基于均衡增量近邻查询的位置隐私保护方法

针对用户在获得位置服务的同时,用户的位置隐私可能会被泄露的问题,采用协作的分布式模型,移动终端和LBS服务器这两端都使用k-匿名机制,提出基于k-匿名的均衡增量近邻(KHINN)查询方法。该方法在移动终端构造匿名用户组时,利用安全多方求和的技术计算锚点以保证用户隐私;在处理查询结果时,使用基于k-匿名的SpaceTwist方法提高查询隐私度和准确度。经过性能分析和实验结果表明,在考虑用户节点之间半可信或不可信的情况下,可以解决SpaceTwist方法中的查询兴趣点围绕锚点分布不均衡的缺陷问题,提高查询准确度。     

基于Voronoi图预划分的LBS位置隐私保护方法

为了解决服务器面临大量用户请求时匿名效率下降的问题,分别提出适用于静态用户和动态用户的协作匿名方法。首先基于Voronoi图划分全局区域,再由中心服务器组织本区域内用户实现协作匿名,由于服务器无需为每个用户单独构造匿名区,降低了服务端的负担;针对查询过程中用户提供真实位置信息带来位置隐私泄露的问题,提出了逆向增量近邻查询算法。用户以固定锚点代替真实位置,向位置服务器逐步获取兴趣点候选集并计算出想要的结果,避免位置隐私直接泄漏的同时获取精准查询结果。该算法同时解决了锚点与用户过近而带来的位置隐私被推断问题。实验表明本方法在有效保护用户位置隐私的同时,具有良好的工作效率。     

Research on LBS privacy preservation based on pseudorandom permutation in road network

A method of privacy preservation based on pseudorandom permutation was put forward for the issues of location privacy and query content privacy.Firstly,the distribution information of points of interest (PoI) based on the vertexes in the road network was organized,each single road vertex was taken as the foundational processing object.Based on the pseudorandom permutation,a permutation scheme of the point-of-interest records at the LBS server's end was put forward,a 32-bit random seed was adopted to generate a permuted table in the scheme,and the point-of-interest records were encrypted and permuted according to the table.These processed records were stored in the LBS database.Then a trusted intermediate server,replacing of the user,issued a query request with a record number instead of the query content to the LBS server.The LBS server could not determine which kind of PoI the user was interested in or which road section the user was locating on,and therefore the scheme achieved private information retrieval.Finally,the efficiency in the metrics of query accuracy,communication overhead and processing time was also analyzed.By the performance analysis and extensive experiments,the proposed scheme is proved to be location untraceable and query content uncorrelation.     

A novel attributes anonymity scheme in continuous query

In location-based service (LBS), the un-trusted LBS server can preserve lots of information about the user. Then the information can be used as background knowledge and initiated the inference attack to get user’s privacy. Among the background knowledge, the profile attribute of users is the especial one. The attribute can be used to correlate the real location in uncertain location set in both of the snapshot and continuous query, and then the location privacy of users will be revealed. In most of the existing scheme, the author usually assumes a trusted third party (TTP) to achieve the profile anonymity. However, as the TTP disposes all anonymous procedure for each user, it will become the center of attacks and the bottleneck of the query service. Furthermore, the TTP may be curious about user’s privacy just because of the commercial consideration. In order to deal with the inference attack and remedy the drawback of TTP scheme, we propose a similar attributes anonymous scheme which based on the CP-ABE, and with the help of center server and collaborative users, our scheme can resist the inference attack as well as the privacy detection of any entity in the service of query. At last, security analysis and experimental results further verify the effectiveness of our scheme in privacy protection as well as efficiency of the algorithm execution.     

基于网格标识匹配的位置隐私保护方法

在基于位置的服务中,基于可信第三方模型是当前位置隐私保护中的主要模型,但该模型存在一定的隐私泄露风险。该文提出一种基于网格标识匹配(GIM)的位置隐私保护方法,用户首先将查询区域划分为网格,并结合保序对称加密和K匿名技术,在匿名器形成K匿名,然后利用网格标识匹配返回查询结果给用户。在查询的过程中,匿名器并不知道用户的具体位置,加强了该模型中用户位置的隐私保护。同时中间匿名器仅进行简单的比较和匹配,有效缓解了匿名器的性能瓶颈问题。安全分析表明该方法能有效保护用户的位置隐私;并且通过实验验证该方法能有效减小匿名器的处理时间开销。     

基于预测和滑动窗口的轨迹差分隐私保护机制

为解决轨迹差分隐私保护中存在的隐私预算与服务质量等问题,提出了一种融合预测扰动的轨迹差分隐私保护机制。首先,利用马尔可夫链和指数扰动方法预测满足差分隐私和时空安全的扰动位置,并引入服务相似地图检测该位置的可用性;如果预测成功,则直接采用预测位置替代差分扰动的位置,以降低连续查询的隐私开销并提高服务质量。在此基础上,设计基于w滑动窗口的轨迹隐私预算分配机制,确保轨迹中任意连续的w次查询满足ε-差分隐私,解决连续查询的轨迹隐私问题。此外,基于敏感度地图设计一种隐私定制策略,通过自定义语义位置的隐私敏感度,实现隐私预算的量身定制,从而进一步提高其利用率。最后,利用真实数据集对所提方案进行实验分析,结果显示所提方案提供了更好的隐私保护水平和服务质量。     

个性化搜索中一种基于位置服务的隐私保护方法

在基于位置服务的个性化搜索中,利用可信第三方服务器以及对等节点是保护用户隐私的主要方法,但在现实生活中,它们却是不完全可信的。为了解决这一问题,该文提出一种个性化搜索中基于位置服务的隐私保护方法。该方法通过转换用户的位置信息,并根据用户的查询类型生成用户模型,进而形成带有用户位置信息的查询矩阵,然后利用矩阵加密用户的查询,隐藏查询矩阵中的用户信息,最后根据安全内积计算返回相关性得分最高的前K个查询文件给用户。安全性分析表明该方法能有效地保护用户的查询隐私和位置隐私,通过分析与实验表明,该方法大幅度地缩短了索引构建时间,降低了通信开销,同时为用户提供了基于位置的个性化搜索结果,一定程度上解决了移动设备屏幕小带来的弊端。     

Approach of location privacy protection based on order preserving encryption of the grid

The centralized structure of the trusted third party is a major privacy protection structure on location based services.However,if the central third party server can not be trusted or compromised,users have the risk of leakage of privacy location.Aiming at the above problems,location privacy protection approach based on a user-defined grid to hide location was proposed.The system first automatically converted the query area into a user-defined grid,and then the approach utilized order preserving encryption,which made the user’s real-time position in the hidden state could still be compared.Because the information in the process of the approach was in a state of encryption,the server could not know the user’s location information,thus improved privacy protection of the user location.The central third party server only need to do simple comparison work,so its processing time overhead would effectively decrease.Security analysis certificate the security of the proposed approach and simulation experimental show the proposed approach can reduce the time cost of the central third party server.     

LBS中面向协同位置隐私保护的群组最近邻查询

在分析现有群组最近邻查询中位置隐私保护的基础上,提出LBS中一种面向位置隐私保护的群组最近邻查询方法。该方法采用分布式系统结构,克服了集中式匿名系统结构所存在通信瓶颈和攻击重点的缺陷。在此基础上根据用户群组的运动状态信息,提出使用位置随机扰动和门限秘密共享的Paillier密码系统来安全地计算用户群组的质心位置。于是将用户群组的最近邻查询转换为此质心的最近邻查询。与现有的相关工作相比,理论分析表明所提有关方案能够在有效抵御现有的距离交叉攻击和共谋攻击下,实现灵活的群组最近邻查询,同时耗费较低的网络资源。     

Delay‐aware privacy‐preserving location‐based services under spatiotemporal constraints

The ubiquitous use of location‐based services (LBS) through smart devices produces massive amounts of location data. An attacker, with an access to such data, can reveal sensitive information about users. In this paper, we study location inference attacks based on the probability distribution of historical location data, travel time information between locations using knowledge of a map, and short and long‐term observation of privacy‐preserving queries. We show that existing privacy‐preserving approaches are vulnerable to such attacks. In this context, we propose a novel location privacy‐preserving approach, called KLAP, based on the three fundamental obfuscation requirements: minimum k ‐locations, l ‐diversity, and privacy a rea p reservation. KLAP adopts a personalized privacy preference for sporadic, frequent, and continuous LBS use cases. Specifically, it generates a secure concealing region (CR) to obfuscate the user's location and directs that CR to the service provider. The main contribution of this work is twofold. First, a CR pruning technique is devised to establish a balance between privacy and delay in LBS usage. Second, a new attack model called a long‐term obfuscated location tracking attack, and its countermeasure is proposed and evaluated both theoretically and empirically. We assess KLAP with two real‐world datasets. Experimental results show that it can achieve better privacy, reduced delay, and lower communication costs than existing state‐of‐the‐art methods.     

车联网POI查询中的位置隐私和查询隐私联合保护机制

在车联网中,基于位置的服务(LBS)的兴趣点(POI)查询被广泛用于车载应用中。但是,由于攻击者容易获取车辆位置、查询内容以及其它额外信息,单独对位置隐私或查询隐私进行保护很难保障车载用户的隐私安全,使得对位置隐私和查询隐私开展联合保护越发关键。为此,该文提出一种基于虚拟序列的位置隐私和查询隐私联合保护机制。首先根据POI查询的限制,分析位置隐私和查询隐私的相关性,运用欧几里得距离和关联规则算法对其建模描述,得到相关性判断模型;然后基于虚拟序列,根据影响隐私保护的因素和真实查询的相关性值,将联合保护转化为虚拟序列的选择问题,建立联合保护优化模型,得到匿名程度高且匿名区域大的匿名查询集,防止攻击者识别出真实查询。最后,实验结果表明,与现有方案相比,所提联合保护机制能抵御针对位置隐私和查询隐私的联合攻击(语义范围攻击、时间关联攻击和长期观察攻击),能更有效地保护用户的LBS隐私。     

Privacy self-correlation privacy-preserving scheme in LBS

The prevalence of mobile intelligent terminals gives the location-based service (LBS) more opportunities to enrich mobile users’ lives.However,mobile users enjoy the convenience with the cost of personal privacy.The side information and mobile user’s recent requirement records were considered,which were obtained or stored by the service provider.Based on the existence of recent requirement records,adversary can employ the inference attack to analysis mobile user’s personal information.Therefore,two schemes were proposed,including of basic privacy self-correlation privacy-preserving scheme (Ba-2PS) and enhanced privacy self-correlation privacy-preserving scheme(En-2PS).In En-2PS,the privacy-preserving scheme was designed from two dimensions of aspects of time factor and query region,which increased the uncertainty inferring out the real information.Finally,the privacy analysis was illustrated to proof En-2PS’s privacy degree,then the performance and privacy evaluation results indicate that En-2PS is effective and efficient.     

移动社交网络中基于代理转发机制的轨迹隐私保护方法

K匿名技术是当前轨迹隐私保护的主流方法,但该方法也存在隐私泄露的风险。该文提出一种在移动社交网络中基于代理转发机制(BAFM)的轨迹隐私保护方法。该方法利用安全多方计算和内积安全计算进行隐私加密匹配,通过可信服务器在移动社交网络中找最匹配的用户做代理,然后由代理转发用户的请求到服务器进行查询,隐藏用户的真实轨迹与位置服务器的联系,有效保护用户的轨迹隐私。安全分析表明该方法能有效保护用户的轨迹隐私;同时,通过实验验证该方法相对K匿名更高效,能减小服务器的查询和通信开销。     

Anonymizing region construction scheme based on query range in location-based service privacy protection

Since k-anonymity method can reduce the users’ computation cost and provides the precise query results,it has been widely used to protect the user’s privacy in location-based service.However,the existing schemes did not consider the size of the querying region for location based service provider (LSP) during the construction of the anonymizing region,which led that the quality of service was low.To solve this problem,the user’s querying range was introduced to present a novel anonymizing region construction scheme.In the proposal,the anonymity server first generated the original anonymizing sub-regions according to the user’s privacy requirements,and then merged these sub-regions to construct the anonymity region submitted to LSP based on the size of corresponding querying regions.The security and experiment analysis show that the presented scheme not only protects the user’s privacy effectively,but also decreases LSP’s querying regions,thereby improving the quality of service.     

基于服务相似性的k-匿名位置隐私保护方法

针对当前基于位置的服务(LBS)系统存在的隐私保护度、位置服务质量和通信开销三者难于平衡的问题,提出了一种基于服务相似性的k-匿名位置隐私保护方法。在不改变现有LBS 系统架构的情况下,利用位置服务查询结果的相似性来辅助匿名服务器构造匿名区域,从而实现在确保用户隐私安全的基础上,有效提高服务质量和降低系统开销。最后,通过实验验证了该算法的有效性。     

CP-ABE based users collaborative privacy protection scheme for continuous query

In location-based services (LBS),as the untrusted LBS server can be seen as an adversary,and it can utilize the attribute as background knowledge to correlate the real location of the user in the set of uncertain locations.Then the adversary can gain the location privacy when the user enjoys the snapshot and continuous query through the correlation inference attack.In order to cope with this attack,the main scheme in privacy protection is to generalize the attribute and achieve attribute anonymity.However,algorithms of this type usually assumes a trusted third party (TTP) which provides the service of similarity attribute finding and comparing,and it is unpractical in the real environment,as the TTP may become the point of attack or the bottleneck of service and it cannot be considered as the trusted one all the time.Thus,to cope with the correlation inference attack as well as the semi-trusted third party,ciphertext policy attribute based encryption (CP-ABE) and users collaboration based attribute anonymous scheme was proposed.In this scheme,the user coupled achieve location and attribute anonymity.Furthermore,this scheme could also provide security for attacks from the semi-trusted third party as well as semi-trusted collaborative users.At last,security analysis and the experiment results further verify the effectiveness of privacy protection and the efficiency of algorithm execution.     

基于位置语义和查询概率的假位置选择算法

针对传统位置隐私保护方案中未充分考虑攻击者拥有背景知识而导致的隐私泄露问题,基于位置语义和查询概率提出一种假位置选择算法。在假位置集中的位置之间满足语义差异性、查询概率相近且地理位置尽量分散的条件下,避免了攻击者结合背景知识过滤假位置,同时保证了查询结果的精确性。仿真实验验证了所提算法能有效保护用户的位置隐私。     

Efficient privacy-preserving group-nearest-neighbor queries with the presence of active adversaries

Location-based services (LBSs) allow users to ask location-dependent queries and receive information based on their location. A group of users can send a group-nearest-neighbor (GNN) query in order to receive a Point Of Interest (POI). This POI in turn shows a point which is the minimum distance from all members of the group. To benefit from these services, it is important to preserve the location privacy of each group user from others in the group (Intragroup location privacy) as well as from anyone outside of the group, including the LBS, (Intergroup location privacy). It may also be necessary to protect the location privacy of the resulting POI from the LBS and other possible attackers. In this paper, we propose two different privacy-preserving protocols for finding the exact answer to a GNN query among a set of returned POIs. The first protocol assumes a semi-honest model while the second one works in a malicious model. The proposed protocols are based on the Anonymous Veto network and Burmester–Desmedt key establishment protocols. The security analysis shows that the proposed protocols provide both Intragroup and Intergroup location privacy; they also protect the location privacy of the resulting POI and are resistant to collusion and multi-point aggregate distance attacks. The performed analyses indicate that they incur a constant computation cost per user and are efficient in terms of computation and communication costs.

     

X‐Region: A framework for location privacy preservation in mobile peer‐to‐peer networks

While enjoying various LBS (location‐based services), users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer‐to‐peer (P2P) networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x‐region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x‐region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x‐region, together with three algorithms for generating an x‐region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.     

基于敏感位置多样性的LBS位置隐私保护方法研究

针对LBS查询服务中构造的匿名框或选取的锚点仍位于敏感区域而导致的位置隐私泄漏问题,提出了基于敏感位置多样性的锚点选取算法。该算法根据用户访问数量和访问高峰时段,对不同敏感位置进行定义和筛选,选择具有相似特征的其他敏感位置构成多样性区域,并以该区域形心作为查询锚点,提高用户在敏感位置出现的多样性。以该锚点为查询标志,提出一种均衡增量近邻兴趣点查询算法HINN,在无需用户提供真实位置坐标的条件下实现K近邻兴趣点查询,同时改进了SpaceTwist方法中存在的查询兴趣点围绕锚点分布的缺陷,提高了查询准确度。实验表明,本方法实现了用户在敏感区域停留时的位置隐私保护目标,同时具有良好的兴趣点查询质量和较低的通信开销。