SlideShare a Scribd company logo

User defined privacy grid system

Download as DOCX, PDF
N
nexgentech15

This document presents a user-defined privacy grid system called Dynamic Grid System (DGS) for continuous location-based services (LBS), which allows users to maintain location privacy without relying on a fully trusted third party. DGS ensures privacy by using a semi-trusted query server that does not store any user location information and only performs essential matching operations. Experimental results demonstrate that DGS is more efficient than existing privacy-preserving techniques, providing strong privacy guarantees while reducing communication costs.

Education
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION- BASED SERVICES Abstract—Location-based services (LBS) require users to continuously report their location to a potentially untrusted server to obtain services based on their location, which can expose them to privacy risks. Unfortunately, existing privacy- preserving techniques for LBS have several limitations, such as requiring a fully- trusted third party, offering limited privacy guarantees and incurring high communication overhead. In this paper, we propose a user-defined privacy grid system called dynamic grid system (DGS); the first holistic system that fulfills four essential requirements for privacy-preserving snapshot and continuous LBS. (1) The system only requires a semi-trusted third party, responsible for carrying out simple matching operations correctly. This semi-trusted third party does not have any information about a user’s location. (2) Secure snapshot and continuous location privacy is guaranteed under our defined adversary models. (3) The communication cost for the user does not depend on the user’s desired privacy level, it only depends on the number of relevant points of interest in the vicinity of the user. (4) Although we only focus on range and k-nearest-neighbor queries in this work, our system can be easily extended to support other spatial queries without changing the algorithms run by the semi-trusted third party and the
database server, provided the required search area of a spatial query can be abstracted into spatial regions. Experimental results show that our DGS is more efficient than the state-of-the-art privacy-preserving technique for continuous LBS. EXISTING SYSTEM: Spatial cloaking techniques have been widely used to preserve user location privacy in LBS. Most of the existing spatial cloaking techniques rely on a fully- trusted third party (TTP), usually termed location anonymizer, that is required between the user and the service provider. When a user subscribes to LBS, the location anonymizer will blur the user’s exact location into a cloaked area such that the cloaked area includes at least k – 1 other users to satisfy k-anonymity. The TTP model has four major drawbacks. (a) It is difficult to find a third party that can be fully trusted. (b) All users need to continuously update their locations with the location anonymizer, even when they are not subscribed to any LBS, so that the location anonymizer has enough information to compute cloaked areas. (c) Because the location anonymizer stores the exact location information of all users, compromising the location anonymizer exposes their locations. (d) k-anonymity typically reveals the approximate location of a user and the location privacy depends on the user distribution. In a system with such regional location privacy it
is difficult for the user to specify personalized privacy requirements. The feelingbased approach [29] alleviates this issue by finding a cloaked area based on the number of its visitors that is at least as popular as the user’s specified public region. Although some spatial clocking techniques can be applied to peer-to-peer environments, these techniques still rely on the k-anonymity privacy requirement and can only achieve regional location privacy. Furthermore, these techniques require users to trust each other, as they have to reveal their locations to other peers and rely on other peers’ locations to blur their locations., another distributed method was proposed that does not require users to trust each other, but it still uses multiple TTPs. Another family of algorithms uses incremental nearest neighbor queries, where a query starts at an “anchor” location which is different from the real location of a user and iteratively retrieves more points of interest until the query is satisfied. While it does not require a trusted third party, the approximate location of a user can still be learned; hence only regional location privacy is achieved. PROPOSED SYSTEM: In this paper, we propose a user-defined privacy grid system called dynamic grid system (DGS) to provide privacy-preserving snapshot and continuous LBS. The main idea is to place a semitrusted third party, termed query server (QS), between the user and the service provider (SP). QS only needs to be semi-trusted because it
will not collect/store or even have access to any user location information. Semi- trusted in this context means that while QS will try to determine the location of a user, it still correctly carries out the simple matching operations required in the protocol, i.e., it does not modify or drop messages or create new messages. An untrusted QS would arbitrarily modify and drop messages as well as inject fake messages, which is why our system depends on a semi-trusted QS. The main idea of our DGS. In DGS, a querying user first determines a query area, where the user is comfortable to reveal the fact that she is somewhere within this query area. The query area is divided into equal-sized grid cells based on the dynamic grid structure specified by the user. Then, the user encrypts a query that includes the information of the query area and the dynamic grid structure, and encrypts the identity of each grid cell intersecting the required search area of the spatial query to produce a set of encrypted identifiers. Next, the user sends a request including (1) the encrypted query and (2) the encrypted identifiers to QS, which is a semi-trusted party located between the user and SP. QS stores the encrypted identifiers and forwards he encrypted query to SP specified by the user. SP decrypts the query and selects the POIs within the query area from its database. For each selected POI, SP encrypts its information, using the dynamic grid structure specified by the user to find a grid cell covering the POI, and encrypts the cell identity to produce the encrypted identifier for that POI. The encrypted POIs
with their corresponding encrypted identifiers are returned to QS. QS stores the set of encrypted POIs and only returns to the user a subset of encrypted POIs whose corresponding identifiers match any one of the encrypted identifiers initially sent by the user. After the user receives the encrypted POIs, she decrypts them to get their exact locations and computes a query answer. Module 1 Dynamic grid system (dgs) In this section, we will describe how our DGS supports privacypreserving continuous range and k-NN queries. This section is organized as follows: Section 3.1 describes the details of our DGS for processing continuous range queries and incrementally maintaining their answers, and Section 3.2 extends DGS to support k-NN queries. 3.1 Range Queries Our DGS has two main phases for privacy-preserving continuous range query processing. The first phase finds an initial answer for a range query and the second phase incrementally maintains the query answer based on the user’s location update. Range Query Processing a continuous range query is defined as keeping track of the POIs within a user-specified distance Range of the user’s current location (xu, yu) for a certain time period. In general, the privacy-preserving range query processing protocolhas six main steps.
Step 1. Dynamic grid structure (by the user). The idea of this step is to construct a dynamic grid structure specified by the user. A querying user first specifies a query area, where the user is comfortable to reveal the fact that she is located somewhere within that query area. The query area is assumed to be a rectangular area, represented by the coordinates of its bottom-left vertex (xb, yb) and top-right vertex (xt, yt). Step 2. Request generation (by the user). In this step, the querying user generates a request that includes (1) a query for a SP specified by the querying user and (2) a set of encrypted identifiers, Se, for a QS. The user first selects a random key K and derives three distinct keys: (HK,EK,MK) ← KDF(K) (1) where KDF(・) is a key derivation function ( [24]). Then, the user sets query and Se. Step 3. Request processing (by QS). When QS receives the request from the user, it simply stores the set of encrypted identifiers Se and forwards the encrypted query to SP specified by the user. Step 4. Query processing (by SP). SP decrypts the request to retrieve the POI- type, the random key K selected by the user in the request generation step (Step 2), and the query area defined by m, (xb, yb), and (xt, yt). SP then selects a set of np POIs that match the required POI-type within the user specified query area from its database. For each selected POI j with a location (xj , yj)) (1 ≤ j ≤ np), SP
computes the identity of the grid cell in the user specified dynamic grid structure covering j by (cj , rj) = _j xj−xb (xt−xb)/mk , j yj−yb (yt−yb)/mk_. Step 5. Encrypted identifier matching (by QS). Upon receiving np triples, QS determines the set of matching POIs by comparing the encrypted identifiers Cj (1 ≤ j ≤ np) of the received POI with the set of encrypted identifiers Se previously received from the user. A match between a Cj and some Ci in the set Se indicates that the POI j is in one of the grid cells required by the user. Thus, QS forwards every matching POI hlj , σji to the user. If the query is a snapshot query, QS then deletes the received POIs and their encrypted identifiers. However, if the query is a continuous one, QS keeps the received POIs along with their encrypted identifiers until the user unregisters the query. Step 6. Answer computation (by the user). Suppose that there are μ matched POIs received by the user. For each of these matched POIs, say hlj , σji, the user decrypts lj using EK and gets access to the exact location (xj , yj) of the POI. From (xj , yj) and lj, the user verifies σj by re-calculating the MAC value and compares it against σj . If they match, the user finds the answer that includes the POI whose location is within a distance of Range of the user’s current position (xu, yu). Module 2 K-Nearest-NeighborQuery Processing
A continuous k-NN query is defined as keeping track of the knearest POIs to a user’s current location (xu, yu) for a certain time period, as presented in Section 2. In general, the privacypreserving k-NN query processing has six major steps to find an initial query answer. Step 1. Dynamic grid structure (by the user). This step is the same as the dynamic grid structure step (Step 1) in the range query processing phase. It takes a user-specified query area with a left-bottom vertex (xb, yb) and a right-top vertex (xt, yt) and divides the query area into m × m equal-sized cells. Step 2. Request generation (by the user). The required search area of the k-NN query is initially unknown to the user. The user first finds at least k POIs to compute the required search area as a circular area centered at the user’s location with a radius of a distance from the user to the k-th nearest known POI. The user therefore first attempts to get the nearby POIs from a specific SP. In this step, the user requests the POIs in the cell containing the user and its neighboring cells from SP. Given the user’s current location (xu, yu) and a query area specified by the user in Step 1, she wants to get the POIs within a set of grid cells Sc that includes the cell containing herself, i.e., (cu, ru) = _j xu−xb (xt−xb)/mk , j yu−yb (yt−yb)/mk_, and its at most eight neighboring cells (cu −1, ru−1), (cu, ru−1), (cu+1, ru−1), (cu − 1, ru), (cu + 1, ru), (cu − 1, ru + 1), (cu, ru + 1), and (cu + 1, ru + 1). For each cell i in Sc, the user generates an encrypted identifier Ci using
Equations 3 and 4, as in the request generation step (Step 2) in the range query processing phase. The user also creates a query to be sent to SP. Finally, the user sends a request, which includes the identity of SP, the query, and the set of encrypted identifiers (in random order), to QS. Step 3. Request processing (by QS). This step is identical to Step 3 for range queries in the query processing phase. Step 4. Query processing (by SP). This step is identical to Step 4 for range queries in the query processing phase Thanks to this query abstraction feature, our DGS can be easily extended to support other continuous spatial query types, e.g., reverse NN queries and density queries. Step 5. Required search area (by the user and QS). This step is similar to the encrypted identifier matching step (Step 5) for range queries in the query processing phase, with the difference that this step may involve several rounds of interaction between the user and QS. QS matches the encrypted identifiers of the encrypted POIs returned by SP with the encrypted identifiers in Se sent by the user in Step 2, and sends the matching encrypted POIs to the user. Module 3 Privacy Against Service Provider (SP)
We require that SP cannot learn the user’s location any better than making a random guess. Formally, we consider the following game played between a challenger C and a (malicious) SP, denoted by A. The challenger prepares the system parameters, and gives them to A. A specifies a POI-type, the grid structure, a query area and two locations (x0, y0) and (x1, y1) in this area, and gives them to C. C chooses at random b ∈ {0, 1}, uses (xb, yb), the specified grid structure and POI-type to generate Msgb 2 with respect to the identity of A, i.e., the message that the malicious SP expects to receive. C then gives Msgb 2 to A. A outputs a bit b′ and wins the game if b′ = b. Module 4 Privacy Against Query Server (QS) This requires that QS cannot tell from the user’s request or SP’s transcript about where the user is, provided that it does not collude with the intended SP. Formally, we consider the following game played between an adversary A (which is the dishonest QS) and a challenger C which acts the roles of the user and service providers. Given the system parameters, A begins to issue Private Key Query for polynomially many times: it submits the identity of a SP to C, and receives the
corresponding private key. This models the case that QS colludes with a (non- intended) SP. A then specifies the POI-type, he identity of the intended SP (the private key of which has not been queried), the grid structure, a query area, and two user locations (x0, y0) and (x1, y1) in the query area, and gives them to C. C tosses a coin b ∈ {0, 1}, and uses (xb, yb) and the other information specified by A to generate Msgb 1 as the user’s message to QS, and the corresponding SP message Msgb 3. It sends both Msgb 1 and Msgb 3 to A. A continues to issue queries as above except that it cannot ask for the private key of the intended SP. Finally, A outputs a bit b′ as its guess of b, and wins the game if b′ = b. CONCLUSION In this paper, we proposed a dynamic grid system (DGS) for providing privacy- preserving continuous LBS. Our DGS includes the query server (QS) and the service provider (SP), and cryptographic functions to divide the whole query processing task into two parts that are performed separately by QS and SP. DGS does not require any fully-trusted third party (TTP); instead, we require only the much weaker assumption of no collusion between QS and SP. This separation also moves the data transfer load away from the user to the inexpensive and high- bandwidth link between QS and SP. We also designed efficient protocols for our DGS to support both continuous k-nearest-neighbor (NN) and range queries. To
evaluate the performance of DGS, we compare it to the state-of-the-art technique requiring a TTP. DGS provides better privacy guarantees than the TTP scheme, and the experimental results show that DGS is an order of magnitude more efficient than the TTP scheme, in terms of communication cost. In terms of computation cost, DGS also always outperforms the TTP scheme for NN queries; it is comparable or slightly more expensive than the TTP scheme for range queries. REFERENCES [1] B. Bamba, L. Liu, P. Pesti, and T.Wang, “Supporting anonymous location queries in mobile environments with PrivacyGrid,” in WWW, 2008. [2] C.-Y. Chow and M. F. Mokbel, “Enabling private continuous queries for revealed user locations,” in SSTD, 2007. [3] B. Gedik and L. Liu, “Protecting location privacy with personalized kanonymity: Architecture and algorithms,” IEEE TMC, vol. 7, no. 1, pp. 1–18, 2008. [4] M. Gruteser and D. Grunwald, “Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking,” in ACM MobiSys, 2003. [5] P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias, “Preventing location- based identity inference in anonymous spatial queries,” IEEE TKDE, vol. 19, no. 12, pp. 1719–1733, 2007.
[6] M. F. Mokbel, C.-Y. Chow, and W. G. Aref, “The new casper: Query processing for location services without compromising privacy,” in VLDB, 2006. [7] T. Xu and Y. Cai, “Location anonymity in continuous location-based services,” in ACM GIS, 2007. [8] “Exploring historical location data for anonymity preservation in location- based services,” in IEEE INFOCOM, 2008. [9] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, “Private queries in location based services: Anonymizers are not necessary,” in ACM SIGMOD, 2008. [10] M. Kohlweiss, S. Faust, L. Fritsch, B. Gedrojc, and B. Preneel, “Efficient oblivious augmented maps: Location-based services with a payment broker,” in PET, 2007. [11] R. Vishwanathan and Y. Huang, “A two-level protocol to answer private location-based queries,” in ISI, 2009. [12] J.M. Kang,M. F.Mokbel, S. Shekhar, T. Xia, and D. Zhang, “Continuous evaluation of monochromatic and bichromatic reverse nearest neighbors,” in IEEE ICDE, 2007.

More Related Content

PDF
SURVEY PAPER ON PRIVACY IN LOCATION BASED SEARCH QUERIES.
ijiert bestjournal
 
PDF
Securing Group Communication in Partially Distributed Systems
IOSR Journals
 
PDF
A NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKS
IJNSA Journal
 
PPTX
sanju
Sanju Gowda
 
PDF
Certificate less key management scheme in
IJNSA Journal
 
PDF
securemult
Sunil Srivastava
 
PDF
Secure multipath routing scheme using key
ijfcstjournal
 
PDF
Redundant Actor Based Multi-Hole Healing System for Mobile Sensor Networks
Editor IJCATR
 
SURVEY PAPER ON PRIVACY IN LOCATION BASED SEARCH QUERIES.
ijiert bestjournal
 
Securing Group Communication in Partially Distributed Systems
IOSR Journals
 
A NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKS
IJNSA Journal
 
sanju
Sanju Gowda
 
Certificate less key management scheme in
IJNSA Journal
 
securemult
Sunil Srivastava
 
Secure multipath routing scheme using key
ijfcstjournal
 
Redundant Actor Based Multi-Hole Healing System for Mobile Sensor Networks
Editor IJCATR
 

What's hot (19)

PDF
A study of localized algorithm for self organized wireless sensor network and...
eSAT Publishing House
 
PDF
Ijetr012022
ER Publication.org
 
PDF
Secure routing path using trust values for
ijcisjournal
 
PDF
Paper id 42201621
IJRAT
 
DOCX
Detection and elemination of block hole attack
Maalolan Narasimhan
 
PDF
Privacy in Location-Based Services using SP-Filtering in Hide and Seek Protoc...
Editor Jacotech
 
PDF
SIMULATION PROCESS FOR MOBILE NODES INFORMATION USING LOCATION-AIDED ROUTING ...
ijwmn
 
DOC
Criptography approach using magnets
snv09
 
PDF
Elgamal signature for content distribution with network coding
ijwmn
 
PDF
A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...
IJERA Editor
 
PDF
How to Counter-act Security Threats in Mobile Ad Hoc Networks?
drsrinivasanvenkataramani
 
PDF
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
ijujournal
 
DOC
DOCS ON NETWORK SECURITY
Tuhin_Das
 
PDF
Authentication in Different Scenarios
Raj Sikarwar
 
PDF
New Security Threats and Protection Techniques in Mobile Ad Hoc Networks
drsrinivasanvenkataramani
 
PDF
Load balancing in public cloud combining the concepts of data mining and netw...
eSAT Publishing House
 
PDF
Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...
IJMTST Journal
 
PDF
Authentication in Different Scenarios
Raj Sikarwar
 
DOCX
Non cooperative location privacy
IEEEFINALYEARPROJECTS
 
A study of localized algorithm for self organized wireless sensor network and...
eSAT Publishing House
 
Ijetr012022
ER Publication.org
 
Secure routing path using trust values for
ijcisjournal
 
Paper id 42201621
IJRAT
 
Detection and elemination of block hole attack
Maalolan Narasimhan
 
Privacy in Location-Based Services using SP-Filtering in Hide and Seek Protoc...
Editor Jacotech
 
SIMULATION PROCESS FOR MOBILE NODES INFORMATION USING LOCATION-AIDED ROUTING ...
ijwmn
 
Criptography approach using magnets
snv09
 
Elgamal signature for content distribution with network coding
ijwmn
 
A Modified Pair Wise Key Distribution Schemes and There Effect On Network Per...
IJERA Editor
 
How to Counter-act Security Threats in Mobile Ad Hoc Networks?
drsrinivasanvenkataramani
 
Security Flows and Improvement of a Recent Ultra Light-Weight RFID Protocol
ijujournal
 
DOCS ON NETWORK SECURITY
Tuhin_Das
 
Authentication in Different Scenarios
Raj Sikarwar
 
New Security Threats and Protection Techniques in Mobile Ad Hoc Networks
drsrinivasanvenkataramani
 
Load balancing in public cloud combining the concepts of data mining and netw...
eSAT Publishing House
 
Effective Identification of Packet Droppers and Modifiers in Wireless Sensor ...
IJMTST Journal
 
Authentication in Different Scenarios
Raj Sikarwar
 
Non cooperative location privacy
IEEEFINALYEARPROJECTS
 
Ad

Similar to User defined privacy grid system (20)

PDF
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICES - IEE...
Nexgen Technology
 
PDF
User-Defined Privacy Grid System for Continuous Location-Based Services
1crore projects
 
PDF
User defined privacy grid system for continuous location based services abstract
Softroniics india
 
PDF
Cloaking Areas Location Based Services Using Dynamic Grid System & Privacy En...
IJMTST Journal
 
PDF
privacy preserving abstract
muhammed jassim k
 
DOCX
Eplq Efficient Privacy-Preserving Location-based Query over Outsourced Encryp...
Kamal Spring
 
PDF
A Novel Solitude Conserving Location Monitoring Approach for Wireless Sensor ...
IJERA Editor
 
PPTX
Eplq
Kamal Spring
 
PDF
PERTURBED ANONYMIZATION: TWO LEVEL SMART PRIVACY FOR LBS MOBILE USERS
cscpconf
 
PDF
LPM: A DISTRIBUTED ARCHITECTURE AND ALGORITHMS FOR LOCATION PRIVACY IN LBS
IJNSA Journal
 
PDF
H0944649
IOSR Journals
 
DOC
azd document
azeed shaik
 
PDF
Privacy preserving location sharing services for social networks(1)
Kamal Spring
 
PDF
Privacy - Preserving Reputation with Content Protecting Location Based Queries
iosrjce
 
PDF
H017665256
IOSR Journals
 
DOC
Secure-and-Distance-based-Online-Social-Network-OSN.doc
RanganathSri1
 
PPTX
Privacy preserving optimal meeting location determination on mobile devices
IGEEKS TECHNOLOGIES
 
PDF
1377179967 42797809
Editor Jacotech
 
DOC
Privacy preserving and content-protecting location based queries
Papitha Velumani
 
PDF
Iaetsd extending sensor networks into the cloud using tpss and lbss
Iaetsd Iaetsd
 
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICES - IEE...
Nexgen Technology
 
User-Defined Privacy Grid System for Continuous Location-Based Services
1crore projects
 
User defined privacy grid system for continuous location based services abstract
Softroniics india
 
Cloaking Areas Location Based Services Using Dynamic Grid System & Privacy En...
IJMTST Journal
 
privacy preserving abstract
muhammed jassim k
 
Eplq Efficient Privacy-Preserving Location-based Query over Outsourced Encryp...
Kamal Spring
 
A Novel Solitude Conserving Location Monitoring Approach for Wireless Sensor ...
IJERA Editor
 
Eplq
Kamal Spring
 
PERTURBED ANONYMIZATION: TWO LEVEL SMART PRIVACY FOR LBS MOBILE USERS
cscpconf
 
LPM: A DISTRIBUTED ARCHITECTURE AND ALGORITHMS FOR LOCATION PRIVACY IN LBS
IJNSA Journal
 
H0944649
IOSR Journals
 
azd document
azeed shaik
 
Privacy preserving location sharing services for social networks(1)
Kamal Spring
 
Privacy - Preserving Reputation with Content Protecting Location Based Queries
iosrjce
 
H017665256
IOSR Journals
 
Secure-and-Distance-based-Online-Social-Network-OSN.doc
RanganathSri1
 
Privacy preserving optimal meeting location determination on mobile devices
IGEEKS TECHNOLOGIES
 
1377179967 42797809
Editor Jacotech
 
Privacy preserving and content-protecting location based queries
Papitha Velumani
 
Iaetsd extending sensor networks into the cloud using tpss and lbss
Iaetsd Iaetsd
 
Ad

More from nexgentech15 (20)

DOCX
Subgraph matching with set similarity in a
nexgentech15
 
DOCX
Rule based method for entity resolution
nexgentech15
 
DOCX
Privacy policy inference of user uploaded
nexgentech15
 
DOCX
Discovery of ranking fraud for mobile apps
nexgentech15
 
DOCX
Secure auditing and deduplicating data in cloud
nexgentech15
 
DOCX
Provable multicopy dynamic data possession
nexgentech15
 
DOCX
Orchestrating bulk data transfers across
nexgentech15
 
DOCX
New algorithms for secure outsourcing of
nexgentech15
 
DOCX
Identity based encryption with outsourced
nexgentech15
 
DOCX
Cost effective authentic and anonymous
nexgentech15
 
DOCX
Control cloud data access privilege and
nexgentech15
 
DOCX
A trusted iaa s environment
nexgentech15
 
DOCX
A profit maximization scheme with guaranteed
nexgentech15
 
DOCX
Learning to rank image tags with limited
nexgentech15
 
DOCX
Detecting malicious facebook applications
nexgentech15
 
DOCX
Collusion tolerable privacy-preserving sum
nexgentech15
 
DOCX
Automatic face naming by learning discriminative
nexgentech15
 
DOCX
A computational dynamic trust model
nexgentech15
 
DOCX
Space efficient verifiable secret sharing
nexgentech15
 
DOCX
Query aware determinization of uncertain
nexgentech15
 
Subgraph matching with set similarity in a
nexgentech15
 
Rule based method for entity resolution
nexgentech15
 
Privacy policy inference of user uploaded
nexgentech15
 
Discovery of ranking fraud for mobile apps
nexgentech15
 
Secure auditing and deduplicating data in cloud
nexgentech15
 
Provable multicopy dynamic data possession
nexgentech15
 
Orchestrating bulk data transfers across
nexgentech15
 
New algorithms for secure outsourcing of
nexgentech15
 
Identity based encryption with outsourced
nexgentech15
 
Cost effective authentic and anonymous
nexgentech15
 
Control cloud data access privilege and
nexgentech15
 
A trusted iaa s environment
nexgentech15
 
A profit maximization scheme with guaranteed
nexgentech15
 
Learning to rank image tags with limited
nexgentech15
 
Detecting malicious facebook applications
nexgentech15
 
Collusion tolerable privacy-preserving sum
nexgentech15
 
Automatic face naming by learning discriminative
nexgentech15
 
A computational dynamic trust model
nexgentech15
 
Space efficient verifiable secret sharing
nexgentech15
 
Query aware determinization of uncertain
nexgentech15
 

Recently uploaded (20)

PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Classroom Observation Tools for Teachers
Nicaramirez
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Institutional Correction lecture only . . .
limvtheghins
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
master seminar digital applications in india
ananyaray35
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 

User defined privacy grid system

  • 1. USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION- BASED SERVICES Abstract—Location-based services (LBS) require users to continuously report their location to a potentially untrusted server to obtain services based on their location, which can expose them to privacy risks. Unfortunately, existing privacy- preserving techniques for LBS have several limitations, such as requiring a fully- trusted third party, offering limited privacy guarantees and incurring high communication overhead. In this paper, we propose a user-defined privacy grid system called dynamic grid system (DGS); the first holistic system that fulfills four essential requirements for privacy-preserving snapshot and continuous LBS. (1) The system only requires a semi-trusted third party, responsible for carrying out simple matching operations correctly. This semi-trusted third party does not have any information about a user’s location. (2) Secure snapshot and continuous location privacy is guaranteed under our defined adversary models. (3) The communication cost for the user does not depend on the user’s desired privacy level, it only depends on the number of relevant points of interest in the vicinity of the user. (4) Although we only focus on range and k-nearest-neighbor queries in this work, our system can be easily extended to support other spatial queries without changing the algorithms run by the semi-trusted third party and the
  • 2. database server, provided the required search area of a spatial query can be abstracted into spatial regions. Experimental results show that our DGS is more efficient than the state-of-the-art privacy-preserving technique for continuous LBS. EXISTING SYSTEM: Spatial cloaking techniques have been widely used to preserve user location privacy in LBS. Most of the existing spatial cloaking techniques rely on a fully- trusted third party (TTP), usually termed location anonymizer, that is required between the user and the service provider. When a user subscribes to LBS, the location anonymizer will blur the user’s exact location into a cloaked area such that the cloaked area includes at least k – 1 other users to satisfy k-anonymity. The TTP model has four major drawbacks. (a) It is difficult to find a third party that can be fully trusted. (b) All users need to continuously update their locations with the location anonymizer, even when they are not subscribed to any LBS, so that the location anonymizer has enough information to compute cloaked areas. (c) Because the location anonymizer stores the exact location information of all users, compromising the location anonymizer exposes their locations. (d) k-anonymity typically reveals the approximate location of a user and the location privacy depends on the user distribution. In a system with such regional location privacy it
  • 3. is difficult for the user to specify personalized privacy requirements. The feelingbased approach [29] alleviates this issue by finding a cloaked area based on the number of its visitors that is at least as popular as the user’s specified public region. Although some spatial clocking techniques can be applied to peer-to-peer environments, these techniques still rely on the k-anonymity privacy requirement and can only achieve regional location privacy. Furthermore, these techniques require users to trust each other, as they have to reveal their locations to other peers and rely on other peers’ locations to blur their locations., another distributed method was proposed that does not require users to trust each other, but it still uses multiple TTPs. Another family of algorithms uses incremental nearest neighbor queries, where a query starts at an “anchor” location which is different from the real location of a user and iteratively retrieves more points of interest until the query is satisfied. While it does not require a trusted third party, the approximate location of a user can still be learned; hence only regional location privacy is achieved. PROPOSED SYSTEM: In this paper, we propose a user-defined privacy grid system called dynamic grid system (DGS) to provide privacy-preserving snapshot and continuous LBS. The main idea is to place a semitrusted third party, termed query server (QS), between the user and the service provider (SP). QS only needs to be semi-trusted because it
  • 4. will not collect/store or even have access to any user location information. Semi- trusted in this context means that while QS will try to determine the location of a user, it still correctly carries out the simple matching operations required in the protocol, i.e., it does not modify or drop messages or create new messages. An untrusted QS would arbitrarily modify and drop messages as well as inject fake messages, which is why our system depends on a semi-trusted QS. The main idea of our DGS. In DGS, a querying user first determines a query area, where the user is comfortable to reveal the fact that she is somewhere within this query area. The query area is divided into equal-sized grid cells based on the dynamic grid structure specified by the user. Then, the user encrypts a query that includes the information of the query area and the dynamic grid structure, and encrypts the identity of each grid cell intersecting the required search area of the spatial query to produce a set of encrypted identifiers. Next, the user sends a request including (1) the encrypted query and (2) the encrypted identifiers to QS, which is a semi-trusted party located between the user and SP. QS stores the encrypted identifiers and forwards he encrypted query to SP specified by the user. SP decrypts the query and selects the POIs within the query area from its database. For each selected POI, SP encrypts its information, using the dynamic grid structure specified by the user to find a grid cell covering the POI, and encrypts the cell identity to produce the encrypted identifier for that POI. The encrypted POIs
  • 5. with their corresponding encrypted identifiers are returned to QS. QS stores the set of encrypted POIs and only returns to the user a subset of encrypted POIs whose corresponding identifiers match any one of the encrypted identifiers initially sent by the user. After the user receives the encrypted POIs, she decrypts them to get their exact locations and computes a query answer. Module 1 Dynamic grid system (dgs) In this section, we will describe how our DGS supports privacypreserving continuous range and k-NN queries. This section is organized as follows: Section 3.1 describes the details of our DGS for processing continuous range queries and incrementally maintaining their answers, and Section 3.2 extends DGS to support k-NN queries. 3.1 Range Queries Our DGS has two main phases for privacy-preserving continuous range query processing. The first phase finds an initial answer for a range query and the second phase incrementally maintains the query answer based on the user’s location update. Range Query Processing a continuous range query is defined as keeping track of the POIs within a user-specified distance Range of the user’s current location (xu, yu) for a certain time period. In general, the privacy-preserving range query processing protocolhas six main steps.
  • 6. Step 1. Dynamic grid structure (by the user). The idea of this step is to construct a dynamic grid structure specified by the user. A querying user first specifies a query area, where the user is comfortable to reveal the fact that she is located somewhere within that query area. The query area is assumed to be a rectangular area, represented by the coordinates of its bottom-left vertex (xb, yb) and top-right vertex (xt, yt). Step 2. Request generation (by the user). In this step, the querying user generates a request that includes (1) a query for a SP specified by the querying user and (2) a set of encrypted identifiers, Se, for a QS. The user first selects a random key K and derives three distinct keys: (HK,EK,MK) ← KDF(K) (1) where KDF(・) is a key derivation function ( [24]). Then, the user sets query and Se. Step 3. Request processing (by QS). When QS receives the request from the user, it simply stores the set of encrypted identifiers Se and forwards the encrypted query to SP specified by the user. Step 4. Query processing (by SP). SP decrypts the request to retrieve the POI- type, the random key K selected by the user in the request generation step (Step 2), and the query area defined by m, (xb, yb), and (xt, yt). SP then selects a set of np POIs that match the required POI-type within the user specified query area from its database. For each selected POI j with a location (xj , yj)) (1 ≤ j ≤ np), SP
  • 7. computes the identity of the grid cell in the user specified dynamic grid structure covering j by (cj , rj) = _j xj−xb (xt−xb)/mk , j yj−yb (yt−yb)/mk_. Step 5. Encrypted identifier matching (by QS). Upon receiving np triples, QS determines the set of matching POIs by comparing the encrypted identifiers Cj (1 ≤ j ≤ np) of the received POI with the set of encrypted identifiers Se previously received from the user. A match between a Cj and some Ci in the set Se indicates that the POI j is in one of the grid cells required by the user. Thus, QS forwards every matching POI hlj , σji to the user. If the query is a snapshot query, QS then deletes the received POIs and their encrypted identifiers. However, if the query is a continuous one, QS keeps the received POIs along with their encrypted identifiers until the user unregisters the query. Step 6. Answer computation (by the user). Suppose that there are μ matched POIs received by the user. For each of these matched POIs, say hlj , σji, the user decrypts lj using EK and gets access to the exact location (xj , yj) of the POI. From (xj , yj) and lj, the user verifies σj by re-calculating the MAC value and compares it against σj . If they match, the user finds the answer that includes the POI whose location is within a distance of Range of the user’s current position (xu, yu). Module 2 K-Nearest-NeighborQuery Processing
  • 8. A continuous k-NN query is defined as keeping track of the knearest POIs to a user’s current location (xu, yu) for a certain time period, as presented in Section 2. In general, the privacypreserving k-NN query processing has six major steps to find an initial query answer. Step 1. Dynamic grid structure (by the user). This step is the same as the dynamic grid structure step (Step 1) in the range query processing phase. It takes a user-specified query area with a left-bottom vertex (xb, yb) and a right-top vertex (xt, yt) and divides the query area into m × m equal-sized cells. Step 2. Request generation (by the user). The required search area of the k-NN query is initially unknown to the user. The user first finds at least k POIs to compute the required search area as a circular area centered at the user’s location with a radius of a distance from the user to the k-th nearest known POI. The user therefore first attempts to get the nearby POIs from a specific SP. In this step, the user requests the POIs in the cell containing the user and its neighboring cells from SP. Given the user’s current location (xu, yu) and a query area specified by the user in Step 1, she wants to get the POIs within a set of grid cells Sc that includes the cell containing herself, i.e., (cu, ru) = _j xu−xb (xt−xb)/mk , j yu−yb (yt−yb)/mk_, and its at most eight neighboring cells (cu −1, ru−1), (cu, ru−1), (cu+1, ru−1), (cu − 1, ru), (cu + 1, ru), (cu − 1, ru + 1), (cu, ru + 1), and (cu + 1, ru + 1). For each cell i in Sc, the user generates an encrypted identifier Ci using
  • 9. Equations 3 and 4, as in the request generation step (Step 2) in the range query processing phase. The user also creates a query to be sent to SP. Finally, the user sends a request, which includes the identity of SP, the query, and the set of encrypted identifiers (in random order), to QS. Step 3. Request processing (by QS). This step is identical to Step 3 for range queries in the query processing phase. Step 4. Query processing (by SP). This step is identical to Step 4 for range queries in the query processing phase Thanks to this query abstraction feature, our DGS can be easily extended to support other continuous spatial query types, e.g., reverse NN queries and density queries. Step 5. Required search area (by the user and QS). This step is similar to the encrypted identifier matching step (Step 5) for range queries in the query processing phase, with the difference that this step may involve several rounds of interaction between the user and QS. QS matches the encrypted identifiers of the encrypted POIs returned by SP with the encrypted identifiers in Se sent by the user in Step 2, and sends the matching encrypted POIs to the user. Module 3 Privacy Against Service Provider (SP)
  • 10. We require that SP cannot learn the user’s location any better than making a random guess. Formally, we consider the following game played between a challenger C and a (malicious) SP, denoted by A. The challenger prepares the system parameters, and gives them to A. A specifies a POI-type, the grid structure, a query area and two locations (x0, y0) and (x1, y1) in this area, and gives them to C. C chooses at random b ∈ {0, 1}, uses (xb, yb), the specified grid structure and POI-type to generate Msgb 2 with respect to the identity of A, i.e., the message that the malicious SP expects to receive. C then gives Msgb 2 to A. A outputs a bit b′ and wins the game if b′ = b. Module 4 Privacy Against Query Server (QS) This requires that QS cannot tell from the user’s request or SP’s transcript about where the user is, provided that it does not collude with the intended SP. Formally, we consider the following game played between an adversary A (which is the dishonest QS) and a challenger C which acts the roles of the user and service providers. Given the system parameters, A begins to issue Private Key Query for polynomially many times: it submits the identity of a SP to C, and receives the
  • 11. corresponding private key. This models the case that QS colludes with a (non- intended) SP. A then specifies the POI-type, he identity of the intended SP (the private key of which has not been queried), the grid structure, a query area, and two user locations (x0, y0) and (x1, y1) in the query area, and gives them to C. C tosses a coin b ∈ {0, 1}, and uses (xb, yb) and the other information specified by A to generate Msgb 1 as the user’s message to QS, and the corresponding SP message Msgb 3. It sends both Msgb 1 and Msgb 3 to A. A continues to issue queries as above except that it cannot ask for the private key of the intended SP. Finally, A outputs a bit b′ as its guess of b, and wins the game if b′ = b. CONCLUSION In this paper, we proposed a dynamic grid system (DGS) for providing privacy- preserving continuous LBS. Our DGS includes the query server (QS) and the service provider (SP), and cryptographic functions to divide the whole query processing task into two parts that are performed separately by QS and SP. DGS does not require any fully-trusted third party (TTP); instead, we require only the much weaker assumption of no collusion between QS and SP. This separation also moves the data transfer load away from the user to the inexpensive and high- bandwidth link between QS and SP. We also designed efficient protocols for our DGS to support both continuous k-nearest-neighbor (NN) and range queries. To
  • 12. evaluate the performance of DGS, we compare it to the state-of-the-art technique requiring a TTP. DGS provides better privacy guarantees than the TTP scheme, and the experimental results show that DGS is an order of magnitude more efficient than the TTP scheme, in terms of communication cost. In terms of computation cost, DGS also always outperforms the TTP scheme for NN queries; it is comparable or slightly more expensive than the TTP scheme for range queries. REFERENCES [1] B. Bamba, L. Liu, P. Pesti, and T.Wang, “Supporting anonymous location queries in mobile environments with PrivacyGrid,” in WWW, 2008. [2] C.-Y. Chow and M. F. Mokbel, “Enabling private continuous queries for revealed user locations,” in SSTD, 2007. [3] B. Gedik and L. Liu, “Protecting location privacy with personalized kanonymity: Architecture and algorithms,” IEEE TMC, vol. 7, no. 1, pp. 1–18, 2008. [4] M. Gruteser and D. Grunwald, “Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking,” in ACM MobiSys, 2003. [5] P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias, “Preventing location- based identity inference in anonymous spatial queries,” IEEE TKDE, vol. 19, no. 12, pp. 1719–1733, 2007.
  • 13. [6] M. F. Mokbel, C.-Y. Chow, and W. G. Aref, “The new casper: Query processing for location services without compromising privacy,” in VLDB, 2006. [7] T. Xu and Y. Cai, “Location anonymity in continuous location-based services,” in ACM GIS, 2007. [8] “Exploring historical location data for anonymity preservation in location- based services,” in IEEE INFOCOM, 2008. [9] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, “Private queries in location based services: Anonymizers are not necessary,” in ACM SIGMOD, 2008. [10] M. Kohlweiss, S. Faust, L. Fritsch, B. Gedrojc, and B. Preneel, “Efficient oblivious augmented maps: Location-based services with a payment broker,” in PET, 2007. [11] R. Vishwanathan and Y. Huang, “A two-level protocol to answer private location-based queries,” in ISI, 2009. [12] J.M. Kang,M. F.Mokbel, S. Shekhar, T. Xia, and D. Zhang, “Continuous evaluation of monochromatic and bichromatic reverse nearest neighbors,” in IEEE ICDE, 2007.