Download presentation
Presentation is loading. Please wait.
Published byBeverly Hill Modified over 6 years ago
1
Private Queries in Location-Based Services: Anonymizers are Not Necessary
Gabriel Ghinita1 Panos Kalnis1 Ali Khoshgozaran2 Cyrus Shahabi2 Kian Lee Tan1 1 National University of Singapore 2 University of Southern California
2
Location-Based Services (LBS)
LBS users Mobile devices with GPS capabilities Queries NN Queries Location server is NOT trusted “Find closest hospital to my present location” We study the problem of privacy in LBS LBS are chract by mobile users with positioning capabilities Users ask spatial Q such as NN or range: in our example u1 asks for the closest hospital, which is h2 The LBS is not trusted, and finds out that u1 suffers from a medical condition
3
Problem Statement Queries may disclose sensitive information
Query through anonymous web surfing service But user location may disclose identity Triangulation of device signal Publicly available databases Physical surveillance How to preserve query source anonymity? Even when exact user locations are known To prevent the LBS from learning the identity of the Q user, we can use a pseudonym service to hide the user ID. But Q contains location, which can be easily mapped to the identity Pb Form: how to preserve query privacy, even in the worst case?
4
PIR Overview Computationally hard to find i from q(i)
Bob can easily find Xi from r (trap-door)
5
Existing LBS Privacy Solutions
6
Spatial K-Anonymity Query issuer “hides” among other K-1 users
Probability of identifying query source ≤ 1/K Idea: anonymizing spatial regions (ASR) SKA is an extension of KA, widely used in relational DB, and “hides” the Q user among K-1 other users Instead of reporting exact location to LBS, an ASR (or cloaked region) is built which encloses at least K users; the LBS process the Q wrt ASR
7
Casper[Mok06] NOT SECURE !!! Quad-tree based
Fails to preserve anonymity for outliers Unnecessarily large ASR size u2 Let K=3 A1 u1 u3 If any of u1, u2, u3 queries, ASR is A1 Both use a quad-tree structure IC: smallest quadrant enclosing u as well as other k-1 users; Casper allows half-quadrants Anonymity of outliers compromised Detailed analytical proof in appendix NOT SECURE !!! u4 If u4 queries, ASR is A2 A2 u4’s identity is disclosed [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006
8
Reciprocity u2 u3 u5 u3 u2 u1 u1 u4 u6 u5 u6 u4
We were the first to identify this property Later, it has been reformulated as “k-sharing” Stress that optimal reciprocal partitioning is hard, especially for mobile users [KGMP07] – Kalnis P., Ghinita G., Mouratidis K., Papadias D., "Preventing Location-Based Identity Inference in Anonymous Spatial Queries", IEEE TKDE 2007.
9
Hilbert Cloak (HC) Based on Hilbert space-filling curve
index users by Hilbert value of location partition Hilbert sequence into “K-buckets” HC obeys reciprocity Start End
10
Continuous Queries[CM07]
Problems ASRs grows large Query dropped if some user in U disconnects u1 u3 u2 [CM07] C.-Y. Chow and M. Mokbel “Enabling Private Continuous Queries For Revealed User Locations”. In Proc. of SSTD 2007
11
Space Encryption[KS07] Drawbacks answers are approximate
makes use of tamper-resistant devices may be vulnerable if some POI are known Hilbert Mapping P2 P1 P2 P4 12 14 19 P3 24 P4 P1 NN(15)=P2 Q P3 15 [KS07] A. Khoshgozaran, C. Shahabi. Blind Evaluation of Nearest Neighbor Queries Using Space Transformation to Preserve Location Privacy , In Proc. Of SSTD 2007
12
Motivation Limitations of existing solutions
Assumption of trusted entities anonymizer and trusted, non-colluding users Considerable overhead for sporadic benefits maintenance of user locations No privacy guarantees especially for continuous queries
13
Our Approach
14
LBS Privacy with PIR PIR Two-party cryptographic protocol
No trusted anonymizer required No trusted users required No pooling of a large user population required No need for location updates Location data completely obscured
15
PIR Theoretical Foundations
Let N =q1*q2, q1 and q2 large primes Quadratic Residuosity Assumption (QRA) QR/QNR decision computationally hard Essential properties: QR * QR = QR QR * QNR = QNR
16
PIR Protocol for Binary Data
X4 X8 X16 X12 X3 X7 X15 X11 X2 X6 X14 X10 X1 X5 X13 X9 a b y1 y2 y3 y4 z4 z3 z2 z1 Get X10 QNR a=2, b=3 Explain what is computed, i.e. “dot-product-like” with mask, will be needed in the optimization slide z2=QNR => X10=1 z2=QR => X10=0
17
Approximate Nearest Neighbor
u Data organized as a square matrix Each column corresponds to index leaf An entire leaf is retrieved – the closest to the user
18
Exact Nearest Neighbor
4 3 2 1 D C B A p1 A3: p1, p2, p3 A4: p1, --, -- p3 p4 Z4 Z3 Z2 Z1 Only z2 needed u p2 Y1 Y2 Y3 Y4 QNR
19
Rectangular PIR Matrix
20
Avoiding Redundant Computations
Data mining Identify frequent partial products
21
Parallelize Computation
Values of z can be computed in parallel Master-slave paradigm Offline phase: master scatters PIR matrix Online phase: Master broadcasts y Each worker computes z values for its strip Master collects z results
22
Experimental Settings
Sequoia dataset + synthetic sets 10,000 to 100,000 POI Modulus up to 1280 bits
23
Parallel Execution
24
Data Mining Optimization
25
Disclosed POI
26
Conclusions PIR-based LBS privacy Future work
No need to trust third-party Secure against any location-based attack Future work Further reduce PIR overhead Support more complex queries Include more POI information in the reply
27
Bibliography [KGMP07] – Kalnis P., Ghinita G., Mouratidis K., Papadias D., "Preventing Location-Based Identity Inference in Anonymous Spatial Queries", IEEE Transactions on Knowledge and Data Engineering (IEEE TKDE), 19(12), , 2007. [GZPK07] – Ghinita G., Zhao K., Papadias D., Kalnis P., Reciprocal Framework for Spatial K-Anonymity, Technical Report [GKS07a] – Ghinita G., Kalnis P., Skiadopoulos S., "PRIVE: Anonymous Location-based Queries in Distributed Mobile Systems", Proc. of World Wide Web Conf. (WWW), Banff, Canada, , 2007. [GKS07b] – Ghinita G., Kalnis P., Skiadopoulos S., "MOBIHIDE: A Mobile Peer-to-Peer System for Anonymous Location-Based Queries", Proc. of the Int. Symposium in Spatial and Temporal Databases (SSTD), Boston, MA, , 2007.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.