Graham Cormode,Magda Procopiuc,Entong Shen,Divesh Srivastava,Ting Yu

DOI: https://doi.org/10.48550/arXiv.1103.5170

2012-03-14

Abstract:Differential privacy has recently emerged as the de facto standard for private data release. This makes it possible to provide strong theoretical guarantees on the privacy and utility of released data. While it is well-known how to release data based on counts and simple functions under this guarantee, it remains to provide general purpose techniques to release different kinds of data. In this paper, we focus on spatial data such as locations and more generally any data that can be indexed by a tree structure. Directly applying existing differential privacy methods to this type of data simply generates noise. Instead, we introduce a new class of "private spatial decompositions": these adapt standard spatial indexing methods such as quadtrees and kd-trees to provide a private description of the data distribution. Equipping such structures with differential privacy requires several steps to ensure that they provide meaningful privacy guarantees. Various primitives, such as choosing splitting points and describing the distribution of points within a region, must be done privately, and the guarantees of the different building blocks composed to provide an overall guarantee. Consequently, we expose the design space for private spatial decompositions, and analyze some key examples. Our experimental study demonstrates that it is possible to build such decompositions efficiently, and use them to answer a variety of queries privately with high accuracy.

Databases

Songnian Zhang,Rongxing Lu,Hui Zhu,Yandong Zheng,Yunguo Guan,Fengwei Wang,Jun Shao,Hui Li

DOI: https://doi.org/10.1109/tifs.2024.3396384

IF: 7.231

2024-05-14

IEEE Transactions on Information Forensics and Security

Abstract:The increasing prevalence of cloud computing drives the exploration of various secure query schemes over encrypted data, among which secure spatial keyword query has drawn a great deal of attention due to its broad application in location-based services. However, most existing schemes are either limited to the boolean keyword test or incapable of protecting access pattern privacy. Although the state-of-the-art secure spatial keyword query scheme can support keyword similarity while preserving access pattern privacy, it is unable to cope with the arbitrary spatial range, which is more general, and has limitations in efficiency and security. In this paper, we propose a new secure spatial keyword similarity query scheme that can support arbitrary spatial ranges and enhance the efficiency and security of the state-of-the-art scheme at the same time. Specifically, we first present a new homomorphic encryption technique by improving the popular symmetric homomorphic encryption (SHE). After that, we propose a novel approach to make supporting arbitrary spatial ranges over encrypted data possible, in which a spatial encoding technique is designed to improve performance. Finally, by designing a pack-based solution to protect access pattern privacy, our proposed scheme can hide the number of query results while optimizing performance. We formally prove the security of our proposed scheme and conduct experiments to evaluate its performance. The results indicate that our proposed scheme outperforms the state-of-the-art scheme in both the computational costs and communication overhead.

computer science, theory & methods,engineering, electrical & electronic

Sen Su,Yiping Teng,Xiang Cheng,Yulong Wang,Guoliang Li

DOI: https://doi.org/10.1007/978-3-319-18120-2_34

2015-01-01

Abstract:In this paper, we study the privacy-preserving top-\(k\) spatial keyword query problem in outsourced environments. Existing studies primarily focus on the design of privacy-preserving schemes for either spatial or keyword queries, and they cannot be applied to solve the privacy-preserving spatial keyword query problem. To address this problem, we present a novel privacy-preserving top-\(k\) spatial keyword query scheme. In particular, we build an encrypted tree index to facilitate privacy-preserving top-\(k\) spatial keyword queries, where spatial and textual data are encrypted in a unified way. To search with the encrypted tree index, we propose two effective techniques for the similarity computations between queries and tree nodes under encryption. Thorough analysis shows the validity and security of our scheme. Extensive experimental results on real datasets demonstrate our scheme achieves high efficiency and good scalability.

Sen Su,Yiping Teng,Xiang Cheng,Ke Xiao,Guoliang Li,Junliang Chen

DOI: https://doi.org/10.1109/tsc.2015.2481900

IF: 11.019

2015-01-01

IEEE Transactions on Services Computing

Abstract:With the rapid development of location-based services in mobile Internet, spatial keyword queries have been widely employed in various real-life applications in recent years. To realize the great flexibility and cost savings, more and more data owners are motivated to outsource their spatio-textual data services to the cloud. However, directly outsourcing such services to the untrusted cloud may arise serious privacy concerns. In this paper, we study the privacy-preserving top-k spatial keyword query problem in untrusted cloud environments. Existing studies primarily focus on the design of privacy-preserving schemes for either spatial or keyword queries, and they cannot be applied to solve the privacy-preserving spatial keyword query problem. To address this problem, we present a novel privacy-preserving top-k spatial keyword query scheme. In particular, we build an encrypted tree index to facilitate privacy-preserving top-k spatial keyword queries, where spatial and textual data are encrypted in a unified way. To search with the encrypted tree index, we propose two effective techniques for the similarity computations between queries and tree nodes under encryption. To improve query performance on large-scale spatio-textual data, we further propose a keyword-based secure pruning method. Thorough analysis shows the validity and security of our scheme. Extensive experimental results on real datasets demonstrate our scheme achieves high efficiency and good scalability.

Xiaochen Ma,Chenfei Hu,Zhuopeng Li,Haotian Liang,Tong Wu,Taiyuan Zhang

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics60724.2023.00052

2024-01-01

Abstract:Recently, the cloud server has been extensively applied to store large amounts of location data and provide geometric range query services. However, this may pose severe privacy concerns. Existing privacy-preserving geometric range query schemes either rely on high-cost encryption techniques or cannot support arbitrary geometric range query. Moreover, in these schemes, location data can be queried and accessed by some unauthorized data requesters, and the data requester may acquire location data from some unauthorized data owners. The former will compromise the privacy of location data, and the latter will bring non-compliant data to the data requester. In this paper, we design an arbitrary geometric range query scheme that enables efficient and privacy-preserving querying with bilateral access control. Specifically, we use polynomial curves to fit arbitrary geometric ranges and extract the polynomial coefficients as query trapdoors. We employ random matrices to protect the privacy of location data, query trapdoors, and access policies. Then, due to the properties of random matrix multiplication, the cloud server can securely query encrypted location data with bilateral access control. Extensive experiments indicate that our scheme outperforms state-of-the-art work with respect to computational and communication overheads.

Kaixuan Li,Hua Zhang,Yanxin Xu,Zhenyan Liu

DOI: https://doi.org/10.3390/math12131934

IF: 2.4

2024-06-22

Mathematics

Abstract:The existing high-dimensional or multi-dimensional geographic spatial datasets have a large amount of data. When third-party servers collect and publish them, privacy protection is required to prevent sensitive information from being leaked. Local differential privacy can be used to protect location-sensitive information during range queries. However, the accuracy of a range query based on local differential privacy is affected by the distribution and density of spatial data. Based on this, aiming at the distribution and density characteristics of data, we designed a dpKD tree that supports high-precision range queries with shuffled differential privacy, and designed an algorithm KDRQ for range queries based on shuffled differential privacy. First, we employed the dpKD to divide the data. Then, we shuffled the data based on SRRQ and reconstructed the tree. Finally, we used the SDRQ algorithm for the response range query. The experimental results show that the query accuracy of the KDRQ algorithm was at least 1–4.5 times higher than that of the existing algorithms RAPPOR, PSDA and GT-R under the same privacy budget.

mathematics

Ningning Cui,Xiaochun Yang,Yunliang Chen,Jianxin Li,Bin Wang,Geyong Min,Yun Liang Chen

DOI: https://doi.org/10.1109/jiot.2021.3122991

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Spatial keyword query has attracted wide-spread academic and industrial concerns due to the popularity of location-based services and Internet of Things. To efficiently support the online query processing, the data owners need to outsource their data to cloud platforms. However, the outsourcing services may raise privacy leaking issues. Moreover, access control, another important security concern, is largely ignored. Therefore, we first propose and formalize the problem of secure boolean spatial keyword query under lightweight access control while guaranteeing the widely accepted adaptive indistinguishability against chosen keyword attack model. Then, we devise a novel hybrid Bloom filter encoding strategy, including a linear embedding and exponent-based transformation schemes and a secure index structure, called SAGTree. They can maintain both geo-text and access policy information together in a secure way while answering the encrypted queries under access control without decryption. Finally, we present the in-depth security analysis and demonstrate the performance of our proposed algorithms.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiachen Shen,Z. Cao,Zhihao Zheng

DOI: https://doi.org/10.1109/TrustCom50675.2020.00090

2020-12-01

Abstract:With the location-based services (LBS) booming, the volume of spatial data inevitably explodes. In order to reduce local storage and computational overhead, users tend to outsource data and initiate queries to the cloud. However, sensitive data or queries may be compromised if cloud server has access to raw data and plaintext token. To cope with this problem, searchable encryption for geometric range is applied. Geometric range search has wide applications in many scenarios, especially the circular range search. In this paper, a practical and secure circular range search scheme (PSCS) is proposed to support searching for spatial data in a circular range. With our scheme, a semi-honest cloud server will return data for a given circular range correctly without uncovering index privacy or query privacy. We propose a polynomial split algorithm which can decompose the inner product calculation neatly. Then, we define the security of our PSCS formally and prove that it is secure under same-closeness-pattern chosen-plaintext attacks (CLS-CPA) in theory. In addition, we demonstrate the efficiency and accuracy through analysis and experiments compared with existing schemes.

Computer Science

Fengwei Wang,Hui Zhu,Guozhang He,Rongxing Lu,Yandong Zheng,Hui Li

DOI: https://doi.org/10.1109/tifs.2023.3282133

IF: 7.231

2023-06-13

IEEE Transactions on Information Forensics and Security

Abstract:Location-based services (LBSs) provide enhanced functionality of mobile applications and convenience for mobile users, which plays a more and more remarkable role in people's daily life. In LBSs, spatial range query is an essential tool for users to find interesting points in a specific region. However, during spatial range query, it is necessary for data owners and query users to exchange their location data, and the leakage of private location information has drawn significant attention in both governmental and social aspects. Meanwhile, most existing location privacy protection schemes only focus on achieving regular geometry range query over static location datasets. In this paper, we present an efficient and privacy-preserving arbitrary polygon range query scheme, named EPAPRQ. With EPAPRQ, the arbitrary and fine-grained polygon range query can be executed over a dynamic and time-series location dataset with privacy protection. Specifically, in EPAPRQ, an arbitrary polygon range query algorithm is first introduced with sub-range query technique. Then, to protect the private location information of the data owner and query users, a series privacy-preserving data computation protocols are constructed with a symmetric homomorphic encryption algorithm, and a ciphertext-based location dataset updating strategy is also designed. Finally, we propose a double filtration method through combining the quadtree index structure and minimum bounded rectangle, which is able to greatly improve the query efficiency over ciphertexts. Detailed security analysis shows that the sensitive location information in EPAPRQ can be well protected. Furthermore, we evaluate the performance of EPAPRQ in the real map, and the results demonstrate that EPAPRQ is indeed efficient.

computer science, theory & methods,engineering, electrical & electronic

Zhiqiang Yang,Sheng Zhong,Rebecca N. Wright

DOI: https://doi.org/10.1007/11863908_29

2006-01-01

Abstract:Data confidentiality is a major concern in database systems. Encryption is a useful tool for protecting the confidentiality of sensitive data. However, when data is encrypted, performing queries becomes more challenging. In this paper, we study efficient and provably secure methods for queries on encrypted data stored in an outsourced database that may be susceptible to compromise. Specifically, we show that, in our system, even if an intruder breaks into the database and observes some interactions between the database and its users, he only learns very little about the data stored in the database and the queries performed on the data.Our work consists of several components. First, we consider databases in which each attribute has a finite domain and give a basic solution for certain kinds of queries on such databases. Then, we present two enhanced solutions, one with a stronger security guarantee and the other with accelerated queries. In addition to providing proofs of our security guarantees, we provide empirical performance evaluations. Our experiments demonstrate that our solutions are fast on large-sized real data.

Ekin Tire,M. Emre Gursoy

DOI: https://doi.org/10.1109/jiot.2024.3357570

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Spatial density queries are fundamental in many geospatial data analysis and crowdsourcing tasks. However, answering spatial density queries may violate users’ privacy by exposing their locations to an untrusted data collector. In this paper, we propose a solution for answering spatial density queries under Local Differential Privacy (LDP), a state-of-the-art privacy protection standard. Our solution consists of four main steps: partitioning, finding sensitivity, user-side noisy response computation, and server-side estimation. For the first step, we propose and analyze three basic partitioning strategies, and based on our analysis, we design an improved strategy called Advanced Partitioning. For the second step, we adapt graph-based modeling of query sets from the centralized DP literature. Advanced Partitioning also leverages and extends this technique by formulating the partitioning problem using vertex coloring. For the third and fourth steps, in addition to adapting two popular LDP protocols (GRR, RAPPOR), we propose a novel extension for the OUE protocol. Our new protocol (OBE) is not only applicable to our problem but can also be used in other LDP problems with bitvector encodings. Finally, we perform an extensive experimental evaluation of different partitioning strategies and protocols using multiple real-world datasets. Results show that Advanced Partitioning and OBE yield the lowest error, demonstrating the superiority of our proposed methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiuxia Tian,Chaofeng Sha,Xiaoling Wang,Aoying Zhou

DOI: https://doi.org/10.1007/978-3-642-20149-3_10

2011-01-01

Abstract:Database as a Service(DaaS) is a paradigm for data management in which the Database Service Provider(DSP), usually a professional third party for data management, can host the database as a service. Many security and query problems are brought about because of the possible untrusted or malicious DSP in this context. Most of the proposed papers are concentrated on using symmetric encryption to guarantee the confidentiality of the delegated data, and using partition based index to help execute the privacy preserving range query. However. encryption and decryption operations on large volume of data are time consuming, and query results always consist of many irrelevant data tuples. Different from encryption based scheme, in this paper, we present a secret share based scheme to guarantee the confidentiality of delegated data. And what is more important. we construct a privacy preserving index to accelerate query and to help return the exactly required data tuples. Finally we analyze the security properties and demonstrate the efficiency and query response time of our approach through empirical data.

Guanghui Feng,Guojun Wang,Tao Peng

DOI: https://doi.org/10.1155/2024/2408270

IF: 8.993

2024-10-27

International Journal of Intelligent Systems

Abstract:Federated analytics (FA) over spatial data with local differential privacy (LDP) has attracted considerable research attention recently. Existing solutions for this problem mostly employ a uniform grid (UG) structure, which recursively decomposes the whole spatial domain into fine‐grained regions in the distributed setting. In each round, the sampled clients perturb their locations using a random response mechanism with a fixed probability. This approach, however, cannot encode the client's location effectively and will lead to ill‐suited query results. To address the deficiency of existing solutions, we propose LDP‐FSRQ, a spatial range query algorithm that relies on a hybrid spatial structure composed of the UG and quad‐tree with nonuniform perturbation (NUP) probability to encode and perturb clients' locations. In each iteration of LDP‐FSRQ, each client adopts the quad‐tree to encode his/her location into a binary string and uses four local perturbation mechanisms to protect the encoded string. Then, the collector prunes the quad‐tree of the current round according to the clients' reports and shares the pruned tree with the clients of the next round. We demonstrate the application of LDP‐FSRQ on Beijing, Landmark, Check‐in, and NYC datasets, and the experimental results show that our approach outperforms its competitors in terms of queries' utility.

computer science, artificial intelligence

Peiyi Tu,Xingjun Wang

DOI: https://doi.org/10.1007/978-981-97-0945-8_22

2024-01-01

Abstract:In recent years, the Database-as-a-Service (DAS) model has become increasingly popular for cost-effective data outsourcing to cloud service providers. To ensure data security and functionality, Searchable Encryption (SE) has been introduced. However, many existing SE schemes unintentionally leak access patterns, posing significant privacy risks. While solutions like Oblivious RAM (ORAM) and Fully Homomorphic Encryption (FHE) can mitigate this, they are computationally intensive, limiting their practicality for large-scale databases. In this paper, we design a dynamic and efficient SE scheme called DPDSE that exploits differential privacy obfuscation of access patterns. Specifically, we obfuscate the ciphertext by deploying Laplace and Randomized Response mechanism. DPDSE strikes a balance between privacy and storage costs, while maintaining compatibility with any SE scheme. We give a formal mathematical proof of the security of DPDSE and conduct experiments on real datasets. The results show that DPDSE is significantly more secure than traditional SE schemes at a storage cost of up to 2.5%.

Chen Luo,Fei He

DOI: https://doi.org/10.1007/s11704-016-6049-6

IF: 2.6688

2018-01-01

Frontiers of Computer Science

Abstract:Differential privacy enables sensitive data to be analyzed in a privacy-preserving manner. In this paper, we focus on the online setting where each analyst is assigned a privacy budget and queries the data interactively. However, existing differentially private data analytics systems such as PINQ process each query independently, which may cause an unnecessary waste of the privacy budget. Motivated by this, we present a satisfiability modulo theories (SMT)-based query tracking approach to reduce the privacy budget usage. In brief, our approach automatically locates past queries that access disjoint parts of the dataset with respect to the current query to save the privacy cost using the SMT solving techniques. To improve efficiency, we further propose an optimization based on explicitly specified column ranges to facilitate the search process. We have implemented a prototype of our approach with Z3, and conducted several sets of experiments. The results show our approach can save a considerable amount of the privacy budget and each query can be tracked efficiently within milliseconds.

Taisho Sasada,Yuzo Taenaka,Youki Kadobayashi

DOI: https://doi.org/10.1109/access.2024.3485610

IF: 3.9

2024-11-01

IEEE Access

Abstract:Spatio-temporal data possess intrinsic values, reflecting the spatial and temporal features of people's behaviors. Due to the sensitive nature of this data (e.g., workplace, residence, school locations), privacy protection is essential when collecting spatio-temporal data. Local Differential Privacy (LDP) protocol has gained attention as a method for protecting privacy on data-collecting devices. LDP protocol can make each data indistinguishable but inevitably destroys spatial/temporal characteristics as well. In this paper, we propose a novel method enabling LDP protocol to preserve spatial/temporal trends on privacy protection. If we collect data from users with similar behavior, it is difficult to uniquely identify users from the beginning. In short, processing privacy protection for each user with similar behavior allow us to minimize the removal of intrinsic values by LDP protocol. Our method, termed Dynamic Differentially-Private Spatial Decomposition (D2-PSD), dynamically adjusts and controls the strength of privacy protection (privacy budget) for each group of users exhibiting similar spatial and temporal trends. This allows users to be indistinguishable from each other within a group while preserving spatial and temporal trends across groups. All groups will have a different privacy budget, but the sum of the entire group keeps a constant privacy budget. Even if group with different protection strengths are mixed, privacy is protected for the sum of the group, and our proposed method can always guarantee a constant protection strength. Experimental results demonstrate that our method retains the intrinsic spatial and temporal trends in spatio-temporal data while maintaining robust privacy protection across the entire dataset, thanks to the D2-PSD approach. Specifically, in the most similar groups, D2-PSD reduced the MAE by up to 75% compared to standard LDP, while maintaining an equivalent strength of privacy protection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shun Zhang,Benfei Duan,Zhili Chen,Hong Zhong,Qizhi Yu

DOI: https://doi.org/10.48550/arXiv.2008.03475

2020-11-05

Abstract:Spatial crowdsourcing (SC) is an increasing popular category of crowdsourcing in the era of mobile Internet and sharing economy. It requires workers to arrive at a particular location for task fulfillment. Effective protection of location privacy is essential for workers' enthusiasm and valid task assignment. However, existing SC models with differential privacy usually perturb real-time location data for both partition and data publication. Such a way may produce large perturbations to counting queries that affect assignment success rate and allocation accuracy. This paper proposes a framework (R-HT) for protecting location privacy of workers taking advantage of both real-time and historical data. We simulate locations by sampling the probability distribution learned from historical data, use them for grid partition, and then publish real-time data under this partitioning with differential privacy. This realizes that most privacy budget is allocated to the worker count of each cell and yields an improved Private Spatial Decomposition approach. Moreover, we introduce some strategies for geocast region construction, including quality scoring function and local maximum geocast radius. A series of experimental results on real-world datasets shows that R-HT attains a stable success rate of task assignment, saves performance overhead and fits for dynamic assignment on crowdsourcing platforms.

Cryptography and Security

Meng Li,Jianbo Gao,Liehuang Zhu,Zijian Zhang,Chhagan Lal,Mauro Conti

DOI: https://doi.org/10.1109/tsc.2023.3311586

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Outsourcing data users' location data to a cloud server (CS) enables them to obtain k nearest points of interest. However, data users' privacy concerns hinder the wide-scale use. Several studies have achieved Secure k Nearest Neighbor (SkNN) query, but do not address time-restricted access or result privacy, and randomly partition data items which degrades efficiency. In this paper, we propose Time-restricted, verifiable, and efficient Query Processing (TiveQP). TiveQP has three distinguishing features. (1) Expand SkNN: data users can query k nearest locations open at a specific time. (2) Adopt a stronger threat model: we assume the CS is malicious and propose complementary set (i.e., transform proving “in” a set to proving “in” its complementary set) to allow data users to verify results without leaking unqueried data items' information. (3) Improve efficiency: we design a space encoding technique and a pruning strategy to improve efficiency in query processing and result verification. We formally proved the security of TiveQP in the random oracle model. We conducted extensive evaluations over a Yelp dataset to show that TiveQP significantly improves over existing work, e.g., top-10NN query over 100 thousand data items only needs 10 ms to get queried results and 1.4 ms for verification.

computer science, information systems, software engineering

Jianzhang Du,Tilak Mudgal,Rutvi Rahul Gadre,Yukui Luo,Chenghong Wang

2024-10-29

Abstract:In this paper, we address the problem of efficiently answering predicate queries on encrypted databases, those secured by Trusted Execution Environments (TEEs), which enable untrusted providers to process encrypted user data without revealing its contents. A common strategy in modern databases to accelerate predicate queries is the use of indexes, which map attribute values (keys) to their corresponding positions in a sorted data array. This allows for fast lookup and retrieval of data subsets that satisfy specific predicates. Unfortunately, indexes cannot be directly applied to encrypted databases due to strong data dependent leakages. Recent approaches apply differential privacy (DP) to construct noisy indexes that enable faster access to encrypted data while maintaining provable privacy guarantees. However, these methods often suffer from large storage costs, with index sizes typically scaling linearly with the key space. To address this challenge, we propose leveraging learned indexes, a trending technique that repurposes machine learning models as indexing structures, to build more compact DP indexes.

Databases,Cryptography and Security,Machine Learning

Yin Xu,Mingjun Xiao,Xiang Zou,An Liu

DOI: https://doi.org/10.1007/978-3-030-59416-9_47

2020-01-01

Abstract:In this paper, we study a new type of Spatial Crowdsourcing (SC), namely Distributed SC (DSC), which can support a variety of location-relative services demanded by different requesters with low latency and bandwidth costs. In DSC, requesters need to compete for limited resources so as to deploy their desired SC services, and the requested resources must be allocated together to meet the demand of the service. We model this competitive resource allocation problem as a combinatorial auction process. Since this problem is NP-hard, we design an approximation algorithm to solve it. Besides, the leakage of sensitive information such as bids may incur severe economic damage, and there is a lack of works that can provide efficient protection without a trustworthy third-party. Based on this, we propose a novel Differentially private Resource Auction (DRA) mechanism. A bid confusion strategy based on differential privacy is designed against the untrusted third-party. Moreover, we prove that DRA offers \\(\\epsilon \\)-differential privacy, \\(\\gamma \\)-truthfulness, individual rationality and computational efficiency. Finally, extensive simulations on a real trace confirm the efficacy of DRA and indicate good performance in accordance with the design expectations.