基于连续近邻服务请求的位置匿名方法的研究

随着智能设备的普及,基于位置的服务变得越来越流行,人们通过网络获取便捷服务时,同时也将自己的位置信息暴露给LBS提供商,带来了隐私泄露的威胁。针对如何保护用户的位置信息不被泄露问题,国内外学者提出很多种解决方案,其中一种典型的方法是冗余地址查询方法。然而之前的方法在连续的近邻查询过程中存在处理速度较慢,反应延迟较大的问题。为了提高冗余匿名方法连续近邻查询的查询速度和效率,本文利用局部性原理,提出了一种改进算法,能够有效提高服务器的处理速度和查询时间,减少响应延迟。实验结果表明,对连续性较强的近邻查询,本文建议的方法相对于之前的方法查询性能有较大的提高。     

An optimal query strategy for protecting location privacy in location-based services

In this paper, an optimal query strategy is proposed for location privacy in location-based services (LBSs) from a game-theoretic perspective. Distributed location privacy metrics are proposed, and a user-centric model is proposed, in which users make their own decisions to protect their location privacy. In addition, the mobile users’ cooperation is formalized as a query strategy selection optimizing problem by using the framework of Bayesian games. Based on the analysis of Bayesian Nash Equilibria, a User Query Strategy Optimization Algorithm (UQSOA) is designed to help users achieve optimized utilities. We perform simulations to assess the privacy protection effectiveness of our approach and validate the theoretical properties of the UQSOA algorithm.     

Preserving location privacy without exact locations in mobile services

Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking approaches assume that mobile users are trusted. And exact locations are required to protect location privacy, which is exactly the information mobile users want to hide. In this paper, we propose a p-anti-conspiration privacy model to anonymize over semi-honest users. Furthermore, two k*NNG-based cloaking algorithms, vk*NNCA and ek*NNCA, are proposed to protect location privacy without exact locations. The efficiency and effectiveness of the proposed algorithms are validated by a series of carefully designed experiments. The experimental results show that the price paid for location privacy protection without exact locations is small.     

A context-aware scheme for privacy-preserving location-based services

We address issues related to privacy protection in location-based services (LBSs). Most existing privacy-preserving LBS techniques either require a trusted third-party (anonymizer) or use cryptographic protocols that are computationally and communicationally expensive. Our design of privacy-preserving techniques is principled on not requiring a trusted third-party while being highly efficient in terms of time and space complexities. The problem has two interesting and challenging characteristics: First, the degree of privacy protection and LBS accuracy depends on the context, such as population and road density, around a user’s location. Second, an adversary may violate a user’s location privacy in two ways: (i) based on the user’s location information contained in the LBS query payload and (ii) by inferring a user’s geographical location based on the device’s IP address. To address these challenges, we introduce CAP, a context-aware privacy-preserving LBS system with integrated protection for both data privacy and communication anonymity. We have implemented CAP and integrated it with Google Maps, a popular LBS system. Theoretical analysis and experimental results validate CAP’s effectiveness on privacy protection, LBS accuracy, and communication QoS (Quality-of-Service).     

Trip planning queries with location privacy in spatial databases

Privacy has become a major concern for the users of location-based services (LBSs) and researchers have focused on protecting user privacy for different location-based queries. In this paper, we propose techniques to protect location privacy of users for trip planning (TP) queries, a novel type of query in spatial databases. A TP query enables a user to plan a trip with the minimum travel distance, where the trip starts from a source location, goes through a sequence of points of interest (POIs) (e.g., restaurant, shopping center), and ends at a destination location. Due to privacy concerns, users may not wish to disclose their exact locations to the location-based service provider (LSP). In this paper, we present the first comprehensive solution for processing TP queries without disclosing a user’s actual source and destination locations to the LSP. Our system protects the user’s privacy by sending either a false location or a cloaked location of the user to the LSP but provides exact results of the TP queries. We develop a novel technique to refine the search space as an elliptical region using geometric properties, which is the key idea behind the efficiency of our algorithms. To further reduce the processing overhead while computing a trip from a large POI database, we present an approximation algorithm for privacy preserving TP queries. Extensive experiments show that the proposed algorithms evaluate TP queries in real time with the desired level of location privacy.     

Dynamic path privacy protection framework for continuous query service over road networks

Many applications of location based services (LBSs), it is useful or even necessary to ensure that LBSs services determine their location. For continuous queries where users report their locations periodically, attackers can infer more about users’ privacy by analyzing the correlations of their query samples. The causes of path privacy problems, which emerge because the communication by different users in road network using location based services so, attacker can track continuous query information. LBSs, albeit useful and convenient, pose a serious threat to users’ path privacy as they are enticed to reveal their locations to LBS providers via their queries for location-based information. Traditional path privacy solutions designed in Euclidean space can be hardly applied to road network environment because of their ignorance of network topological properties. In this paper, we proposed a novel dynamic path privacy protection scheme for continuous query service in road networks. Our scheme also conceals DPP (Dynamic Path Privacy) users’ identities from adversaries; this is provided in initiator untraceability property of the scheme. We choose the different attack as our defending target because it is a particularly challenging attack that can be successfully launched without compromising any user or having access to any cryptographic keys. The security analysis shows that the model can effectively protect the user identity anonymous, location information and service content in LBSs. All simulation results confirm that our Dynamic Path Privacy scheme is not only more accurate than the related schemes, but also provide better locatable ratio where the highest it can be around 95 % of unknown nodes those can estimate their position. Furthermore, the scheme has good computation cost as well as communication and storage costs.Simulation results show that Dynamic Path Privacy has better performances compared to some related region based algorithms such as IAPIT scheme, half symmetric lens based localization algorithm (HSL) and sequential approximate maximum a posteriori (AMAP) estimator scheme.     

移动对象连续查询位置匿名策略

用户位置隐私保护已经成为基于位置服务领域研究的热点问题之一,现有的方法多是只针对用户单独一次查询的隐私保护,没有考虑移动过程中由于连续查询而造成的位置隐私泄露问题。主要针对连续查询下的移动对象位置隐私保护提出一种基于历史用户的虚假用户生成的位置匿名方法,该方法结合用户历史数据,通过确定合理的假用户生成区域及假用户生成时刻其空间位置,使虚假用户能够实时对真实用户位置进行保护,通过实验验证其可行性和有效性。     

道路网络上基于时空相似性的连续查询隐私保护算法

连续查询作为基于位置服务中常见的服务类型之一,为人们的生活和工作带来了巨大的便利.最近几年,针对位置服务中的隐私保护引起了学术界研究者的广泛关注.然而,现有在道路网络上的位置隐私保护工作大多针对快照查询提供隐私保护.如果直接将这些算法应用于连续查询,由于连续查询中位置频繁更新,将同时产生连续查询隐私泄露和精确位置的泄露.由于网络拓扑的存在,移动用户的运动在一段时间内具有时空相似的特点.利用连续查询用户的时空相似性,提出了一种在道路网络上基于时空相似性的连续查询隐私保护算法.通过采取分组策略构造匿名集和K-共享机制,提出了一种启发式宽度优先用户搜索算法HBFS来构造匿名用户集,并提出了一种连续时刻内匿名路段集生成算法CSGA生成匿名路段集合,可以同时防止连续查询攻击和位置依赖攻击.最后,采用4个评价标准对算法进行了一系列实验,验证了算法的有效性.     

车联网中基于位置服务的个性化位置隐私保护

随着车联网的快速发展,用户享受车联网提供的位置服务(location-based services,LBSs)时,位置隐私泄漏是一个关键安全问题.针对车载网络中位置服务隐私泄露问题,提出了一种基于差分隐私的个性化位置隐私保护方案,在保护用户隐私的前提下,满足用户个性化隐私需求.首先,定义归一化的决策矩阵,描述导航推荐路...     

基于历史查询概率的K-匿名哑元位置选取算法

基于历史查询概率的哑元位置隐私保护机制存在匿名度低、隐匿区域小和位置分布不均匀的问题。提出K-匿名哑元位置选取（K-DLS）算法用于位置隐私保护。通过综合考虑匿名集的位置离散度和零查询用户,增强哑元匿名集的隐私性。利用熵度量选择哑元位置,使得哑元匿名集的熵值最优,并根据位置偏移距离优化匿名结果,增加匿名集的位置离散度。仿真结果表明,K-DLS算法的哑元匿名集离散度优于DLS、DLP、Enhanced_DLP等算法,能够有效提高用户位置的隐私保护效果。     

Countering overlapping rectangle privacy attack for moving kNN queries

An important class of LBSs is supported by the moving k nearest neighbor (MkNN) query, which continuously returns the k nearest data objects for a moving user. For example, a tourist may want to observe the five nearest restaurants continuously while exploring a city so that she can drop in to one of them anytime. Using this kind of services requires the user to disclose her location continuously and therefore may cause privacy leaks derived from the user's locations. A common approach to protecting a user's location privacy is the use of imprecise locations (e.g., regions) instead of exact positions when requesting LBSs. However, simply updating a user's imprecise location to a location-based service provider (LSP) cannot ensure a user's privacy for an MkNN query: continuous disclosure of regions enable LSPs to refine more precise location of the user. We formulate this type of attack to a user's location privacy that arises from overlapping consecutive regions, and provide the first solution to counter this attack. Specifically, we develop algorithms which can process an MkNN query while protecting the user's privacy from the above attack. Extensive experiments validate the effectiveness of our privacy protection technique and the efficiency of our algorithm.     

Protecting location privacy in mobile geoservices using fuzzy inference systems

Mobile geoservices, especially location-based services (LBSs), are becoming more popular each day. The most important goal of these services is to use a user’s location to provide location-aware services. Because the user’s spatial information can be abused by organizations or advertisers, and sometimes for criminal purposes, the protection of this information is a necessary part of such services. There has been substantial research on privacy protection in LBSs and mobile geoservices; most studies have attempted to anonymize the user and hide his/her identity or to engage the user in the protection process. The major defects of these previous approaches include an increased complexity of system architecture, a decrease in service capabilities, undesirable processing times, and a failure to satisfy users. Additionally, anonymization is not a suitable solution for context-aware services. Therefore, in this paper, a new approach is proposed to locate users with different levels of spatial precision, based on his/her spatio-temporal context and a user’s group, through fuzzy inference systems. The user’s location and the time of the request determine the spatio-temporal context of the user. A fuzzy rule base is formed separately for each group of users and services. An interview is a simple method to extract the rules. The spatial precision of a user’s location, which is obtained from a fuzzy system, goes to a spatial function called the conceptualization function, to determine the user’s location based on one of the following five levels of qualitative precision: geometrical coordinates, streets, parish, region, and qualitative location, such as the eastern part of the city. Thus, there is no need to anonymize users in mobile geoservices or to turn the service off. The applicability and efficiency of the proposed method are shown for a group of taxi drivers.     

基于时空关联和位置语义的个性化假位置生成方法

基于假位置的一类隐私保护方案在保护用户位置隐私的同时能够使用户获得准确查询信息,并无需依赖第三方和共享密钥.然而,当攻击者掌握一定的背景知识,例如道路时空可达信息、位置特征和用户的历史请求统计特性等,会导致假位置被识别的概率升高,降低隐私保护程度.针对上述问题,提出了基于时空关联和位置语义的个性化假位置生成算法.首先根据与前一次请求位置连续可达的条件产生假位置,然后通过建立语义树筛选出与真实位置语义相近的假位置,最后进一步筛选出与用户历史请求统计特性最接近的假位置.基于真实数据集将该算法与现有的算法进行比较,表明该算法在攻击者掌握相关背景知识的情况下,可以有效地降低位置隐私泄露的风险.     

Transaction pseudonyms in mobile environments

Network Operators start to offer formerly hidden services such as location service, messaging services and presence services. This fosters the development of a new class of innovative context aware applications that are operated by third party application providers. However, without the implementation of proper privacy protection mechanisms, location and presence information, that is processed by third party application providers, may also imply severe risks to users. If no privacy protection is foreseen, the user’s identity could be used maliciously which renders such applications dangerous. To protect the user’s sensitive data such as location information we propose a novel service architecture which fosters the development of innovative applications that brings together internet applications with telco services. An underlying privacy enhancing mechanism that is based on the notion of pseudonyms allows even untrusted third party application providers to access sensitive data provided by telco services such as location, presence or messaging services. Due to their high security, pseudonyms guarantee that the user’s identity is kept secret towards the untrusted application providers. Due to its low computational complexity this pseudonym generation scheme can also be implemented on devices such as mobile phones and digital assistants with only little computational power and restricted memory capabilities. To illustrate our approach, we demonstrate a transportation ticket application that implements the proposed service architecture. This application allows the use of transportation tickets which are extended by the location-tracking functionality. Similar to the well known paper based transportation tickets our solution supports anonymity of users even if the ticket application “knows” the location of the holder. Oliver Jorns is a researcher at the Telecommunications Research Center in Vienna and is also a Lecturer at the University of Vienna. Oliver Jung is employed as a Senior Researcher at the Telecommunications Research Center Vienna. He is also member of ISO/IEC JTC1 SC27 (IT security techniques). Gerald Quirchmayr is Professor at the Institute for Computer Science and Business Informatics at the University of Vienna and since January 2005 he heads the Department of Distributed and Multimedia Systems, Faculty of Computer Science, at the University of Vienna.     

Mobile cloud computing framework for a pervasive and ubiquitous environment

The increasing use of wireless Internet and smartphone has accelerated the need for pervasive and ubiquitous computing (PUC). Smartphones stimulate growth of location-based service and mobile cloud computing. However, smartphone mobile computing poses challenges because of the limited battery capacity, constraints of wireless networks and the limitations of device. A fundamental challenge arises as a result of power-inefficiency of location awareness. The location awareness is one of smartphone’s killer applications; it runs steadily and consumes a large amount of power. Another fundamental challenge stems from the fact that smartphone mobile devices are generally less powerful than other devices. Therefore, it is necessary to offload the computation-intensive part by careful partitioning of application functions across a cloud. In this paper, we propose an energy-efficient location-based service (LBS) and mobile cloud convergence. This framework reduces the power dissipation of LBSs by substituting power-intensive sensors with the use of less-power-intensive sensors, when the smartphone is in a static state, for example, when lying idle on a table in an office. The substitution is controlled by a finite state machine with a user-movement detection strategy. We also propose a seamless connection handover mechanism between different access networks. For convenient on-site establishment, our approach is based on the end-to-end architecture between server and a smartphone that is independent of the internal architecture of current 3G cellular networks.     

Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

Anonymous Query Processing in Road Networks

The increasing availability of location-aware mobile devices has given rise to a flurry of location-based services (LBSs). Due to the nature of spatial queries, an LBS needs the user position in order to process her requests. On the other hand, revealing exact user locations to a (potentially untrusted) LBS may pinpoint their identities and breach their privacy. To address this issue, spatial anonymity techniques obfuscate user locations, forwarding to the LBS a sufficiently large region instead. Existing methods explicitly target processing in the euclidean space and do not apply when proximity to the users is defined according to network distance (e.g., driving time through the roads of a city). In this paper, we propose a framework for anonymous query processing in road networks. We design location obfuscation techniques that: 1) provide anonymous LBS access to the users and 2) allow efficient query processing at the LBS side. Our techniques exploit existing network database infrastructure, requiring no specialized storage schemes or functionalities. We experimentally compare alternative designs in real road networks and demonstrate the effectiveness of our techniques.     

社交网络中的位置隐私保护研究

随着智能终端设备和社交网络服务的广泛使用,移动互联网发展的一个重要趋势是社交、位置和移动相融合,在这些应用中,位置是一项非常重要的信息。该文从位置隐私泄露的风险出发,介绍了几种位置隐私保护技术,比较它们的优劣,提出了移动感知的匿位区域生成方法,通过信息熵理论将用户位置的不可推测性最大化,实现了社交网络中个人隐私保护。     

Using multi-objective metaheuristics for the optimal selection of positioning systems

The interworking between cellular and wireless local area networks, as well as the spreading of mobile devices equipped with several positioning technologies pave the ground to new and more favorable indoor/outdoor location-based services (LBSs). Thus, wireless internet service providers are required to take several positioning methods into account at the same time, to leverage the different features of existing technologies. This would allow providing LBSs satisfying the user-required quality of position in terms of accuracy, privacy, power consumption, and often, conflicting features. Therefore, this paper presents GlobalPreLoc, a multi-objective strategy for the dynamic and optimal selection of positioning technologies. The strategy exploits a pattern-mining algorithm for future position prediction combined with conventional multi-objective evolutionary algorithms, for choosing continuously the best location providers, accounting for the user requirements, the terminal capabilities, and the surrounding positioning infrastructures. To practically implement the strategy, we also designed an architecture based on secure user plane location specification to provide indoor and outdoor LBSs in interworking wireless networks exploiting GlobalPreLoc features.     

k-Nearest neighbor query processing algorithm for cloaking regions towards user privacy protection in location-based services

Due to the advancement of wireless internet and mobile positioning technology, the application of location-based services (LBSs) has become popular for mobile users. Since users have to send their exact locations to obtain the service, it may lead to several privacy threats. To solve this problem, a cloaking method has been proposed to blur users’ exact locations into a cloaked spatial region with a required privacy threshold (k). With the cloaked region, an LBS server can carry out a k-nearest neighbor (k-NN) search algorithm. Some recent studies have proposed methods to search k-nearest POIs while protecting a user’s privacy. However, they have at least one major problem, such as inefficiency on query processing or low precision of retrieved result. To resolve these problems, in this paper, we propose a novel k-NN query processing algorithm for a cloaking region to satisfy both requirements of fast query processing time and high precision of the retrieved result. To achieve fast query processing time, we propose a new pruning technique based on a 2D-coodinate scheme. In addition, we make use of a Voronoi diagram for retrieving the nearest POIs efficiently. To satisfy the requirement of high precision of the retrieved result, we guarantee that our k-NN query processing algorithm always contains the exact set of k nearest neighbors. Our performance analysis shows that our algorithm achieves better performance in terms of query processing time and the number of candidate POIs compared with other algorithms.