Yanzhe Che,Qinming He,Xiaoyan Hong,Kevin Chiew

DOI: https://doi.org/10.1002/dac.2650

2013-01-01

International Journal of Communication Systems

Abstract:While enjoying various LBS location-based services, users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer-to-peer P2P networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x-region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x-region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x-region, together with three algorithms for generating an x-region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.

Meng Han,Jinbao Wang,Mingyuan Yan,Chuyu Ai,Zhuojun Duan,Zhen Hong

DOI: https://doi.org/10.1016/j.procs.2018.03.079

2018-01-01

Procedia Computer Science

Abstract:While enjoying the amenities and convenience provided by the location-based service (LBS) in our daily life, wireless device users may surrender their location together with social activity privacy to the LBS provider. The untrusted LBS server has all the information about users in the LBS and it may track them in various ways or release their privacy data to third parties. To address the privacy protection issue, many location obfuscation algorithms behind a location-privacy preserving mechanisms (LPPMs) were proposed but only approached the trade-off between utility and privacy. Unlike the existing approaches, we propose the first methodology and application, to the best of our knowledge, that enables a near-complete location privacy protection for LBS users to achieve an cognitive optimal resolution by employing the social network associated with the LBS to separate the utility and privacy. Evaluation of both simulation and practical smartphone application shows that the proposed methodology could achieve a near-complete privacy protection in terms of entropy and significantly improve the quality of service utility.

Yilei Wang,Hao Zhou,Yingjie Wu,Lan Sun

DOI: https://doi.org/10.1109/iccse.2012.6295197

2012-01-01

Abstract:Recently, several techniques have been proposed to protect the user location privacy for location-based services in road network environments. A typical approach for user location privacy protection is to blur a user location into a cloaked set of road segments S such that S satisfies the user specified privacy requirements. However, these location cloaking algorithms work with snapshot locations only and do not consider the effect of continuous location updates. Applying these algorithms directly to continuous queries would lead to privacy leakage if attackers have knowledge about maximum user velocity, namely velocity-based Attack. In this paper, we present the privacy safety condition to defend against velocity-based attack, and propose an anonymity algorithm based on greedy strategy to preserve user privacy. The experiment results based on dataset of real network show the algorithm is effective and feasible.

Hongli Zhang,Zhikai Xu,Xiangzhan Yu,Xiaojiang Du

DOI: https://doi.org/10.1109/ICC.2016.7511422

2016-01-01

Abstract:Location-based service (LBS) is useful for many applications. However, LBS has raised serious concerns about users' location privacy. Utilizing the computation and storage capacity of smart phones, we propose a novel system architecture, called Location Privacy Protection for Smartphone (LPPS), to provide a privacy-preserving top-k query. LPPS does not rely on a trust third party (TTP), nor does it requires LBS servers to change their business model. The main idea of LPPS is to rank the Points of Interests (POIs) on the client side of the application using a small amount of metadata and then to make a request to the LBS server for real-time and detailed information about the POIs. Based on LPPS, we propose a novel metric called location indistinguishability to evaluate the privacy level of users in the proposed scheme. Then, we propose two dummy-POI selection algorithms to generate a superset of the actual top-k POIs when the query cannot meet the privacy requirement. Our experimental results demonstrate the validity and practicality of the proposed schemes.

Shengke Zeng,Yi Mu,Mingxing He,Yong Chen

DOI: https://doi.org/10.1007/s11277-018-5748-8

IF: 2.017

2018-01-01

Wireless Personal Communications

Abstract:Location-based services (LBS) are very popular for personal communications in the mobile Internet. In such applications, users make use of the mobile devices to obtain the information of the nearest gas stations, restaurants, banks etc from service provider (SP), as well as identification of the optimal route to reach destination according to user position. Obviously, location data is effective for service provisioning. Therefore, the privacy threat is the inherent problem in LBS. Previous known solutions for privacy-preserving LBS require to blind the location data to SP. Consequently, it certainly suffers from a privacy/quality of service trade-off. We present a new approach to handle such problem for privacy-aware LBS communications. In our protocol, the user submits the exact location to SP to obtain the high quality service, while his location data and the communication transcript cannot be the evidence to be obtained by any third party. Hence the privacy of this user is preserved. We take the deniable (ring) authentication as the building blocks. In this way, it is not necessary for the user to provide coarse location information which would degrade the service quality certainly.

Sheng Zhong,Yanbin Grace Liu,Yang Richard Yang

2004-01-01

Abstract:Mobility is key to personal freedom. With the increasing availability of mobile devices, many providers begin to offer location-based services. Although these services greatly enrich our mobility experiences, with them also comes the privacy concerns, as a location-based service provider now can continuously track the location of a user. This tracking may allow unauthorized access and cause serious consequences. Although a few solutions have been proposed to address the privacy concerns in various aspects, there has not been any comprehensive study of the problem; furthermore, most of the existing solutions require that a user trust a third party such as a location server. In this paper, we investigate privacy-preserving location- based services for the three components involved in pro- viding location-based services: the location-based service component, the localization component, and the commu- nications component. The focus of our study is on the location-based service component, but we also take the other two components into consideration. We identify two major types of location-based services and present novel designs to implement them without using a trusted server. Specifically, we first identify the general location- notification service, whose goal is to transfer location information of users to authorized entities. We design a security protocol to implement the service without trusting the location server. Thus our design uses the efficiency of a location server but does not suffer from associated privacy issues. Next, we investigate the design of an even more challenging location-based service: a location service whose goal is not transfering user location information but computing an outcome that is a function of user locations. We use dating service as an example and illustrate that an efficient protocol can be built such that no extra information about user locations is revealed during the service. For the localization component, we present an impossibility result and propose a privacy preserving localization technique based on directed signals. For the communications component, we propose an anonymous communication protocol. Our extensive evaluations show that our protocols have low overheads and are suitable for

Matthew Tsao,Kaidi Yang,Karthik Gopalakrishnan,Marco Pavone

DOI: https://doi.org/10.48550/arXiv.2202.13305

2022-03-15

Abstract:Data-driven methodologies offer many exciting upsides, but they also introduce new challenges, particularly in the realm of user privacy. Specifically, the way data is collected can pose privacy risks to end users. In many routing services, a single entity (e.g., the routing service provider) collects and manages user trajectory data. When it comes to user privacy, these systems have a central point of failure since users have to trust that this entity will not sell or use their data to infer sensitive private information. Unfortunately, in practice many advertising companies offer to buy such data for the sake of targeted advertisements. With this as motivation, we study the problem of using location data for routing services in a privacy-preserving way. Rather than having users report their location to a central operator, we present a protocol in which users participate in a decentralized and privacy-preserving computation to estimate travel times for the roads in the network in a way that no individuals' location is ever observed by any other party. The protocol uses the Laplace mechanism in conjunction with secure multi-party computation to ensure that it is cryptogrpahically secure and that its output is differentially private. A natural question is if privacy necessitates degradation in accuracy or system performance. We show that if a road has sufficiently high capacity, then the travel time estimated by our protocol is provably close to the ground truth travel time. We validate the protocol through numerical experiments which show that using the protocol as a routing service provides privacy guarantees with minimal overhead to user travel time.

Cryptography and Security,Systems and Control

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Zhengang Wu,Liangwen Yu,Jiawei Zhu,Huiping Sun,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-39527-7_31

2013-01-01

Abstract:With rapidly popular location-aware applications, location privacy becomes an emerging issue. This paper studies how to protect the two-fold privacy for both client-side and server-side in location-based queries. This technique is a significant component in privacy-friendly Location Based Services (LBS). Participants protect their own privacy. The LBS server protects against excessive disclose of location records in its Points of Interest (POIs) database while the mobile user protects his exact location by the cloaking technique. The proposed hybrid approach can achieve the challenging goal. Our solution integrates the cloaking technique with a cryptographic protocol, Private Set Intersection (PSI). In addition, this solution is secure in malicious model and also practical. © 2013 Springer-Verlag.

Di Chen,Peng Zhang,Chengchen Hu,Huanzhao Wang,Shun Wu,Ningzhe Xing

DOI: https://doi.org/10.1109/ICC.2015.7249500

2015-01-01

Abstract:Location Based Service (LBS) is gaining popularity on smart phones. One fundamental LBS is range search, which returns all Point of Interests (POIs) within a user-specified range. However, people also leave their location privacy at risks when using LBS like range search. How can a user invoke such service without revealing his location is an interesting, yet challenging problem to solve.Most existing approaches blur a user's location into a cloaked region, so that LBS cannot figure out the exact location of the requesting user. However, this would make the returning results inaccurate, containing some out-of-range POIs. To this end, we propose PAPERS, a new method to provide location privacy for users of range search. PAPERS leverage homomorphic encryption to let the user encrypt her location, and the LBS server can compute distances on ciphertext. In this way, the returning results by LBS are exactly the POIs within the specified range, while LBS learns nothing about user's real location. We implement a prototype of PAPERS, and evaluate it with real POI set of a large-scale production LBS. Experimental results show that PAPERS can achieve the goal of privacy protection, with reasonable overhead in response time and communication cost.

Li Kuang,Yin Wang,Xiaosen Zheng,Lan Huang,Yu Sheng

DOI: https://doi.org/10.1186/s13638-019-1618-7

2020-01-14

EURASIP Journal on Wireless Communications and Networking

Abstract:Abstract With the rapid development of location-based services in the field of mobile network applications, users enjoy the convenience of location-based services on one side, and they are exposed to the risk of privacy disclosure on the other side. Attackers may attack based on the semantic of the user’s location and user’s query location. A few of existing works on location privacy protection consider to protect the user’s location and his query location simultaneously, while the query location may reflect his requirement. In this paper, based on the existing location privacy protection framework, we first generate sensitive weight documents based on the user’s sensitivity to different location semantics automatically, then obtain the best collaborative segment for k -anonymity of the user’s location by using the reinforcement learning algorithm, and finally, the bidirectional k -disturbance of the user’s location and query location is performed based on the location semantics in real road network environment. The experiment verifies the effectiveness of the proposed method.

telecommunications,engineering, electrical & electronic

Jingyu Hua,Wei Tong,Fengyuan Xu,Sheng Zhong

DOI: https://doi.org/10.1109/tifs.2017.2779402

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:As location-based services (LBSs) on smartphones become increasingly popular, such services are causing serious privacy concerns, because many users are unwilling to see their location information leaked to service providers. Recently, in order to protect users’ location privacy, researchers have introduced geo-indistinguishability, the first specialized privacy model for LBSs that can provide provable privacy guarantees. Intuitively, geo-indistinguishability means that through perturbation, any two locations within a given distance produce observations with similar distributions, and thus, attackers have no way to learn users’ real locations. However, even if geo-indistinguishability is achieved, there remains a significant threat to users’ location privacy: the privacy consumption increases with the number of queries for the existing geo-indistinguishable location perturbation mechanism, and therefore, there is a high risk of privacy violation when the number of queries is not small. In this paper, we enhance the privacy protection for LBSs by proposing an improved geo-indistinguishable mechanism. It can reduce the privacy costs to almost 0 when the user’s location satisfies a condition. We also present an improvement to further reduce the privacy costs when the above condition is not satisfied. Evaluations upon two public trace data sets show that the proposed mechanisms can dramatically save the privacy budget and thus support much more queries. The results also show that the proposed mechanisms are efficient, and their performance is controllable.

Kamenyi M. Domenic,Yong Wang,Fengli Zhang,Imran Memon,Yankson H. Gustav

DOI: https://doi.org/10.1109/iciii.2013.6702947

2013-01-01

Abstract:Mobile devices (e.g., smart phones) and location based services are very popular with today's users. Due to this popularity, there has been a tremendous increase in use of these services and as a result, leakages of both location and query contents is common. In a case where users are constrained by road network, an attacker can follow users' trajectory with ease. Most of the current privacy preserving solutions focus on temporal and spatial cloaking based methods to protect users' location privacy. However, these solutions are vulnerable when subjected to continuous query environments. In this paper, we offer our solution to the problem of preserving privacy of users' trajectory for continuous LBS queries in road networks. We propose a centralized architecture in form of honest-but-curious model to provide anonymity for users as they use LBS services. To achieve this, we employ mix zone approach and design two algorithms namely; Optimal Mixing Load Sub-graph (OMLS) Algorithm that finds an optimal placement of mix zones and creates three levels of security, and Semantically Based Graph Abstraction (SBGA) Algorithm that uses the three layers of security to achieve greater anonymity strength. We analyze the capability of our algorithms to withstand attacks prone to mix zones and carry out experiments to verify this. The experiments results show that our Algorithms preserves privacy for users based on their privacy condition.

Xiang-Yang Li,Taeho Jung

DOI: https://doi.org/10.1109/infcom.2013.6567085

2013-01-01

Abstract:Location-Based Service (LBS) becomes increasingly popular with the dramatic growth of smartphones and social network services (SNS), and its context-rich functionalities attract considerable users. Many LBS providers use users' location information to offer them convenience and useful functions. However, the LBS could greatly breach personal privacy because location itself contains much information. Hence, preserving location privacy while achieving utility from it is still an challenging question now. This paper tackles this non-trivial challenge by designing a suite of novel fine-grained Privacy-preserving Location Query Protocol (PLQP). Our protocol allows different levels of location query on encrypted location information for different users, and it is efficient enough to be applied in mobile platforms.

Shaojun Yan,Haihua Liang,Xinpeng Zhang

DOI: https://doi.org/10.1007/978-3-030-00018-9_39

2018-01-01

Abstract:With the popularity of mobile devices, users are accustomed to enjoying abundant services which base on location information. On the other side, attackers can infer sensitive properties of users, such as the hobbies and habits, from location information. In order to protect the users' location information privacy while enjoying the location service, many effective schemes are proposed. The traditional approach protects users' location privacy by introducing a trusted third party, but it is difficult to find a fully trusted third party. An untrusted third party collects and obtains the user's location information, thereby revealing users' privacy. In this paper, we employ a fourth party to protect the privacy of users, where the fourth party sends to the users and the server multiple sets of urban distribution maps based on seeds without knowing the distribution of users. The map provides a mapping relationship between user location information and virtual location information. The fourth party divides the users' service into two steps. First, the virtual location space is provided through the map. Second, users are allowed to send requests to the server through the third party in the virtual map space. The server returns the location of the points of interest in the virtual space. The virtual space provided by the fourth party makes it possible to prevent the users' location information from being leaked even if the third party is attacked. The experimental results show that our method improves the quality of service under the premise of protecting privacy.

Meng Han,Lei Li,Ying Xie,Jinbao Wang,Zhuojun Duan,Ji Li,Mingyuan Yan

DOI: https://doi.org/10.1109/access.2018.2805464

IF: 3.9

2018-01-01

IEEE Access

Abstract:While enjoying the convenience of location-based services (LBSs) in everyday life, wireless device users could also put their location privacy at risk. An untrusted LBS provider can store mobile users' data on its server, track users in various ways or share users location data to the third parties. To protect LBS users' privacy, many position confusion algorithms were proposed, but those algorithms often have difficulty balancing the utility-privacy tradeoffs. In this paper, we propose a new cognitive approach that enables nearcomplete privacy protection for LBS users by leveraging existing social network resources. We introduce a heterogeneous multi-server architecture that cuts off the direct connection between the LBS queries and the query issuers, and an auction-based incentive mechanism guaranteed user participation, which is critical for the success of the proposed architecture. A simulation system and a smartphone application were developed, and our evaluation results show that the proposed method can not only achieve the near-total privacy protection for LBS users, but also significantly improve the quality of the services.

Sashi Gurung,Dan Lin,Wei Jiang,Ali Hurson,Rui Zhang

DOI: https://doi.org/10.1145/2542666

IF: 5

2014-10-01

ACM Transactions on Intelligent Systems and Technology

Abstract:We are experiencing the expanding use of location-based services such as AT&T’s TeleNav GPS Navigator and Intel’s Thing Finder. Existing location-based services have collected a large amount of location data, which has great potential for statistical usage in applications like traffic flow analysis, infrastructure planning, and advertisement dissemination. The key challenge is how to wisely use the data without violating each user’s location privacy concerns. In this article, we first identify a new privacy problem, namely, the inference-route problem, and then present our anonymization algorithms for privacy-preserving trajectory publishing. The experimental results have demonstrated that our approach outperforms the latest related work in terms of both efficiency and effectiveness.

computer science, information systems, artificial intelligence

Kamenyi Domenic M.,Yong Wang,Fengli Zhang,Yankson Gustav,Daniel Adu-Gyamfi,Nkatha Dorothy

DOI: https://doi.org/10.1007/978-3-642-53917-6_29

2013-01-01

Abstract:Location Based Services LBS are becoming very popular with today's users. Some of these LBS require users to continuously send requests for services. This lead to leakages of both location and query contents to malicious adversaries. Further, if users are constrained by the nature of the road networks, an adversary can follow their path trajectory with ease. Most of the current privacy preserving solutions focus on temporal and spatial cloaking based methods to protect users' location privacy. However, these solutions are vulnerable when subjected to continuous query environments. In this paper, we propose an optimized solution that preserves privacy for users' trajectory for continuous LBS queries in road networks. First, we deploy a trusted third party architecture to provide anonymity for users as they use LBS services. Second, we utilize mix zone techniques and design two algorithms. The first algorithm, Abstraction Graph AG, selects a sample of mix zones that satisfy the user desired privacy level under the acceptable service availability condition. The second algorithm, Optimized Decision Graph ODG, utilizes the generated graph to find an optimal solution for the placement of mix zones through decomposition, chunking and replacement strategies. Finally, we analyze the capability of our algorithms to withstand attacks prone to mix zones and carry out experiments to verify this. The experiments results show that our Algorithms preserve privacy for users based on their privacy and service availability conditions.

Youssef Khazbak,Jingyao Fan,Sencun Zhu,Guohong Cao

DOI: https://doi.org/10.26599/tst.2020.9010010

2020-12-01

Abstract:Ride-hailing service has become a popular means of transportation due to its convenience and low cost. However, it also raises privacy concerns. Since riders' mobility information including the pick-up and drop-off location is tracked, the service provider can infer sensitive information about the riders such as where they live and work. To address these concerns, we propose location privacy preserving techniques that efficiently match riders and drivers while preserving riders' location privacy. We first propose a baseline solution that allows a rider to select the driver who is the closest to his pick-up location. However, with some side information, the service provider can launch location inference attacks. To overcome these attacks, we propose an enhanced scheme that allows a rider to specify his privacy preference. Novel techniques are designed to preserve rider's personalized privacy with limited loss of matching accuracy. Through trace-driven simulations, we compare our enhanced privacy preserving solution to existing work. Evaluation results show that our solution provides much better ride matching results that are close to the optimal solution, while preserving personalized location privacy for riders.

computer science, information systems,engineering, electrical & electronic, software engineering

Xiaoyan Zhu,Haotian Chi,Shunrong Jiang,Xiaosan Lei,Hui Li

DOI: https://doi.org/10.1109/ICC.2014.6883667

2014-01-01

Abstract:Location-based services (LBSs) are attracting more and more attentions with the increasing popularity of mobile devices and online social networking. In LBSs, users can conveniently obtain their interested information by sending queries to the LBS server. However, users' queries include their identities, locations, interests, etc, which may result in the leakage of users' trajectory and other sensitive information. Although the existing obfuscation and location anonymization techniques along with a long-term pseudonym can protect users' location privacy to some extent, users' real identities and moving trajectories can still be deduced through long-term observation and side information aided inference attacks. To address these problems, we propose a dynamic pseudo-ID system, where unlinkable pseudo-IDs are used by users to completely hide their identities in the queries, in order to break the link between users' identities and their locations. Moreover, we employ certificates to ensure the verifiability and traceability of the dynamic pseudo-IDs. Security analysis and evaluation results show that the proposed scheme can enhance user' privacy and is feasible to implement into mobile devices.