No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A Novel Dummy-Based KNN Query Anonymization Method in Mobile Services
Abstract
Due to the advances of mobile devices with GPS (Global Positioning System), a user's privacy threat is increased in location based services (LBSs). So, various Location Privacy-Preserving Mechanisms (LPPMs) have been proposed in the literature to address the privacy risks derived from the exposure of user locations through the use of LBSs. However, these methods obfuscate the locations disclosed to the LBS provider using a variety of strategies, most of which come at a cost of resource consumption. Therefore, we propose a privacy-protected KNN query anonymization method based on Bayesian estimation for Location-based services. Unlike previous dummy-based approaches, in our method, the request to the LBS server doesn't contain the genuine user location, so we can't calculate whether meet the threshold condition of two location directly, but must to decision making by transition probability. In addition, our method just requires the server returns the results the client needs. Further, we propose an effective search algorithm to improve the server processing. So it can reduce bandwidth usages and efficiently support K-nearest neighbor queries without revealing the private information of the query issuer. An empirical study shows that our proposal is effective in terms of offering location privacy, and efficient in terms of computation and communication costs.
... Existing approaches for addressing location privacy preservation of LBS users concern anonymization [7][8][9][10][11][12][13][14][15], obfuscation [16][17][18][19][20][21][22][23][24] and dummy generation [25][26][27][28]. In anonymization-based approaches, LBS users typically send their locations to a third-party server, which anonymizes user locations before sending the users' LBS queries to the LBS server. ...
... Incidentally, existing dummy generation and obfuscation-based approaches are not adequate for regions with a higher number of infeasible regions [25,28]. A geographical region is defined as an infeasible region for an entity if an entity cannot possibly be physically present at that location. ...
... In dummy generation approaches [25][26][27][28], the user sends k-1 dummy locations along with the user's real location, thereby making k indistinguishable locations with 1/k probability for an adversary to find the real user. The LBS provider then provides a list of services from each location (i.e., the user's and the dummy's locations) in the query. ...
Location-based services (LBS), which provide personalized and timely information, entail privacy concerns such as unwanted leaks of current user locations to potential stalkers. In this regard, existing works have proposed dummy generation techniques by creating a cloaking region (CR) such that the user’s location is at a fixed distance from the centre of CR. Hence, if the adversary somehow knows the location of the centre of CR, the user’s location would be vulnerable to attacks. Moreover, in case of the existing approaches, infeasible regions are assumed to have no relationship with time. However, this assumption is typically not valid in real-world scenarios. For example, a supermarket can be considered to be an infeasible region from 9 pm to 9 am since it would be closed at that time. Thus, if a dummy is placed at this location at that particular time, the attacker would know that it is a dummy, thereby reducing the user’s location privacy. In this regard, our key contributions are three-fold. First, we propose an improved dummy generation approach, which we designate as Annulus-based Gaussian Dummy Generation (AGDG), for facilitating improved location privacy for mobile users. Second, we introduce the notion of time-dependent infeasible regions to further improve the dummy generation approach by considering infeasible regions that change with time. Third, we conducted experiments to demonstrate that the AGDG effectively provides improved location privacy, including for regions with time-dependent infeasible regions w.r.t. existing approaches.
... In dummy generation approaches [3,8,14,15], the user sends k-1 dummy locations along with the user's real location, thereby making k indistinguishable locations with 1/k probability for an adversary to find the real user. The LBS provider then provides a list of services from each location (i.e., the user's and the dummies' locations) in the query. ...
... The user can then filter out the list of services associated with the dummies' locations and choose only the information relevant to her actual location. The Circle-divided Dummy Generation (CDG) technique [15] generates dummies by considering an angle. Moreover, the Obstacle-based Dummy Generation (ODG) approach, which considers the surrounding environment, was proposed in [3]. ...
... Thus, maximum entropy H max = log 2 k is achieved when all the k locations have the same probability of 1/k. We compare our proposed AGDG approach with the CDG [15], ODG [3] and EDG [14] approaches. We adapt these reference approaches with essentially the same setup as that of our approach to have a fair and meaningful comparison. ...
Location-based services (LBS), which provide personalized and timely information, entail privacy concerns such as unwanted leak of current user locations to potential stalkers. Existing works have proposed dummy generation techniques by creating a cloaking region (CR) such that the user’s location is at a fixed distance from the center of CR. Hence, if the adversary somehow knows the location of the center of CR, the user’s location would be vulnerable to attack. We propose an improved dummy generation approach for facilitating improved location privacy for mobile users. Our performance study demonstrates that our proposed approach is indeed effective in improving user location privacy.
... Kido et al. [6] were the first one to propose a dummy generation technique for privacy preservation in LBS. Subsequently, other dummy-based privacy-preserving techniques were proposed [7,10,9,19,1,14,13,5,4]. For all the dummy-based privacy-preserving techniques, selection of appropriate dummies plays a vital role. ...
... Hence, k-anonymity is not satisfied. The work done by Lu et al. [7], and Zhao et al. [19] is also vulnerable to Map-matching attack. ...
... In case of dummy generation based techniques, Centre-of-ASR attack will take place if the the actual user location is in the centre of the region consisting of dummy locations and original user location. Zhao et al.'s [19] work is vulnerable to Centre-of-ASR attack. ...
The popularity of Location-Based Services applications have drastically increased in GPS enabled smartphones. However, location privacy remains a major concern for users of such applications. In this paper, we have identified key issues observed in Dummy-based privacy preservation techniques. We have envisioned several research directions for enhanced dummy-generation in Location-Based Services.
... The cloaking method can prevent the exposure of the specific location of a user such as building information, because queries are sent from a generalized area including the user instead of the specific location of the user. If the location of a user is continuously revealed to the server, the movement path of that user can be exposed [11][12][13][14][15][16]. For example, let us assume that a mobile user sends queries in a certain path from a starting point to a destination. ...
... LBS queries are generally classified as either snapshot queries or continuous queries [1][2][3][4][5][6][7][8][9][10][11][12][13][14]. The query process using snapshot queries is as follows. ...
An increasing amount of active research is being conducted to protect the locations of mobile device users. Users must tune to more data than they would like to in order to hide their location. In particular, if a user requests a query over k NN, the number of objects the user must receive may increase. Several studies have been proposed to solve these problems. However, problems have been identified during the course of query processing, such as errors and increased query processing times. When the tuning time is increased, the amount of data to download and the battery consumption of the client also increase. In this study, we propose the Privacy-preserving Spatial Index (PSI), an index that allows users to reduce their tuning time while being satisfied with the results of their queries. The querier (q) requests the object in the area protecting his/her location from the server. The server sends the requested data of points of interest (POIs) (DPOIs) in the Privacy-preserving Region (PR) to q. Finally, q reduces tuning time by selectively tuning to the desired data of POIs (Dw) through PSI. The superiority of PSI over previous techniques is experimentally proven.
... In addition to that, different proposals based on this approach are presented in [37,38,41,42]. ...
Anonymity and privacy are two security services frequently confused when schemes are designed. On the one hand, privacy refers to transform information in order to keep it from all but those who are authorized to have it. On the other hand, anonymity refers to a condition in which the information receiver does not know the sender's identity. From the Location Based Service (LBS) point of view, anonymity and privacy are security services very important to preserve, as sensitive data travel in a service request, for example the identity of participants and their location. Most of the related work focuses on protecting only one aspect of the LBS user letting secure only one aspect. in this paper we present a security scheme that consists on a set of cryptographic protocols which consider cryptographic primitives along with fake location information, in order to provide both identity anonymity and location privacy. The importance of this work relies on the fact that the proposed scheme remains transparent to the LBS provider. Moreover, the results obtained show that this approach focused on removing the trust from the LBS provider, did not represent an excessive increment on the cost and usage of the channel that makes our scheme a suitable and interesting improvement over previous works.
With the development of new generation mobile communication technology, the Internet of Vehicles is playing an increasingly important role in people’s lives. However, the sensitive information contained in its “data fingerprinting" raises many privacy and security concerns. To better protect the location privacy of users on the Internet of Vehicles, this paper proposes a collaborative service-based privacy protection scheme for the Internet of Vehicles. In this scheme, each requesting user first initiates a location service query by generating a pairing index of the location points set. Then a customized pairing result threshold is used to determine the collaborating users that can participate in the service response. And in the process, the location privacy of users is secured by location point generalization and encryption. In addition, redundant location service recommendations are eliminated by the proposed repeatability tests. Security analysis and experiments show that this scheme has good performance and anti-privacy leakages, forgery attacks, collusion attacks, etc.
Location‐based services (LBS) has become an intrinsic part of our everyday life. However, the flexibility and convenience provided by LBS are at the cost of user privacy since untrusted LBS server can leak private information of users. To overcome the privacy issues observed in LBS, a novel dummy‐generation based privacy preservation technique is proposed in this article. The proposed dummy‐generation technique is a circle‐based technique which generates dummy locations in the circle area and is effective against center‐of‐anonymized spatial region attack, map‐matching attack, and location‐homogeneity attack. Additionally, an edge computing enabled framework is proposed, which can be used in the IoT environment. The edge computing enabled framework helps in handling the resource poverty issues of the service requesting devices and provides the low latency solution. The security analysis of our proposed dummy‐generation technique reflects that the proposed technique is resilient to specific attacks for different adversary attack models. The results obtained through simulations suggest that our technique performs better than the pre‐existing techniques.
In the digital era, we are greatly dependent on the popular applications of the Location Based Services (LBS) in our day-to-day activities. The smart phone comes with a variety of applications which acquire the user location and build up user profile like the user activities, hobbies, places of visit, food orders etc. Such sensitive information in the LBS server can pose privacy risk for the user. To safe guard the user from such threat we propose a smart privacy protection technique in this paper that can conceal the user location when using the location based services. We adopt the generation of dummy locations to obfuscate the user original location from the LBS server. The server generates the result set for the dummy user locations. In this work we try to optimize the things at server as well as user ends with two objectives. The first goal is to work towards identifying the overlap in result sets and generate unique and reduced result set with which the communication load on the network can be reduced. The second goal is to prioritize the result set by Queuing model for the result set through which waiting time of the customer can be minimized. We have also illustrated that this model show good performance in terms of the reduced communication load through experimental results.
To receive location‐based services (LBS), users must disclose their locations and queries to the LBS server, which can expose the user's identity, location, and other information. Recently, techniques for protecting user privacy using dummies have been researched. However, many factors, such as the distance between the obstacles and the dummies, must be considered in order to create dummies. Therefore, this study proposes an efficient dummy creation technique to improve user privacy protection. Experimental results show that the proposed technique improves on other recent techniques.
The researches protecting user`s location in location-based services(LBS) have received much attention. Especially k-anonymity is the most popular privacy preservation method. k-anonymization means that it selects k-1 other dummies or clients to make the cloaking region. This reduced the probability of the query issuer`s location being exposed to untrusted parties to 1/k. But query`s location may expose to adversary when k-1 dummies are concentrated in query`s location or there is dummy in where query can not exist. Therefore, we proposed the dummy system model and algorithm taking the real environment into account to protect user`s location privacy. And we proved the efficiency of our method in terms of experiment result.
