林欣,李善平,杨朝晖

DOI: https://doi.org/10.3724/SP.J.1001.2009.03428

2009-01-01

Journal of Software

Abstract:k-Anonymity is an important solution to protecting privacy of queries in LBS (location-based service). However, it is pointed out in literatures that k-anonymity cannot protect privacy of continuous queries effectively. A continuous query issuing model is proposed, which incorporates a query issuing interval model and a consecutive queries relationship model. Under this continuous query issuing model, two attacking algorithms are proposed for Clique Cloaking and Non-clique Cloaking respectively. Then this paper argues that the cardinality of anonymity-set is not a good anonymity measurement under such attack and an entropy-based anonymity measurement AD (anonymity degree) is proposed. Experimental results demonstrate that the attacking algorithms have high success rate in identifying query senders when the consecutive queries have strong relationship, and that AD is a better anonymity measurement than the cardinality of anonymity-set.

YANG Zhao-hui,LI Shan-ping,LIN Xin

DOI: https://doi.org/10.3785/j.issn.1008-973x.2011.07.003

2011-01-01

Abstract:A limitation in current design of K-anonymity services for location based services(LBS) is that they only provide a given minimum level of anonymity as QoS guarantee and can't improve the anonymity level for users when service resources are capable.The anonymous query result size was proposed as a new QoS target in order to measure and constrain resource consumption on the K-anonymity service and LBS per user query.Then appropriate anonymity level can be selected under such constraint.Theoretical analysis was performed to find mathematical relation between anonymous query result size and anonymity level,leading to the construction of anonymity level adaptation algorithm.The simulation results accorded well with the theoretical relation.The anonymity level adaptation algorithm can control anonymous query result size to stay around the specified QoS target.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Guofei Chai,Miao Xu,Wenyuan Xu,Zhiyun Lin

DOI: https://doi.org/10.1155/2012/648058

IF: 1.938

2012-01-01

International Journal of Distributed Sensor Networks

Abstract:Due to the shared nature of wireless communication media, a powerful adversary can eavesdrop on the entire radio communication in the network and obtain the contextual communication statistics, for example, traffic volumes, transmitter locations, and so forth. Such information can reveal the location of the sink around which the data traffic exhibits distinctive patterns. To protect the sink-location privacy from a powerful adversary with a global view, we propose to achieve k-anonymity in the network so that at least k entities in the network are indistinguishable to the nodes around the sink with regard to communication statistics. Arranging the location of k entities is complex as it affects two conflicting goals: the routing energy cost and the achievable privacy level, and both goals are determined by a nonanalytic function. We model such a positioning problem as a nonlinearly constrained nonlinear optimization problem. To tackle it, we design a generic-algorithm-based quasi-optimal (GAQO) method that obtains quasi-optimal solutions at quadratic time. The obtained solutions closely approximate the optima with increasing privacy requirements. Furthermore, to solve k-anonymity sink-location problems more efficiently, we develop an artificial potential-based quasi-optimal (APQO) method that is of linear time complexity. Our extensive simulation results show that both algorithms can effectively find solutions hiding the sink among a large number of network nodes.

Lin Yao,Chi Lin,Guangya Liu,Fangyu Deng,Guowei Wu

DOI: https://doi.org/10.1109/ares.2012.40

2012-01-01

Abstract:The large-scale deployment of location-based services (LBSs) brings about the potential abuse of their clients' personal information. Therefore, location privacy in LBSs is significant. Ensuring location privacy for mobile users is an effort to prevent semi-honest or dishonest service providers from abusing the location information. Though there exist several techniques to preserve location privacy of mobile users, these techniques cannot effectively protect the location privacy in continuous location-based services. In this paper, we propose a location anonymity scheme based on the fake queries in continuous location-based services. To prevent attackers from tracing a mobile user by his continuous queries, some fake continuous queries will be injected by some neighbors. These fake queries can produce equivalent fake paths similar to the user's mobile path, because they are generated according to the user's speed and mobile direction. It is so difficult for the attackers to distinguish the real continuous queries from other fake queries. Security analysis shows that our scheme can resist the continuous queries attack, maximum speed attack and abnormal points attack. Experimental results manifest that our scheme can provide stringent privacy guarantees and is beyond the limitation of existing algorithms based on K-anonymity technique.

Jinbao Wang,Yingshu Li,Donghua Yang,Hong Gao,Guangchun Luo,Jianzhong Li

DOI: https://doi.org/10.1109/access.2017.2766669

IF: 3.9

2017-01-01

IEEE Access

Abstract:Location-based services (LBS) leveraged by ubiquitous mobile devices have brought great convenience to mobile users in various aspects, including communication, information exchange, social activities, and so on. However, privacy concerns arise at the same time, since the users need to submit their locations and query contents to the LBS servers. To this end, location privacy and query privacy have been recognized. In particular, this paper focuses on query privacy for preventing the leakage of users' query contents. Cloaking region-based techniques using untrusted servers and client-based k-anonymity approaches have been devised to preserve query privacy in LBS. However, these works suffer from single point of failure or insufficiency of query privacy. To address this issue, we investigate effective k-anonymity-based solutions for query privacy in LBS. We formulate a probabilistic framework PkA, under which k-anonymity-based mechanisms can be initiated, and analyze a recent proposed algorithm DLS as an instance of PkA. An algorithm circle segment is presented to provide effective query privacy when query interests have similar prior probability. To obtain more effective query privacy in general cases, we propose two algorithms MEE and MER, which optimize two individual privacy metrics, denoted expected entropy and expected max-min ratio, adopted in this paper. We recognize two practical properties - No More Leakage and k-Effectiveness for effective query privacy, and our proposed algorithms satisfy both of No More Leakage and k-Effectiveness. We conduct evaluation based on real-life data sets and synthetic distributions of query interests, and the evaluation results demonstrate that our proposed algorithms produce significantly improved query privacy.

Dan Liao,Hui Li,Gang Sun,Vishal Anand

DOI: https://doi.org/10.1109/glocom.2015.7417512

2015-01-01

Abstract:Preserving user location and trajectory privacy while using location-based service (LBS) is an important issue. To address this problem, we first construct three kinds of attack models that can expose a user's trajectory or path while the user is sending continuous queries to a LBS server. Then we propose the k- anonymity trajectory (KAT) algorithm, which is suitable for both single query and continuous queries. Different from existing works, the KAT algorithm selects k-1 dummy locations using the sliding widow based k- anonymity mechanism when the user is making single queries and selects k-1 dummy trajectories using the trajectory selection mechanism for continuous queries. We evaluate and validate the effectiveness of our proposed algorithm by conducting simulations for the single and continuous query scenarios.

Yilei Wang,Hao Zhou,Yingjie Wu,Lan Sun

DOI: https://doi.org/10.1109/iccse.2012.6295197

2012-01-01

Abstract:Recently, several techniques have been proposed to protect the user location privacy for location-based services in road network environments. A typical approach for user location privacy protection is to blur a user location into a cloaked set of road segments S such that S satisfies the user specified privacy requirements. However, these location cloaking algorithms work with snapshot locations only and do not consider the effect of continuous location updates. Applying these algorithms directly to continuous queries would lead to privacy leakage if attackers have knowledge about maximum user velocity, namely velocity-based Attack. In this paper, we present the privacy safety condition to defend against velocity-based attack, and propose an anonymity algorithm based on greedy strategy to preserve user privacy. The experiment results based on dataset of real network show the algorithm is effective and feasible.

Qian Wang,Zhiwei Xu,Shengzhi Qu

DOI: https://doi.org/10.4304/jsw.6.10.1945-1952

2011-01-01

Journal of Software

Abstract:k-anonymity is an important model in the field of privacy protection and it is an effective method to prevent privacy disclosure in micro-data release. However, it is ineffective for the attribute disclosure by the homogeneity attack. The existing models based on k-anonymity have solved this problem to a certain extent, but they did not distinguish the different values of the sensitive attribute, processed a series of unnecessary generalization and expanded the information loss when they protect the sensitive attribute. Based on k-anonymity, this paper proposed a model based on average leakage probability and probability difference of sensitive attribute value. It is not only an effective method to deal with the problem of attributes disclosure that k-anonymity cannot deal, but also to realize different levels of protection to the various sensitive attribute values. It has reduced the generalization to the data in the most possibility during the procedure and ensures the most effectiveness of quasi-identifier attributes. Greedy generalization algorithm based on the generalization information loss is also proposed in this paper. To choose the generalization attributes, the information loss is considered and the importance of generalization attribute to sensitive attribute is accounted as well. Comparison experiment and performance experiment are made to the proposed model. The experiment results show that the model is feasible.

Zhenqiang Gong,Guang-Zhong Sun,Xing Xie

DOI: https://doi.org/10.1109/MDM.2010.33

2010-01-01

Abstract:The emerging location-detection devices together with ubiquitous connectivity have enabled a large variety of location-based services (LBS). Unfortunately, LBS may threaten the users’ privacy. K-anonymity cloaking the user location to K-anonymizing spatial region (K-ASR) has been extensively studied to protect privacy in LBS. Traditional K-anonymity method needs complex query processing algorithms at the server side. SpaceTwist [8] rectifies the above shortcoming of traditional K-anonymity since it only requires incremental nearest neighbor (INN) queries processing techniques at the server side. However, Space Twist may fail since it cannot guarantee K-anonymity. In this paper, our proposed framework, called KAWCR (K-anonymity Without Cloaked Region), rectifies the shortcomings and retains the advantages of the above two techniques. KAWCR only needs the server to process INN queries and can guarantee that the users issuing the query is indistinguishable from at least K-1 other users. The extensive experimental results show that the communication cost of KAWCR for kNN queries is lower than that of both traditional K-anonymity and SpaceTwist.

Shaobo Zhang,Xiong Li,Zhiyuan Tan,Tao Peng,Guojun Wang

DOI: https://doi.org/10.1016/j.future.2018.10.053

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:With the rapid pervasion of location-based services (LBSs), protection of location privacy has become a significant concern. In most continuous LBSs’ privacy-preserving solutions, users need to transmit the location query data to an untrusted location service provider (LSP) to obtain query results, and the users discard these results immediately after using them. This results in an ineffective use of these results by future queries and in turn leads to a higher risk to user privacy from the LSP. To address these issues, we generally use caching to cache the query results for users’ future queries. However, the minimization of the interaction between users and LSPs is a challenge. In this paper, we propose an enhanced user privacy scheme through caching and spatial K-anonymity (CSKA) in continuous LBSs; it adopts multi-level caching to reduce the risk of exposure of users’ information to untrusted LSPs. In continuous LBS queries, our scheme first utilizes the Markov model to predict the next query location according to the user mobility. Then, according to the predicted location, cell’s cache contribution rate, and data freshness, an algorithm for forming spatial K-anonymity is designed to improve the user’s cache hit rate and enhance the user location privacy. The security analysis and simulation results demonstrate that our proposed CSKA scheme can provide higher privacy protection than a few previous methods, and it can minimize the overhead of the LBS server.

Ping Zhao,Jie Li,Fanzi Zeng,Fu Xiao,Chen Wang,Hongbo Jiang

DOI: https://doi.org/10.1109/JIOT.2018.2799545

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:With the increasing popularity of location-based services (LBSs), it is of paramount importance to preserve one's location privacy. The commonly used location privacy preserving approach, location k-anonymity, strives to aggregate the queries of k nearby users within a so-called cloaked region via a trusted third-party anonymizer. As such, the probability to identify the location of every user inv...

Yu-Meng Ye,Chang-Chun Pan,Gen-Ke Yang

DOI: https://doi.org/10.1007/978-981-10-0934-1_23

2016-01-01

Abstract:Location-Based Service (LBS) has been an indispensable part of our daily life. However, LBS may cause the risk of revealing the location privacy of the users, and that could be abused illegally. To defend users’ location privacy against the threats, we propose a location information authentication system with a revised algorithm based on a trusted third-party architecture. The improved algorithm is built upon the so-called CliqueCloak theorem which is supposed to prevent the privacy disclose caused by side information. Our contribution lies in developing a revised top location algorithm to reprocess the points failing in K-anonymity process. Using the set of road network top locations on the map, we could assign those points a new anonymous area. Our experiments show that the improved personalized k-anonymity location information authentication algorithm outperforms the classical one in terms of the success rate and the computing efficiency.

Lin Yao,Guowei Wu,Jia Wang,Feng Xia,Chi Lin,Guojun Wang

DOI: https://doi.org/10.1587/transinf.E95.D.134

2012-01-01

IEICE Transactions on Information and Systems

Abstract:The continuous advances in sensing and positioning technologies have resulted in a dramatic increase in popularity of Location-Based Services (LBS). Nevertheless, the LBS can lead to user privacy breach due to sharing location information with potentially malicious services. A high degree of location privacy preservation for LBS is extremely required. In this paper, a clustering K-anonymity scheme for location privacy preservation (namely CK) is proposed. The CK scheme does not rely on a trusted third party to anonymize the location information of users. In CK scheme, the whole area that all the users reside is divided into clusters recursively in order to get cloaked area. The exact location information of the user is replaced by the cloaked spatial temporal boundary (STB) including K users. The user can adjust the resolution of location information with spatial or temporal constraints to meet his personalized privacy requirement. The experimental results show that CK can provide stringent privacy guarantees, strong robustness and high QoS (Quality of Service).

Xiao Pan,Xiaofeng Meng,Jianliang Xu

DOI: https://doi.org/10.1145/1653771.1653808

2009-01-01

Abstract:Privacy preservation has recently received considerable attention for location-based mobile services. Various location cloaking approaches have been proposed to protect the location privacy of mobile users. However, existing cloaking approaches are ill-suited for continuous queries. In view of the privacy disclosure and poor QoS (Quality of Service) under continuous query anonymization, in this paper, we propose a δ p -privacy model and a δ q -distortion model to balance the tradeoff between user privacy and QoS. Furthermore, two incremental utility-based cloaking algorithms --- bottom-up cloaking and hybrid cloaking , are proposed to anonymize continuous queries. Experimental results validate the efficiency and effectiveness of the proposed algorithms.

Wang Yilei,Zhou Hao,Wu Yingjie,Sun Lan

2013-01-01

Abstract:To solve the possible privacy breach in the continuous queries of location based services,an algorithm for continuous queries privacy preservation based on history trajectories was proposed.It was found that the traditional greedy algorithm for anonymizing two trajectories cannot guarantee global minimal trajectory distortions.Therefore,a dynamic programming trajectories anonymization algorithm was firstly presented,which could find out the best pairing scheme with global optimal distortions between history trajectory and base trajectory.After that,an effective trajectories anonymization algorithm for continuous queries privacy preserving was put forward.Experimental analysis was designed by comparing the algorithm in this paper and the traditional algorithms on the data quality of released trajectories.Experimental results show that the proposed algorithm in this paper is effective and feasible.

Ben Niu,Qinghua Li,Xiaoyan Zhu,Guohong Cao,Hui Li

DOI: https://doi.org/10.1109/INFOCOM.2014.6848002

2014-01-01

Abstract:Location-Based Service (LBS) has become a vital part of our daily life. While enjoying the convenience provided by LBS, users may lose privacy since the untrusted LBS server has all the information about users in LBS and it may track them in various ways or release their personal data to third parties. To address the privacy issue, we propose a Dummy-Location Selection (DLS) algorithm to achieve k-anonymity for users in LBS. Different from existing approaches, the DLS algorithm carefully selects dummy locations considering that side information may be exploited by adversaries. We first choose these dummy locations based on the entropy metric, and then propose an enhanced-DLS algorithm, to make sure that the selected dummy locations are spread as far as possible. Evaluation results show that the proposed DLS algorithm can significantly improve the privacy level in terms of entropy. The enhanced-DLS algorithm can enlarge the cloaking region while keeping similar privacy level as the DLS algorithm.

Yong Wang,Long-ping He,Jing Peng,Ting-ting Zhang,Hong-zong Li

DOI: https://doi.org/10.1109/ICPADS.2012.38

2012-01-01

Abstract:Location-based services (LBSs) have become a popular and important way to provide real-time information and guidance. The abuse of mobile users' location data, which may violate their sensitive and private personal information, is one of the major challenges faced by LBS. On the other hand, the query launched by mobile users should not be linked to them even if they are required to expose their location information to attain some services. However, many location based systems (e.g., mobile social networks, store finders) are lacking of users' private preserving consideration. In this paper, we focuse-focus on the issues related to query linking privacy. Particularly, we aim to preserve mobile users' privacy in location based mobile systems where their location information may be available, furthermore, while facing attacks, the sensitive data of a specific mobile user launching the query should not be disclosed to an adversary. We present a new query linking privacy preserving algorithm (V-DCA) for continuous LBS by taking the user's velocity and acceleration similarity into consideration. The consecutive generated cloaked sets are used to create the new cloaked region, which decreases the complexity of the algorithm while fulfilling the privacy requirement. The simulation results show that V-DCA can preserve mobile user's privacy as well as provide better Quality of Service (QoS).

Tanzima Hashem,Lars Kulik,Rui Zhang

DOI: https://doi.org/10.1016/j.is.2012.07.001

IF: 3.18

2013-01-01

Information Systems

Abstract:An important class of LBSs is supported by the moving k nearest neighbor (MkNN) query, which continuously returns the k nearest data objects for a moving user. For example, a tourist may want to observe the five nearest restaurants continuously while exploring a city so that she can drop in to one of them anytime. Using this kind of services requires the user to disclose her location continuously and therefore may cause privacy leaks derived from the user's locations. A common approach to protecting a user's location privacy is the use of imprecise locations (e.g., regions) instead of exact positions when requesting LBSs. However, simply updating a user's imprecise location to a location-based service provider (LSP) cannot ensure a user's privacy for an MkNN query: continuous disclosure of regions enable LSPs to refine more precise location of the user. We formulate this type of attack to a user's location privacy that arises from overlapping consecutive regions, and provide the first solution to counter this attack. Specifically, we develop algorithms which can process an MkNN query while protecting the user's privacy from the above attack. Extensive experiments validate the effectiveness of our privacy protection technique and the efficiency of our algorithm.

Wang Eric Ke,Ye Yunming

DOI: https://doi.org/10.1155/2014/979201

IF: 1.938

2014-01-01

International Journal of Distributed Sensor Networks

Abstract:With continuous queries that are used widely in location based mobile social networking services, how to protect the location privacy effectively for continuous query has been a hot topic for researchers. In this paper, we analyze the existing location privacy protection systems and algorithms for location based services; considering their disadvantages of slow responding time and high anonymization costs, we propose a new enhanced greedy cloaking algorithm which predicts a cloaking area at the initial query to be the cloaking region in the whole query lifetime by the comprehensive computation of privacy monitor, quality monitor, and dynamic adjuster. Privacy monitor and quality monitor charge the privacy protection level and service quality degree respectively; dynamic adjuster can adjust the cycle center point dynamically. We employ cycle as cloaking region form which can effectively alleviate the computation overhead. And we compare it with the earlier algorithm on three aspects. The experimental result shows that the enhanced greedy cloaking algorithm is better than the original greedy algorithm on average responding time or anonymization cost. © 2014 Eric Ke Wang and Yunming Ye.