Enabling Secure and Efficient Knn Query Processing over Encrypted Spatial Data in the Cloud

Xiang Cheng,Sen Su,Yiping Teng,Ke Xiao
DOI: https://doi.org/10.1002/sec.1245
IF: 1.968
2015-01-01
Security and Communication Networks
Abstract:With rapid advances in wireless communication, mobile devices and positioning technologies, location-based services LBS have recently emerged as one of today's most important applications in mobile networks. To obtain great flexibility and cost savings, LBS providers may outsource their data services to the cloud. However, to protect data privacy, sensitive data have to be encrypted before outsourcing, which may impede the functionality and performance of the data services. In this paper, to make one step closer towards practical deployment of LBS in the cloud, we study the problem of secure and efficient k-nearest neighbor kNN query processing over encrypted spatial data. Although there exist a number of studies on kNN query processing over encrypted data, few of them can provide security and efficiency simultaneously. To this end, we present a secure and efficient kNN query SEkQ scheme. In this scheme, a new encryption method, namely, asymmetric scalar-product-preserving encryption with Laplace noise ASPELN is proposed, which can resist both the chosen-plaintext and known-plaintext attacks. Based on ASPELN, an encrypted hierarchical index called SR-tree short for Secure R-tree is devised to facilitate efficient kNN query processing on encrypted spatial data. To search with the SR-tree index, two effective methods, namely, anchor-assisted position determination and position-distinguished trapdoor generation are proposed for the distance computations between the query point and SR-tree nodes under encryption. Thorough analysis shows the validity and security of the proposed scheme. Extensive experimental results on real datasets further demonstrate the proposed scheme can achieve high efficiency and good scalability. Copyright © 2015John Wiley & Sons, Ltd.
What problem does this paper attempt to address?