Yanzhe Che,Qinming He,Xiaoyan Hong,Kevin Chiew

DOI: https://doi.org/10.1002/dac.2650

2013-01-01

International Journal of Communication Systems

Abstract:While enjoying various LBS location-based services, users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer-to-peer P2P networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x-region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x-region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x-region, together with three algorithms for generating an x-region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.

Yanzhe Che,Kevin Chiew,Xiaoyan Hong,Qinming He

DOI: https://doi.org/10.1145/2442810.2442820

2012-01-01

Abstract:ABSTRACTThere is a potential privacy breach when users access various location-based social applications on a mobile social network (MSN), e.g., sharing locations with friends. To preserve location privacy, one of the most common methods is to use a coarse or fake location instead of a user's exact location. However, most of these previous approaches only provide geometric strategies without considering the semantic context of the geographical locations. For example, if a cloaked region contains a part of a lake, where no boats are allowed, an adversary can easily prune the cloaked region to a smaller range covering a user's actual location. In this paper, we propose SALS, a semantics-aware location sharing framework based on cloaking zone for an MSN environment. By considering a user's social relations and activities which are available in an MSN environment, SALS does not assume any trustworthy entities, including strangers, friends or any third parties. As a solution, SALS enables users to cooperate with each other, in a Peer-to-Peer (P2P) way, to generate the cloaking zones, which will be used instead of the actual locations. Different from the previous cloaking techniques, SALS considers the semantic location which can influence the distribution probability of a user's locations. We also propose metrics for measuring the quality of the cloaking zone. The evaluation shows that our method can well defend the semantic-location attack.

Changsha Ma,Chang Wen Chen

DOI: https://doi.org/10.1016/j.procs.2014.07.036

2014-01-01

Procedia Computer Science

Abstract:Nearby friend discovery is a popular location based service (LBS), which allows you to discover nearby like-minded people, and make friends with them. The main privacy threat of this service is that the disclosure of locations leaves opportunities for stalkers. Although location privacy preservation in LBS has recently received much attention, few works have been done on privacy-aware nearby friend discovery, where people want to discover nearby friends without exposing their private locations to arbitrary strangers. Unlike most of other LBS services, nearby friend discovery needs to consider the privacy of both of the two communicating entities, i.e., the user who is searching for nearby people, and the user who is being discovered by others. This unique property makes it a great challenge to protect users’ location privacy while providing satisfactory service quality. This paper presents the first research addressing this issue by combining the location approximation technique and the homomorphic cryptography. We show that the proposed scheme provides formal privacy guarantees for the LBS users, and still achieves satisfactory quality of the LBS.

Shengchao Liu,Jessie Hui Wang,Jilong Wang,Qianli Zhang

DOI: https://doi.org/10.1109/access.2020.2978488

IF: 3.9

2020-01-01

IEEE Access

Abstract:As location-based services become widely used in daily life, there is growing concern in preserving location privacy of users to avoid that attackers infer information about users by collecting and analyzing requests initiated by users. We argue that a good location privacy preservation scheme should have these properties. First, a user should never expose its precise location to any other entity. Second, a user should be able to specify its own requirement on the strength of privacy preservation, since a stricter preservation requirement may increase its overhead. Third, the scheme should be able to preserve as many as possible aspects of users' privacy under various attacks. With these desired properties in mind, we carefully design an encoding scheme of users' identifiers and a fully distributed architecture for our purpose and propose a privacy preservation scheme based on them. With the help of the encoding scheme and the distributed architecture, we develop a distributed negotiation algorithm to help users conduct negotiations among themselves to find their cloaked regions that satisfy their self-defined requirements without exposing their precise locations. The negotiations are completed without coordination from any central servers, and a random proxy is selected for each individual request, therefore the potential risks caused by any central server (location-based service servers or trusted-third-party servers) are mitigated as much as possible. Experiments show that our scheme can satisfy different strengths of privacy preservation required by each user even under the most severe scenarios.

Yahong Chen,Zhibo Wang,Boyang Wang,Hui Li,BEN NIU,fenghua li

DOI: https://doi.org/10.1109/tmc.2020.3000730

IF: 6.075

2020-01-01

IEEE Transactions on Mobile Computing

Abstract:Mechanisms built upon geo-indistinguishability render location privacy, where a user can submit obfuscated locations to Location-Based Service providers but still be able to correctly utilize services. However, these mechanisms are vulnerable under inference attacks. Particularly, with background knowledge of a user's obfuscated locations, an attacker can infer actual locations by carrying out long-term observation attacks. Unfortunately, how to defend long-term observation attacks in the field of differential location privacy remains open. In this paper, we first demonstrate the vulnerabilities of existing mechanisms under long-term observation attacks. In light of these vulnerabilities, we devise a novel mechanism, referred to as Eclipse, which bridges the gap between location protection and usability of services. Specifically, we harness geo-indistinguishability and <span class="mjpage"><svg xmlns:xlink="http://www.w3.org/1999/xlink" width="1.211ex" height="2.176ex" style="vertical-align: -0.338ex;" viewBox="0 -791.3 521.5 936.9" role="img" focusable="false" xmlns="http://www.w3.org/2000/svg"><g stroke="currentColor" fill="currentColor" stroke-width="0" transform="matrix(1 0 0 -1 0 0)"> <use xlink:href="#MJMATHI-6B" x="0" y="0"></use></g></svg></span>k-anonymity to obfuscate locations and hide each location based on an anonymity set. As a result, our mechanism effectively perturbs the distribution of locations and suppresses leakage under long-term observation attacks. Moreover, the set of possible outputs is utilized to minimize the impacts to usability and correctness. We formally define and rigorously prove the security of the proposed mechanism by leveraging differential privacy. Moreover, we implement the proposed mechanism and conduct a series of experiments on real-world datasets to demonstrate its efficacy and efficiency.<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs id="MathJax_SVG_glyphs"><path stroke-width="1" id="MJMATHI-6B" d="M121 647Q121 657 125 670T137 683Q138 683 209 688T282 694Q294 694 294 686Q294 679 244 477Q194 279 194 272Q213 282 223 291Q247 309 292 354T362 415Q402 442 438 442Q468 442 485 423T503 369Q503 344 496 327T477 302T456 291T438 288Q418 288 406 299T394 328Q394 353 410 369T442 390L458 393Q446 405 434 405H430Q398 402 367 380T294 316T228 255Q230 254 243 252T267 246T293 238T320 224T342 206T359 180T365 147Q365 130 360 106T354 66Q354 26 381 26Q429 26 459 145Q461 153 479 153H483Q499 153 499 144Q499 139 496 130Q455 -11 378 -11Q333 -11 305 15T277 90Q277 108 280 121T283 145Q283 167 269 183T234 206T200 217T182 220H180Q168 178 159 139T145 81T136 44T129 20T122 7T111 -2Q98 -11 83 -11Q66 -11 57 -1T48 16Q48 26 85 176T158 471L195 616Q196 629 188 632T149 637H144Q134 637 131 637T124 640T121 647Z"></path></defs></svg>

computer science, information systems,telecommunications

Hongyu Jin,Panos Papadimitratos

DOI: https://doi.org/10.1145/3319401

2020-01-22

Abstract:Location-Based Services (LBSs) provide valuable services, with convenient features for mobile users. However, the location and other information disclosed through each query to the LBS erodes user privacy. This is a concern especially because LBS providers can be honest-but-curious, collecting queries and tracking users' whereabouts and infer sensitive user data. This motivated both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome disadvantages of centralized schemes, eliminating anonymizers, and enhancing users' control over sensitive information. However, an insecure decentralized system could create serious risks beyond private information leakage. More so, attacking an improperly designed decentralized LBS privacy protection scheme could be an effective and low-cost step to breach user privacy. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. We show our scheme can be deployed with off-the-shelf devices based on an experimental evaluation of an implementation in a static automotive testbed.

Cryptography and Security

Primal Pappachan,Chenxi Qiu,Anna Squicciarini,Vishnu Sharma Hunsur Manjunath

DOI: https://doi.org/10.48550/arXiv.2206.08396

2022-06-16

Cryptography and Security

Abstract:Location obfuscation functions generated by existing systems for ensuring location privacy are monolithic and do not allow users to customize their obfuscation range. This can lead to the user being mapped in undesirable locations (e.g., shady neighborhoods) to the location-requesting services. Modifying the obfuscation function generated by a centralized server on the user side can result in poor privacy as the original function is not robust against such updates. Users themselves might find it challenging to understand the parameters involved in obfuscation mechanisms (e.g., obfuscation range and granularity of location representation) and therefore struggle to set realistic trade-offs between privacy, utility, and customization. In this paper, we propose a new framework called, CORGI, i.e., CustOmizable Robust Geo-Indistinguishability, which generates location obfuscation functions that are robust against user customization while providing strong privacy guarantees based on the Geo-Indistinguishability paradigm. CORGI utilizes a tree representation of a given region to assist users in specifying their privacy and customization requirements. The server side of CORGI takes these requirements as inputs and generates an obfuscation function that satisfies Geo-Indistinguishability requirements and is robust against customization on the user side. The obfuscation function is returned to the user who can then choose to update the obfuscation function (e.g., obfuscation range, granularity of location representation). The experimental results on a real dataset demonstrate that CORGI can efficiently generate obfuscation matrices that are more robust to the customization by users.

Robert Malaney

DOI: https://doi.org/10.1109/glocom.2016.7842191

2016-12-01

Abstract:In this work we introduce the concept of quantum geo-encryption a protocol that invokes direct quantum encryption of messages coupled to quantum location monitoring of the intended receiver. By obfuscating the quantum information required by both the decrypting process and the location verification process, a communication channel is created in which the encrypted data can only be decrypted at a specific geographic locale. Classical wireless communications can be invoked to unlock the quantum encryption process thereby allowing for any deployment scenario regardless of the channel conditions. Quantum geo-encryption can also be used to realize quantum-computing instructions that can only be implemented at a specific location, and allow for a specified geographical data-route through a distributed network. Here we consider the operational aspects of quantum geo-encryption in generic Rician channels, demonstrating that the likelihood of a successful spoofing attack approaches zero as the adversary moves away from the allowed decrypting location. The work introduced here resolves a longstanding quest to directly deliver information which can only be decrypted at a given location free of assumptions on the physical security of a receiver.

Yan Yan,Pengbin Yan,Adnan Mahmood,Fei Xu,Quan Z. Sheng

DOI: https://doi.org/10.1002/cpe.8111

2024-04-11

Concurrency and Computation Practice and Experience

Abstract:Summary As the scope of human exploration continues to expand from land to space and the oceans, location‐based data analysis and services are facing unprecedented opportunities and challenges. The wide application of various services based on spatial location in the fields of medical, transportation, financial, social and so forth not only provides great convenience but also exposes the disadvantages of location privacy leakage. Most present location privacy protection solutions are only relevant to 2D locations. However, with the widespread use of positioning‐enabled aircraft, sensing devices and acquisition equipment, there is an urgent need to achieve privacy protection for 3D spatial location data. Therefore, this article proposes a 3D geo‐indistinguishability perturbation method for 3D GPS Locations. The suggested approach calculates GPS coordinate perturbation accurately using the 3D Laplace mechanism, allowing for point‐to‐point perturbation while protecting the privacy of 3D spatial GPS coordinates. Experimental examination of real spatial location datasets demonstrates that the proposed 3D spatial location perturbation method outperforms other existing methods in terms of location service quality loss, data availability, and operational efficiency with the same privacy budget.

computer science, theory & methods, software engineering

Huang Zhangwei,Xin Mingjun

DOI: https://doi.org/10.1109/NSWCTC.2010.243

2010-01-01

Abstract:In order to protect users' location privacy for Location-based Service (LBS), this paper proposes a spatial cloaking protocol satisfied k-anonymity, to generate a cloak area and guarantee users' privacy. Firstly, it analyzes the present solutions for privacy protection. Then, a distributed model is presented in this paper, which does not rely on the intermediate anonymizer. Furthermore, it elaborates the process of spatial cloaking for location privacy by introducing a communication chain, which updating the current minimum cloak area that covers k users. Finally, it discusses the robustness in two risk scenarios, and demonstrates the spatial cloaking protocol performs better than former method.

Linke Guo,Chi Zhang,Yuguang Fang

DOI: https://doi.org/10.1109/CNS.2013.6682699

2013-01-01

Abstract:Location-based services enable people to obtain various kinds of services based on their current locations. Recently, the geosocial networking services, which utilize mobile users' location information to realize social interactions, lead to numerous fascinating applications, such as content sharing, social shopping, food sourcing, and so on. However, extensive and unnecessary uses of mobile users' spatial and temporal information pose conspicuous privacy threats not only to their locations, but also to the shared contents, which may contain sensitive information, such as special interests, real identity, and crucial social relationships. To preserve the privacy of mobile users, we may apply the attribute-based encryption (ABE) schemes to secure mobile users' location and their contents. Unfortunately, existing approaches fail to jointly consider the privacy of the past shared contents and the accessibility of the updated contents for non-revoked users. In this paper, we propose a privacy-preserving revocable content sharing scheme in geosocial networks. Our scheme allows mobile users to share their encrypted location-based contents on an untrusted server without revealing actual location information, and further enables other mobile users who physically check in at the particular location to search and decrypt the content if they have the corresponding attributes. Importantly, to secure mobile users' past shared contents and the corresponding location information, we design an efficient ciphertext update scheme to allow encrypted shared contents to be periodically updated and become inaccessible to revoked users. By trace-driven simulations, we show both the efficiency and privacy preservation of the proposed scheme.

Gabriel Ghinita,Kien Nguyen,Mihai Maruseac,Cyrus Shahabi

DOI: https://doi.org/10.1007/s10707-020-00410-1

IF: 2.7729

GeoInformatica

Abstract:Monitoring location updates from mobile users has important applications in many areas, ranging from public health (e.g., COVID-19 contact tracing) and national security to social networks and advertising. However, sensitive information can be derived from movement patterns, thus protecting the privacy of mobile users is a major concern. Users may only be willing to disclose their locations when some condition is met, for instance in proximity of a disaster area or an event of interest. Currently, such functionality can be achieved using searchable encryption. Such cryptographic primitives provide provable guarantees for privacy, and allow decryption only when the location satisfies some predicate. Nevertheless, they rely on expensive pairing-based cryptography (PBC), of which direct application to the domain of location updates leads to impractical solutions. We propose secure and efficient techniques for private processing of location updates that complement the use of PBC and lead to significant gains in performance by reducing the amount of required pairing operations. We implement two optimizations that further improve performance: materialization of results to expensive mathematical operations, and parallelization. We also propose an heuristic that brings down the computational overhead through enlarging an alert zone by a small factor (given as system parameter), therefore trading off a small and controlled amount of privacy for significant performance gains. Extensive experimental results show that the proposed techniques significantly improve performance compared to the baseline, and reduce the searchable encryption overhead to a level that is practical in a computing environment with reasonable resources, such as the cloud.

Zhengang Wu,Liangwen Yu,Jiawei Zhu,Huiping Sun,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-39527-7_31

2013-01-01

Abstract:With rapidly popular location-aware applications, location privacy becomes an emerging issue. This paper studies how to protect the two-fold privacy for both client-side and server-side in location-based queries. This technique is a significant component in privacy-friendly Location Based Services (LBS). Participants protect their own privacy. The LBS server protects against excessive disclose of location records in its Points of Interest (POIs) database while the mobile user protects his exact location by the cloaking technique. The proposed hybrid approach can achieve the challenging goal. Our solution integrates the cloaking technique with a cryptographic protocol, Private Set Intersection (PSI). In addition, this solution is secure in malicious model and also practical. © 2013 Springer-Verlag.

Lin Zhang,Mingxuan Yuan,Yao Guo,Xiangqun Chen,Lei Chen

DOI: https://doi.org/10.1109/compsac.2014.94

2014-01-01

Abstract:The emerging geo-social networks bring us attractive location-based services as well as serious location-related privacy threats. Location information of users in geo-social networks might be revealed by friends carelessly, or deduced by users curiously or even maliciously. In order to avoid location leakages, we propose collaborative privacy management in geo-social networks. Users specify and broadcast their preferences on location-related privacies in advance, so that potential leakages can be reported automatically when new resources arrive. If necessary, the associated spatial and/or temporal information of resources will be tweaked according to the privacy preferences of involving users, so that "old" leakages can be eliminated while ensuring that "new" ones are not introduced. We design algorithms for such tweaks and construct experiments on a simulated dataset to demonstrate their usability and applicability.

Jingyu Hua,Wei Tong,Fengyuan Xu,Sheng Zhong

DOI: https://doi.org/10.1109/tifs.2017.2779402

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:As location-based services (LBSs) on smartphones become increasingly popular, such services are causing serious privacy concerns, because many users are unwilling to see their location information leaked to service providers. Recently, in order to protect users’ location privacy, researchers have introduced geo-indistinguishability, the first specialized privacy model for LBSs that can provide provable privacy guarantees. Intuitively, geo-indistinguishability means that through perturbation, any two locations within a given distance produce observations with similar distributions, and thus, attackers have no way to learn users’ real locations. However, even if geo-indistinguishability is achieved, there remains a significant threat to users’ location privacy: the privacy consumption increases with the number of queries for the existing geo-indistinguishable location perturbation mechanism, and therefore, there is a high risk of privacy violation when the number of queries is not small. In this paper, we enhance the privacy protection for LBSs by proposing an improved geo-indistinguishable mechanism. It can reduce the privacy costs to almost 0 when the user’s location satisfies a condition. We also present an improvement to further reduce the privacy costs when the above condition is not satisfied. Evaluations upon two public trace data sets show that the proposed mechanisms can dramatically save the privacy budget and thus support much more queries. The results also show that the proposed mechanisms are efficient, and their performance is controllable.

zheng jiangyu,tan xiaobin,zou cliff,niu yukun,zhu jin

DOI: https://doi.org/10.1109/ChiCC.2014.6895872

2014-01-01

Abstract:With the widespread use of mobile devices, the location-based service (LBS) applications become increasingly popular, which introduces the new security challenge to protect user's location privacy. On one hand, a user expects to report his own location as far as possible away from his real location to protect his location privacy. On the other hand, in order to obtain high quality of service (QoS), users are required to report their locations as accurate as possible. To achieve the dedicated tradeoff between privacy requirement and QoS requirement, we propose a novel approach based on cloaking technique. We also discuss the disadvantage of the traditional general system model and propose an improved model. The basic idea of our approach is to select a sub-area from the generated cloaking area as user's reported location. The sub-area may not contain a user's real location, which prevents an adversary from performing attack with side information. Specifically, by defining an objective function with a novel location privacy metric and a QoS metric, we are able to convert the privacy issue to an optimization problem. Then, location privacy metric and QoS metric are given. To reduce the complexity of the optimization, a heuristic algorithm is proposed. Through privacy-preserving analysis and comparison with related work [8], we demonstrate the effectiveness and efficiency of our approach.

Mahrokh Abdollahi Lorestani,Thilina Ranbaduge,Thierry Rakotoarivelo

2024-09-13

Abstract:With the ubiquitous use of location-based services, large-scale individual-level location data has been widely collected through location-awareness devices. The widespread exposure of such location data poses significant privacy risks to users, as it can lead to re-identification, the inference of sensitive information, and even physical threats. In this survey, we analyse different geomasking techniques proposed to protect individuals' privacy in geodata. We propose a taxonomy to characterise these techniques across various dimensions. We then highlight the shortcomings of current techniques and discuss avenues for future research. Our proposed taxonomy serves as a practical resource for data custodians, offering them a means to navigate the extensive array of existing privacy mechanisms and to identify those that align most effectively with their specific requirements.

Cryptography and Security

Xiaoyan Zhu,Haotian Chi,Shunrong Jiang,Xiaosan Lei,Hui Li

DOI: https://doi.org/10.1109/ICC.2014.6883667

2014-01-01

Abstract:Location-based services (LBSs) are attracting more and more attentions with the increasing popularity of mobile devices and online social networking. In LBSs, users can conveniently obtain their interested information by sending queries to the LBS server. However, users' queries include their identities, locations, interests, etc, which may result in the leakage of users' trajectory and other sensitive information. Although the existing obfuscation and location anonymization techniques along with a long-term pseudonym can protect users' location privacy to some extent, users' real identities and moving trajectories can still be deduced through long-term observation and side information aided inference attacks. To address these problems, we propose a dynamic pseudo-ID system, where unlinkable pseudo-IDs are used by users to completely hide their identities in the queries, in order to break the link between users' identities and their locations. Moreover, we employ certificates to ensure the verifiability and traceability of the dynamic pseudo-IDs. Security analysis and evaluation results show that the proposed scheme can enhance user' privacy and is feasible to implement into mobile devices.

Meng Han,Lei Li,Ying Xie,Jinbao Wang,Zhuojun Duan,Ji Li,Mingyuan Yan

DOI: https://doi.org/10.1109/access.2018.2805464

IF: 3.9

2018-01-01

IEEE Access

Abstract:While enjoying the convenience of location-based services (LBSs) in everyday life, wireless device users could also put their location privacy at risk. An untrusted LBS provider can store mobile users' data on its server, track users in various ways or share users location data to the third parties. To protect LBS users' privacy, many position confusion algorithms were proposed, but those algorithms often have difficulty balancing the utility-privacy tradeoffs. In this paper, we propose a new cognitive approach that enables nearcomplete privacy protection for LBS users by leveraging existing social network resources. We introduce a heterogeneous multi-server architecture that cuts off the direct connection between the LBS queries and the query issuers, and an auction-based incentive mechanism guaranteed user participation, which is critical for the success of the proposed architecture. A simulation system and a smartphone application were developed, and our evaluation results show that the proposed method can not only achieve the near-total privacy protection for LBS users, but also significantly improve the quality of the services.

Kamenyi M. Domenic,Yong Wang,Fengli Zhang,Imran Memon,Yankson H. Gustav

DOI: https://doi.org/10.1109/iciii.2013.6702947

2013-01-01

Abstract:Mobile devices (e.g., smart phones) and location based services are very popular with today's users. Due to this popularity, there has been a tremendous increase in use of these services and as a result, leakages of both location and query contents is common. In a case where users are constrained by road network, an attacker can follow users' trajectory with ease. Most of the current privacy preserving solutions focus on temporal and spatial cloaking based methods to protect users' location privacy. However, these solutions are vulnerable when subjected to continuous query environments. In this paper, we offer our solution to the problem of preserving privacy of users' trajectory for continuous LBS queries in road networks. We propose a centralized architecture in form of honest-but-curious model to provide anonymity for users as they use LBS services. To achieve this, we employ mix zone approach and design two algorithms namely; Optimal Mixing Load Sub-graph (OMLS) Algorithm that finds an optimal placement of mix zones and creates three levels of security, and Semantically Based Graph Abstraction (SBGA) Algorithm that uses the three layers of security to achieve greater anonymity strength. We analyze the capability of our algorithms to withstand attacks prone to mix zones and carry out experiments to verify this. The experiments results show that our Algorithms preserves privacy for users based on their privacy condition.