位置服务信息安全防护

随着无线通信技术和智能移动终端的快速发展,基于位置的服务(LBS)在军事、交通、物流等诸多领域得到了广泛应用,它能够根据移动对象的位置信息提供个性化服务。在人们享受各种位置服务的同时,移动对象个人信息泄露的隐私威胁也渐渐成为一个严重的问题。为移动用户提供位置服务的同时,保护移动用户的位置隐私也至关重要。本文就位置业务隐私保护技术和位置业务隐私管控手段进行了探讨。     

Applying privacy on the dissemination of location information

Recent achievements in the positioning technology enable the provision of location-based services that require high accuracy. On the other hand, location privacy is important, since position information is considered as personal information. Thus, anonymity and location privacy in mobile and pervasive environments has been receiving increasing attention during the last few years, and several mechanisms and architectures have been proposed to prevent “big brother” phenomena. In this paper, we discuss an architecture to shield the location of a mobile user and preserve the anonymity on the service delivery. This architecture relies on un-trusted entities to distribute segments of anonymous location information, and authorizes other entities to combine these portions and derive the actual location of a user. The paper describes how the proposed architecture takes into account the location privacy requirements, and how it is used by the end users’ devices, e.g., mobile phones, for the dissemination of location information to Service Providers. Furthermore, it discusses performance study experiments, based on real location data, and summarizes the threats analysis results.     

Location publishing technology based on differential privacy-preserving for big data services

Aiming at dealing with prospect knowledge and complex combinatorial attack,a new location big data publishing mechanism under differential privacy technology was given.And innovative usability evaluation feedback mechanism was designed.It gave corresponding solution details for the sensitive attributes and the identity recognition to analyze the quality of service,aimed at privacy protecting for location based big data under situations like combination of location information and non-location information and attacker’s arbitrary background knowledge.Simulation results based on different spatial indexing technology proved that the new publishing model has a higher accuracy under specified privacy conditions for the location query service.     

个人移动数据收集中的多维轨迹匿名方法

在情景感知位置服务中,移动互联网络的开放性使得个人移动数据面临巨大的安全风险,移动数据的时空关联特性对个人数据的隐私保护提出重大挑战.针对基于时空关联的背景知识攻击,本文提出了一种多维的轨迹匿名隐私保护方法.该方法在匿名轨迹数据收集系统的基础上,基于多用户协作的隐私保护模式,通过时间匿名和空间匿名算法,实现用户的隐私保护.实验结果表明,该方法可以有效的对抗基于位置和移动方式的背景知识攻击,满足了k-匿名的隐私保护要求.     

个性化搜索中一种基于位置服务的隐私保护方法

在基于位置服务的个性化搜索中,利用可信第三方服务器以及对等节点是保护用户隐私的主要方法,但在现实生活中,它们却是不完全可信的。为了解决这一问题,该文提出一种个性化搜索中基于位置服务的隐私保护方法。该方法通过转换用户的位置信息,并根据用户的查询类型生成用户模型,进而形成带有用户位置信息的查询矩阵,然后利用矩阵加密用户的查询,隐藏查询矩阵中的用户信息,最后根据安全内积计算返回相关性得分最高的前K个查询文件给用户。安全性分析表明该方法能有效地保护用户的查询隐私和位置隐私,通过分析与实验表明,该方法大幅度地缩短了索引构建时间,降低了通信开销,同时为用户提供了基于位置的个性化搜索结果,一定程度上解决了移动设备屏幕小带来的弊端。     

Privacy Protected Spatial Query Processing for Advanced Location Based Services

Due to the popularity of mobile devices (e.g., cell phones, PDAs, etc.), location-based services have become more and more prevalent in recent years. However, users have to reveal their location information to access location-based services with existing service infrastructures. It is possible that adversaries could collect the location information, which in turn invades user’s privacy. There are existing solutions for query processing on spatial networks and mobile user privacy protection in Euclidean space. However there is no solution for solving queries on spatial networks with privacy protection. Therefore, we aim to provide network distance spatial query solutions which can preserve user privacy by utilizing K-anonymity mechanisms. In this paper, we propose an effective location cloaking mechanism based on spatial networks and two novel query algorithms, PSNN and PSRQ, for answering nearest neighbor queries and range queries on spatial networks without revealing private information of the query initiator. We demonstrate the appeal of our technique using extensive simulation results.     

基于位置语义的路网位置隐私保护

移动用户在享受基于位置的服务（LBS）的同时受到位置隐私泄露的威胁,因而提供有效的位置隐私保护策略至关重要。传统的位置隐私保护方法主要采用空间匿名的方式,若攻击者获得了更多与匿名空间相关的背景知识,尤其是与位置相关的语义信息,就会严重降低匿名效果。为了防止由位置语义分析造成的敏感位置信息泄露,并根据移动用户活动范围大多限定为道路网络的特点,提出一种基于位置语义的路网位置隐私保护方法,充分考虑了用户的个性化隐私需求,并通过实验验证了方法的可行性及有效性。     

LTPPM: a location and trajectory privacy protection mechanism in participatory sensing

The ubiquity of mobile devices has facilitated the prevalence of participatory sensing, whereby ordinary citizens use their private mobile devices to collect regional information and to share with participators. However, such applications may endanger the users' privacy by revealing their locations and trajectories information. Most of existing solutions, which hide a user's location information with a coarse region, are under k‐anonymity model. Yet, they may not be applicable in some participatory sensing applications that require precise location information. The goals are seemingly contradictory: to protect a user's location privacy while simultaneously providing precise location information for a high quality of service. In this paper, we propose a method to meet both goals. Through selecting a certain number of a user's partners, it can protect the user's location privacy while providing precise location information. The user's trajectory privacy can be protected by constructing several trajectories that are similar to the user's trajectory in an interval time T. Finally, we utilize a new metric, called slope ratio, to evaluate the partners' selection algorithm that we proposed. Then, we measure the privacy level that the location and trajectory privacy protection mechanism (LTPPM) can achieve. The analysis and simulation results show that LTPPM can protect the user's location and trajectory privacy effectively and also provide a high quality of service in participatory sensing. Copyright © 2012 John Wiley & Sons, Ltd.     

The quest for personal control over mobile location privacy

How to protect location privacy of mobile users is an important issue in ubiquitous computing. However, location privacy protection is particularly challenging: on one hand, the administration requires all legitimate users to provide identity information in order to grant them permission to use its wireless service; on the other hand, mobile users would prefer not to expose any information that could enable anyone, including the administration, to get some clue regarding their whereabouts; mobile users would like to have complete personal control of their location privacy. To address this issue, we propose an authorized-anonymous-ID-based scheme; this scheme effectively eliminates the need for a trusted server or administration, which is assumed in the previous work. Our key weapon is a cryptographic technique called blind signature, which is used to generate an authorized anonymous ID that replaces the real ID of an authorized mobile device. With authorized anonymous IDs, we design an architecture capable of achieving complete personal control over location privacy while maintaining the authentication function required by the administration.     

基于博弈分析的众包交通监测隐私保护机制

众包交通监测利用移动终端上传的GPS位置信息实时感知交通状况,具有广阔的应用前景。然而,上传的GPS信息会泄露用户隐私。该文基于博弈论分析用户上传行为,提出隐私保护的优化上传机制。首先建立用户上传行为与路况服务质量和隐私泄露之间的关系,据此构建不完全信息博弈模型,以便分析用户上传行为;然后,根据用户上传博弈纳什均衡,提出用户终端可控的隐私保护优化上传机制。理论分析表明,该文提出的上传机制最大化用户效用,具有激励相容特性;通过真实数据实验验证,上传机制能够提高用户的隐私保护度,以及算法的激励相容特性。     

Search me if you can: Multiple mix zones with location privacy protection for mapping services

The mobile vehicle is gaining popularity nowadays using map services like Google Maps and other mapping services. However, map services users have to expose sensitive information like geographic locations (GPS coordinates) or address to personal privacy concerns as users share their locations and queries to obtain desired services. Existing mix zones location privacy protection methods are most general purposed and theoretical value while not applicable when applied to provide location privacy for map service users. In this paper, we present new (multiple mix zones location privacy protection) MMLPP method specially designed for map services on mobile vehicles over the road network. This method enables mobile vehicle users to query a route between 2 endpoints on the map, without revealing any confidential location and queries information. The basic idea is to strategically endpoints to nearby ones, such that (1) the semantic meanings encoded in these endpoints (eg, their GPS coordinates) change much, ie, location privacy is protected; (2) the routes returned by map services little change, ie, services usability are maintained. Specifically, a mobile client first privately retrieves point of interest close to the original endpoints, and then selects 2 points of interest as the shifted endpoints satisfying the property of geoindistinguishability. We evaluate our MMLPP approach road network application for GTMobiSim on different scales of map services and conduct experiments with real traces. Results show that MMLPP strikes a good balance between location privacy and service usability.     

情境感知的位置隐私保护方法研究进展

随着无线通信技术与智能移动终端的发展,基于位置的服务(LBS, location-based service)得到广泛应用,与移动对象位置相关的数据隐私保护已经成为LBS中的研究热点。首先简单介绍了位置隐私与情境感知的基本概念;其次,对现有的位置隐私保护方法从隐私保护效果、服务质量、系统结构和时空情境自适应性4个方面进行分析总结,指出了该研究的发展趋势;最后,对情境感知的位置隐私保护方法现状进行介绍,讨论了该领域存在的研究难点以及未来的研究方向。     

Evaluation and protection of multi-level location privacy based on an information theoretic approach

A privacy metric based on mutual information was proposed to measure the privacy leakage occurred when location data owner trust data users at different levels and need to publish the distorted location data to each user according to her trust level,based on which an location privacy protection mechanism (LPPM)was generated to protect user’s location privacy.In addition,based on mutual information,a metric was proposed to measure the privacy leakage caused by attackers obtaining different levels of distorted location data and then performing inference attack on the original location data more accurately.Another privacy metric was also proposed to quantify the information leakage occurred in the scenario based on mutual information.In particular,the proposed privacy mechanism was designed by modifying Blahut-Arimoto algorithm in rate-distortion theory.Experimental results show the superiority of the proposed LPPM over an existing LPPM in terms of location privacyutility tradeoff in both scenarios,which is more conspicuous when there are highly popular locations.     

X‐Region: A framework for location privacy preservation in mobile peer‐to‐peer networks

While enjoying various LBS (location‐based services), users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer‐to‐peer (P2P) networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x‐region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x‐region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x‐region, together with three algorithms for generating an x‐region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.     

Mobile advertisements and information privacy perception amongst South African Generation Y students

Mobile advertising has given business organisations great opportunities to reach consumers and clients directly with products and services irrespective of time and location. These possibilities have made mobile advertising a strategic business plan in today’s global competitive marketing world. This trend of mobile advertising in South Africa and the extent to which it infringes on the information privacy of consumers is examined in this paper. Using 440 questionnaires administered to Generation Y students at two universities: North West University, and Vaal University of Technology, the perceptions of these Generation Y students towards information privacy with regard to mobile advertising was explored. Data analysis which included regression analysis, Pearson’s correlation analysis, reliability test and preliminary data analysis revealed that Generation Y students seemed not to be bothered about the usefulness of mobile advertising messages but were however concerned about the information privacy associated with such marketing activities. It was also revealed that the ability of Generation Y students to control the usage of their data and the frequency of exposure to mobile advertising will positively influence their perception towards mobile advertising.     

Wireless Location Privacy Protection in Vehicular Ad-Hoc Networks

Advances in mobile networks and positioning technologies have made location information a valuable asset in vehicular ad-hoc networks (VANETs). However, the availability of such information must be weighted against the potential for abuse. In this paper, we investigate the problem of alleviating unauthorized tracking of target vehicles by adversaries in VANETs. We propose a vehicle density-based location privacy (DLP) scheme which can provide location privacy by utilizing the neighboring vehicle density as a threshold to change the pseudonyms. We derive the delay distribution and the average total delay of a vehicle within a density zone. Given the delay information, an adversary may still be available to track the target vehicle by some selection rules. We investigate the effectiveness of DLP based on extensive simulation study. Simulation results show that the probability of successful location tracking of a target vehicle by an adversary is inversely proportional to both the traffic arrival rate and the variance of vehicles’ speed. Our proposed DLP scheme also has a better performance than both Mix-Zone scheme and AMOEBA with random silent period.     

Mobile Privacy in Wireless Networks-Revisited

With the widespread use of mobile devices, the privacy of mobile location information becomes an important issue. In this paper, we present the requirements on protecting mobile privacy in wireless networks, and identify the privacy weakness of the third generation partnership project - authentication and key agreement (3GPP-AKA) by showing a practical attack to it. We then propose a scheme that meets these requirements, and this scheme does not introduce security vulnerability to the underlying authentication scheme. Another feature of the proposed scheme is that on each use of wireless channel, it uses a one-time alias to conceal the real identity of the mobile station with respect to both eavesdroppers and visited (honest or false) location registers. Moreover, the proposed scheme achieves this goal of identity concealment without sacrificing authentication efficiency.     

基于位置语义和查询概率的假位置选择算法

针对传统位置隐私保护方案中未充分考虑攻击者拥有背景知识而导致的隐私泄露问题,基于位置语义和查询概率提出一种假位置选择算法。在假位置集中的位置之间满足语义差异性、查询概率相近且地理位置尽量分散的条件下,避免了攻击者结合背景知识过滤假位置,同时保证了查询结果的精确性。仿真实验验证了所提算法能有效保护用户的位置隐私。     

基于位置服务的分布式差分隐私推荐方法研究

随着移动互联网技术的迅速发展,传统的推荐系统已不能很好地适应基于位置的推荐服务,同时也面临隐私泄露的问题.本文针对上述问题,首先提出一种分布式隐私保护推荐框架,并利用差分隐私保护理论,设计基于分布式框架的奇异值分解推荐算法,同时利用保序加密函数实现用户请求位置的保护.理论分析和在两个真实的数据集上的实验表明,本文提出的...     

A novel attributes anonymity scheme in continuous query

In location-based service (LBS), the un-trusted LBS server can preserve lots of information about the user. Then the information can be used as background knowledge and initiated the inference attack to get user’s privacy. Among the background knowledge, the profile attribute of users is the especial one. The attribute can be used to correlate the real location in uncertain location set in both of the snapshot and continuous query, and then the location privacy of users will be revealed. In most of the existing scheme, the author usually assumes a trusted third party (TTP) to achieve the profile anonymity. However, as the TTP disposes all anonymous procedure for each user, it will become the center of attacks and the bottleneck of the query service. Furthermore, the TTP may be curious about user’s privacy just because of the commercial consideration. In order to deal with the inference attack and remedy the drawback of TTP scheme, we propose a similar attributes anonymous scheme which based on the CP-ABE, and with the help of center server and collaborative users, our scheme can resist the inference attack as well as the privacy detection of any entity in the service of query. At last, security analysis and experimental results further verify the effectiveness of our scheme in privacy protection as well as efficiency of the algorithm execution.