Access to this full-text is provided by Wiley.
Content available from Wireless Communications and Mobile Computing
This content is subject to copyright. Terms and conditions apply.
Research Article
A Privacy-Preserving Spatial Index for Spatial Query Processing
Doohee Song ,1Moonbae Song ,2and Kwangjin Park 1
1Department of Information Communication Engineering, Wonkwang University, Iksan-shi, Republic of Korea
2Samsung Electronics, Suwon, Republic of Korea
Correspondence should be addressed to Kwangjin Park; kjpark@wku.ac.kr
Received 16 October 2018; Accepted 27 November 2018; Published 16 December 2018
Academic Editor: Laurie Cuthbert
Copyright © Doohee Song et al. is is an open access article distributed under the Creative Commons Attribution License,
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
An increasing amount of active research is being conducted to protect the locations of mobile device users. Users must tune to
more data than they would like to in order to hide their location. In particular, if a user requests a query over NN, the number of
objects the user must receive may increase. Several studies have been proposed to solve these problems. However, problems have
been identied during the course of query processing, such as errors and increased query processing times. When the tuning time
is increased, the amount of data to download and the battery consumption of the client also increase. In this study, we propose the
Privacy-preserving Spatial Index (PSI), an index that allows users to reduce their tuning time while being satised with the results
of their queries. e querier (q) requests the object in the area protecting his/her location from the server. e server sends the
requested data of points of interest (POIs) (DPOIs) in the Privacy-preserving Region (PR) to q. Finally, q reduces tuning time by
selectively tuning to the desired data of POIs (Dw) through PSI. e superiority of PSI over previous techniques is experimentally
proven.
1. Introduction
As the use of mobile devices has recently increased rapidly,
the use of location-based services (LBS) based on GPS has
also increased. LBS refers to various information services
provided by the LBS server based on the location of mobile
users, such as nding nearby points of interest (POIs),
navigation, location tracking, and maps [–].
However, users must reveal their location information
in order to access LBS. When the location information of a
user is sent to the server, the server can precisely identify
the location of the user. If the server is hacked or otherwise
abused, the location of the user can be revealed, potentially
causing serious damage. Active research is therefore being
conducted on the protection of user locations [–]. e
D-Bcastmodelwasproposedtoenableclientsthathave
notreceiveddatafromthemainserverorclientsthathave
moved from other main servers to eectively listen to data
[]. e method proposed by [] can store the received
data in cache and reuse them in order to minimize the
exposure of user query service data to the unreliable LBS
server. Reference [] proposes a method that can make the
user location ambiguous through the location anonymity.
However, [] points out that location anonymity is also
an extension of server and cannot be trusted. e cloaking
method can prevent the exposure of the specic location
of a user such as building information, because queries are
sent from a generalized area including the user instead of
the specic location of the user. If the location of a user is
continuously revealed to the server, the movement path of
that user can be exposed [–]. For example, let us assume
thatamobileusersendsqueriesinacertainpathfroma
starting point to a destination. e server can predict the
moving path of the user by connecting the locations of the
query points from the starting point to the destination. If
this path is revealed to a malicious attacker, the living pattern
as well as the home and work addresses of the user can be
revealed,andotherpiecesofinformationsuchasthehospitals
thattheuserhasvisitedbeforecanalsoberevealed.us,this
can lead to privacy issues. erefore, it is critical to protect
this trajectory information, which is a set of location data, as
well as the location information in general when using LBS.
However, in order to hide their location, users must increase
thenumberofareasorpathsinvolvedinqueryprocessing
Hindawi
Wireless Communications and Mobile Computing
Volume 2018, Article ID 2067047, 9 pages
https://doi.org/10.1155/2018/2067047
Wireless Communications and Mobile Computing
CR1CR2
CR3CR4
1
2
4
6
1
3
O1O2
O3O6
O4
O5
O7
O8
O9
O10
O11
O12
q
F : Error when objects are searched according to the center of
CR.
andtunetomoredatathantheywouldliketo.Ifthetuning
time increases, the data to be downloaded by the client and
the battery consumption increase. Recently, a method that
decreases the number of objects that need to be checked
whileprotectingthelocationandqueryofamobileuserhas
been proposed [–]. Reference [] proposes a method of
solving the problems of users and servers. For example, users
want to hide their location and the server must not want to
process the queries of all users. erefore, a system model
thatsatisestheneedsofusersandserverswasdevelopedby
proposing a mobile service provider that gathers the queries
of multiple users. Reference [] considered various types
of objects as a method for supporting eective approximate
kNN queries. is method does not have to reveal the
accurate location of the querier (q) to the server because the
query is requested from the center of a grid of a map divided
by the server instead of the precise location of the q. While the
query should be requested from the center of a grid, however,
an error may occur such that a query is made based on the
location of the q. When the q provides cloaking region (CR);
CR1,CR
2, and q requests a query of the server; Q instead
of his/her location, the server provides the q with objects
corresponding to Response Generation (RG); RG (Q, CR1,2),
thereby protecting the location of the q. However, when the
objects are searched according to the center of CR, an error
may occur as shown in Figure .
Figure shows that the entire map has been quartered
into CR1∼CR4and that three objects exist in each CR𝑖.Itis
assumedthattoprotecthis/herlocation,theqselectsCR
1and
CR2and nds two objects that are closest to himself/herself.
rough the method outlined in [], when two objects are
searched from the center of CR𝑖,theresultantvaluesofCR
1
and CR2are {O1,O2}and {O4,O5},respectively.However,if
twoobjectsaresearchedbasedontheactualq,theresultant
value is {O6,O7}. Furthermore, the q who receives RG from
the server additionally requires a decryption process for the
encrypted data. Furthermore, the probability of exposing the
q’s location increases with k-anonymity and the grid size. In
addition, as anonymous servers are removed, users should
create anonymous zones to protect their location, because
users’ smart devices have improved in performance of cal-
culating in recent years. In addition, it is considered more
important to remove middleware under the circumstances
where privacy is becoming an issue and to be % reliable
in terms of location protection. On the other hand, if the
number of candidate objects users receive from the server
increases, the cost of exploring the objects of the query results
may increase. us, in this study, we propose the Privacy-
preserving Spatial Index (PSI), which allows for the selective
tuning of required object data while protecting the locations
of users. As far as we know, this is the rst study that enables
the tuning of object data in a location protection method. e
key contributions of this study are as follows:
(i) ere are many methods to protect user location. We
propose PSI, which is a general index structure that
can support the existing methods.
(ii) Since the user directly makes an anonymous request,
no third party can expose his or her information.
(iii) If users set a large query region to protect their
location, they must receive data for the number of
objects in the set range. On the other hand, if the
query range is narrowed in order to reduce the
amount of received data, the probability of the user
location being exposed can increase. erefore, we
reduce the tuning time by selectively tuning to the
object data that must be received from the server.
(iv) We have proven through experimentation that the
proposed method exhibits better performance than
the existing location protection methods.
is paper is organized as follows: Section describes related
works on the protection of trajectory. Section describes
our model and Section proposes various queries using the
PSI index. Section compares the performance between the
PSI and the existing method through experimental results.
Finally, Section outlines the conclusions.
2. Related Work
LBS queries are generally classied as either snapshot queries
or continuous queries [–]. e query process using snap-
shotqueriesisasfollows.Methodsusingk-anonymity to
protect user privacy have been recently proposed [–].
Reference [] constructs a CR by combining the q with other
k- users and then sends the CR to the LBS server instead
of the actual location of the q. Reference [] proposes a
dynamicgridsystem(DGS)thatallowsuserstoprotecttheir
personal information. rough the DGS, users can protect
their location for the grid radius from unreliable servers
through the process of sending encrypted queries to the
query server and transmitting the content of the queries
to the LBs server. However, the encryption and decryption
between users and servers can increase the query processing
time. Reference [] improved the problems that could occur
when clients are grouped by k and moved to a technique
Wireless Communications and Mobile Computing
that protects the locations of users. However, this method
has a problem because users must obtain consent from
surrounding clients and the movement time and direction
need to be considered. Reference [] proposes a method
for protecting the locations of users by using dummies using
an enhanced-dummy location selection scenario. However, it
has limitation in applying to continuous techniques because
it considers snapshots. Reference [] proposes a method of
eciently placing k dummies to protect the locations of users.
However,thedummiesmaybeconcentratedonthecenter
if they are placed only by angles depending on the number
of dummies. Reference [] suggests a method of preventing
the generation of dummies in arbitrary directions while users
move in certain directions if dummies are created randomly
whileusersaremoving.eproposedmethodprohibitsthe
users from moving out of a specic range using the radius d.
However, even if dummies are generated within the radius of
d, they are likely to be generated in zigzags in contrast to the
moving path of the users, and there is a possibility of exposing
the locations of users. Reference [] protects the user
information in continuous LBS based on the method of [].
However, it has a possibility that the user location protection
probability will decrease because it does not consider various
situations (obstacles) during the generation of dummies.
Aside from that method, there has been research into
methods using dummies [–] as well as into the encryp-
tion of user information [, ]. However, the above studies
require middleware (hereinaer referred to as an “anony-
mous server”).
Because the anonymous server called k-anonymity exists,
client information can be revealed if a third party attacks the
anonymous server. To address this, the k-anonymity method
was proposed, which uses a peer to peer (PP) process instead
of the anonymous server []. Although the privacy level is
high because users communicate among themselves without
the use of an anonymous server, personal privacy can still be
compromised because other users cannot be trusted fully.
Reference [] proposed a method for supporting eec-
tive approximate kNN queries. e query process of this
method consists of three steps: Query Generation (QG),
Response Generation (RG), and Response Retrieval (RR). In
QG, the q requests a query of the server. QG is equal to (Q, s)
where Q includes CR, n×ncells, mPOI types (t), the location
of q (i,j),andthenumberofobjectstobefoundandsisfor
protecting Q. In RG, the server receives (Q, s) from the q and
the objects that satisfy the query are sent (R) to the q from the
database (D) in which POIs are stored, and this is referred to
as RG(Q, D). Finally, RR outputs k objects from the RG(Q, D)
received from the server considering k and t requested by the
q, and this is referred to as kNN=RR(R, s).
Continuous queries refer to queries continuously sent to
the LBS server in real time to the destination. ey consist
of multiple snapshots, creating a trajectory of the user by
connecting the locations of snapshots.
Cloaking methods used to protect continuous queries or
the trajectory of the user include the k-anonymity method
and the dummy trajectory creation method. e proposed
trajectory k-anonymity method receives a similar trajectory
as the trajectory of the q in the database which is stored
in the anonymous server, and the k- locations of other
users are grouped together. Queries are then randomly made.
However, this method requires an anonymous server and
there must be other users near the query location. If a user
is somewhat far away, the CR becomes large and the amount
of searched data increases, lowering the query processing
eciency.
3. Background
PSI = {,, Bmap (or Cmap ),TD}.and denote the numbers
of divisions of the x-axis and y-axis, respectively. Bmap is a
bitmap in the ∗grid. Cmap indicates the existence of object
cell coordinates and objects. If Bmap is larger than Cmap,the
server can provide Cmap.esizesofC
map and Bmap can be
measured by
Bmap =2
(𝛼∗𝛽) ()
Cmap =2log2 ∗ + 1 ∗ DPOIs ()
In () and (), Privacy-preserving Region (PR) is the range
requested by the user and DPOIs isthenumberofPOIsinthe
PR. e server provides information about Bmap or Cmap to
theqbasedonthesizeofthePRandthenumberofD
POIs.
e purpose of our study is to protect the location of users
from the server and to enable eective data tuning. e query
process is divided into three steps as follows.
(1) Spatial query (SQ): to protect his/her location, the
user sets a PR based on his/her current location and the map
data that he/she has. e q requests SQPR,whicharethePOIs
included in the PR, from the server.
(2) Privacy-preserving Spatial Index (PSI): the server
managesthedataset(D)ofeveryPOIinthemap.eserver
also divides the PR by n for the x-axis and by m for the y-
axis (=depending on the distribution of objects). e cell
coordinate (C𝑖-𝑗) is set for each divided grid. Each grid can
have one object, and bit is saved if it has an object or bit is
saved if otherwise. Figure shows the setting of the sequence
of bitmaps (Bmap )basedonC
𝑖-𝑗.
Order of Bmap =∗+ ()
e ranges of iand jare as follows: ≤i≤,≤j≤.
If the data sizes of the POIs are identical, the data arrival
time can be conrmed through Bmap. If the data sizes of the
POIs dier, the TDis further congured. e data arrival time
size of TDisassumedtobeidentical.Finally,thedataofall
POIs in the PR are sent to the q.
(3) Dataset to the SQ (DSQ): the q rst receives the PSI
andselectsthedesiredobjectsthroughthePSI.eqcanthen
conrm the locations and sending times of the desired POIs
through the PSI. us, the q selectively tunes to only the data
corresponding to DWamong the DPOIs.D⊃DPOIs ∋DW.
4. Our Model
4.1. Our System Model. As shown in Figure , the basic
system model is composed of a movement device, a posi-
tioning system, and a single LBS server. If an attacker attacks
Wireless Communications and Mobile Computing
CR0,0 CR0,2
CR0,1 CR0,3
CR1,0 CR1,2
CR1,1 CR1,3
CR2,0 CR2,2
CR2,1 CR2,3
CR3,0 CR3,2
CR3,1 CR3,3
F:ExampleofsequenceofbitmapsbasedonC
𝑖-𝑗.
Locating system
Users LBS server
Responses
(PSI, …)
Spatial Queries
Location data
F : PSI system model.
the LBS server or if the LBS server is unreliable, various
pieces of information about the q can be exposed. erefore,
protecting the location information is critical in LBS.
e existing system is composed of an LBS server, an
anonymous server, and mobile users. However, the anony-
mous server cannot be trusted. e anonymous server is a
single point of failure, and if is attacked, some or all services
will fail. In general, the q sends his/her location information
to the LBS server to receive information, and this causes
the problem of location exposure. erefore, we assumed
that the q acquires map information through the broadcast
method from the LBS server. e advantage of the broadcast
method is that the client can obtain map information without
exposing one’s location information.
e server manages the locations and other information
(e.g., price, discount, advertisement) of objects that the q does
nothave(e.g.,gasstation,hotel,restaurants).Forexample,the
qcreatesaPRbasedonhis/herownlocationthroughthemap
information and satellites stored in the terminal. en he or
sherequeststhelocationandpriceofanearbygasstationaer
(xmin, xmax), (ymin, ymax)
Bmap = {0,1,…,0} or
Cmap= {C0,0(0), C0,1(1),…, C,(0)}
T
D= {tPOI1, tPOI2,…, tPOIn}
DPOIs
Index
Data
,
F : PSI structure.
creating a PR based on his or her location, conrmed through
themapandsatellite.eserverprovidesthelocationand
other information of gas stations (DPOIs) that exist in the PR
requested by the q. If the q selects only one nearest gas station,
he or she can only tune to the data of one gas station among
the ten.
4.2. PSI Index Structure and Query Process. e PSI structure
is composed of ,,B
map,orC
map (varies according to the
number of objects) and the data arrival time table (TD), as
shown in Figure .
5. Various Queries Using the PSI Index
In this chapter, we introduce the process of querying aer
applying PSI to the existing method for protecting the user
location. ere are three existing methods mainly used,
which are dened as follows.
Denition 1 (cloaking-based spatial query (CSQ)). In gen-
eral, users set an area that is equal to or greater than their
desired area as the PR in order to protect their location.
Users request information about the objects in the PR without
providing their location to the server. e server cannot verify
the location of the user because it only receives information
about the PR from the user and sends only information on
the objects in the PR to the user. e users have the advantage
ofnotrevealingtheirlocation,buttheydohavetocheckall
objects in the PR. Meanwhile, the server incurs no additional
costs (e.g., searching for the object that is closest to the user)
because it does not know the user’s precise location.
Figure shows an example of processing the cloaking-
based spatial query using PSI.
e CSQ process is as follows:
Step 1. e q requests query results from the server via SQ.
e structural elements of SQ in CSQ are as follows: First,
the PR is set in a rectangular shape (this shape can vary
by the request of the q). e PR of the CSQ (PRCSQ)sets
the minimum of x coordinate (xmin), the minimum of y
coordinate (ymin), the maximum of x coordinate (xmax), and
the maximum of y coordinate (ymax) and then requests the
DPOIs that exists in PRCSQ from the server.
PRCSQ =xmin,ymin ,xmax,ymax ()
Step 2. e server searches requested DPOIs in the PRCSQ in
the location-based D under its control. Aer checking the
Wireless Communications and Mobile Computing
Input: SQ(e.g., CQS, p-AQS, s-TrQS) of q
Output: PSI, DPOIs
Procedure:
: e server check PRQS ={(xmin ,ymin), (xmax ,ymax)}
: PR is divided by forthexaxisandbyfor the y axis
: Bit is saved if it has an object or bit is saved if otherwise
: e server computes PSI and sends to q
:eqcheckPSI
: Checks the location of the objects through Bmap
: e q can check the POI number by adding the sequence of Bmap and bit
: e q selectively tunes to TDand DW
A : SQ processing using PSI.
CR0,0 CR0,2
CR0,1 CR0,3
CR1,0 CR1,2
CR1,1 CR1,3
CR2,0 CR2,2
CR2,1 CR2,3
CR3,0 CR3,2
CR3,1 CR3,3
SRCQS
F : Example of processing the CQS using PSI.
distribution of DPOIs, the PR is divided by for the x-axis
and by for the y-axis so that only one POI will exist in
each grid (=depending on the distribution of objects).
Bmap is congured through (). Figure shows that Bmap is
congured as “” according to the distribution
of POIs. Finally, the server sends the PSI = {,, Bmap,TD}
and DPOIs to the q.
Step 3. e q divides the map using the PRCSQ that he/she
requested as well as the and values of PSI and checks
the location of the objects through Bmap.ePOIsincluded
in the search region (SR) that the user wants to search are
checked and the frame number of POI is checked through
Bmap. Figure shows that the POIs included in the SR are
{C1,1,C1,2,C2,1,C2,2}. e q can determine the POI number
by adding the sequences of Bmap and bit . Finally, the q
selectively tunes to TDand DWonly (Algorithm ).
Denition 2 (p-Anonymity-based Spatial Query (p-ASQ)).
We dene p-anonymity in order to prevent confusion with
kin kNN and k-anonymity. pisavirtualqthattheqprovides
theserverwithtoobfuscatehis/herlocation,andtheserver
e1e2
e3e4
r
distx
disty
SRASQ
r+
F : Example of processing the p-ASQ using PSI.
cannot distinguish between the location of the q and the
location of p-. As proposed in [], we also assume that the
query is sent to the server with the location of q and the
location of pset in the grid area. e size of the area needed
to guarantee the accuracy of query result when a query is
requested based on the grid is expressed as
maxdistance =r=distx2+disty2()
In (), r generates a circle based on the longer length
between x-axis and y-axis {(xmin-r), (xmax +r), (ymin-r), (ymax +
r)}. All the grids included in this circle (r+)form an area
where the POI that the q wants will exist.
Figure shows an example of p-ASQ processing using
PSI.
e process of p-ASQ is as follows.
Step 1. e q requests query results from the server via
SQ.estructuralelementsofSQinp-ASQ are as follows:
First, the locations of the q and p- virtual points (PRs) are
speciedandthePRissetinarectangularshape.ePR
of p-ASQ (P 𝑝-ASQ )consistsofdist
x, which is the distance of
Wireless Communications and Mobile Computing
the x-coordinates and disty, which is the distance of the y-
coordinates. Aer dist(x,y)is randomly set based on ppoints
requested by the q, pPRs are created and kPOIs are requested.
Step 2. Among the location-based Ds under its control, the
server veries the PR𝑝-ASQ requested from the q. en, for
theaccuracyofthequeryresult,addsto the (distx,dist
y)
of PR𝑝-ASQ.en,kPOIs (DPOIs) are searched for based on p
grids.
DPOIs =∗+− ()
In (), denotes the number of additional POIs included
in PR𝑝-𝛿ASQ.Ifkincludes ,=-k.denotes kPOIs that are
overlapped among the kPOIs of PR𝑝-𝛿ASQ.
e server sets an area that includes DPOIs and divides
the map according to the distribution of POIs (same pro-
cess as for Bmap). e server nally sends PSI = {(xmin,
ymin), (xmax ,ymax), , , Cmap,TD}and DPOIs to the q.
Step 3. e q veries (xmin,y
min)and(y
max,y
max)throughthe
PSI received from the server and divides the corresponding
map by and values. e locations of objects are veried
through Bmap.Finally,aerkPOIs are veried based on one’s
own location, the frame number of POI is veried through
Bmap. Finally, the q selectively tunes to TDand DWonly
(Algorithm ).
Denition 3 (s-Trajec tor y bas ed Spatial Quer y (s-TrSQ)). s-
TrSQ sets the path from the starting location (LS)tothe
ending location (LE)inwhichtheuserwillquery.e
trajectory distance of trqis dened as Trdist and it is assumed
that the distance of trqand the trajectory distance of tr𝑖are
all identical. To prevent the exposure of his/her trq,theq
additionally creates s- tr𝑖and then sends a query to the
server. trs are connected to nodes (n).
tr =n1,n2,...,n𝜔−1,n𝜔(2≤<∞
)()
e server cannot distinguish between trqand tr𝑖. ere-
fore, the server sends the query result to the q based on Tr
that the q requested.
Figure shows an example of s-TrSQ processing using
PSI.
e s-TrSQprocessisasfollows.
Step 1. e q requests query results from the server via SQ.
e structural elements of SQ in s-TrSQ are as follows: First,
trqis set. To create s- trs excluding trq, the q sets the creation
range {(xmin,ymin), (xmax ,ymax)} and randomly sets s- trs in
this creation range. As shown in Figure , the q sets the search
rangebasedontheTrthathe/shecreatedandsendsittothe
server, and then requests DPOIs in the search range of this Tr.
Step 2. e server searches requested DPOIs in the PRs-TrS Q
among the location-based Ds under its control. Aer check-
ing the distribution of DPOIs , the PR is divided by for the
x-axis and by for the y-axis so that only one POI will exist in
each grid. e server congures the overlapping area between
LS
LS
LSLE
LE
LE
s2{n1}
s2{n2}
s2{n3}
s2{n4}
s2{n5}
s1{n1}
s1{n2}
s1{n3}
s1{n4}
s1{n5}
q{n1}q{n2}
q{n3}
q{n4}q{n5}
rSRTrq
F : Example of processing the s-TrSQ using PSI.
the divided grid and PRs-TrS Q as Cmap.Finally,theserversends
the PSI = {,, Cmap,TD}and DPOIs to the q.
Step 3. e q divides the map using the PR𝑠-TrS Q that he/she
requested and the and values of PSI, then checks the
location of the objects through Cmap .ePOIsincludedin
the search region (SRTrq ) that the user wants to search are
checked and the frame number of POI is checked through
Cmap. Figure shows the POIs included in the SRTrq .eq
can check the POI number by adding the sequences of Cmap
andbit.Finally,theqselectivelytunestoT
Dand DWonly.
6. Experimental Results
6.1. Experimental Environment. In this section, we discuss
the experiments conducted for CSQ, p-ASQ, and s-TrSQ
using PSI. We also compare them with the Original (Ori)
CQS, p-ASQ, and s-TrSQ. In the experiments, the C++
programming language was used to actualize the algorithms
on a .-GHz CPU with GB of main memory. We assumed
the basic parameter setting values shown in Table in order to
evaluate the performance. We also discuss experiments con-
ducted for CSQ, p-ASQ, and s-TrSQ using only the indexes of
each method. To conduct these experiments, we set variables
as their default values, except for the variables expressed as
the values in parentheses in Table . Furthermore, the values
of Bmap and Cmap are congured by () and () because they
vary by query type. e size of a single grid is assumed to be
m2. e experimental environment comprised a server, a
client in D space, and a wireless broadcasting channel used
bytheclienttoobtaininformation.Tuningtimecandier
depending on bandwidth and transfer rate, so the data size
was expressed as a graphical result (y-axis) in the experiment.
6.2. Experimental Results of CSQ. PRCQS is % of the total
map, and SRCQS is set as % of PRCQS.
Wireless Communications and Mobile Computing
T : Experimental dataset values.
Parameter Set values
grid 5∗5
POIs size 8
PRCQS 4∗4
SQCQS PRCQS ∗%, %, %, %
, , ,
, , ,
, , ,
Trdist (km), , ,
Data size (K bytes) , , ,
0 200 400 600 800 1000
0
2
4
6
8
10
Tuning time (#Bytes: 1011)
Data size (K bytes)
PSI
Ori-CSQ
F : CSQ with dierent number of data size.
InFigure,thex-axisvariableisdividedintothedata
sizesof,,,andKbytesforcomparison.
Figure shows the variations in tuning time according
to the data size. We can see that the performance of PSI
improved by % more than that of Ori-CSQ. is is because
thenumberofD
Wthat the PSI must search is smaller than the
number of DPOIs that the Ori-CSQ must search. erefore, as
thedatasizeincreases,thedierenceintuningtimeincreases.
Figure shows the variations in tuning time according to
thesizeofthesearchrangeSR
CQS desired by the q. e default
settings are shown in parentheses in Table . e variable
SRCQS was set as %, %, %, and % of the size of PRCQS .
We can see that the performance of PSI improved by .% on
averagecomparedtothatofOri-CSQ.isisbecauseasthe
SRCQS increases, the number of DWin the SRCQS increased
when the tuning time of PSI also increases.
6.3. Experimental Results of p-ASQ. To proces s p-ASQ, we set
the default values listed in Table . In Figure , the default
value pis , the data size is K bytes, and the variable of
the x-axis is kPOIsthatareclosesttotheq,whicharedivided
into,,,andforcomparison.
Figure shows the variations in tuning time according
to the size of k. e performance of PSI is higher by .%
10 20 30 40 50
0.0
0.5
1.0
1.5
2.0
2.5
3.0
SRCQS size(%)
Tuning time (#Bytes: 1011)
PSI
Ori-CSQ
F : CSQ with dierent number of SRCQS size.
10 20 30 40 50
0
2
4
6
8
10
12
14
k (piece)
PSI
Ori-p-ASQ
Tuning time (#Bytes: 108)
F : p-ASQ with dierent values of k.
than that of Ori-p-ASQ, this is because Ori-p-ASQ must tune
to all kPOIs corresponding to p’s lo c at ions.
Figure shows the variations in tuning time according
tothesizeofp.evariableofthex-axisisp,andthep
size is set to , , , and . As the p size increases
the tuning time of PSI stays constant, but the tuning time
of Ori-p-ASQ greatly increases. In the case of PSI, only k
POIs need to be calculated because the location of the q is
alreadyknown.However,astheOri-p-ASQ increases, the
POIs corresponding to () must be tuned, greatly increasing
the tuning time. erefore, the performance of PSI improved
by .% on average more than that of Ori-CSQ.
6.4. Experimental Results of s-TrSQ. To process s-TrSQ, we
set the default values listed in Table . e default value Trdist
in Figure is km and the data size is K bytes. e
Wireless Communications and Mobile Computing
50 100 150 200 250 300
0
2
4
6
8
10
12
14
k (piece)
PSI
Ori-CSQ
Tuning time (#Bytes: 108)
F : p-ASQ with dierent values of p.
10 20 30 40 50
0
1
2
3
4
5
6
7
8
s (piece)
PSI
Ori-s-TrSQ
Tuning time (#Bytes: 109)
F : s-TrSQ with dierent values of s.
variable of the x-axis is the number of strajectories including
the trajectory of the q, which is set to , , , and for
comparison.
Figure shows the variations in tuning time according to
the size of s. e performance of PSI is higher by .% than
that of Ori-s-TrSQ. is is because the Ori-s-TrSQ must tune
to all grids included in spaths.
Figure shows the variations in tuning time according to
the length of Trdist. e variable of the x-axis is Trdist,andthe
length of Trdist issetto,,,andkm.Asthelengthof
Trdist increases, the tuning time of PSI increases at a xed low
rate, whereas the tuning of the Ori-s-TrSQ sharply increases.
In the case of PSI, only the POIs in the grids included in the
path of the q need to be received. erefore, the performance
of PSI improved by .% on average compared that of Ori-
s-TrSQ.
0 50 100 150 200 250 300
0
2
4
6
8
10
12
14
16
18
20
22
PSI
Ori-s-TrSQ
Tuning time (#Bytes: 109)
Length of Trdist (km)
F : s-TrSQ with dierent lengths of Trdist .
7. Conclusions
In this study, we proposed PSI which can selectively tune to
onlythedatadesiredbytheqwhileprotectingthelocation
of the q. Furthermore, we proposed a general index structure
applicable to the conventional location protection method for
PSI. Finally, the tuning of unnecessary data and the battery
consumption of the device were experimentally reduced by
selectively tuning to the data of the objects to be received
by the server, compared to the conventional method. In the
future, we plan to research a space query processing method
considering both the type and location of POI.
Data Availability
edatausedtosupportthendingsofthisstudyare
available from the corresponding author upon request.
Conflicts of Interest
Doohee Song, Moonbae Song, and Kwangjin Park declare
that there are no conicts of interest regarding the publication
of this manuscript.
Acknowledgments
is paper was supported by Wonkwang University in .
References
[] C.-Y. Chow and M. F. Mokbel, “Trajectory privacy in location-
based services and data publication,” ACM SIGKDD Explo-
rations Newsletter,vol.,no.,pp.–,.
[] A. R. Beresford and F. Stajano, “Location privacy in pervasive
computing,” IEEE Pervasive Computing,vol.,no.,pp.–,
.
[] K. Park and P. Valduriez, “A hierarchical grid index (HGI),
spatial queries in wireless data broadcasting,” Distributed and
Parallel Databases,vol.,no.,pp.–,.
Wireless Communications and Mobile Computing
[] K. G. Shin, X. Ju, Z. Chen, and X. Hu, “Privacy protection for
users of location-based services,” IEEE Wireless Communica-
tions Magazine,vol.,no.,pp.–,.
[] B.Niu,X.Zhu,W.Li,H.Li,Y.Wang,andZ.Lu,“Apersonalized
two-tier cloaking scheme for privacy-aware location-based
services,” in Proceedings of the 2015 International Conference on
Computing, Networking and Communications, ICNC 2015,pp.
–, Garden Grove, CA, USA, .
[] D. Song and K. Park, “A partial index for distributed broadcast-
ing in wireless mobile networks,” Infor mation Sciences,vol.,
no.,pp.–,.
[] B.Niu,Q.Li,X.Zhu,G.Cao,andH.Li,“Enhancingprivacy
through caching in location-based services,” in Proceedings of
the 34th IEEE Annual Conference on Computer Communications
(IEEE INFOCOM ’15), pp. –, IEEE, Kowloon, Hong
Kong, May .
[] B.Niu,X.Zhu,H.Chi,andH.Li,“PLUS:Privacy-preserving
pseudo-location updating system in location-based services,”
in Proceedings of the 2013 IEEE Wireless Communications and
Networking Conference, WCNC 2013,pp.–,April.
[]M.F.Mokbel,C.Y.Chow,andW.G.Aref,“enewCasper:
query processing for location services without compromising
privacy,” in Proceedings of the 32nd International Conference on
Very Larg e D a ta Bases,pp.–,.
[] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L.
Tan, “Private queries in location based services: anonymizers
are not necessary,” in Proceedings of the ACM SIGMOD Interna-
tional Conference on Management of Data (SIGMOD ’08),pp.
–, .
[] R. Schlegel, C.-Y. Chow, Q. Huang, and D. S. Wong, “User-
dened privacy grid system for continuous location-based
services,” IEEE Transactions on Mobile Computing,vol.,no.
, pp. –, .
[]D.Song,J.Sim,K.Park,andM.Song,“Aprivacy-preserving
continuous location monitoring system for location-based ser-
vices,” International Journal of Distributed Sensor Networks,
Article ID , pp. –, .
[] B.Niu,Q.Li,X.Zhu,G.Cao,andH.Li,“Achievingk-anonymity
in privacy-aware location-based services,” in Proceedings of the
IEEE International Conference on Computing, Networking and
Communications, pp. –, IEEE, Toronto, Canada, .
[] H. Zhao, J. Wan, and Z. Chen, “A novel dummy-based KNN
query anonymization method in mobile services,” International
Journal of Smart Home,vol.,no.,pp.–,.
[] F. Li, S. Wan, B. Niu, H. Li, and Y. He, “Time obfuscation-
based privacy-preserving scheme for location-based services,”
in Proceedings of the 2016 IEEE Wireless Communications and
Networking Conference (WCNC),pp.–,Doha,Qatar,April
.
[] B. Niu, S. Gao, F. Li, H. Li, and Z. Lu, “Protection of location pri-
vacy in continuous LBSs against adversaries with background
information,” in Proceedings of the International Conference on
Computing, Networking and Communications, ICNC 2016,pp.
–, Febru ar y .
[]R.Paulet,M.G.Kaosar,X.Yi,andE.Bertino,“Privacy-
preserving and content-protecting location based queries,”
IEEE International Conference on Data Engineering,vol.,pp.
–, .
[] R.Paulet,M.G.Kaosar,X.Yi,andE.Bertino,“Privacy-preser-
ving and content-protecting location based queries,” IEEE
Transactions on Knowledge and Data Engineering,vol.,no.
, pp. –, .
[] X. Yi, R. Paulet, E. Bertino, and V. Varadharajan, “Practical k
nearest neighbor queries with location privacy,” in Proceedings
of the 30th IEEE International Conference on Data Engineering
(ICDE ’14), pp. –, IEEE, Chicago, Ill, USA, April .
[] X. Yi, R. Paulet, E. Bertino, and V. Varadharajan, “Practical
Approximate k Nearest Neighbor Queries with Location and
Query Privacy,” IEEE Transactions on Knowledge and Data
Engineering,vol.,no.,pp.–,.
[] B. Niu, Z. Zhang, X. Li, and H. Li, “Privacy-area aware dummy
generation algorithms for location-based services,” in Proceed-
ingsof the IEEE International Conference on Communications,
pp. –, Sydney, Australia, June .
[] P.-R. Lei, W.-C. Peng, I.-J. Su, and C.-P. Chang, “Dummy-
based schemes for protecting movement trajectories,” Jour nal of
Information Science and Engineering,vol.,no.,pp.–,
.
[] T. Hara, A. Suzuki, M. Iwata, Y. Arase, and X. Xie, “Dummy-
Based User Location Anonymization under Real-World Con-
straints,” IEEE Access,vol.,pp.–,.
[] Y. Elmehdwi, B. K. Samanthula, and W. Jiang, “Secure k-
nearest neighbor query over encrypted data in outsourced
environments,” in Proceedings of the 30th IEEE International
Conference on Data Engineering (ICDE ’14), pp. –, April
.
[] W. K. Wong, D. W. Cheung, B. Kao, and N. Mamoulis, “Secure
kNNcomputationonencrypteddatabases,”inProceedings of the
ACMSIGMODInt.Conf.Manage.DataEng,pp.–,July
.
[] C.-Y. Chow, M. F. Mokbel, and X. Liu, “A peer-to-peer spatial
cloaking algorithm for anonymous location-based services,” in
Proceedings of the 14th Annual ACM International Symposium
on Advances in Geographic Information Systems (ACM-GIS ’06),
pp.–,ACM,November.
Available via license: CC BY
Content may be subject to copyright.