LBS中基于标识符的连续查询模型研究

近年来,伴随着移动计算技术和无限设备的蓬勃发展,LBS中的隐私保护技术受到了学术界的广泛关注,提出了很多匿名算法以保护移动用户的隐私信息。但是针对位置隐私的k匿名机制和查询隐私的l-diversity机制都只是适用于快照查询（snapshot query）,不能适用于连续查询。如果将现有的静态匿名算法直接应用于连续查询,将会产生隐私泄露、匿名服务器工作代价大等问题。文中提出了一种基于查询标识符的查询模型,对于每一个连续查询任务都定义一个标识符,LBS通过这个标识符返回给匿名服务器查询内容,攻击者收集标识符相同的查询任务匿名集,对其进行比较和推断,导致用户隐私泄露。针对这个问题,在匿名服务器里设置一张一对k的表,每当用户发送一个查询时,匿名服务器查询这个表,从这个表中随机选取一个数作为这次查询的标识符。这样攻击者收集到匿名集就不会是一个连续查询任务的全部匿名集,在一定程度和时间上保护了用户的隐私。     

k-Nearest Neighbor Query Processing Algorithms for a Query Region in Road Networks

Recent development of wireless communication technologies and the popularity of smart phones are making location-based services (LBS) popular. However, requesting queries to LBS servers with users’ exact locations may threat the privacy of users. Therefore, there have been many researches on generating a cloaked query region for user privacy protection. Consequently, an effcient query processing algorithm for a query region is required. So, in this paper, we propose k-nearest neighbor query (k-NN) processing algorithms for a query region in road networks. To effciently retrieve k-NN points of interest (POIs), we make use of the Island index. We also propose a method that generates an adaptive Island index to improve the query processing performance and storage usage. Finally, we show by our performance analysis that our k-NN query processing algorithms outperform the existing k-Range Nearest Neighbor (kRNN) algorithm in terms of network expansion cost and query processing time.     

Dynamic path privacy protection framework for continuous query service over road networks

Many applications of location based services (LBSs), it is useful or even necessary to ensure that LBSs services determine their location. For continuous queries where users report their locations periodically, attackers can infer more about users’ privacy by analyzing the correlations of their query samples. The causes of path privacy problems, which emerge because the communication by different users in road network using location based services so, attacker can track continuous query information. LBSs, albeit useful and convenient, pose a serious threat to users’ path privacy as they are enticed to reveal their locations to LBS providers via their queries for location-based information. Traditional path privacy solutions designed in Euclidean space can be hardly applied to road network environment because of their ignorance of network topological properties. In this paper, we proposed a novel dynamic path privacy protection scheme for continuous query service in road networks. Our scheme also conceals DPP (Dynamic Path Privacy) users’ identities from adversaries; this is provided in initiator untraceability property of the scheme. We choose the different attack as our defending target because it is a particularly challenging attack that can be successfully launched without compromising any user or having access to any cryptographic keys. The security analysis shows that the model can effectively protect the user identity anonymous, location information and service content in LBSs. All simulation results confirm that our Dynamic Path Privacy scheme is not only more accurate than the related schemes, but also provide better locatable ratio where the highest it can be around 95 % of unknown nodes those can estimate their position. Furthermore, the scheme has good computation cost as well as communication and storage costs.Simulation results show that Dynamic Path Privacy has better performances compared to some related region based algorithms such as IAPIT scheme, half symmetric lens based localization algorithm (HSL) and sequential approximate maximum a posteriori (AMAP) estimator scheme.     

A context-aware scheme for privacy-preserving location-based services

We address issues related to privacy protection in location-based services (LBSs). Most existing privacy-preserving LBS techniques either require a trusted third-party (anonymizer) or use cryptographic protocols that are computationally and communicationally expensive. Our design of privacy-preserving techniques is principled on not requiring a trusted third-party while being highly efficient in terms of time and space complexities. The problem has two interesting and challenging characteristics: First, the degree of privacy protection and LBS accuracy depends on the context, such as population and road density, around a user’s location. Second, an adversary may violate a user’s location privacy in two ways: (i) based on the user’s location information contained in the LBS query payload and (ii) by inferring a user’s geographical location based on the device’s IP address. To address these challenges, we introduce CAP, a context-aware privacy-preserving LBS system with integrated protection for both data privacy and communication anonymity. We have implemented CAP and integrated it with Google Maps, a popular LBS system. Theoretical analysis and experimental results validate CAP’s effectiveness on privacy protection, LBS accuracy, and communication QoS (Quality-of-Service).     

Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments

This paper tackles a privacy breach in current location-based services (LBS) where mobile users have to report their exact location information to an LBS provider in order to obtain their desired services. For example, a user who wants to issue a query asking about her nearest gas station has to report her exact location to an LBS provider. However, many recent research efforts have indicated that revealing private location information to potentially untrusted LBS providers may lead to major privacy breaches. To preserve user location privacy, spatial cloaking is the most commonly used privacy-enhancing technique in LBS. The basic idea of the spatial cloaking technique is to blur a user’s exact location into a cloaked area that satisfies the user specified privacy requirements. Unfortunately, existing spatial cloaking algorithms designed for LBS rely on fixed communication infrastructure, e.g., base stations, and centralized/distributed servers. Thus, these algorithms cannot be applied to a mobile peer-to-peer (P2P) environment where mobile users can only communicate with other peers through P2P multi-hop routing without any support of fixed communication infrastructure or servers. In this paper, we propose a spatial cloaking algorithm for mobile P2P environments. As mobile P2P environments have many unique limitations, e.g., user mobility, limited transmission range, multi-hop communication, scarce communication resources, and network partitions, we propose three key features to enhance our algorithm: (1) An information sharing scheme enables mobile users to share their gathered peer location information to reduce communication overhead; (2) A historical location scheme allows mobile users to utilize stale peer location information to overcome the network partition problem; and (3) A cloaked area adjustment scheme guarantees that our spatial cloaking algorithm is free from a “center-of-cloaked-area” privacy attack. Experimental results show that our P2P spatial cloaking algorithm is scalable while guaranteeing the user’s location privacy protection.     

k-Nearest neighbor query processing algorithm for cloaking regions towards user privacy protection in location-based services

Due to the advancement of wireless internet and mobile positioning technology, the application of location-based services (LBSs) has become popular for mobile users. Since users have to send their exact locations to obtain the service, it may lead to several privacy threats. To solve this problem, a cloaking method has been proposed to blur users’ exact locations into a cloaked spatial region with a required privacy threshold (k). With the cloaked region, an LBS server can carry out a k-nearest neighbor (k-NN) search algorithm. Some recent studies have proposed methods to search k-nearest POIs while protecting a user’s privacy. However, they have at least one major problem, such as inefficiency on query processing or low precision of retrieved result. To resolve these problems, in this paper, we propose a novel k-NN query processing algorithm for a cloaking region to satisfy both requirements of fast query processing time and high precision of the retrieved result. To achieve fast query processing time, we propose a new pruning technique based on a 2D-coodinate scheme. In addition, we make use of a Voronoi diagram for retrieving the nearest POIs efficiently. To satisfy the requirement of high precision of the retrieved result, we guarantee that our k-NN query processing algorithm always contains the exact set of k nearest neighbors. Our performance analysis shows that our algorithm achieves better performance in terms of query processing time and the number of candidate POIs compared with other algorithms.     

支持区间查询的基于位置服务外包数据隐私保护方案

随着云计算技术的迅猛发展,越来越多的LBS服务被外包到云上运行以减少本地的计算和存储成本。然而,外包环境下的云服务器通常被认为是一个半可信的实体,LBS提供商的数据安全和用户的个人隐私将会面临新的安全挑战。针对现有基于位置服务数据外包方案中不支持区间查询和隐私保护不足等问题,文章提出一种支持区间查询的LBS外包数据隐私保护方案,利用非对称向量积保值加密和公钥可搜索加密对LBS坐标和关键词进行加密,实现LBS数据的机密性和用户查询模式的隐私性;利用轻量级的矩阵运算使用户在不泄露查询区间的前提下准确获得所需LBS数据。在新用户注册方面,采用基于双线性配对运算实现用户身份认证。安全性和性能分析表明,文章方案较同类方案具有一定优势。     

An empirical examination of user adoption of location-based services

Location-based services (LBS) can present the optimal information and services to users based on their locations. This will improve their experience. However, this may also arouse users’ privacy concern and increase their perceived privacy risk. From both perspectives of flow experience and perceived risk, this research examined user adoption of LBS. We conducted data analysis with structural equation modeling. The results indicated that contextual offering affects trust and flow, whereas privacy concern affects trust and perceived risk. Trust, flow and perceived risk affect the usage intention. Among them, flow has a relatively larger effect.     

基于轨迹聚类的连续查询隐私保护方法

在LBS连续查询的应用场景下,攻击者易利用查询时间序列、区域位置、移动趋势等背景知识发起有效的攻击,以获取用户的真实位置或轨迹,进而可推断出用户生活习惯等各类隐私信息。针对此,提出了一种基于轨迹聚类的连续查询隐私保护方法。该方法基于邻近用户的信息共享与协作,设计了一种匿名区域构造机制,用户在查询过程中,首先通过被共享缓存获取所需服务结果,如未命中,再向LBS服务器发起查询请求。同时,提出了一种邻近用户位置更新算法,提高用户的协作效率并保证缓存的有效性,对于由命中缓存完成的查询,采用提出的基于密度聚类的兴趣区提取算法,生成高混淆度的假查询扰乱整体查询序列顺序,以此增强轨迹隐私的保护效果。实验结果表明,该方法降低了连续查询中的时间代价,提高了位置混淆程度。     

Complete Bipartite Anonymity for Location Privacy

Users are vulnerable to privacy risks when providing their location information to location-based services (LBS). Existing work sacrifices the quality of LBS by degrading spatial and temporal accuracy ...     

基于遗传算法的空间网格划分匿名算法

隐私泄露问题已经成为阻碍基于位置的服务（location-based services,LBS）进一步发展的原因。针对当LBS用户发送查询时,用户的个人隐私可能会泄露给攻击者的问题,提出了基于遗传算法的空间网格划分的隐私保护算法（GAGP）。算法包括两个方法,即地图分割算法和假名生成法。地图分割算法利用遗传算法给每个网格赋权值,再通过使用邻接网格扩展的方法,保证每个划分区域的查询频率基本相等。假名生成法是用户在每次发送查询时使用假名来应对长期统计的攻击方式。通过实验证明所提算法与其他三种算法相比结果较好,所以提出的方案能够有效地保护用户的隐私。     

LBS中基于移动终端的连续查询用户轨迹隐匿方法*

为减少现有LBS(基于位置的服务)机制给用户位置信息和个人隐私泄露带来的威胁,提出并实现了一个基于移动智能终端的连续查询用户运动轨迹保护方案.该方法利用移动终端来规划虚拟路径,以减少用户在连续查询中的隐私泄露,且不需要第三方服务器提供位置匿名服务,由用户自主决定何时启动位置隐匿机制.实验证明,提出的方法有效地隐匿了连续查询用户的位置及轨迹信息.     

Anonymous Query Processing in Road Networks

The increasing availability of location-aware mobile devices has given rise to a flurry of location-based services (LBSs). Due to the nature of spatial queries, an LBS needs the user position in order to process her requests. On the other hand, revealing exact user locations to a (potentially untrusted) LBS may pinpoint their identities and breach their privacy. To address this issue, spatial anonymity techniques obfuscate user locations, forwarding to the LBS a sufficiently large region instead. Existing methods explicitly target processing in the euclidean space and do not apply when proximity to the users is defined according to network distance (e.g., driving time through the roads of a city). In this paper, we propose a framework for anonymous query processing in road networks. We design location obfuscation techniques that: 1) provide anonymous LBS access to the users and 2) allow efficient query processing at the LBS side. Our techniques exploit existing network database infrastructure, requiring no specialized storage schemes or functionalities. We experimentally compare alternative designs in real road networks and demonstrate the effectiveness of our techniques.     

基于区域划分的轨迹隐私保护方法

针对现有k匿名方法易受连续查询攻击以及在用户数稀少时难以构建匿名区域问题,提出一种基于区域划分的轨迹隐私保护方法。查询用户利用第三方辅助服务器获得拥有特定区域历史查询点的用户组,并通过P2P协议获得用户组中用户的历史查询点,从中搜索所需的查询结果,以提高查询效率。另外,该方法通过发送伪查询点迷惑攻击者,以及利用覆盖用户真实轨迹的区域划分方法,将多个查询点隐藏在同一子区域中,使攻击者无法重构用户的真实轨迹,以保证安全性。实验结果表明,所提方法随着偏离距离和缓存时间的增大,用户轨迹隐私的安全性会提高。在用户数为1500时,与协作轨迹隐私保护（CTPP）方法相比,安全性平均提高约50%,查询效率平均提高约35%（子区域数为400）。     

保护位置隐私和查询内容隐私的路网K近邻查询方法

位置隐私和查询内容隐私是LBS兴趣点（point of interest,简称POI）查询服务中需要保护的两个重要内容,同时,在路网连续查询过程中,位置频繁变化会给LBS服务器带来巨大的查询处理负担,如何在保护用户隐私的同时,高效地获取精确查询结果,是目前研究的难题.以私有信息检索中除用户自身外其他实体均不可信的思想为基本假设,基于Paillier密码系统的同态特性,提出了无需用户提供真实位置及查询内容的K近邻兴趣点查询方法,实现了对用户位置、查询内容隐私的保护及兴趣点的精确检索;同时,以路网顶点为生成元组织兴趣点分布信息,进一步解决了高强度密码方案在路网连续查询中因用户位置变化频繁导致的实用效率低的问题,减少了用户的查询次数,并能确保查询结果的准确性.最后从准确性、安全性及查询效率方面对本方法进行了分析,并通过仿真实验验证了理论分析结果的正确性.     

基于连续查询的用户轨迹k-匿名隐私保护算法

随着移动服务和移动网络的持续发展,基于LBS的连续查询服务被广泛应用。基于单点的K-匿名位置隐私保护算法已经不能满足连续查询下用户位置隐私需求。针对用户轨迹隐私保护提出新的保护方法,该方法采用不可信第三方中心匿名器,用户获取自己的真实位置后首先在客户端进行模糊处理,然后提交给第三方匿名器,第三方匿名器根据用户的隐私需求结合用户某时刻的真实位置信息生成虚假用户,然后根据历史数据生成虚假轨迹。为了进一步提高虚假轨迹与用户真实轨迹的相似性,该算法提出了虚假轨迹生成的两个约束条件：虚假轨迹距用户真实轨迹的距离约束和相似性约束。经大量实验证明,该算法与传统的不同时刻K-匿名算法相比,不仅可以满足连续查询的用户轨迹隐私保护而且可以满足基于快照的LBS用户位置隐私保护。     

基于社交网络好友攻击的位置隐私保护模型

随着无线网络的发展,移动社交网络用户发布其所在的地理位置信息时,如果包含敏感地理位置会导致用户隐私受到攻击。现有的位置隐私保护方法都是对用户发布的位置进行泛化处理,以牺牲用户的服务质量为代价,且大部分都是将攻击者定位在LBS服务商,没有考虑到统一对社交网络中的好友根据其可靠程度的不同提供不同准确度的地理位置信息。针对此问题,提出了基于社交网络好友亲密度分级的隐私保护模型L-intimacy,用来防止好友攻击者的攻击。理论分析和实验结果表明,与加入到Latitude服务的Google Maps相比,该方法既能保护移动社交网络用户的相关隐私,同时又具有较小的信息损失度。     

SMashQ: spatial mashup framework for k-NN queries in time-dependent road networks

The k-nearest-neighbor (k-NN) query is one of the most popular spatial query types for location-based services (LBS). In this paper, we focus on k-NN queries in time-dependent road networks, where the travel time between two locations may vary significantly at different time of the day. In practice, it is costly for a LBS provider to collect real-time traffic data from vehicles or roadside sensors to compute the best route from a user to a spatial object of interest in terms of the travel time. Thus, we design SMashQ, a server-side spatial mashup framework that enables a database server to efficiently evaluate k-NN queries using the route information and travel time accessed from an external Web mapping service, e.g., Microsoft Bing Maps. Due to the expensive cost and limitations of retrieving such external information, we propose three shared execution optimizations for SMashQ, namely, object grouping, direction sharing, and user grouping, to reduce the number of external Web mapping requests and provide highly accurate query answers. We evaluate SMashQ using Microsoft Bing Maps, a real road network, real data sets, and a synthetic data set. Experimental results show that SMashQ is efficient and capable of producing highly accurate query answers.     

An efficient method for privacy preserving location queries

Recently, the issue of privacy preserving location queries has attracted much research. However, there are few works focusing on the tradeoff between location privacy preservation and location query information collection. To tackle this kind of tradeoff, we propose the privacy persevering location query (PLQ), an efficient privacy preserving location query processing framework. This framework can enable the location-based query without revealing user location information. The framework can also facilitate location-based service providers to collect some information about the location based query, which is useful in practice. PLQ consists of three key components, namely, the location anonymizer at the client side, the privacy query processor at the server side, and an additional trusted third party connecting the client and server. The location anonymizer blurs the user location into a cloaked area based on a map-hierarchy. The map-hierarchy contains accurate regions that are partitioned according to real landforms. The privacy query processor deals with the requested nearest-neighbor (NN) location based query. A new convex hull of polygon (CHP) algorithm is proposed for nearest-neighbor queries using a polygon cloaked area. The experimental results show that our algorithms can efficiently process location based queries.     

基于加密分割的位置隐私保护方法

基于位置的服务(location-based services,LBS)由于存在隐私泄露问题已越来越成为隐私保护领域中的热点.针对用户协作的隐私保护方法无法为参与用户提供自定义匿名度功能,且对协作用户的隐私保护效力不足,提出了一种基于加密分割的位置隐私保护方法.该方法采用分布式结构,通过用户对查询信息进行分割、加密、交换混合,满足了用户自定义匿名度需求,提高了用户间的隐私安全性,同时,采用假名方法抵御长期统计的攻击方式.通过理论分析和实验结果表明所提出的方法具有较好的隐私保护效果.