对位置信息服务的连续查询攻击算法

为了解决连续查询攻击算法给位置信息服务(LBS)带来的安全隐患,基于已有的k-匿名化Cloaking算法提出了一种新的连续查询攻击算法——CQACA。该算法首先利用熵和查询匿名度量定义了查询识别率的目标函数,并结合元胞蚁群给出了目标函数的求解算法。最后,利用移动对象数据生成器进行实验,深入研究了影响CQACA的关键因素,同时对比分析了该算法与Cloaking算法的性能差异:CQACA与实际数据的误差为13.27%,而Cloaking算法则为17.35%。结果表明CQACA具有一定的有效性。     

对位置信息服务的连续查询攻击算法

为了解决连续查询攻击算法给位置信息服务(LBS)带来的安全隐患,基于已有的k-匿名化Cloaking算法提出了一种新的连续查询攻击算法--CQACA。该算法首先利用熵和查询匿名度量定义了查询识别率的目标函数,并结合元胞蚁群给出了目标函数的求解算法。最后,利用移动对象数据生成器进行实验,深入研究了影响CQACA的关键因素,同时对比分析了该算法与Cloaking算法的性能差异:CQACA与实际数据的误差为13.27%,而Cloaking算法则为17.35%。结果表明CQACA具有一定的有效性。     

一种抵制对等性攻击的(p,θ)k-匿名模型

针对当前p-sensitive k-匿名模型未考虑敏感属性的敏感程度,不能抵制对等性攻击的问题,提出一种可抵制对等性攻击的(p,θ)k-匿名模型.同时引入互信息量来度量属性间的关联度,为准标识属性的进一步泛化提供依据.实验结果表明,所提的(p,θ)k-匿名模型相对于p-sensitive k-匿名模型降低了敏感属性泄露的概率,更能有效地保护个体隐私.     

对等通信辅助下抗攻击的位置隐私保护方法

针对目前位置隐私保护方法的不足,提出一种对等通信辅助下可抗攻击的位置隐私保护方法。该方法使用多用户协作构建匿名组代替匿名区域,保证位置k-匿名;将速度引入匿名组的构建,使组内用户不局限于周边;让组内用户保持模糊的连通,以此抵御一般恶意攻击;通过缓存机制增加匿名组的可重用性,以此抵御连续查询攻击,并减少开销。实验结果表明,该方法可以达到位置k-匿名,匿名成功率较高,能够抵御一般恶意攻击和连续查询攻击,且可减少系统开销。     

最优聚类的k-匿名数据隐私保护机制

基于聚类的k-匿名机制是共享数据脱敏的主要方法,它能有效防范针对隐私信息的背景攻击和链接攻击。然而,现有方案都是通过寻找最优k-等价集来平衡隐私性与可用性.从全局看,k-等价集并不一定是满足k-匿名的最优等价集,隐私机制的可用性最优化问题仍然未得到解决.针对上述问题,提出一种基于最优聚类的k-匿名隐私保护机制.通过建立数据距离与信息损失间的函数关系,将k-匿名机制的最优化问题转化为数据集的最优聚类问题;然后利用贪婪算法和二分机制,寻找满足k-匿名约束条件的最优聚类,从而实现k-匿名模型的可用性最优化;最后给出了问题求解的理论证明和实验分析.实验结果表明该机制能最大程度减少聚类匿名的信息损失,并且在运行时间方面是可行有效的.     

LBS中基于标识符的连续查询模型研究

近年来,伴随着移动计算技术和无限设备的蓬勃发展,LBS中的隐私保护技术受到了学术界的广泛关注,提出了很多匿名算法以保护移动用户的隐私信息。但是针对位置隐私的k匿名机制和查询隐私的l-diversity机制都只是适用于快照查询（snapshot query）,不能适用于连续查询。如果将现有的静态匿名算法直接应用于连续查询,将会产生隐私泄露、匿名服务器工作代价大等问题。文中提出了一种基于查询标识符的查询模型,对于每一个连续查询任务都定义一个标识符,LBS通过这个标识符返回给匿名服务器查询内容,攻击者收集标识符相同的查询任务匿名集,对其进行比较和推断,导致用户隐私泄露。针对这个问题,在匿名服务器里设置一张一对k的表,每当用户发送一个查询时,匿名服务器查询这个表,从这个表中随机选取一个数作为这次查询的标识符。这样攻击者收集到匿名集就不会是一个连续查询任务的全部匿名集,在一定程度和时间上保护了用户的隐私。     

基于位置服务中的连续查询隐私保护研究

近年来,伴随着移动计算技术和无限设备的蓬勃发展,位置服务中的隐私保护研究受到了学术界的广泛关注,提出了很多匿名算法以保护移动用户的隐私信息.但是现有方法均针对snapshot查询,不能适用于连续查询.如果将现有的静态匿名算法直接应用于连续查询,将会产生隐私泄露、匿名服务器工作代价大等问题.针对这些问题,提出了δp-隐私模型和δq-质量模型来均衡隐私保护与服务质量的矛盾,并基于此提出了一种贪心匿名算法.该算法不仅适用于snapshot查询,也适用于连续查询.实验结果证明了算法的有效性.     

一种新型的防范历史攻击的k-匿名算法

针对位置信息服务(LBS)中出现的连续查询的隐私问题,提出了一种新型的防范历史攻击的k-匿名算法。该算法根据周围用户的位置、移动速度和移动方向,预测这些用户将来的位置,利用这些位置计算出未来不同时间点上将某用户加入匿名集使匿名区域增大的面积,利用贪心算法优先选择增大面积之和最小的用户加入匿名集。在OPNET 14.5平台下进行了仿真实验,实验结果证明了该算法所形成的匿名区域大小适当,在历史攻击的情况下,既能保护用户的隐私,又能保证一定的服务质量。     

面向连续查询的敏感语义位置隐私保护方案

针对连续查询位置服务中构造匿名区域未考虑语义位置信息导致敏感隐私泄露问题，通过设计[(K,θ)]-隐私模型，提出一种路网环境下面向连续查询的敏感语义位置隐私保护方案。该方案利用Voronoi图将城市路网预先划分为独立的Voronoi单元，依据用户的移动路径和移动速度，选择具有相似特性的其他[K-1]个用户，构建匿名用户集；利用匿名用户集用户设定的敏感语义位置类型和语义安全阈值，以及用户所处语义位置的Voronoi单元，构建满足[(K,θ)]-隐私模型的语义安全匿名区域，可以同时防止连续查询追踪攻击和语义推断攻击。实验结果表明，与SCPA算法相比，该方案在隐私保护程度上提升约15%，系统开销上降低约20%。     

基于双线性对的k-匿名隐私保护方案研究

针对移动互联网环境下位置服务的隐私保护问题,基于双线性对性质和k-匿名的思想,提出了一个高服务质量的隐私增强方案。通过终端在欧几里得距离环形区域内均匀生成2k个虚假位置,利用位置熵、位置分散度和地图背景信息从中筛选出k-1个虚假位置,进而达到更优的k-匿名效果。通过安全性分析,本方案不仅满足隐私性、匿名性、不可伪造性等安全特性,而且能够抗查询服务追踪攻击;仿真实验表明,本方案虚假位置节点选取具有更优的均匀度,同时在假节点生成和选取效率也有所提高。     

Anonymizing continuous queries with delay-tolerant mix-zones over road networks

This paper presents a delay-tolerant mix-zone framework for protecting the location privacy of mobile users against continuous query correlation attacks. First, we describe and analyze the continuous query correlation attacks (CQ-attacks) that perform query correlation based inference to break the anonymity of road network-aware mix-zones. We formally study the privacy strengths of the mix-zone anonymization under the CQ-attack model and argue that spatial cloaking or temporal cloaking over road network mix-zones is ineffective and susceptible to attacks that carry out inference by combining query correlation with timing correlation (CQ-timing attack) and transition correlation (CQ-transition attack) information. Next, we introduce three types of delay-tolerant road network mix-zones (i.e., temporal, spatial and spatio-temporal) that are free from CQ-timing and CQ-transition attacks and in contrast to conventional mix-zones, perform a combination of both location mixing and identity mixing of spatially and temporally perturbed user locations to achieve stronger anonymity under the CQ-attack model. We show that by combining temporal and spatial delay-tolerant mix-zones, we can obtain the strongest anonymity for continuous queries while making acceptable tradeoff between anonymous query processing cost and temporal delay incurred in anonymous query processing. We evaluate the proposed techniques through extensive experiments conducted on realistic traces produced by GTMobiSim on different scales of geographic maps. Our experiments show that the proposed techniques offer high level of anonymity and attack resilience to continuous queries.     

Nearest and reverse nearest neighbor queries for moving objects

With the continued proliferation of wireless communications and advances in positioning technologies, algorithms for efficiently answering queries about large populations of moving objects are gaining interest. This paper proposes algorithms for k nearest and reverse k nearest neighbor queries on the current and anticipated future positions of points moving continuously in the plane. The former type of query returns k objects nearest to a query object for each time point during a time interval, while the latter returns the objects that have a specified query object as one of their k closest neighbors, again for each time point during a time interval. In addition, algorithms for so-called persistent and continuous variants of these queries are provided. The algorithms are based on the indexing of object positions represented as linear functions of time. The results of empirical performance experiments are reported.     

Blind evaluation of location based queries using space transformation to preserve location privacy

In this paper we propose a fundamental approach to perform the class of Range and Nearest Neighbor (NN) queries, the core class of spatial queries used in location-based services, without revealing any location information about the query in order to preserve users’ private location information. The idea behind our approach is to utilize the power of one-way transformations to map the space of all objects and queries to another space and resolve spatial queries blindly in the transformed space. Traditional encryption based techniques, solutions based on the theory of private information retrieval, or the recently proposed anonymity and cloaking based approaches cannot provide stringent privacy guarantees without incurring costly computation and/or communication overhead. In contrast, we propose efficient algorithms to evaluate KNN and range queries privately in the Hilbert transformed space. We also propose a dual curve query resolution technique which further reduces the costs of performing range and KNN queries using a single Hilbert curve. We experimentally evaluate the performance of our proposed range and KNN query processing techniques and verify the strong level of privacy achieved with acceptable computation and communication overhead.     

路网环境下兴趣点查询的隐私保护方法

近年来,随着无线通信技术的迅猛发展,推动了基于位置服务（Location-based services,LBS）的发展进程.而其中兴趣点（Point of Interest,POI）查询是基于位置服务最重要的应用之一.针对在路网环境下,用户查询过程中位置隐私泄露的问题,提出了一种新的位置k匿名隐私保护方法.首先,匿名服务器将兴趣点作为种子节点生成网络Voronoi图,将整个路网划分为相互独立且不重叠的网络Voronoi单元（Network Voronoi Cell,NVC）;其次,利用Hilbert曲线遍历路网空间,并按照Hilbert顺序,对路网上所有的兴趣点进行排序.当用户发起查询时,提出的匿名算法通过查找与用户所在NVC的查询频率相同且位置分散的k-1个NVC,并根据用户的相对位置在NVC内生成匿名位置,从而保证了生成的匿名集中位置之间的相互性,克服了传统k-匿名不能抵御推断攻击的缺陷.最后,理论分析和实验结果表明本文提出的隐私保护方案,能有效保护用户位置隐私.     

DPPS: A novel dual privacy-preserving scheme for enhancing query privacy in continuous location-based services

Since smartphones embedded with positioning systems and digital maps are widely used, location-based services (LBSs) are rapidly growing in popularity and providing unprecedented convenience in people’s daily lives; however, they also cause great concern about privacy leakage. In particular, location queries can be used to infer users’ sensitive private information, such as home addresses, places of work and appointment locations. Hence, many schemes providing query anonymity have been proposed, but they typically ignore the fact that an adversary can infer real locations from the correlations between consecutive locations in a continuous LBS. To address this challenge, a novel dual privacy-preserving scheme (DPPS) is proposed that includes two privacy protection mechanisms. First, to prevent privacy disclosure caused by correlations between locations, a correlation model is proposed based on a hidden Markov model (HMM) to simulate users’ mobility and the adversary’s prediction probability. Second, to provide query probability anonymity of each single location, an advanced k-anonymity algorithm is proposed to construct cloaking regions, in which realistic and indistinguishable dummy locations are generated. To validate the effectiveness and efficiency of DPPS, theoretical analysis and experimental verification are further performed on a real-life dataset published by Microsoft, i.e., GeoLife dataset.     

Location privacy: going beyond K-anonymity,cloaking and anonymizers

With many location-based services, it is implicitly assumed that the location server receives actual users locations to respond to their spatial queries. Consequently, information customized to their locations, such as nearest points of interest can be provided. However, there is a major privacy concern over sharing such sensitive information with potentially malicious servers, jeopardizing users’ private information. The anonymity- and cloaking-based approaches proposed to address this problem cannot provide stringent privacy guarantees without incurring costly computation and communication overhead. Furthermore, they require a trusted intermediate anonymizer to protect user locations during query processing. This paper proposes a fundamental approach based on private information retrieval to process range and K-nearest neighbor queries, the prevalent queries used in many location-based services, with stronger privacy guarantees compared to those of the cloaking and anonymity approaches. We performed extensive experiments on both real-world and synthetic datasets to confirm the effectiveness of our approaches.     

一种障碍空间数据库中的连续反k近邻查询方法

随着智能移动设备和无线定位技术的飞速发展,使用基于位置服务应用的用户越来越多.特别地,不同于传统的针对固定位置的快照查询,移动的用户往往基于移动轨迹发出连续的查询.在真实和虚拟的空间环境中,障碍物的影响都是广泛存在的,障碍空间内的查询处理技术得到了越来越多的关注,其中,障碍空间内的连续反k近邻查询处理有着重要的应用.对障碍空间中的连续反k近邻查询问题进行了定义和系统的研究,通过定义控制点和分割点,提出了针对该问题的处理框架.进一步地,提出了一系列的过滤和求精算法,包括剪枝数据集、获取障碍物、剪枝和计算控制点和更新结果集等处理策略.基于多种数据集对所提出的算法进行了实验评估.与针对每个数据点进行k 近邻计算的基本方法相比,这些方法可以大幅度提高查询处理的CPU 和I/O 效率.     

Continuous aggregate nearest neighbor queries

This paper addresses the problem of continuous aggregate nearest-neighbor (CANN) queries for moving objects in spatio-temporal data stream management systems. A CANN query specifies a set of landmarks, an integer k, and an aggregate distance function f (e.g., min, max, or sum), where f computes the aggregate distance between a moving object and each of the landmarks. The answer to this continuous query is the set of k moving objects that have the smallest aggregate distance f. A CANN query may also be viewed as a combined set of nearest neighbor queries. We introduce several algorithms to continuously and incrementally answer CANN queries. Extensive experimentation shows that the proposed operators outperform the state-of-the-art algorithms by up to a factor of 3 and incur low memory overhead.