Download presentation
Presentation is loading. Please wait.
Published byFidel Redburn Modified over 9 years ago
1
Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University Presented by Xiao Pan
2
Outline Motivation Contributions Location K-Anonymity Model Cloaking Algorithm Improvement with Dummy Experiments Related Works Conclusions
3
Motivation: Privacy in LBS Unique identifier Location information LBS Provider Where is my nearest hotel? Where is my way to The Emporium?
4
Privacy Requirements Location anonymity –Sensitive location: clinic, nightclub Privacy & QoS Trade-Off r1 r2 r4 r3 L contains at least k-1 other users k-anonymity model Identifier anonymity –Sensitive message: political, financial location point l(x,y) l(x,y) is covered by at least k-1 other requests cloaking region L
5
Contribution New quality-aware anonymity model –Protect location privacy –Satisfy QoS requirements Directed-graph based cloaking algorithm –Maximize cloaking success rate with QoS guaranteed. Improvement –Use dummy locations to achieve a 100% cloaking success rate
6
System Model Trusted Anonymizing Proxy Anonymizing Expand the exact location point into cloaking region Mobile Clients Location-based Service Providers original request anonymized request
7
Request formats Original Request –Identifier –Current location –Quality of service Maximum cloaking latency Maximum cloaking region –Location privacy Minimum anonymity level –Service related content –Current time Anonymized Request –Pseudonym –Cloaking region –Service related content
8
Location K-Anonymity Model For any request, if and only if its cloaking region covers the locations of at least k- 1 other requests (location anonymity set) its location is covered by the cloaking regions of at least k-1 other requests (identifier anonymity set).
9
Quality Aware Location K-anonymity Model Location Privacy –to expand the user location into a cloaking region such that the location k-anonymity model is satisfied. Temporal QoS –the request must be anonymized before the pre- defined maximum cloaking delay Spatial QoS –the cloaking region size should not exceed a threshold
10
Cloaking Algorithm Directed graph –Find the location anonymity set and identifier anonymity set to satisfy the location k-anonymity model through neighbor ships of request nodes. Spatial index –Use window query to facilitate construction and maintenance of neighbor ships in the graph Min-heap –Order the requests according to their cloaking deadlines, detect the expiration of requests
11
Directed Graph G (V, E): directed graph –V: set of nodes (requests) –E: set of edges –edge e ij =(r i, r j ) ∈ E, iff | r i r j | < r i. –edge e ji =(r j, r i ) ∈ E, iff | r i r j | < r j. –r i can be anonymized immediately if there are at least k-1 other forwarded requests in U out and k-1 other forwarded requests in U in r1r2 r4 r3 r1 r2 r4 r3 Location anonymity set U out = {r 2, r 3, r 4 } outgoing neighbors Identifier anonymity set Uin= {r3, r4 } incoming neighbors
12
Cloaking Algorithm: Maintenance Anonymizing Proxy original request Spatial Index Min Heap Directed Graph id Range Query Location Anonymity Set r.Uout Identifier Anonymity Set r.Uin C
13
Cloaking Algorithm: Cloaking Min Heap r Get the top request r Directed Graph remove r in the graph Delay it until all its neighbors have been forwarded Spatial Index Min Heap r r Enough forwarded neighbors in Uout and Uin?
14
Improvement with Dummy Guarantee a 100% success rate. Only need to maintain the in-degree and out-degree of each node r. Cloaking region of each dummy request d is a random spatial region between MBR (r, d) and MBR (r.U out ). Both in-degree neighbors and out-degree neighbors high privacy level Satisfy the spatial QoS requirement of r Indistinguishable from actual requests
15
Experimental Settings Brinkhoff Network-based Generator of Moving Objects. Input: –Road map of Oldenburg County Output: –20K moving objects with the location range [0-200] –Minimum Update interval=20K –The identifier, the location information (x,y). –K=2-5 – = 2-10 – =1000-3000, =10 CliqueCloak vs. No Dummy vs. DummyCliqueCloak –The success rate with different requirements –The relative anonymity level Cost of dummy
16
Cloaking Success Rate Our method (no dummy) has 5-25% higher success rate. Larger k lower success rate. Our method (no dummy) is more robust. Relative location anonymity level = k’ / k Our method (no dummy) supports larger k values
17
Cloaking Success Rate =[0.015-0.05]% of the space =[0.05-0.25]% of the update interval. Our method (no dummy) has higher success rate. Larger or, more flexibility, higher success rate.
18
Dummy Cost & Cloaking Efficiency Our method (no dummy) has much shorter cloaking time. Larger k, longer time. Portion = dummy / (dummy + true) Larger k, more dummies Average 10%, acceptable
19
Related Works Quad-tree based Cloaking Algorithm –Recursively subdivides the entire into quadrants, until the quadrant includes the user and other k-1 users M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking, MobiSys, 2003 Clique-Cloak Algorithm – Personalized privacy requirements: k, spatial and temporal tolerance values – An undirected graph is constructed to search for clique that includes the user’s message and other k-1 messages. B. Gedik and L. Liu. Location Privacy in Mobile Systems: A Personalized Anonymization Model. ICDCS, 2005. Casper –Grid-based cloaking algorithm –Privacy-aware query processor M. F. Mokbel, C. Chow and W. G. Aref. The New Casper: Query Processing for Location Services without Compromising Privacy. VLDB. 2006.
20
Conclusions Problem: quality-aware privacy protection in LBS Classify location anonymity and identifier anonymity. Solution –New Quality-Aware K-Anonymity Model –Efficient directed-graph based cloaking algorithm –An option of using dummy requests Experimental evaluation –Various privacy and QoS requirements –Efficient
21
Thank you
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.