连续服务请求下基于假位置的用户隐私增强方法

基于假位置的隐私保护方案在为用户提供准确位置服务查询结果的同时,还无需第三方和共享密钥。然而,当用户连续请求位置服务时,由于现有保护单次查询的假位置方案未考虑相邻位置集合间的时空关系,使攻击者能推断出假位置,降低用户的位置隐私保护等级。针对上述问题,采用现有假位置方案生成候选假位置,并通过连续合理性检查和单次隐私增强对其进行筛选,提出一个适用于连续请求的假位置隐私保护增强方法。安全性分析表明,所提方法能保证连续请求中形成的移动路径在时空上不可区分,有效保护连续请求中的用户位置隐私。大量实验表明,所提方法在不增加用户计算开销的同时,与采用的候选假位置生成方案相比,还能提高用户单次查询的隐私保护等级。     

移动互联网服务的隐私保护机制

探讨了考虑背景信息的位置和查询隐私保护方案,如基于背景信息的虚假位置k-匿名方案、同时保护位置和兴趣的隐私保护方案、基于交互的隐私保护方案,还探讨了基于用户隐私链拆分的实名认证和身份隐私保护策略;认为在避免可信第三方参与,敌手能够获取到背景信息的前提下,能够实现对用户身份、位置和查询隐私的保护,达到信任机制和隐私保护的有机结合将是未来隐私保护发展的趋势。     

位置隐私保护技术研究

位置服务给人们的生活带来诸多便利的同时,也面临泄漏用户位置信息的危险,这为他人实施不法行为提供了可乘之机。隐私问题已经成为位置服务以及研究人员的一个严峻的挑战。解决隐私问题的关键是在保护个人信息的同时也要保证服务质量,需要在两者之间取得平衡。文中综述了基于轨迹的隐私保护技术和基于位置的隐私保护技术的研究现状与进展,阐述了基于位置和轨迹的隐私保护方法、类型、目标和挑战,分析了隐私保护技术存在的主要问题,并对位置隐私保护技术的发展方向进行了探讨,为位置隐私保护的进一步研究提供参考。     

位置服务信息安全防护

随着无线通信技术和智能移动终端的快速发展,基于位置的服务(LBS)在军事、交通、物流等诸多领域得到了广泛应用,它能够根据移动对象的位置信息提供个性化服务。在人们享受各种位置服务的同时,移动对象个人信息泄露的隐私威胁也渐渐成为一个严重的问题。为移动用户提供位置服务的同时,保护移动用户的位置隐私也至关重要。本文就位置业务隐私保护技术和位置业务隐私管控手段进行了探讨。     

移动互联网中的位置隐私保护研究

全面归纳了移动互联网中位置隐私保护的相关研究工作,总结了位置服务和定位服务中的威胁模型。然后,详细介绍了现有基于位置服务的隐私保护技术,分析了其在抗隐私攻击和位置隐私适用性方面的优缺点,并阐述了定位服务中位置隐私问题的本质、威胁和解决方法。最后指出了需要进一步研究的问题。     

基于消息复用的位置服务隐私保护算法

提出一种基于消息复用的位置服务隐私保护(MSPP)算法,用于提供不同安全性需求的位置服务.首先对源消息集中的数据进行预伪装,将通过预伪装算法成功伪装的消息添加到复用消息集.然后,通过消息复用,形成多层伪装区域来保护用户的位置隐私.仿真结果表明,针对不同安全性需求的消息,该机制提高了匿名成功率,缩短了系统平均响应时间.     

基于网格密度的位置隐私保护系统设计与实现

基于位置服务(LBS)给人们生活带来巨大便利的同时,其对个人隐私的泄露风险不容忽视。首先讨论了位置服务中的隐私泄露途径及隐私保护模型,并着重介绍了位置k匿名思想;针对位置k匿名中对模糊匿名区域的寻找问题,提出基于网格密度模型的保护系统方案,利用网格结构简单、索引便捷的特点,可以迅速获知周围用户数目状态,找到覆盖临近k个用户的最小包含空间;此外,考虑若连续使用位置服务,即使每次请求均满足k匿名条件仍可能泄露大概的轨迹信息,提出动态假名算法,量化轨迹隐私泄露风险,将高风险用户的假名与临近用户的假名进行随机的交换,使得攻击者无法对其轨迹进行追踪。     

个性化搜索中一种基于位置服务的隐私保护方法

在基于位置服务的个性化搜索中,利用可信第三方服务器以及对等节点是保护用户隐私的主要方法,但在现实生活中,它们却是不完全可信的。为了解决这一问题,该文提出一种个性化搜索中基于位置服务的隐私保护方法。该方法通过转换用户的位置信息,并根据用户的查询类型生成用户模型,进而形成带有用户位置信息的查询矩阵,然后利用矩阵加密用户的查询,隐藏查询矩阵中的用户信息,最后根据安全内积计算返回相关性得分最高的前K个查询文件给用户。安全性分析表明该方法能有效地保护用户的查询隐私和位置隐私,通过分析与实验表明,该方法大幅度地缩短了索引构建时间,降低了通信开销,同时为用户提供了基于位置的个性化搜索结果,一定程度上解决了移动设备屏幕小带来的弊端。     

车辆自组网的位置隐私保护技术研究

车辆自组网的位置服务在解决道路安全问题、为驾乘者提供便捷服务的同时,也带来了相应的隐私保护问题。总结了隐私保护内容,重点分析了车辆自组网的假名和签名2类隐私保护技术,其中假名方案分为基于特殊地形、基于安静时段、加密mix-zones和mix-zones通信代理;签名方案分为群签名和环签名。继而针对隐私保护水平的高低,分析了匿名集合、熵度量、数学理论分析和形式化证明几类主要的位置隐私度量方法,对其各自的特点进行了总结比较。     

个人移动数据收集中的多维轨迹匿名方法

在情景感知位置服务中,移动互联网络的开放性使得个人移动数据面临巨大的安全风险,移动数据的时空关联特性对个人数据的隐私保护提出重大挑战.针对基于时空关联的背景知识攻击,本文提出了一种多维的轨迹匿名隐私保护方法.该方法在匿名轨迹数据收集系统的基础上,基于多用户协作的隐私保护模式,通过时间匿名和空间匿名算法,实现用户的隐私保护.实验结果表明,该方法可以有效的对抗基于位置和移动方式的背景知识攻击,满足了k-匿名的隐私保护要求.     

Evaluation and protection of multi-level location privacy based on an information theoretic approach

A privacy metric based on mutual information was proposed to measure the privacy leakage occurred when location data owner trust data users at different levels and need to publish the distorted location data to each user according to her trust level,based on which an location privacy protection mechanism (LPPM)was generated to protect user’s location privacy.In addition,based on mutual information,a metric was proposed to measure the privacy leakage caused by attackers obtaining different levels of distorted location data and then performing inference attack on the original location data more accurately.Another privacy metric was also proposed to quantify the information leakage occurred in the scenario based on mutual information.In particular,the proposed privacy mechanism was designed by modifying Blahut-Arimoto algorithm in rate-distortion theory.Experimental results show the superiority of the proposed LPPM over an existing LPPM in terms of location privacyutility tradeoff in both scenarios,which is more conspicuous when there are highly popular locations.     

基于位置语义的路网位置隐私保护

移动用户在享受基于位置的服务（LBS）的同时受到位置隐私泄露的威胁,因而提供有效的位置隐私保护策略至关重要。传统的位置隐私保护方法主要采用空间匿名的方式,若攻击者获得了更多与匿名空间相关的背景知识,尤其是与位置相关的语义信息,就会严重降低匿名效果。为了防止由位置语义分析造成的敏感位置信息泄露,并根据移动用户活动范围大多限定为道路网络的特点,提出一种基于位置语义的路网位置隐私保护方法,充分考虑了用户的个性化隐私需求,并通过实验验证了方法的可行性及有效性。     

Search me if you can: Multiple mix zones with location privacy protection for mapping services

The mobile vehicle is gaining popularity nowadays using map services like Google Maps and other mapping services. However, map services users have to expose sensitive information like geographic locations (GPS coordinates) or address to personal privacy concerns as users share their locations and queries to obtain desired services. Existing mix zones location privacy protection methods are most general purposed and theoretical value while not applicable when applied to provide location privacy for map service users. In this paper, we present new (multiple mix zones location privacy protection) MMLPP method specially designed for map services on mobile vehicles over the road network. This method enables mobile vehicle users to query a route between 2 endpoints on the map, without revealing any confidential location and queries information. The basic idea is to strategically endpoints to nearby ones, such that (1) the semantic meanings encoded in these endpoints (eg, their GPS coordinates) change much, ie, location privacy is protected; (2) the routes returned by map services little change, ie, services usability are maintained. Specifically, a mobile client first privately retrieves point of interest close to the original endpoints, and then selects 2 points of interest as the shifted endpoints satisfying the property of geoindistinguishability. We evaluate our MMLPP approach road network application for GTMobiSim on different scales of map services and conduct experiments with real traces. Results show that MMLPP strikes a good balance between location privacy and service usability.     

User location privacy protection mechanism for location-based services

With the rapid development of the Internet of Things (IoT), Location-Based Services (LBS) are becoming more and more popular. However, for the users being served, how to protect their location privacy has become a growing concern. This has led to great difficulty in establishing trust between the users and the service providers, hindering the development of LBS for more comprehensive functions. In this paper, we first establish a strong identity verification mechanism to ensure the authentication security of the system and then design a new location privacy protection mechanism based on the privacy proximity test problem. This mechanism not only guarantees the confidentiality of the user’s information during the subsequent information interaction and dynamic data transmission, but also meets the service provider’s requirements for related data.     

Privacy Protected Spatial Query Processing for Advanced Location Based Services

Due to the popularity of mobile devices (e.g., cell phones, PDAs, etc.), location-based services have become more and more prevalent in recent years. However, users have to reveal their location information to access location-based services with existing service infrastructures. It is possible that adversaries could collect the location information, which in turn invades user’s privacy. There are existing solutions for query processing on spatial networks and mobile user privacy protection in Euclidean space. However there is no solution for solving queries on spatial networks with privacy protection. Therefore, we aim to provide network distance spatial query solutions which can preserve user privacy by utilizing K-anonymity mechanisms. In this paper, we propose an effective location cloaking mechanism based on spatial networks and two novel query algorithms, PSNN and PSRQ, for answering nearest neighbor queries and range queries on spatial networks without revealing private information of the query initiator. We demonstrate the appeal of our technique using extensive simulation results.     

Delay‐aware privacy‐preserving location‐based services under spatiotemporal constraints

The ubiquitous use of location‐based services (LBS) through smart devices produces massive amounts of location data. An attacker, with an access to such data, can reveal sensitive information about users. In this paper, we study location inference attacks based on the probability distribution of historical location data, travel time information between locations using knowledge of a map, and short and long‐term observation of privacy‐preserving queries. We show that existing privacy‐preserving approaches are vulnerable to such attacks. In this context, we propose a novel location privacy‐preserving approach, called KLAP, based on the three fundamental obfuscation requirements: minimum k ‐locations, l ‐diversity, and privacy a rea p reservation. KLAP adopts a personalized privacy preference for sporadic, frequent, and continuous LBS use cases. Specifically, it generates a secure concealing region (CR) to obfuscate the user's location and directs that CR to the service provider. The main contribution of this work is twofold. First, a CR pruning technique is devised to establish a balance between privacy and delay in LBS usage. Second, a new attack model called a long‐term obfuscated location tracking attack, and its countermeasure is proposed and evaluated both theoretically and empirically. We assess KLAP with two real‐world datasets. Experimental results show that it can achieve better privacy, reduced delay, and lower communication costs than existing state‐of‐the‐art methods.     

Approach of location privacy protection based on order preserving encryption of the grid

The centralized structure of the trusted third party is a major privacy protection structure on location based services.However,if the central third party server can not be trusted or compromised,users have the risk of leakage of privacy location.Aiming at the above problems,location privacy protection approach based on a user-defined grid to hide location was proposed.The system first automatically converted the query area into a user-defined grid,and then the approach utilized order preserving encryption,which made the user’s real-time position in the hidden state could still be compared.Because the information in the process of the approach was in a state of encryption,the server could not know the user’s location information,thus improved privacy protection of the user location.The central third party server only need to do simple comparison work,so its processing time overhead would effectively decrease.Security analysis certificate the security of the proposed approach and simulation experimental show the proposed approach can reduce the time cost of the central third party server.     

Privacy theory in practice: designing a user interface for managing location privacy on mobile devices

ABSTRACT

Disclosing the current location of a person can seriously affect their privacy, but many apps request location information to provide location-based services. Simultaneously, these apps provide only crude controls for location privacy settings (sharing all or nothing). There is an ongoing discussion about rights of users regarding their location privacy (e.g. in the context of the General Data Protection Regulation – GDPR). GDPR requires data collectors to notify users about data collection and to provide them with opt-out options. To address these requirements, we propose a set of user interface (UI) controls for fine-grained management of location privacy settings based on privacy theory (Westin), privacy by design principles and general UI design principles. The UI notifies users about the state of location data sharing and provides controls for adjusting location sharing preferences. It addresses three key issues: whom to share location with, when to share it, and where to share it. Results of a user study (N=23) indicate that (1) the proposed interface led to a greater sense of control, that (2) it was usable and well received, and that (3) participants were keen on using it in real life. Our findings can inform the development of interfaces to manage location privacy.     

X‐Region: A framework for location privacy preservation in mobile peer‐to‐peer networks

While enjoying various LBS (location‐based services), users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer‐to‐peer (P2P) networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x‐region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x‐region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x‐region, together with three algorithms for generating an x‐region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.     

Location privacy preserving scheme against attack from friends in SNS

In order to enrich the performance of the user's location information and to meet the diverse needs of users,a location privacy protection scheme based on attribute encryption was designed,which provided precise,more accurate,fuzzy and private four modes to manage the location information.The scheme was based on the algorithm of WT-CP-ABE.The location information was divided into three parts according to a close friend of grade,then the key infor-mation and position information was encrypted with attribute-based encryption and symmetric encryption method respec-tively and the ciphertext was published to the social network.The security of the scheme is analyzed,which shows that the scheme has the advantage of user attribute information confidentiality,data confidentiality and can resist the collusion attack.