1 / 24

A Two-level Protocol to Answer Private Location-based Queries

A Two-level Protocol to Answer Private Location-based Queries. Roopa Vishwanathan Yan Huang [RoopaVishwanathan, huangyan]@unt.edu Computer Science and Engineering University of North Texas. Privacy Issues in Location-based Services.

saskia
Download Presentation

A Two-level Protocol to Answer Private Location-based Queries

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Two-level Protocol to Answer Private Location-based Queries Roopa Vishwanathan Yan Huang [RoopaVishwanathan, huangyan]@unt.edu Computer Science and Engineering University of North Texas

  2. Privacy Issues in Location-based Services • Client requests information from the server related to her current location • Client wants to maintain privacy and anonymity • Location can be associated with user identity, e.g. service request at your own house • Thus client does not want the server to know her location • Server wants to release as precise information as possible ISI 2009, Dallas, Texas

  3. Existing Approaches • Cloaking: k-anonymity [3][4][5] • Client requests are sent to an anonymizer • Anonymizer “cloaks” client’s location to a region that include k-1 other clients • Anonymizer forwards queries to the server using the cloaked location • Need to trust the anonymizer ISI 2009, Dallas, Texas

  4. Existing Approaches … cont’d • Peer-to-peer [6][7] • A client c searches for k-1 peers • One peer acts as agent on behalf c • Chosen agent forwards requests to server using cloaked region • Need to be able to find k-1 peers • Need to trust the chosen agent peer ISI 2009, Dallas, Texas

  5. Drawbacks of Existing Approaches • Need to trust the anonymizer or peers • Reveals some spatial information (general region of query) • Correlation attacks • Could possibly identify the client • Large volume of query results ISI 2009, Dallas, Texas

  6. Problem Definition and Motivation • Nearest Neighbor Query Example: Find me the nearest gas station from the location based server (LBS) • Goal: Find a way to protect privacy of the client while ensuring server returns precise data • Privacy means: no release of identity or location of the client • Motivation: Recent research shows PIR is a feasible and privacy-preserving approach, but server reveals too much data ISI 2009, Dallas, Texas

  7. Our Approach • Focus on Exact-Nearest-Neighbour queries • Uses PIR framework by Shahabi et al. [1] as a first step • Applies Oblivious Transfer [2] as the second step (to make server data precise) ISI 2009, Dallas, Texas

  8. Private Information Retrieval (PIR) • Based on a computationally hard problem • Client sends an encrypted request for information • Server does not know what it reveals v(X, E(i)) Bob: X[ 1,2,3,…..,N ] Alice: Wants bit i E (i) ISI 2009, Dallas, Texas

  9. PIR Theory ISI 2009, Dallas, Texas

  10. User input: [ y1,y2,..,yn ] Server computes: zr = Πnj=1 w (r,j) w (r,j)=yj2 ifMr,j = 0 and w (r,j)=yjotherwise Server returns: z = [ z1, z2, .., zn] User computes: If za ε QR, Ma,b = 0 else Ma,b = 1 PIR in Location-based Services ISI 2009, Dallas, Texas

  11. User location: M2,3 User generates request: y =[y1,y2,y3,y4] y3ε QNR, y1,y2,y4ε QR Server replies: [z1,z2,z3,z4] If z2ε QR, M2,3 = 0, else M2,3 = 1 Example of PIR in LBS ISI 2009, Dallas, Texas

  12. Oblivious Transfer • Fundamental cryptographic protocol • Alice asks for one bit of information from Bob • Alice does not get to know any other bit • Bob does not know what bit Alice asked for • Many variants: 1-of-2, 1-of-n, k-of-n ISI 2009, Dallas, Texas

  13. Example of Oblivious Transfer (OT) ISI 2009, Dallas, Texas

  14. Exampleof OT … cont’d ISI 2009, Dallas, Texas

  15. Server divides the area into Voronoi cells and superimposes a grid on it Each grid cell has list of Points Of Interests (POIs) associated with it One POI each in a Voronoi cell Contents of grid cells are the list of POIs The Two-level Protocol: First Step ISI 2009, Dallas, Texas

  16. Client requests a column corresponding to its grid cell using PIR: e.g .PIR(C) Server prepares encrypted column C First Step: PIR …. cont’d ISI 2009, Dallas, Texas

  17. Second Step – Oblivious Transfer (OT) • Client initiates 1-of-n OT with server • Client and server agree on a set of keys • Server encrypts each bit of PIR response with a different set of keys (according to the index of the bit) and sends it across • Server and client exchange keys (through 1-of-2 OT) • Client can decrypt the bit it wants and none else ISI 2009, Dallas, Texas

  18. High-level View • Client knows it location • Tries to execute PIR to get its cell • Server prepares PIR response corresponding to a column that the client is in and encrypts it • Client and server engage in 1-of-n OT to get client’s cell from the column ISI 2009, Dallas, Texas

  19. High-level View … cont’d • Contents of client’s grid cell are its neighbours (Point of Interests of POIs) • Client can easily calculate which point is the nearest • May contain redundant POIs • Repeated/redundant POIs can be discarded ISI 2009, Dallas, Texas

  20. Complexity • N : number of objects (POIs), • M: number of bits in each • Request by client: O(M · N) • Response by server: O(M·N + √N log √N) • Total time: O(M·N + √N log √N) ISI 2009, Dallas, Texas

  21. Comparison of Costs ISI 2009, Dallas, Texas

  22. Conclusion • Contribution: Proposed a two-level protocol for private location queries • PIR over the entire grid – large amount of data would be revealed • OT over the entire grid – very expensive • Our approach – reduces amount of data revealed, not very expensive • Future direction: alternative approach (multi-level PIR) ISI 2009, Dallas, Texas

  23. References • G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi and K.Tan. Private Queries in Location Based Services: Anonymizers are not Necessary. In Proc. of ACM SIGMOD 2008, pp. 121-132. • B. Pinkas and M. Naor. Efficient Oblivious Transfer Protocols. In Proc. Of 12th ACM-SIAM Symposium on Discrete Algorithms. pp. 448-457, 2001. • B. Gedik and L. Liu. Privacy in mobile systems: A personalized anonymization model. In Proc. Of ICDCS. Pp. 620-629, 2005. • P. Kalnis, G. Ghinita, K. Mouratidis and D. Papadias. Preventing location-based identity inference in anonymous spatial queries. In Proc. Of IEEE TKDE, pp. 239-257, 2007. ISI 2009, Dallas, Texas

  24. References … cont’d • M. Mokbel, C. Chow and W. Aref. The new Casper: Query Processing for location-based services without compromising privacy. In Proc. Of VLDB, pp. 219-239, 2005. • C.Y. Chow, M. Mokbel and X. Liu. A peer-to-peer spatial cloaking algorithm for anonymous location-based services. In Proc. of ACM International Symposium on GIS. Pp. 247-256, 2006. • G. Ghinita, P. Kalnis and S. Skiadopoulos. PRIVE: Anonymous location-based queries in distributed mobile systems. In Proc. of 1st Intl. Conference on World Wide Web (WWW), pp. 371-380, 2007. ISI 2009, Dallas, Texas

More Related