfuscation techniques that: 1) provide anonymous LBS access to the users and 2) allow efficient query processing at the LBS side. Our techniques exploit existing network database infrastructure, requiring no specialized storage schemes or functionalities. We experimentally compare alternative designs in real road networks and demonstrate the effectiveness of our techniques.     

基于差分隐私的个人轨迹信息保护机制

随着智能手机的发展,基于位置的服务越来越受欢迎,这种服务正在引起严重的隐私问题,因为许多用户不愿看到他们的位置信息泄露给服务提供商。近年来研究人员将广义的差分隐私概念引入了位置信息保护中,提供了一个具有严格数学证明的专用隐私保护框架。直观地说,差分隐私意味着通过扰动,使给定距离内的任何两个可能的发布位置的生成概率相似,因此攻击者无法了解用户的真实位置。然而,在保证隐私的前提下,用户总是希望所访问服务的质量损失是最小的。针对上述问题给出了一种后置映射的方法来实现。后置映射机制可以在满足相同的隐私级别同时改善其平均服务质量,并结合真实数据,对机制进行了仿真分析,结果显示机制的服务质量损失低于平面拉普拉斯机制。     

Privacy leakage on the Web: Diffusion and countermeasures

Protecting privacy on the Web is becoming increasingly complicated because of the considerable amount of personal and sensitive information left by users in many locations during their Web browsing and the silent actions of third party sites that collect data, aggregate information and build personal profiles of Internet users in order to provide free and personalized services. On the other hand, most of people are unaware that their information may be collected online, and that, after their aggregation from multiple sources, could be used for secondary purposes, such as linked to allow identification, without user’s notice.     

Protecting location privacy in mobile geoservices using fuzzy inference systems

Mobile geoservices, especially location-based services (LBSs), are becoming more popular each day. The most important goal of these services is to use a user’s location to provide location-aware services. Because the user’s spatial information can be abused by organizations or advertisers, and sometimes for criminal purposes, the protection of this information is a necessary part of such services. There has been substantial research on privacy protection in LBSs and mobile geoservices; most studies have attempted to anonymize the user and hide his/her identity or to engage the user in the protection process. The major defects of these previous approaches include an increased complexity of system architecture, a decrease in service capabilities, undesirable processing times, and a failure to satisfy users. Additionally, anonymization is not a suitable solution for context-aware services. Therefore, in this paper, a new approach is proposed to locate users with different levels of spatial precision, based on his/her spatio-temporal context and a user’s group, through fuzzy inference systems. The user’s location and the time of the request determine the spatio-temporal context of the user. A fuzzy rule base is formed separately for each group of users and services. An interview is a simple method to extract the rules. The spatial precision of a user’s location, which is obtained from a fuzzy system, goes to a spatial function called the conceptualization function, to determine the user’s location based on one of the following five levels of qualitative precision: geometrical coordinates, streets, parish, region, and qualitative location, such as the eastern part of the city. Thus, there is no need to anonymize users in mobile geoservices or to turn the service off. The applicability and efficiency of the proposed method are shown for a group of taxi drivers.