Constructing dummy query sequences to protect location privacy and query privacy in location-based services

World Wide Web - Location-based services (LBS) have become an important part of people’s daily life. However, while providing great convenience for mobile users, LBS result in a serious...     

An optimal query strategy for protecting location privacy in location-based services

In this paper, an optimal query strategy is proposed for location privacy in location-based services (LBSs) from a game-theoretic perspective. Distributed location privacy metrics are proposed, and a user-centric model is proposed, in which users make their own decisions to protect their location privacy. In addition, the mobile users’ cooperation is formalized as a query strategy selection optimizing problem by using the framework of Bayesian games. Based on the analysis of Bayesian Nash Equilibria, a User Query Strategy Optimization Algorithm (UQSOA) is designed to help users achieve optimized utilities. We perform simulations to assess the privacy protection effectiveness of our approach and validate the theoretical properties of the UQSOA algorithm.     

Long-term location privacy protection for location-based services in mobile cloud computing

The popularity of mobile devices, especially intelligent mobile phones, significantly prompt various location-based services (LBSs) in cloud systems. These services not only greatly facilitate people’s daily lives, but also cause serious threats that users’ location information may be misused or leaked by service providers. The dummy-based privacy protection techniques have significant advantages over others because they neither rely on trusted servers nor need adequate number of trustworthy peers. Existing dummy-based location privacy protection schemes, however, cannot yet provide long-term privacy protection. In this paper, we propose four principles for the dummy-based long-term location privacy protection (LT-LPP). Based on the principles, we propose a set of long-term consistent dummy generation algorithms for the LT-LPP. Our approach is built on soft computing techniques and can balance the preferred privacy protection and computing cost. Comprehensive experimental results demonstrate that our approach is effective to both long-term privacy protection and fake path generation for LBSs in mobile clouds.     

Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

LBS的一种隐私保护模型

移动位置服务(LBS)是一个分布式多方参与的系统,给移动商业应用带来了一个快速发展的时机,但由于其拥有访问私人信息的权利,以至于也给它们的用户隐私带来很大的风险.为此,通过对能够有效保护用户隐私的模型进行了研究,提出了一个体系结构和一个协议,协议中使用一个位置中间件把来自LBS供应商提供的用户关心的区域信息和来自移动运营商的用户位置信息进行匹配.结果表明,该协议使得隐私友好的服务成为可能,而且仍然是高效率.     

位置服务中基于贝叶斯的隐私泄露分析

个人位置信息是一种物理隐私信息,敌手可以根据背景知识获取用户的真实身份.为了分析位置服务的用户隐私问题,建模了敌手进行身份推理攻击的过程,并提出了一种根据个人位置信息测量身份泄露的贝叶斯推理方法.通过对比观测的位置信息与背景知识数据库的匹配程度,该方法能重新识别用户真实身份.实验采用了真实路网的数据集,结果显示不可信LBS通过收集查询请求能以很高的概率确定用户真实身份.研究表明高精度的个人位置信息泄露导致很高的身份隐私风险.     

Spatial co-location pattern mining for location-based services in road networks

With the evolution of geographic information capture and the emergency of volunteered geographic information, it is getting more important to extract spatial knowledge automatically from large spatial datasets. Spatial co-location patterns represent the subsets of spatial features whose objects are often located in close geographic proximity. Such pattern is one of the most important concepts for geographic context awareness of location-based services (LBS). In the literature, most existing methods of co-location mining are used for events taking place in a homogeneous and isotropic space with distance expressed as Euclidean, while the physical movement in LBS is usually constrained by a road network. As a result, the interestingness value of co-location patterns involving network-constrained events cannot be accurately computed. In this paper, we propose a different method for co-location mining with network configurations of the geographical space considered. First, we define the network model with linear referencing and refine the neighborhood of traditional methods using network distances rather than Euclidean ones. Then, considering that the co-location mining in networks suffers from expensive spatial-join operation, we propose an efficient way to find all neighboring object pairs for generating clique instances. By comparison with the previous approaches based on Euclidean distance, this approach can be applied to accurately calculate the probability of occurrence of a spatial co-location on a network. Our experimental results from real and synthetic data sets show that the proposed approach is efficient and effective in identifying co-location patterns which actually rely on a network.     

Preserving location privacy without exact locations in mobile services

Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking approaches assume that mobile users are trusted. And exact locations are required to protect location privacy, which is exactly the information mobile users want to hide. In this paper, we propose a p-anti-conspiration privacy model to anonymize over semi-honest users. Furthermore, two k*NNG-based cloaking algorithms, vk*NNCA and ek*NNCA, are proposed to protect location privacy without exact locations. The efficiency and effectiveness of the proposed algorithms are validated by a series of carefully designed experiments. The experimental results show that the price paid for location privacy protection without exact locations is small.     

k-Nearest neighbor query processing algorithm for cloaking regions towards user privacy protection in location-based services

Due to the advancement of wireless internet and mobile positioning technology, the application of location-based services (LBSs) has become popular for mobile users. Since users have to send their exact locations to obtain the service, it may lead to several privacy threats. To solve this problem, a cloaking method has been proposed to blur users’ exact locations into a cloaked spatial region with a required privacy threshold (k). With the cloaked region, an LBS server can carry out a k-nearest neighbor (k-NN) search algorithm. Some recent studies have proposed methods to search k-nearest POIs while protecting a user’s privacy. However, they have at least one major problem, such as inefficiency on query processing or low precision of retrieved result. To resolve these problems, in this paper, we propose a novel k-NN query processing algorithm for a cloaking region to satisfy both requirements of fast query processing time and high precision of the retrieved result. To achieve fast query processing time, we propose a new pruning technique based on a 2D-coodinate scheme. In addition, we make use of a Voronoi diagram for retrieving the nearest POIs efficiently. To satisfy the requirement of high precision of the retrieved result, we guarantee that our k-NN query processing algorithm always contains the exact set of k nearest neighbors. Our performance analysis shows that our algorithm achieves better performance in terms of query processing time and the number of candidate POIs compared with other algorithms.     

Preserving privacy in environments with location-based applications

The increase in location-based applications makes protecting personal location information a major challenge. Addressing this challenge requires a mechanism that lets users automate control of their location information, thereby minimizing the extent to which the system intrudes on their lives.     

DPPS: A novel dual privacy-preserving scheme for enhancing query privacy in continuous location-based services

Since smartphones embedded with positioning systems and digital maps are widely used, location-based services (LBSs) are rapidly growing in popularity and providing unprecedented convenience in people’s daily lives; however, they also cause great concern about privacy leakage. In particular, location queries can be used to infer users’ sensitive private information, such as home addresses, places of work and appointment locations. Hence, many schemes providing query anonymity have been proposed, but they typically ignore the fact that an adversary can infer real locations from the correlations between consecutive locations in a continuous LBS. To address this challenge, a novel dual privacy-preserving scheme (DPPS) is proposed that includes two privacy protection mechanisms. First, to prevent privacy disclosure caused by correlations between locations, a correlation model is proposed based on a hidden Markov model (HMM) to simulate users’ mobility and the adversary’s prediction probability. Second, to provide query probability anonymity of each single location, an advanced k-anonymity algorithm is proposed to construct cloaking regions, in which realistic and indistinguishable dummy locations are generated. To validate the effectiveness and efficiency of DPPS, theoretical analysis and experimental verification are further performed on a real-life dataset published by Microsoft, i.e., GeoLife dataset.     

Personality traits and concern for privacy: an empirical study in the context of location-based services

For more than a century, concern for privacy (CFP) has co-evolved with advances in information technology. The CFP refers to the anxious sense of interest that a person has because of various types of threats to the person's state of being free from intrusion. Research studies have validated this concept and identified its consequences. For example, research has shown that the CFP can have a negative influence on the adoption of information technology; but little is known about factors likely to influence such concern. This paper attempts to fill that gap. Because privacy is said to be a part of a more general ‘right to one's personality’, we consider the so-called ‘Big Five’ personality traits (agreeableness, extraversion, emotional stability, openness to experience, and conscientiousness) as factors that can influence privacy concerns. Protection motivation theory helps us to explain this influence in the context of an emerging pervasive technology: location-based services. Using a survey-based approach, we find that agreeableness, conscientiousness, and openness to experience each affect the CFP. These results have implications for the adoption, the design, and the marketing of highly personalized new technologies.     

基于位置服务的研究综述

基于位置的服务是指移动终端利用各种定位技术获得当前位置信息,再通过无线通信将这些信息传输给服务提供商,服务提供商根据用户的位置信息以及用户的上下文信息提供个性化的服务。对位置服务按照不同的方面进行了分类,然后分析了基于位置服务中的关键技术,包括定位、信息传输以及位置索引,接着总结了基于位置服务的典型应用,最后指出了存在的一些问题。     

Landscape-aware location-privacy protection in location-based services

Mobile network providers have developed a variety of location-based services (LBSs), such as friend-finder, point of interest services, emergency rescue and many other safety and security services. The protection of location-privacy has consequently become a key aspect to the success of LBSs, since users consider their own physical location and movements highly privacy-sensitive, and demand for solutions able to protect such an information in a variety of environments. The idea behind location-privacy protection is that the individual should be able to set the level at which the location information is released to avoid undesired exploitation by a potential attacker: one of the approaches to this problem is given by the application of spatial obfuscation techniques, actuated by a trusted agent, and consisting in artificial perturbations of the location information collected by sensing technologies, before its disclosure to third parties. In many situations, however, landscape/map information can help a third party to perform Bayesian inference over spatially obfuscated data and to refine the user’s location estimate up to a violation of the original user’s location-privacy requirements. The goal of this paper is to provide a map-dependent obfuscation procedure that enables the release of the maximum possible user’s location information, that does not lead to a violation of the original user’s location-privacy requirements, even when refined through map-based inference.     

一种轻量级高效的位置服务隐私保护模型

针对基于位置服务中用户位置信息和查询信息隐私易被泄露的安全威胁,基于Geohash地理信息一维编码、Memcached服务器集群,构建了一个轻量级、高效的位置服务隐私保护模型,并加以仿真实现。Geohash编码有效的实现了模糊用户位置的目的,结合Memcached的快照缓存,达到了k-匿名效果,且避免了用户稀疏问题和连续查询带来的易被结合用户背景知识进行关联攻击的问题,用户查询信息、服务端响应信息采用加密传输与存储的机制,应用APP与位置服务提供商实体双向认证,这在一定程度上保证了模型的安全性。二级缓存也提高了系统整体性能,经过仿真实验和数据测量,该模型有较好的性能表现。     

Multidimensional data modeling for location-based services

With the recent and continuing advances in areas such as wireless communications and positioning technologies, mobile, location-based services are becoming possible.Such services deliver location-dependent content to their users. More specifically, these services may capture the movements and requests of their users in multidimensional databases, i.e., data warehouses, and content delivery may be based on the results of complex queries on these data warehouses. Such queries aggregate detailed data in order to find useful patterns, e.g., in the interaction of a particular user with the services.The application of multidimensional technology in this context poses a range of new challenges. The specific challenge addressed here concerns the provision of an appropriate multidimensional data model. In particular, the paper extends an existing multidimensional data model and algebraic query language to accommodate spatial values that exhibit partial containment relationships instead of the total containment relationships normally assumed in multidimensional data models. Partial containment introduces imprecision in aggregation paths. The paper proposes a method for evaluating the imprecision of such paths. The paper also offers transformations of dimension hierarchies with partial containment relationships to simple hierarchies, to which existing precomputation techniques are applicable.Received: 28 September 2002, Accepted: 5 April 2003, Published online: 12 August 2003Edited by: J. Veijalainen Correspondence to: I. Timko     

Wireless location privacy protection

After more than two decades of hype, computing and communication technologies are finally converging. Java-enabled cell phones run a host of powerful applications including mobile Internet access, while many notebook computers offer high-speed wireless connectivity as a standard feature. The big decision when purchasing a PDA is whether to get integrated cellular service or Wi-Fi capability. Location-based services are emerging as the next killer app in personal wireless devices, but there are few safeguards on location privacy. In fact, the demand for improved public safety is pushing regulation in the opposite direction. Today, when a person reports an emergency from a landline phone by dialing 911 in the United States or 112 in Europe, the system displays the caller's phone number and address to the dispatcher. The US Federal Communications Commission has mandated that, by December 2005, all cellular carriers be able to identify the location of emergency callers using mobile phones to within 50 to 100 meters. However, how cellular carriers and other businesses will use this capability remains open to question. The article looks at some of the areas this capability affects, including: privacy risks; economic damages; location-based spam; intermittent connectivity; user interfaces; network privacy; and privacy protection.