Download presentation
Presentation is loading. Please wait.
Published byTheodore Phillips Modified over 9 years ago
1
A Hybrid Technique for Private Location-Based Queries with Database Protection Gabriel Ghinita 1 Panos Kalnis 2 Murat Kantarcioglu 3 Elisa Bertino 1 1 Purdue University 2 KAUST University 3 UT Dallas
2
2 Outline LBS Privacy Overview Spatial Cloaking Techniques Cryptographic Techniques (PIR) Proposed Hybrid Approach Private Evaluation of Point-Rectangle Enclosure Fragmentation-aware Indexing Experimental Evaluation
3
3 Location-Based Services (LBS) LBS users Mobile devices with GPS capabilities Spatial Queries E.g., NN Queries Location server is NOT trusted “Find closest hospital to my present location” Problem Statement: How to protect the identity and location of the query source?
4
4 Spatial Cloaking Privacy through Cloaking Regions (CRs) Spatial Anonymity (e.g., CliqueCloak, Casper) Spatial Diversity (PROBE)
5
5 Continuous Queries [CM07] Problems ASRs grows large Query dropped if some user disconnects [CM07] C.-Y. Chow and M. Mokbel “Enabling Private Continuous Queries For Revealed User Locations”. In Proc. of SSTD 2007 u1u1 u3u3 u2u2
6
6 Private Information Retrieval (PIR) Computationally hard to find i from q(i) Bob can easily find X i from r (trap-door)
7
7 PIR Protocol for Binary Data 0101 1101 0101 0111 a b Get X 10 a=2, b=3, N=35 QNR={3,12,13,17,27,33} QR={1,4,9,11,16,29} 4 16 17 33 QNR z4z3z2z1z4z3z2z1 z 2 =QNR => X 10 =1 z 2 =QR => X 10 =0 [KO97 ]E. Kushilevitz and R. Ostrovsky. Replication is NOT needed: Single database, computationally-private information retrieval. In IEEE Symposium on Foundations of Computer Science, pages 364–373, 1997. X 10 27 3 2716
8
8 Approximate Nearest Neighbor Data organized as a square matrix Each column corresponds to index leaf An entire leaf is retrieved – the closest to the user p4p4 p6p6 p5p5 p8p8 p1p1 p2p2 p7p7 p9p9 p3p3 u
9
9 Motivation Spatial Cloaking Cheap, but vulnerable PIR Secure, but expensive Severe disclosure of POI information O(|D|), O(√|D|), respectively
10
10 Hybrid Approach Overview Apply PIR to a dynamic window Hide enclosure relationship Minimize leaf fragmentation Dataspace CR POI Index abcdef Leaf Nodes CR abc PIR Matrix
11
11 Homomorphic Encryption (Paillier) plaintext space E[m 1 ] * E[m 2 ] = E[m 1 +m 2 ] (mod N 2 ) E[m] r = E[r*m] (mod N 2 ) Protocol to determine privately sign(b-a) Paillier encryption + random blinding Private Point-Rectangle Enclosure
12
12 Private Evaluation of (b-a) |a-b|<M, M << N A: m 1 = N-a --- E[m 1 ] --> B: m 2 = b <-- E[m 1 +m 2 ] --- A: res= D[E[m 1 +m 2 ]] 0 N-1 M N-M a ≤ b a > b res:
13
13 Private Evaluation of sign(b-a) |a-b|<M, M << N, r < M/N A: m 1 = N-a --- E[m 1 ] --> B: m 2 = b <-- E[m 1 +m 2 ]^r --- A: res= D[E[m 1 +m 2 ]] 0 N-1 M N-M a ≤ ba > b res: N/2
14
Fragmentation-aware Indexing 14 Assume Disclosure Threshold is 3 Median Split Our Approach
15
15 Experimental Settings Datasets Sequoia dataset: 62K POI Modulus up to 1280 bits P4, 2.8GHz CPU
16
16 POI Disclosure
17
17 Execution Time
18
18 Communication Overhead
19
19 Conclusions Hybrid LBS privacy Limit the amount of POI disclosure Reduce processing overhead Future work Support more complex types of queries Apply fully homomorphic functions Investigate less costly PIR protocols
20
20 Casper [Mok06] Quad-tree based Fails to preserve anonymity for outliers Unnecessarily large ASR size u1u1 u2u2 u3u3 u4u4 A1A1 A2A2 u 4 ’s identity is disclosed If u 4 queries, ASR is A 2 If any of u 1, u 2, u 3 queries, ASR is A 1 Let K=3 [Mok06] – Mokbel et al, The New Casper: Query Processing for Location Services without Compromising Privacy, VLDB 2006
21
21 Hilbert Cloak (HC) u2u2 u3u3 u6u6 u1u1 u5u5 u4u4 u3u3 u6u6 u1u1 u5u5 u4u4 u2u2 B1B1 B2B2
22
22 Space Encryption [KS07] Drawbacks answers are approximate makes use of tamper-resistant devices may be vulnerable if some POI are known [KS07] A. Khoshgozaran, C. Shahabi. Blind Evaluation of Nearest Neighbor Queries Using Space Transformation to Preserve Location Privacy, In Proc. Of SSTD 2007 P1P1 P2P2 P3P3 P4P4 P1P1 P2P2 P4P4 121419 P3P3 24 Q 15 NN(15)=P 2 Hilbert Mapping Server
23
23 Let N =q 1 *q 2, q 1 and q 2 large primes Quadratic Residuosity Assumption (QRA) QR/QNR decision computationally hard (in ) Essential properties: QR * QR = QR QR * QNR = QNR PIR Theoretical Foundations
24
24 Z4Z3Z2Z1Z4Z3Z2Z1 Exact Nearest Neighbor QNR Only z 2 needed p4p4 p3p3 p2p2 p1p1 4 3 2 1 DCBA A3: p 1, p 2, p 3 A4: p 1, --, -- u Y 1 Y 2 Y 3 Y 4
25
25 Avoiding Redundant Computations Data mining Identify frequent partial products
26
26 Precision
27
27 Spatial Cloaking Privacy through Cloaking Regions (CRs) Spatial Anonymity (e.g., CliqueCloak, Casper) Spatial Diversity (PROBE)
28
28 Reciprocity u2u2 u3u3 u1u1 u4u4 u6u6 u5u5 u2u2 u3u3 u5u5 u1u1 u4u4 u6u6 [KGMP07] – Kalnis P., Ghinita G., Mouratidis K., Papadias D., "Preventing Location-Based Identity Inference in Anonymous Spatial Queries", IEEE TKDE 2007.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.