Lin Yao,Chi Lin,Xiangwei Kong,Feng Xia,Guowei Wu

DOI: https://doi.org/10.1109/GreenCom-CPSCom.2010.109

2010-01-01

Abstract:In pervasive computing environments, Location-Based Services (LBSs) are becoming increasingly important due to continuous advances in mobile networks and positioning technologies. Nevertheless, the wide deployment of LBSs can jeopardize the location privacy of mobile users. Consequently, providing safeguards for location privacy of mobile users against being attacked is an important research issue. In this paper a new scheme for safeguarding location privacy is proposed. Our approach supports location K-anonymity for a wide range of mobile users with their own desired anonymity levels by clustering. The whole area of all users is divided into clusters recursively in order to get the Minimum Bounding Rectangle (MBR). The exact location information of a user is replaced by his MBR. Privacy analysis shows that our approach can achieve high resilience to location privacy threats and provide more privacy than users expect. Complexity analysis shows clusters can be adjusted in real time as mobile users join or leave. Moreover, the clustering algorithms possess strong robustness.

Yanzhe Che,Qinming He,Xiaoyan Hong,Kevin Chiew

DOI: https://doi.org/10.1002/dac.2650

2013-01-01

International Journal of Communication Systems

Abstract:While enjoying various LBS location-based services, users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer-to-peer P2P networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x-region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x-region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x-region, together with three algorithms for generating an x-region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.

Rongxing Lu,Xiaodong Lin,Zhiguo Shi,Jun Shao

DOI: https://doi.org/10.1109/infocom.2014.6848003

2014-01-01

Abstract:In this paper, we propose a privacy-preserving framework, called PLAM, for local-area mobile social networks. The proposed PLAM framework employs a privacy-preserving request aggregation protocol with k-Anonymity and l-Diversity properties while without involving a trusted anonymizer server to keep user preference privacy when querying location-based service (LBS), and integrates unlinkable pseudo-ID technique to achieve user identity privacy, location privacy. Moreover, the proposed PLAM framework also introduces the privacy-preserving and verifiable polynomial computation to keep LBS provider's functions private while preventing the provider from cheating in computation. Detailed security analysis shows that the proposed PLAM framework can not only achieve desirable privacy requirements but also resist outside attacks on source authentication, data integrity and availability. In addition, extensive simulations are also conducted, and simulation results guide us on how to set proper thresholds for k-anonymity, l-diversity to make a tradeoff between the desirable user preference privacy level and the request delay in different scenarios.

Hongyu Jin,Panos Papadimitratos

DOI: https://doi.org/10.1145/3319401

2020-01-22

Abstract:Location-Based Services (LBSs) provide valuable services, with convenient features for mobile users. However, the location and other information disclosed through each query to the LBS erodes user privacy. This is a concern especially because LBS providers can be honest-but-curious, collecting queries and tracking users' whereabouts and infer sensitive user data. This motivated both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome disadvantages of centralized schemes, eliminating anonymizers, and enhancing users' control over sensitive information. However, an insecure decentralized system could create serious risks beyond private information leakage. More so, attacking an improperly designed decentralized LBS privacy protection scheme could be an effective and low-cost step to breach user privacy. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. We show our scheme can be deployed with off-the-shelf devices based on an experimental evaluation of an implementation in a static automotive testbed.

Cryptography and Security

Junliang Liu,Zheng Yang,Yunhao Liu

DOI: https://doi.org/10.1109/icpads.2012.36

2012-01-01

Abstract:Location-based Service (LBS) becomes increasingly important for wireless and mobile networks. In current LBS schemes, Service Providers (SPs) require users report their accurate locations, which can be illegally used by adversaries to infer sensitive information of users. Privacy disclosure raises serious concerns and limits the application of LBS. Previous solutions either rely on pre-installed centralized intermediary or assume cooperative users. Other distributed solutions, lacking of user obligation, only provide relatively poor anonymity. In this study, we propose a new solution of pseudonym change, which works for non-cooperative users and in the absence of intermediary. The basic idea behind our solution is ad-hoc anonymity. The proposed solution allows users to decide whether or not participating according to their own wills. In addition, artificially generated dummies mix up all the users who have participated in pseudonym changes at different times. Theoretical analysis demonstrates that asynchronous pseudonym change and dummy participation notably enhance privacy protection. We implement our solution on a real-world dataset of mobile phone users, which is collected at Boston, MA, and by the Reality Mining, MIT. The simulation results show that our approach significantly outperforms existing solutions.

Niu Ben,Zhu Xiaoyan,Chi Haotian,Li Hui

DOI: https://doi.org/10.1109/cc.2013.6623499

2013-01-01

Abstract:With the rapid development of location-aware devices such as smart phones, Location-Based Services (LBSs) are becoming increasingly popular. Users can enjoy convenience by sending queries to LBS servers and obtaining service information that is nearby. However, these queries may leak the users' locations and interests to the un-trusted LBS servers, leading to serious privacy concerns. In this paper, we propose a Privacy-Preserving Pseudo-Location Updating System (3PLUS) to achieve k-anonymity for mobile users using LBSs. In 3PLUS, without relying on a third party, each user keeps pseudo-locations obtained from both the history locations and the encountered users, and randomly exchanges one of them with others when encounters occur. As a result, each user's buffer is disordered. A user can obtain any k locations from the buffer to achieve k-anonymity locally. The security analysis shows the security properties and our evaluation results indicate that the user's privacy is significantly improved.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Yu Wang,Dingbang Xu,Xiao He,Chao Zhang,Fan Li,Bin Xu

DOI: https://doi.org/10.1109/INFCOM.2012.6195577

2012-01-01

Abstract:Location privacy has been a serious concern for mobile users who use location-based services provided by the third-party provider via mobile networks. Recently, there have been tremendous efforts on developing new anonymity or obfuscation techniques to protect location privacy of mobile users. Though effective in certain scenarios, these existing techniques usually assume that a user has a constant privacy requirement along spatial and/or temporal dimensions, which may not be true in real-life scenarios. In this paper, we introduce a new location privacy problem: Location-aware Location Privacy Protection (L2P2) problem, where users can define dynamic and diverse privacy requirements for different locations. The goal of the L2P2 problem is to find the smallest cloaking area for each location request so that diverse privacy requirements over spatial and/or temporal dimensions are satisfied for each user. In this paper, we formalize two versions of the L2P2 problem, and propose several efficient heuristics to provide such location-aware location privacy protection for mobile users. Through multiple simulations on a large data set of trajectories for one thousand mobile users, we confirm the effectiveness and efficiency of the proposed L2P2 algorithms.

Zhengang Wu,Liangwen Yu,Jiawei Zhu,Huiping Sun,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1109/UIC-ATC-ScalCom.2014.19

2014-01-01

Abstract:In mobile Internet, Location-Based Services (LBSs) as a popular kind of context-aware recommendation systems can recommend Point of Interest (POI) data according to current locations of users. However, the inherent feature leads to leak sensitive location information of users into untrusted LBS providers. This paper aims at the location privacy problem on query prediction which forecasts next locations and violates user privacy seriously. To tackle this, we propose a novel location privacy protection solution. The contribution is three-fold. First, we model query prediction on cloaking regions using the Bayesian inference. Next, the proposed location anonymization method can generalize locations into safer cloaking regions against such query prediction attacks. Finally, a series of experiments evaluate the performance of this solution and demonstrate its availability.

Zhengang Wu,Liangwen Yu,Jiawei Zhu,Huiping Sun,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-39527-7_31

2013-01-01

Abstract:With rapidly popular location-aware applications, location privacy becomes an emerging issue. This paper studies how to protect the two-fold privacy for both client-side and server-side in location-based queries. This technique is a significant component in privacy-friendly Location Based Services (LBS). Participants protect their own privacy. The LBS server protects against excessive disclose of location records in its Points of Interest (POIs) database while the mobile user protects his exact location by the cloaking technique. The proposed hybrid approach can achieve the challenging goal. Our solution integrates the cloaking technique with a cryptographic protocol, Private Set Intersection (PSI). In addition, this solution is secure in malicious model and also practical. © 2013 Springer-Verlag.

Akiyoshi Suzuki,Mayu Iwata,Yuki Arase,Takahiro Hara,Xing Xie,Shojiro Nishio

DOI: https://doi.org/10.1145/1869790.1869846

2010-01-01

Abstract:ABSTRACTRecent mobile devices are mostly equipped with a GPS receiver. This trend has arisen a variety of location based services (LBSs) which enable users to search local information of their current locations. To use LBSs, a user needs to send his/her location information to a service provider. Users' location information is inherently private, since it can reveal the critical information. In this paper, we propose a method to protect the user's location privacy by sending the user's location with dummy locations, which are determined based on the user's current location. We conduct an experiment to evaluate the effectiveness of our proposed method using real users' trajectories on a real map.

Ben Niu,Xiaoyan Zhu,Weihao Li,Hui Li,Yingjuan Wang,Zongqing Lu

DOI: https://doi.org/10.1109/iccnc.2015.7069322

2015-01-01

Abstract:The ubiquity of modern mobile devices with GPS modules and Internet connectivity such as 3G/4G techniques have resulted in rapid development of Location-Based Services (LBSs). However, users enjoy the convenience provided by the untrusted LBS server at the cost of their privacy. To protect user's sensitive information against adversaries with side information, we design a personalized spatial cloaking scheme, termed TTcloak, which provides k-anonymity for user's location privacy, 1-diversity for query privacy and desired size of cloaking region for mobile users in LBSs, simultaneously. TTcloak uses Dummy Query Determining (DQD) algorithm and Dummy Location Determining (DLD) algorithm to find out a set of realistic cells as candidates, and employs a CR-refinement Module (CRM) to guarantee that dummy users are assigned into the cloaking region with desired size. Finally, thorough security analysis and empirical evaluation results verify our proposed TTcloak.

Sisi Zhong,Yingjie Wu,Zhao Luo,Hao Zhou,Xiaodong Wang

DOI: https://doi.org/10.1109/MINES.2011.117

2011-01-01

Abstract:When mobile users search points of interest from location based service, they always should provide their accurate locations, which may leak users' location privacy. To protect users' location privacy, some two-tie approaches have been imposed. However, existing approaches are either hard to implement or may lead to high communication cost. In this paper, we present a novel approach, called Guess-Answer. Through the interaction between the user and the server, a cloaked region, which satisfies the user's personal privacy requirement, can be generated. The experimental results show that our approaches are scalable and robust.

Yixian Yang,Baopeng Ye,Tao Li,Xiaobin Qian,Yuling Chen,Ping Guo

DOI: https://doi.org/10.1109/DASC-PICom-CBDCom-CyberSciTech52372.2021.00060

2021-10-01

Abstract:Location-based services (LBS) is geo-location-based a mobile information service based on spatial location that adopts wireless positioning, GIS, Internet, wireless communication, database and other related technologies. which brings both convenience and vulnerability. With the increasing of scale and value of data, most existing location privacy protection protocols cannot balance privacy and utility. To solve the revealing problems in LBS, in this paper, we first design an algorithm of the best-assisted user selection (BaUS) for constructing anonymity sets. Next, we contract a smart contract to evaluate reputation, to ensure the honesty of participants. And then a differential privacy protection protocol is proposed. The theoretical analysis and experiments show that the proposed protocol can resist background knowledge attacks effectively. Meanwhile, our protocol can improve data availability. Particularly, it realizes user-controllable privacy protection which enhances privacy preservation and better security.

Computer Science

Ben Niu,Sheng Gao,Fenghua Li,Hui Li,Zongqing Lu

DOI: https://doi.org/10.1109/iccnc.2016.7440649

2016-01-01

Abstract:Privacy issues in continuous Location-Based Services (LBSs) have gained attractive attentions in literature over recent years. In this paper, we illustrate the limitations of existing work and define an entropy-based privacy metric to quantify the privacy degree based on a set of vital observations. To tackle the privacy issues, we propose an efficient privacy-preserving scheme, DUMMY-T, which aims to protect LBSs user's privacy against adversaries with background information. By our Dummy Locations Generating (DLG) algorithm, we first generate a set of realistic dummy locations for each snapshot with considering the minimum cloaking region and background information. Further, our proposed Dummy Paths Constructing (DPC) algorithm guarantees the location reachability by taking the maximum distance of the moving mobile users into consideration. Security analysis and empirical evaluation results further verify the effectiveness and efficiency of our DUMMY-T.

Sergio Mascetti,Claudio Bettini,X. Sean Wang,Dario Freni,Sushil Jajodia

DOI: https://doi.org/10.1109/mdm.2009.28

2009-01-01

Abstract:One of the privacy threats recognized in the use of LBS is represented by an adversary having information about the presence of individuals in certain locations, and using this information together with an (anonymous) LBS request to re-identify the issuer of the request associating her to the requested service. Several papers have proposed techniques to prevent this, assuming that the use of the service is considered sensitive. In this paper we investigate the more general case in which the adversary is also able to recognize traces of LBS requests by the same anonymous user, so that the identification of the issuer of one request can lead to the disclosure of the same user being in other possibly sensitive locations at different times or using sensitive services.Using the notion of ``historical k-anonymity'', this paper provides the first formalization of this class of privacy threats. Through extensive experiments based on realistic simulations, and runs of an optimal algorithm, we show some negative results for the defenses based on spatial generalization against these attacks under very conservative assumptions. Under more realistic location knowledge assumptions, we propose two defense algorithms, based on a strategy of changing and reusing of pseudo-identifiers, whose correctness is formally proved. Our experiments show that, among all the proposed algorithms, the ProvidentHider algorithm is particularly effective in protecting privacy for reasonably long sequences of requests.

Sheng Zhong,Yanbin Grace Liu,Yang Richard Yang

2004-01-01

Abstract:Mobility is key to personal freedom. With the increasing availability of mobile devices, many providers begin to offer location-based services. Although these services greatly enrich our mobility experiences, with them also comes the privacy concerns, as a location-based service provider now can continuously track the location of a user. This tracking may allow unauthorized access and cause serious consequences. Although a few solutions have been proposed to address the privacy concerns in various aspects, there has not been any comprehensive study of the problem; furthermore, most of the existing solutions require that a user trust a third party such as a location server. In this paper, we investigate privacy-preserving location- based services for the three components involved in pro- viding location-based services: the location-based service component, the localization component, and the commu- nications component. The focus of our study is on the location-based service component, but we also take the other two components into consideration. We identify two major types of location-based services and present novel designs to implement them without using a trusted server. Specifically, we first identify the general location- notification service, whose goal is to transfer location information of users to authorized entities. We design a security protocol to implement the service without trusting the location server. Thus our design uses the efficiency of a location server but does not suffer from associated privacy issues. Next, we investigate the design of an even more challenging location-based service: a location service whose goal is not transfering user location information but computing an outcome that is a function of user locations. We use dating service as an example and illustrate that an efficient protocol can be built such that no extra information about user locations is revealed during the service. For the localization component, we present an impossibility result and propose a privacy preserving localization technique based on directed signals. For the communications component, we propose an anonymous communication protocol. Our extensive evaluations show that our protocols have low overheads and are suitable for

Yuanbo Cui,Fei Gao,Wenmin Li,Yijie Shi,Hua Zhang,Qiaoyan Wen,Emmanouil Panaousis

DOI: https://doi.org/10.3390/s20164651

IF: 3.9

2020-08-18

Sensors

Abstract:Location-Based Services (LBSs) are playing an increasingly important role in people’s daily activities nowadays. While enjoying the convenience provided by LBSs, users may lose privacy since they report their personal information to the untrusted LBS server. Although many approaches have been proposed to preserve users’ privacy, most of them just focus on the user’s location privacy, but do not consider the query privacy. Moreover, many existing approaches rely heavily on a trusted third-party (TTP) server, which may suffer from a single point of failure. To solve the problems above, in this paper we propose a Cache-Based Privacy-Preserving (CBPP) solution for users in LBSs. Different from the previous approaches, the proposed CBPP solution protects location privacy and query privacy simultaneously, while avoiding the problem of TTP server by having users collaborating with each other in a mobile peer-to-peer (P2P) environment. In the CBPP solution, each user keeps a buffer in his mobile device (e.g., smartphone) to record service data and acts as a micro TTP server. When a user needs LBSs, he sends a query to his neighbors first to seek for an answer. The user only contacts the LBS server when he cannot obtain the required service data from his neighbors. In this way, the user reduces the number of queries sent to the LBS server. We argue that the fewer queries are submitted to the LBS server, the less the user’s privacy is exposed. To users who have to send live queries to the LBS server, we employ the l-diversity, a powerful privacy protection definition that can guarantee the user’s privacy against attackers using background knowledge, to further protect their privacy. Evaluation results show that the proposed CBPP solution can effectively protect users’ location and query privacy with a lower communication cost and better quality of service.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Li Kuang,Yin Wang,Xiaosen Zheng,Lan Huang,Yu Sheng

DOI: https://doi.org/10.1186/s13638-019-1618-7

2020-01-14

EURASIP Journal on Wireless Communications and Networking

Abstract:Abstract With the rapid development of location-based services in the field of mobile network applications, users enjoy the convenience of location-based services on one side, and they are exposed to the risk of privacy disclosure on the other side. Attackers may attack based on the semantic of the user’s location and user’s query location. A few of existing works on location privacy protection consider to protect the user’s location and his query location simultaneously, while the query location may reflect his requirement. In this paper, based on the existing location privacy protection framework, we first generate sensitive weight documents based on the user’s sensitivity to different location semantics automatically, then obtain the best collaborative segment for k -anonymity of the user’s location by using the reinforcement learning algorithm, and finally, the bidirectional k -disturbance of the user’s location and query location is performed based on the location semantics in real road network environment. The experiment verifies the effectiveness of the proposed method.

telecommunications,engineering, electrical & electronic

Zhengang Wu,Zhong Chen,Jiawei Zhu,Huiping Sun,Zhi Guan

DOI: https://doi.org/10.1007/978-3-319-21042-1_24

2015-01-01

Abstract:In mobile Internet, popular Location-Based Services (LBSs) recommend Point-of-Interest (POI) data according to physical positions of smartphone users. However, untrusted LBS providers can violate location privacy by analyzing user requests semantically. Therefore, this paper aims at protecting user privacy in location-based applications by evaluating disclosure risks on sensitive location semantics. First, we introduce a novel method to model location semantics for user privacy using Bayesian inference and demonstrate details of computing the semantic privacy metric. Next, we design a cloaking region construction algorithm against the leakage of sensitive location semantics. Finally, a series of experiments evaluate this solution's performance to show its availability.