连续服务请求下基于假位置的用户隐私增强方法

基于假位置的隐私保护方案在为用户提供准确位置服务查询结果的同时,还无需第三方和共享密钥。然而,当用户连续请求位置服务时,由于现有保护单次查询的假位置方案未考虑相邻位置集合间的时空关系,使攻击者能推断出假位置,降低用户的位置隐私保护等级。针对上述问题,采用现有假位置方案生成候选假位置,并通过连续合理性检查和单次隐私增强对其进行筛选,提出一个适用于连续请求的假位置隐私保护增强方法。安全性分析表明,所提方法能保证连续请求中形成的移动路径在时空上不可区分,有效保护连续请求中的用户位置隐私。大量实验表明,所提方法在不增加用户计算开销的同时,与采用的候选假位置生成方案相比,还能提高用户单次查询的隐私保护等级。     

基于服务相似性的k-匿名位置隐私保护方法

针对当前基于位置的服务(LBS)系统存在的隐私保护度、位置服务质量和通信开销三者难于平衡的问题,提出了一种基于服务相似性的k-匿名位置隐私保护方法。在不改变现有LBS 系统架构的情况下,利用位置服务查询结果的相似性来辅助匿名服务器构造匿名区域,从而实现在确保用户隐私安全的基础上,有效提高服务质量和降低系统开销。最后,通过实验验证了该算法的有效性。     

基于连续查询的语义位置隐私保护算法

针对用户连续位置查询请求服务中未考虑语义信息而导致用户敏感语义泄露问题,为了实现对道路网络上客户端的查询隐私、位置隐私和语义位置隐私保护,本文提出一种离线轨迹聚类和语义位置图相结合的算法来进行隐藏用户的选择,使隐藏用户的位置具有明显的多样性和不同的语义以及多样化的服务请求,有效保护客户端的语义和位置隐私.在具有2个定义指标的真实地图上评估了该算法的有效性,整个连续查询道路网络服务的过程中,有很好的成功率和查询处理时间.同时与现有的其他可信第三方模型算法进行了对比分析,验证了本文算法的有效性.     

基于区域划分和排序的K-匿名算法

基于位置的服务(LBS)在日常生活中的应用越来越广,对位置隐私保护的要求也越来越强。目前有很多种对位置隐私和查询隐私的保护原则、保护算法,其中K-匿名是使用较为广泛的一个原则。针对智能终端的平台特性,提出一种新的基于K-匿名的隐私保护算法,主要通过区域划分和排序的方式,对不同区域之间的查询集合合并,模糊用户位置,完成对位置隐私和查询隐私的保护。实验证明,能在较小的代价下完成对用户的位置隐私保护。     

个性化搜索中一种基于位置服务的隐私保护方法

在基于位置服务的个性化搜索中,利用可信第三方服务器以及对等节点是保护用户隐私的主要方法,但在现实生活中,它们却是不完全可信的。为了解决这一问题,该文提出一种个性化搜索中基于位置服务的隐私保护方法。该方法通过转换用户的位置信息,并根据用户的查询类型生成用户模型,进而形成带有用户位置信息的查询矩阵,然后利用矩阵加密用户的查询,隐藏查询矩阵中的用户信息,最后根据安全内积计算返回相关性得分最高的前K个查询文件给用户。安全性分析表明该方法能有效地保护用户的查询隐私和位置隐私,通过分析与实验表明,该方法大幅度地缩短了索引构建时间,降低了通信开销,同时为用户提供了基于位置的个性化搜索结果,一定程度上解决了移动设备屏幕小带来的弊端。     

基于网格标识匹配的位置隐私保护方法

在基于位置的服务中,基于可信第三方模型是当前位置隐私保护中的主要模型,但该模型存在一定的隐私泄露风险。该文提出一种基于网格标识匹配(GIM)的位置隐私保护方法,用户首先将查询区域划分为网格,并结合保序对称加密和K匿名技术,在匿名器形成K匿名,然后利用网格标识匹配返回查询结果给用户。在查询的过程中,匿名器并不知道用户的具体位置,加强了该模型中用户位置的隐私保护。同时中间匿名器仅进行简单的比较和匹配,有效缓解了匿名器的性能瓶颈问题。安全分析表明该方法能有效保护用户的位置隐私;并且通过实验验证该方法能有效减小匿名器的处理时间开销。     

个人移动数据收集中的多维轨迹匿名方法

在情景感知位置服务中,移动互联网络的开放性使得个人移动数据面临巨大的安全风险,移动数据的时空关联特性对个人数据的隐私保护提出重大挑战.针对基于时空关联的背景知识攻击,本文提出了一种多维的轨迹匿名隐私保护方法.该方法在匿名轨迹数据收集系统的基础上,基于多用户协作的隐私保护模式,通过时间匿名和空间匿名算法,实现用户的隐私保护.实验结果表明,该方法可以有效的对抗基于位置和移动方式的背景知识攻击,满足了k-匿名的隐私保护要求.     

基于Voronoi图预划分的LBS位置隐私保护方法

为了解决服务器面临大量用户请求时匿名效率下降的问题,分别提出适用于静态用户和动态用户的协作匿名方法。首先基于Voronoi图划分全局区域,再由中心服务器组织本区域内用户实现协作匿名,由于服务器无需为每个用户单独构造匿名区,降低了服务端的负担;针对查询过程中用户提供真实位置信息带来位置隐私泄露的问题,提出了逆向增量近邻查询算法。用户以固定锚点代替真实位置,向位置服务器逐步获取兴趣点候选集并计算出想要的结果,避免位置隐私直接泄漏的同时获取精准查询结果。该算法同时解决了锚点与用户过近而带来的位置隐私被推断问题。实验表明本方法在有效保护用户位置隐私的同时,具有良好的工作效率。     

基于敏感位置多样性的LBS位置隐私保护方法研究

针对LBS查询服务中构造的匿名框或选取的锚点仍位于敏感区域而导致的位置隐私泄漏问题,提出了基于敏感位置多样性的锚点选取算法。该算法根据用户访问数量和访问高峰时段,对不同敏感位置进行定义和筛选,选择具有相似特征的其他敏感位置构成多样性区域,并以该区域形心作为查询锚点,提高用户在敏感位置出现的多样性。以该锚点为查询标志,提出一种均衡增量近邻兴趣点查询算法HINN,在无需用户提供真实位置坐标的条件下实现K近邻兴趣点查询,同时改进了SpaceTwist方法中存在的查询兴趣点围绕锚点分布的缺陷,提高了查询准确度。实验表明,本方法实现了用户在敏感区域停留时的位置隐私保护目标,同时具有良好的兴趣点查询质量和较低的通信开销。     

基于差分隐私模型的位置轨迹发布技术研究

位置轨迹大数据的安全分享、发布需求离不开位置轨迹隐私保护技术支持。在差分隐私出现之前,K-匿名及其衍生模型为位置轨迹隐私保护提供了一种量化评估的手段,但其安全性严重依赖于攻击者所掌握的背景知识,当有新的攻击出现时模型无法提供完善的隐私保护。差分隐私技术的出现有效地弥补了上述问题,越来越多地应用于轨迹数据隐私发布领域中。该文对基于差分隐私理论的轨迹隐私保护技术进行了研究与分析,重点介绍了差分隐私模型下位置直方图、轨迹直方图等空间统计数据发布方法,差分隐私模型下轨迹数据集发布方法,以及连续轨迹实时发布隐私保护模型。与此同时,在对现有方法对比分析的基础上,提出了未来的重点发展方向。     

Trajectory privacy protection method based on location obfuscation

In the process of continuous queries,a method of trajectory privacy protection based on location obfuscation was proposed to solve the problem that K-anonymity was difficult to guarantee user privacy in third party architectrue.Firstly,the (G-1) query obfuscation locations through the location prediction was obtained and the dummy location selection mechanism,and then sent them together with the user’s real query location to different anonymizers to form cloaking regions and sent them to the LBS server for queries,and the query results were returned to the user by different anonymizers.In this method,the user’s real query location was confused by the location obfuscation,and the attacker couldn’t deduce the user’s trajectory from a single anonymizer or the LBS server.The method can enhance the privacy of the user’s trajectory and can effectively solve the performance bottleneck in the single anonymizer structure.Security analysis shows the security of the proposed approach,and experiments show this method can reduce the number of interactions between the user and the LBS server and the overhead of the single anonymizer.     

Efficient privacy-preserving group-nearest-neighbor queries with the presence of active adversaries

Location-based services (LBSs) allow users to ask location-dependent queries and receive information based on their location. A group of users can send a group-nearest-neighbor (GNN) query in order to receive a Point Of Interest (POI). This POI in turn shows a point which is the minimum distance from all members of the group. To benefit from these services, it is important to preserve the location privacy of each group user from others in the group (Intragroup location privacy) as well as from anyone outside of the group, including the LBS, (Intergroup location privacy). It may also be necessary to protect the location privacy of the resulting POI from the LBS and other possible attackers. In this paper, we propose two different privacy-preserving protocols for finding the exact answer to a GNN query among a set of returned POIs. The first protocol assumes a semi-honest model while the second one works in a malicious model. The proposed protocols are based on the Anonymous Veto network and Burmester–Desmedt key establishment protocols. The security analysis shows that the proposed protocols provide both Intragroup and Intergroup location privacy; they also protect the location privacy of the resulting POI and are resistant to collusion and multi-point aggregate distance attacks. The performed analyses indicate that they incur a constant computation cost per user and are efficient in terms of computation and communication costs.

     

Evaluation and protection of multi-level location privacy based on an information theoretic approach

A privacy metric based on mutual information was proposed to measure the privacy leakage occurred when location data owner trust data users at different levels and need to publish the distorted location data to each user according to her trust level,based on which an location privacy protection mechanism (LPPM)was generated to protect user’s location privacy.In addition,based on mutual information,a metric was proposed to measure the privacy leakage caused by attackers obtaining different levels of distorted location data and then performing inference attack on the original location data more accurately.Another privacy metric was also proposed to quantify the information leakage occurred in the scenario based on mutual information.In particular,the proposed privacy mechanism was designed by modifying Blahut-Arimoto algorithm in rate-distortion theory.Experimental results show the superiority of the proposed LPPM over an existing LPPM in terms of location privacyutility tradeoff in both scenarios,which is more conspicuous when there are highly popular locations.     

Delay‐aware privacy‐preserving location‐based services under spatiotemporal constraints

The ubiquitous use of location‐based services (LBS) through smart devices produces massive amounts of location data. An attacker, with an access to such data, can reveal sensitive information about users. In this paper, we study location inference attacks based on the probability distribution of historical location data, travel time information between locations using knowledge of a map, and short and long‐term observation of privacy‐preserving queries. We show that existing privacy‐preserving approaches are vulnerable to such attacks. In this context, we propose a novel location privacy‐preserving approach, called KLAP, based on the three fundamental obfuscation requirements: minimum k ‐locations, l ‐diversity, and privacy a rea p reservation. KLAP adopts a personalized privacy preference for sporadic, frequent, and continuous LBS use cases. Specifically, it generates a secure concealing region (CR) to obfuscate the user's location and directs that CR to the service provider. The main contribution of this work is twofold. First, a CR pruning technique is devised to establish a balance between privacy and delay in LBS usage. Second, a new attack model called a long‐term obfuscated location tracking attack, and its countermeasure is proposed and evaluated both theoretically and empirically. We assess KLAP with two real‐world datasets. Experimental results show that it can achieve better privacy, reduced delay, and lower communication costs than existing state‐of‐the‐art methods.     

X‐Region: A framework for location privacy preservation in mobile peer‐to‐peer networks

While enjoying various LBS (location‐based services), users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer‐to‐peer (P2P) networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x‐region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x‐region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x‐region, together with three algorithms for generating an x‐region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.     

Privacy Protected Spatial Query Processing for Advanced Location Based Services

Due to the popularity of mobile devices (e.g., cell phones, PDAs, etc.), location-based services have become more and more prevalent in recent years. However, users have to reveal their location information to access location-based services with existing service infrastructures. It is possible that adversaries could collect the location information, which in turn invades user’s privacy. There are existing solutions for query processing on spatial networks and mobile user privacy protection in Euclidean space. However there is no solution for solving queries on spatial networks with privacy protection. Therefore, we aim to provide network distance spatial query solutions which can preserve user privacy by utilizing K-anonymity mechanisms. In this paper, we propose an effective location cloaking mechanism based on spatial networks and two novel query algorithms, PSNN and PSRQ, for answering nearest neighbor queries and range queries on spatial networks without revealing private information of the query initiator. We demonstrate the appeal of our technique using extensive simulation results.     

Trajectory differential privacy protection mechanism based on prediction and sliding window

To address the issues of privacy budget and quality of service in trajectory differential privacy protection,a trajectory differential privacy mechanism integrating prediction disturbance was proposed.Firstly,Markov chain and exponential perturbation method were used to predict the location which satisfies the differential privacy and temporal and spatial security,and service similarity map was introduced to detect the availability of the location.If the prediction was successful,the prediction location was directly used to replace the location of differential disturbance,to reduce the privacy cost of continuous query and improve the quality of service.Based on this,the trajectory privacy budget allocation mechanism based on w sliding window was designed to ensure that any continuous w queries in the trajectory meet the ε-differential privacy and solve the trajectory privacy problem of continuous queries.In addition,a privacy customization strategy was designed based on the sensitivity map.By customizing the privacy sensitivity of semantic location,the privacy budget could be customized to improve its utilization.Finally,the validity of the scheme was verified by real data set experiment.The results illustrate that it offers the better privacy and quality of service.     

Approach of location privacy protection based on order preserving encryption of the grid

The centralized structure of the trusted third party is a major privacy protection structure on location based services.However,if the central third party server can not be trusted or compromised,users have the risk of leakage of privacy location.Aiming at the above problems,location privacy protection approach based on a user-defined grid to hide location was proposed.The system first automatically converted the query area into a user-defined grid,and then the approach utilized order preserving encryption,which made the user’s real-time position in the hidden state could still be compared.Because the information in the process of the approach was in a state of encryption,the server could not know the user’s location information,thus improved privacy protection of the user location.The central third party server only need to do simple comparison work,so its processing time overhead would effectively decrease.Security analysis certificate the security of the proposed approach and simulation experimental show the proposed approach can reduce the time cost of the central third party server.     

蓝牙位置隐私保护方案的研究与设计

通过对蓝牙位置隐私攻击机制和现有保护方案不足的分析,建立了蓝牙地址分级模型,依据此模型设计了蓝牙位置隐私保护方案,与现有方案相比,该协议不仅可以抵抗针对蓝牙位置隐私的窃听攻击、重放攻击、跳频序列攻击、会话地址跟踪攻击、字典攻击和中间人攻击,同时具有较小的计算量和存储需求.