LBS中基于标识符的连续查询模型研究

近年来,伴随着移动计算技术和无限设备的蓬勃发展,LBS中的隐私保护技术受到了学术界的广泛关注,提出了很多匿名算法以保护移动用户的隐私信息。但是针对位置隐私的k匿名机制和查询隐私的l-diversity机制都只是适用于快照查询（snapshot query）,不能适用于连续查询。如果将现有的静态匿名算法直接应用于连续查询,将会产生隐私泄露、匿名服务器工作代价大等问题。文中提出了一种基于查询标识符的查询模型,对于每一个连续查询任务都定义一个标识符,LBS通过这个标识符返回给匿名服务器查询内容,攻击者收集标识符相同的查询任务匿名集,对其进行比较和推断,导致用户隐私泄露。针对这个问题,在匿名服务器里设置一张一对k的表,每当用户发送一个查询时,匿名服务器查询这个表,从这个表中随机选取一个数作为这次查询的标识符。这样攻击者收集到匿名集就不会是一个连续查询任务的全部匿名集,在一定程度和时间上保护了用户的隐私。     

LBS 中连续查询攻击算法及匿名性度量

k-匿名机制是LBS(location based service)中保证查询隐私性的重要手段.已有文献指出,现有的k-匿名机 制不能有效保护连续性查询的隐私性.提出一种连续查询发送模型,该模型融合了查询发送时间的间隔模型和连续性模型,针对此模型下的两种k-匿名算法Clique Cloaking 和Non-clique Cloaking,分别提出了一种连续查询攻击算 法.在此攻击算法下,匿名集的势不再适合作为查询匿名性的度量,因此提出一种基于熵理论的度量方式AD(anonymity degree).实验结果表明,对连续性很强的查询,攻击算法重识别用户身份的成功率极高;AD 比匿名集的势更能反映查询的匿名性.     

QR-TCM:具有质量保证的位置服务隐私保护模型

针对传统的基于位置服务的隐私模型匿名时间较长的情况,建立了QR-TCM模型。该模型提出了隐私保护算法CRCA。通过分析影响匿名时间的因素,提出了解决用户服务延迟的方法以及位置服务质量评价模型。实验采用了标准数据集上的数据,通过响应时间、隐私性等多个维度去衡量QR-TCM模型。实验结果证明,该方法适用于连续查询位置隐私保护,可有效保护用户的位置隐私和提供及时的服务。     

基于语义位置保护的轨迹隐私保护的k-CS算法

针对轨迹数据隐私保护算法数据可用性低及易受语义位置攻击和最大运行速度攻击等问题,提出了一种在路网环境中基于语义轨迹的隐私保护算法——k-CS算法。首先,提出了两种路网环境中针对轨迹数据的攻击模型;然后,将路网环境中基于语义轨迹的隐私问题定义为k-CS匿名问题,并证明了该问题是一个NP难问题;最后,提出了一种基于图上顶点聚类的近似算法将图上的顶点进行匿名,将语义位置由相应的匿名区域取代。实验对所提算法和轨迹隐私保护经典算法（k,δ）-anonymity进行了对比,实验结果表明：k-CS算法在数据可用性、查询误差率、运行时间等方面优于（k,δ）-anonymity算法;平均信息丢失率比（k,δ）-anonymity算法降低了20%左右;算法运行时间比（k,δ）-anonymity算法减少近10%。     

基于速度动态差异的位置服务匿名算法

随着基于位置服务应用的日益流行,其潜在的用户隐私泄露问题也成为制约其发展的一大挑战。用户位置数据的泄露,可能导致与用户生活相关的活动、住址等隐私信息泄露,隐私问题成为位置服务中人们普遍关注的热门话题。尤其是在连续查询场景下,查询间存在着密切的联系,这就使得用户的隐私面临更大的威胁。针对这一问题,文章提出了一种连续查询下的隐私保护算法,称为基于速度的动态匿名算法(V-DCA)。在匿名处理时,考虑了用户的运动特征和趋势,也就是速度和加速度,并且利用历史匿名集合来产生新的匿名集合,在抵御查询跟踪攻击、保护隐私的同时提供了良好的服务质量。文章设计了一种连续查询隐私保护算法——基于速度的动态匿名算法(V-DCA),将用户的速度、加速度作为匿名条件之一,有效地平衡了隐私和服务质量;为了评价匿名算法,分别从隐私保障、服务质量和匿名时间3个方面提出了多个度量指标;通过在真实地图及相同环境下与其他匿名算法进行比较实验,验证了V-DCA在隐私保障、服务质量和响应时间方面的良好表现。     

面向连续查询的敏感语义位置隐私保护方案

针对连续查询位置服务中构造匿名区域未考虑语义位置信息导致敏感隐私泄露问题，通过设计[(K,θ)]-隐私模型，提出一种路网环境下面向连续查询的敏感语义位置隐私保护方案。该方案利用Voronoi图将城市路网预先划分为独立的Voronoi单元，依据用户的移动路径和移动速度，选择具有相似特性的其他[K-1]个用户，构建匿名用户集；利用匿名用户集用户设定的敏感语义位置类型和语义安全阈值，以及用户所处语义位置的Voronoi单元，构建满足[(K,θ)]-隐私模型的语义安全匿名区域，可以同时防止连续查询追踪攻击和语义推断攻击。实验结果表明，与SCPA算法相比，该方案在隐私保护程度上提升约15%，系统开销上降低约20%。     

基于连续查询的用户轨迹k-匿名隐私保护算法

随着移动服务和移动网络的持续发展,基于LBS的连续查询服务被广泛应用。基于单点的K-匿名位置隐私保护算法已经不能满足连续查询下用户位置隐私需求。针对用户轨迹隐私保护提出新的保护方法,该方法采用不可信第三方中心匿名器,用户获取自己的真实位置后首先在客户端进行模糊处理,然后提交给第三方匿名器,第三方匿名器根据用户的隐私需求结合用户某时刻的真实位置信息生成虚假用户,然后根据历史数据生成虚假轨迹。为了进一步提高虚假轨迹与用户真实轨迹的相似性,该算法提出了虚假轨迹生成的两个约束条件：虚假轨迹距用户真实轨迹的距离约束和相似性约束。经大量实验证明,该算法与传统的不同时刻K-匿名算法相比,不仅可以满足连续查询的用户轨迹隐私保护而且可以满足基于快照的LBS用户位置隐私保护。     

防止路径攻击的加权社会网络匿名化技术

随着社会网络的普及,社会网络数据的隐私保护问题,已经成为数据隐私研究领域学者普遍关注的热点问题。由于隐私信息异常广泛,攻击者可以利用多种背景知识进行隐私攻击。现有的隐私保护技术,大多针对简单社会网络,并不适用于加权社会网络。对加权社会网络中的路径隐私泄露问题进行了研究,针对最短路径识别提出了加权图k-可能路径匿名（k-possible path anonymity,KPPA）隐私保护模型,来防止基于加权社会网络的最短路径隐私攻击,设计了一种基于权重泛化的匿名方法来实现KPPA算法。通过在真实数据集上的大量测试研究,证明了KPPA算法对于加权图路径隐私保护的有效性,同时基于KPPA算法可以保留原图结构性质,提高权重信息的可用性。     

基于不可信环境的移动位置隐私保护

近年来,随着移动计算和位置设备的发展,位置隐私保护受到学术界的广泛关注,人们提出很多匿名算法来保护用户的隐私信息。但是现有的方法要么不适用于移动环境,要么没有考虑现实不可信环境。针对这些问题提出了基于博弈论的动态规划匿名算法Dynamic_p。此方法是在已有的可解决不可信环境下的位置隐私保护Privacy₁[8]方法基础上提出的,通过将匿名组先组建成匿名树,然后从下到上,子节点与父节点博弈算出锚点。层层递归,最后算出整个匿名组的锚点。用户通过使用锚点代替实际位置来发起位置近邻查询,通过概率统计选出候选位置,最后通过位置计算算出最终的理想位置点。仿真实验表明,此方法在位置匿名方法上有更好的处理效率,并且能应用于移动的不可信环境中。     

基于位置服务中防止敏感同质性攻击的个性化隐私保护

基于位置服务中的隐私保护方法存在只关注保护用户位置和标识信息的问题,当匿名集中提出的查询均属于敏感查询时,将产生敏感同质性攻击。针对此问题,提出了个性化(k,p)-敏感匿名模型。并基于此模型,提出了基于树型索引结构的匿名算法--PTreeCA。空间数据库中的树型索引具有两大特点：1)空间中的用户已根据位置邻近性在树中被大致分组;2)在树的中间节点中可以存储聚集信息。利用这两个特点,PTreeCA可以从查询用户所在叶子节点和其兄弟节点中寻找匿名集,提高了匿名算法的效率。最后,在模拟和真实数据集上进行了实验,所提算法平均匿名成功率可达100%,平均匿名时间只有4ms。当隐私级别较低和适中时,PTreeCA在匿名成功率、匿名时间和匿名代价方面均表现出良好性能。     

位置隐私保护技术综述

随着如智能手机和平板电脑等移动设备的普及,基于位置的服务(LBS)变得越来越流行,人们通过网络进行查询的同时,将自己的位置信息暴露给了LBS提供商。如何保护用户的位置信息不被潜在地泄露给LBS提供商,对一个LBS系统来说是至关重要的。目前关于LBS的隐私保护的研究已经取得了一定的成果,为了更深入地解决位置隐私保护技术中还没有解决的诸多问题,展开对相关课题的深入研究,从非k-匿名位置隐私技术、k-匿名位置隐私技术、P2P架构下的k-匿名技术和连续查询轨迹匿名技术四个方面对相关文献进行了综述,分别介绍了相关的算法。最后,总结了位置隐私保护技术当前存在的问题及未来的发展方向。     

移动对象连续查询位置匿名策略

用户位置隐私保护已经成为基于位置服务领域研究的热点问题之一,现有的方法多是只针对用户单独一次查询的隐私保护,没有考虑移动过程中由于连续查询而造成的位置隐私泄露问题。主要针对连续查询下的移动对象位置隐私保护提出一种基于历史用户的虚假用户生成的位置匿名方法,该方法结合用户历史数据,通过确定合理的假用户生成区域及假用户生成时刻其空间位置,使虚假用户能够实时对真实用户位置进行保护,通过实验验证其可行性和有效性。     

面向Android应用的细粒度位置隐私保护系统

位置隐私保护是移动定位服务中的关键安全问题,粗粒度的访问控制机制通过绝对的授权策略抑制了位置信息的暴露,但是忽略了用户的服务质量。提出一种针对本地位置信息的时空模糊算法,实现了细粒度的位置隐私保护系统,在保障用户服务质量的前提下实现位置信息的模糊,从而达到隐私保护的目的。首先设计了一种针对应用程序位置服务请求的位置信息拦截技术,截获精确位置信息,并使用位置模糊算法进行模糊处理;将模糊后的安全位置信息返回给Apps,从而实现位置隐私保护。实验结果证明了该方法的有效性。     

Preserving location privacy without exact locations in mobile services

Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking approaches assume that mobile users are trusted. And exact locations are required to protect location privacy, which is exactly the information mobile users want to hide. In this paper, we propose a p-anti-conspiration privacy model to anonymize over semi-honest users. Furthermore, two k*NNG-based cloaking algorithms, vk*NNCA and ek*NNCA, are proposed to protect location privacy without exact locations. The efficiency and effectiveness of the proposed algorithms are validated by a series of carefully designed experiments. The experimental results show that the price paid for location privacy protection without exact locations is small.     

Long-term location privacy protection for location-based services in mobile cloud computing

The popularity of mobile devices, especially intelligent mobile phones, significantly prompt various location-based services (LBSs) in cloud systems. These services not only greatly facilitate people’s daily lives, but also cause serious threats that users’ location information may be misused or leaked by service providers. The dummy-based privacy protection techniques have significant advantages over others because they neither rely on trusted servers nor need adequate number of trustworthy peers. Existing dummy-based location privacy protection schemes, however, cannot yet provide long-term privacy protection. In this paper, we propose four principles for the dummy-based long-term location privacy protection (LT-LPP). Based on the principles, we propose a set of long-term consistent dummy generation algorithms for the LT-LPP. Our approach is built on soft computing techniques and can balance the preferred privacy protection and computing cost. Comprehensive experimental results demonstrate that our approach is effective to both long-term privacy protection and fake path generation for LBSs in mobile clouds.     

An optimal query strategy for protecting location privacy in location-based services

In this paper, an optimal query strategy is proposed for location privacy in location-based services (LBSs) from a game-theoretic perspective. Distributed location privacy metrics are proposed, and a user-centric model is proposed, in which users make their own decisions to protect their location privacy. In addition, the mobile users’ cooperation is formalized as a query strategy selection optimizing problem by using the framework of Bayesian games. Based on the analysis of Bayesian Nash Equilibria, a User Query Strategy Optimization Algorithm (UQSOA) is designed to help users achieve optimized utilities. We perform simulations to assess the privacy protection effectiveness of our approach and validate the theoretical properties of the UQSOA algorithm.     

A classification of location privacy attacks and approaches

In recent years, location-based services have become very popular, mainly driven by the availability of modern mobile devices with integrated position sensors. Prominent examples are points of interest finders or geo-social networks such as Facebook Places, Qype, and Loopt. However, providing such services with private user positions may raise serious privacy concerns if these positions are not protected adequately. Therefore, location privacy concepts become mandatory to ensure the user’s acceptance of location-based services. Many different concepts and approaches for the protection of location privacy have been described in the literature. These approaches differ with respect to the protected information and their effectiveness against different attacks. The goal of this paper is to assess the applicability and effectiveness of location privacy approaches systematically. We first identify different protection goals, namely personal information (user identity), spatial information (user position), and temporal information (identity/position + time). Secondly, we give an overview of basic principles and existing approaches to protect these privacy goals. In a third step, we classify possible attacks. Finally, we analyze existing approaches with respect to their protection goals and their ability to resist the introduced attacks.     

Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments

This paper tackles a privacy breach in current location-based services (LBS) where mobile users have to report their exact location information to an LBS provider in order to obtain their desired services. For example, a user who wants to issue a query asking about her nearest gas station has to report her exact location to an LBS provider. However, many recent research efforts have indicated that revealing private location information to potentially untrusted LBS providers may lead to major privacy breaches. To preserve user location privacy, spatial cloaking is the most commonly used privacy-enhancing technique in LBS. The basic idea of the spatial cloaking technique is to blur a user’s exact location into a cloaked area that satisfies the user specified privacy requirements. Unfortunately, existing spatial cloaking algorithms designed for LBS rely on fixed communication infrastructure, e.g., base stations, and centralized/distributed servers. Thus, these algorithms cannot be applied to a mobile peer-to-peer (P2P) environment where mobile users can only communicate with other peers through P2P multi-hop routing without any support of fixed communication infrastructure or servers. In this paper, we propose a spatial cloaking algorithm for mobile P2P environments. As mobile P2P environments have many unique limitations, e.g., user mobility, limited transmission range, multi-hop communication, scarce communication resources, and network partitions, we propose three key features to enhance our algorithm: (1) An information sharing scheme enables mobile users to share their gathered peer location information to reduce communication overhead; (2) A historical location scheme allows mobile users to utilize stale peer location information to overcome the network partition problem; and (3) A cloaked area adjustment scheme guarantees that our spatial cloaking algorithm is free from a “center-of-cloaked-area” privacy attack. Experimental results show that our P2P spatial cloaking algorithm is scalable while guaranteeing the user’s location privacy protection.     

基于连续近邻服务请求的位置匿名方法的研究

随着智能设备的普及,基于位置的服务变得越来越流行,人们通过网络获取便捷服务时,同时也将自己的位置信息暴露给LBS提供商,带来了隐私泄露的威胁。针对如何保护用户的位置信息不被泄露问题,国内外学者提出很多种解决方案,其中一种典型的方法是冗余地址查询方法。然而之前的方法在连续的近邻查询过程中存在处理速度较慢,反应延迟较大的问题。为了提高冗余匿名方法连续近邻查询的查询速度和效率,本文利用局部性原理,提出了一种改进算法,能够有效提高服务器的处理速度和查询时间,减少响应延迟。实验结果表明,对连续性较强的近邻查询,本文建议的方法相对于之前的方法查询性能有较大的提高。     

Preventing Location-Based Identity Inference in Anonymous Spatial Queries

The increasing trend of embedding positioning capabilities (for example, GPS) in mobile devices facilitates the widespread use of location-based services. For such applications to succeed, privacy and confidentiality are essential. Existing privacy-enhancing techniques rely on encryption to safeguard communication channels, and on pseudonyms to protect user identities. Nevertheless, the query contents may disclose the physical location of the user. In this paper, we present a framework for preventing location-based identity inference of users who issue spatial queries to location-based services. We propose transformations based on the well-established K-anonymity concept to compute exact answers for range and nearest neighbor search, without revealing the query source. Our methods optimize the entire process of anonymizing the requests and processing the transformed spatial queries. Extensive experimental studies suggest that the proposed techniques are applicable to real-life scenarios with numerous mobile users.