个人移动数据收集中的多维轨迹匿名方法

在情景感知位置服务中,移动互联网络的开放性使得个人移动数据面临巨大的安全风险,移动数据的时空关联特性对个人数据的隐私保护提出重大挑战.针对基于时空关联的背景知识攻击,本文提出了一种多维的轨迹匿名隐私保护方法.该方法在匿名轨迹数据收集系统的基础上,基于多用户协作的隐私保护模式,通过时间匿名和空间匿名算法,实现用户的隐私保护.实验结果表明,该方法可以有效的对抗基于位置和移动方式的背景知识攻击,满足了k-匿名的隐私保护要求.     

Improved SpaceTwist privacy protection method based on anchor optimization algorithm

With location-based services worldwide used,private location data appealed easily in query process which caused serious security problems.So the introduction of SpaceTwist incremental nearest neighbor query algorithm,proposes protection of privacy method combined with improved SpaceTwist location optimization algorithm.The anchor point authentication server added to distributed system structure,user generate a k anonymous area according to their privacy preference and actual environment,using optimization algorithm to generate the anchor point.Forwarding users use the incremental nearest neighbor query throught the anchor point and accurate.Experiments in road network environment with different data sets show that the privacy protection works well in the algorithm,and own high work efficiency.     

基于Voronoi图预划分的LBS位置隐私保护方法

为了解决服务器面临大量用户请求时匿名效率下降的问题,分别提出适用于静态用户和动态用户的协作匿名方法。首先基于Voronoi图划分全局区域,再由中心服务器组织本区域内用户实现协作匿名,由于服务器无需为每个用户单独构造匿名区,降低了服务端的负担;针对查询过程中用户提供真实位置信息带来位置隐私泄露的问题,提出了逆向增量近邻查询算法。用户以固定锚点代替真实位置,向位置服务器逐步获取兴趣点候选集并计算出想要的结果,避免位置隐私直接泄漏的同时获取精准查询结果。该算法同时解决了锚点与用户过近而带来的位置隐私被推断问题。实验表明本方法在有效保护用户位置隐私的同时,具有良好的工作效率。     

A novel attributes anonymity scheme in continuous query

In location-based service (LBS), the un-trusted LBS server can preserve lots of information about the user. Then the information can be used as background knowledge and initiated the inference attack to get user’s privacy. Among the background knowledge, the profile attribute of users is the especial one. The attribute can be used to correlate the real location in uncertain location set in both of the snapshot and continuous query, and then the location privacy of users will be revealed. In most of the existing scheme, the author usually assumes a trusted third party (TTP) to achieve the profile anonymity. However, as the TTP disposes all anonymous procedure for each user, it will become the center of attacks and the bottleneck of the query service. Furthermore, the TTP may be curious about user’s privacy just because of the commercial consideration. In order to deal with the inference attack and remedy the drawback of TTP scheme, we propose a similar attributes anonymous scheme which based on the CP-ABE, and with the help of center server and collaborative users, our scheme can resist the inference attack as well as the privacy detection of any entity in the service of query. At last, security analysis and experimental results further verify the effectiveness of our scheme in privacy protection as well as efficiency of the algorithm execution.     

CP-ABE based users collaborative privacy protection scheme for continuous query

In location-based services (LBS),as the untrusted LBS server can be seen as an adversary,and it can utilize the attribute as background knowledge to correlate the real location of the user in the set of uncertain locations.Then the adversary can gain the location privacy when the user enjoys the snapshot and continuous query through the correlation inference attack.In order to cope with this attack,the main scheme in privacy protection is to generalize the attribute and achieve attribute anonymity.However,algorithms of this type usually assumes a trusted third party (TTP) which provides the service of similarity attribute finding and comparing,and it is unpractical in the real environment,as the TTP may become the point of attack or the bottleneck of service and it cannot be considered as the trusted one all the time.Thus,to cope with the correlation inference attack as well as the semi-trusted third party,ciphertext policy attribute based encryption (CP-ABE) and users collaboration based attribute anonymous scheme was proposed.In this scheme,the user coupled achieve location and attribute anonymity.Furthermore,this scheme could also provide security for attacks from the semi-trusted third party as well as semi-trusted collaborative users.At last,security analysis and the experiment results further verify the effectiveness of privacy protection and the efficiency of algorithm execution.     

移动社交网络中基于代理转发机制的轨迹隐私保护方法

K匿名技术是当前轨迹隐私保护的主流方法,但该方法也存在隐私泄露的风险。该文提出一种在移动社交网络中基于代理转发机制(BAFM)的轨迹隐私保护方法。该方法利用安全多方计算和内积安全计算进行隐私加密匹配,通过可信服务器在移动社交网络中找最匹配的用户做代理,然后由代理转发用户的请求到服务器进行查询,隐藏用户的真实轨迹与位置服务器的联系,有效保护用户的轨迹隐私。安全分析表明该方法能有效保护用户的轨迹隐私;同时,通过实验验证该方法相对K匿名更高效,能减小服务器的查询和通信开销。     

PriMa: a comprehensive approach to privacy protection in social network sites

With social networks (SNs) allowing their users to host large amounts of personal data on their platforms, privacy protection mechanisms are becoming increasingly important. The current privacy protection mechanisms offered by SNs mostly enforce access control policies based on users’ privacy settings. The task of setting privacy preferences may be tedious and confusing for the average user, who has hundreds of connections (e.g., acquaintances, colleagues, friends, etc.) and maintains an extensive profile on his main SN. Hence, users often end up with policies that do not sufficiently protect their personal information, thus facilitating potential privacy breaches and information misuse. In this paper, we propose PriMa (Privacy Manager), a privacy protection mechanism that supports semiautomated generation of access rules for users’ profile information, filling the gap between the privacy management needs of SN users and the existing SNs’ privacy protection mechanisms. PriMa access rules are generated using a multicriteria algorithm, so as to account for an extensive set of criteria to be considered when dealing with access control in SN sites. The resulting rules are simple yet powerful specifications, indicating the adequate level of protection for each user, and are dynamically adapted to the ever-changing requirements of the users’ preferences and SN configuration. We have implemented PriMa on a Drupal platform and as a third-party Facebook application. We have evaluated the performance of the PriMa application with respect to access rule generation.     

Privacy Protected Spatial Query Processing for Advanced Location Based Services

Due to the popularity of mobile devices (e.g., cell phones, PDAs, etc.), location-based services have become more and more prevalent in recent years. However, users have to reveal their location information to access location-based services with existing service infrastructures. It is possible that adversaries could collect the location information, which in turn invades user’s privacy. There are existing solutions for query processing on spatial networks and mobile user privacy protection in Euclidean space. However there is no solution for solving queries on spatial networks with privacy protection. Therefore, we aim to provide network distance spatial query solutions which can preserve user privacy by utilizing K-anonymity mechanisms. In this paper, we propose an effective location cloaking mechanism based on spatial networks and two novel query algorithms, PSNN and PSRQ, for answering nearest neighbor queries and range queries on spatial networks without revealing private information of the query initiator. We demonstrate the appeal of our technique using extensive simulation results.     

Efficient privacy-preserving group-nearest-neighbor queries with the presence of active adversaries

Location-based services (LBSs) allow users to ask location-dependent queries and receive information based on their location. A group of users can send a group-nearest-neighbor (GNN) query in order to receive a Point Of Interest (POI). This POI in turn shows a point which is the minimum distance from all members of the group. To benefit from these services, it is important to preserve the location privacy of each group user from others in the group (Intragroup location privacy) as well as from anyone outside of the group, including the LBS, (Intergroup location privacy). It may also be necessary to protect the location privacy of the resulting POI from the LBS and other possible attackers. In this paper, we propose two different privacy-preserving protocols for finding the exact answer to a GNN query among a set of returned POIs. The first protocol assumes a semi-honest model while the second one works in a malicious model. The proposed protocols are based on the Anonymous Veto network and Burmester–Desmedt key establishment protocols. The security analysis shows that the proposed protocols provide both Intragroup and Intergroup location privacy; they also protect the location privacy of the resulting POI and are resistant to collusion and multi-point aggregate distance attacks. The performed analyses indicate that they incur a constant computation cost per user and are efficient in terms of computation and communication costs.

     

车联网POI查询中的位置隐私和查询隐私联合保护机制

在车联网中,基于位置的服务(LBS)的兴趣点(POI)查询被广泛用于车载应用中。但是,由于攻击者容易获取车辆位置、查询内容以及其它额外信息,单独对位置隐私或查询隐私进行保护很难保障车载用户的隐私安全,使得对位置隐私和查询隐私开展联合保护越发关键。为此,该文提出一种基于虚拟序列的位置隐私和查询隐私联合保护机制。首先根据POI查询的限制,分析位置隐私和查询隐私的相关性,运用欧几里得距离和关联规则算法对其建模描述,得到相关性判断模型;然后基于虚拟序列,根据影响隐私保护的因素和真实查询的相关性值,将联合保护转化为虚拟序列的选择问题,建立联合保护优化模型,得到匿名程度高且匿名区域大的匿名查询集,防止攻击者识别出真实查询。最后,实验结果表明,与现有方案相比,所提联合保护机制能抵御针对位置隐私和查询隐私的联合攻击(语义范围攻击、时间关联攻击和长期观察攻击),能更有效地保护用户的LBS隐私。     

利用盲签名实现对3G位置隐私的保护

随着3G技术的深入发展,人们对服务提出了更高的要求,在合法用户获取相应服务的同时,还要保护好用户的隐私。论文主要目的是解决3G用户的位置隐私问题,通过使用一个授权的匿名身份来替代3G中用到的IMSI和TMSI,防止了用户身份和位置信息的暴露。文章采用盲签名来实现身份的隐藏,从而达到了保护位置信息的目的。匿名身份的独立性和基于应用层实现该协议达到了用户对位置隐私的完全控制。     

Approach of location privacy protection based on order preserving encryption of the grid

The centralized structure of the trusted third party is a major privacy protection structure on location based services.However,if the central third party server can not be trusted or compromised,users have the risk of leakage of privacy location.Aiming at the above problems,location privacy protection approach based on a user-defined grid to hide location was proposed.The system first automatically converted the query area into a user-defined grid,and then the approach utilized order preserving encryption,which made the user’s real-time position in the hidden state could still be compared.Because the information in the process of the approach was in a state of encryption,the server could not know the user’s location information,thus improved privacy protection of the user location.The central third party server only need to do simple comparison work,so its processing time overhead would effectively decrease.Security analysis certificate the security of the proposed approach and simulation experimental show the proposed approach can reduce the time cost of the central third party server.     

LBS中面向协同位置隐私保护的群组最近邻查询

在分析现有群组最近邻查询中位置隐私保护的基础上,提出LBS中一种面向位置隐私保护的群组最近邻查询方法。该方法采用分布式系统结构,克服了集中式匿名系统结构所存在通信瓶颈和攻击重点的缺陷。在此基础上根据用户群组的运动状态信息,提出使用位置随机扰动和门限秘密共享的Paillier密码系统来安全地计算用户群组的质心位置。于是将用户群组的最近邻查询转换为此质心的最近邻查询。与现有的相关工作相比,理论分析表明所提有关方案能够在有效抵御现有的距离交叉攻击和共谋攻击下,实现灵活的群组最近邻查询,同时耗费较低的网络资源。     

AMOEBA: Robust Location Privacy Scheme for VANET

Communication messages in vehicular ad hoc networks (VANET) can be used to locate and track vehicles. While tracking can be beneficial for vehicle navigation, it can also lead to threats on location privacy of vehicle user. In this paper, we address the problem of mitigating unauthorized tracking of vehicles based on their broadcast communications, to enhance the user location privacy in VANET. Compared to other mobile networks, VANET exhibits unique characteristics in terms of vehicular mobility constraints, application requirements such as a safety message broadcast period, and vehicular network connectivity. Based on the observed characteristics, we propose a scheme called AMOEBA, that provides location privacy by utilizing the group navigation of vehicles. By simulating vehicular mobility in freeways and streets, the performance of the proposed scheme is evaluated under VANET application constraints and two passive adversary models. We make use of vehicular groups for anonymous access to location based service applications in VANET, for user privacy protection. The robustness of the user privacy provided is considered under various attacks.     

LTPPM: a location and trajectory privacy protection mechanism in participatory sensing

The ubiquity of mobile devices has facilitated the prevalence of participatory sensing, whereby ordinary citizens use their private mobile devices to collect regional information and to share with participators. However, such applications may endanger the users' privacy by revealing their locations and trajectories information. Most of existing solutions, which hide a user's location information with a coarse region, are under k‐anonymity model. Yet, they may not be applicable in some participatory sensing applications that require precise location information. The goals are seemingly contradictory: to protect a user's location privacy while simultaneously providing precise location information for a high quality of service. In this paper, we propose a method to meet both goals. Through selecting a certain number of a user's partners, it can protect the user's location privacy while providing precise location information. The user's trajectory privacy can be protected by constructing several trajectories that are similar to the user's trajectory in an interval time T. Finally, we utilize a new metric, called slope ratio, to evaluate the partners' selection algorithm that we proposed. Then, we measure the privacy level that the location and trajectory privacy protection mechanism (LTPPM) can achieve. The analysis and simulation results show that LTPPM can protect the user's location and trajectory privacy effectively and also provide a high quality of service in participatory sensing. Copyright © 2012 John Wiley & Sons, Ltd.     

Applying privacy on the dissemination of location information

Recent achievements in the positioning technology enable the provision of location-based services that require high accuracy. On the other hand, location privacy is important, since position information is considered as personal information. Thus, anonymity and location privacy in mobile and pervasive environments has been receiving increasing attention during the last few years, and several mechanisms and architectures have been proposed to prevent “big brother” phenomena. In this paper, we discuss an architecture to shield the location of a mobile user and preserve the anonymity on the service delivery. This architecture relies on un-trusted entities to distribute segments of anonymous location information, and authorizes other entities to combine these portions and derive the actual location of a user. The paper describes how the proposed architecture takes into account the location privacy requirements, and how it is used by the end users’ devices, e.g., mobile phones, for the dissemination of location information to Service Providers. Furthermore, it discusses performance study experiments, based on real location data, and summarizes the threats analysis results.     

Improving user content privacy on social networks using rights management systems

Currently, millions and millions of users are using online social networks to share their thoughts, experiences and content with online friends. Documents, videos, music and pictures are shared online, relying on the privacy and security controls offered by the social network platforms, with little control from the end user. This creates serious privacy concerns, since the control over the content shared online on the social network is out of the hands of the user. In this paper, the authors propose an approach for content privacy shared on social networks that is user-centric and not based on the social network platform. In order to achieve that, an architecture based on a rights management platform capable of enforcing the necessary security and privacy mechanisms that extend the original controls provided by the social network platform will be presented. That way, users will be able to control their privacy settings and protect their own content, even when they are no longer part of the social network (suspending or deleting its account).     

基于相对熵和K-means的形状相似差分隐私轨迹保护机制

为解决绝大多数研究未充分考虑位置对隐私预算的敏感程度以及轨迹形状带来的影响,使发布的轨迹可用性较差的问题,提出了基于相对熵和K-means的形状相似差分隐私轨迹保护机制.首先,根据地理空间的拓扑关系,利用相对熵计算真实位置对隐私预算的敏感程度,设计了位置敏感的隐私级别实时计算算法,并与差分隐私预算结合建立了一个新的隐私...     

基于Tor的Internet集成匿名浏览系统设计与实现

设计的Internet集成匿名浏览系统是基于Linux和Tor技术来保护用户的信息安全,该系统能够解决Linux环境下用户上网的隐私保护问题,软件的集成使匿名服务相对简单,方便普通用户的使用。测试结果表明,当系统启动后,浏览器通过Tor网络发送的数据包是经过封装后的加密数据,表明系统对用户的真实身份等信息都进行了有效隐藏,可以有效地保护用户的隐私信息。     

The quest for personal control over mobile location privacy

How to protect location privacy of mobile users is an important issue in ubiquitous computing. However, location privacy protection is particularly challenging: on one hand, the administration requires all legitimate users to provide identity information in order to grant them permission to use its wireless service; on the other hand, mobile users would prefer not to expose any information that could enable anyone, including the administration, to get some clue regarding their whereabouts; mobile users would like to have complete personal control of their location privacy. To address this issue, we propose an authorized-anonymous-ID-based scheme; this scheme effectively eliminates the need for a trusted server or administration, which is assumed in the previous work. Our key weapon is a cryptographic technique called blind signature, which is used to generate an authorized anonymous ID that replaces the real ID of an authorized mobile device. With authorized anonymous IDs, we design an architecture capable of achieving complete personal control over location privacy while maintaining the authentication function required by the administration.