210 likes | 332 Views
Quality Aware Privacy Protection for Location-based Services. Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University Presented by Xiao Pan. Outline. Motivation Contributions Location K-Anonymity Model Cloaking Algorithm Improvement with Dummy
E N D
Quality Aware Privacy Protection for Location-based Services Zhen Xiao, Xiaofeng Meng Renmin University of China Jianliang Xu Hong Kong Baptist University Presented by Xiao Pan
Outline • Motivation • Contributions • Location K-Anonymity Model • Cloaking Algorithm • Improvement with Dummy • Experiments • Related Works • Conclusions
Motivation: Privacy in LBS Where is my nearest hotel? LBS Provider Where is my way to The Emporium? • Unique identifier • Location information
r2 r3 r1 r4 Privacy & QoS Trade-Off Privacy Requirements • Location anonymity • Sensitive location: clinic, nightclub L contains at least k-1 other users • Identifier anonymity • Sensitive message: political, financial l(x,y)is covered by at least k-1 other requests k-anonymity model location point l(x,y) cloaking region L
Contribution • New quality-aware anonymity model • Protect location privacy • Satisfy QoS requirements • Directed-graph based cloaking algorithm • Maximize cloaking success rate with QoS guaranteed. • Improvement • Use dummy locations to achieve a 100% cloaking success rate
System Model Location-based Service Providers anonymized request Anonymizing Expand the exact location point into cloaking region Trusted Anonymizing Proxy original request Mobile Clients
Request formats • Anonymized Request • Pseudonym • Cloaking region • Service related content • Original Request • Identifier • Current location • Quality of service • Maximum cloaking latency • Maximum cloaking region • Location privacy • Minimum anonymity level • Service related content • Current time
Location K-Anonymity Model For any request , if and only if • its cloaking region covers the locations of at least k-1 other requests (location anonymity set) • its location is covered by the cloaking regions of at least k-1 other requests (identifier anonymity set).
Quality Aware Location K-anonymity Model • Location Privacy • to expand the user location into a cloaking region such that the location k-anonymity model is satisfied. • Temporal QoS • the request must be anonymized before the pre-defined maximum cloaking delay • Spatial QoS • the cloaking region size should not exceed a threshold
Cloaking Algorithm • Directed graph • Find the location anonymity set and identifier anonymity set to satisfy the location k-anonymity model through neighbor ships of request nodes. • Spatial index • Use window query to facilitate construction and maintenance of neighbor ships in the graph • Min-heap • Order the requests according to their cloaking deadlines, detect the expiration of requests
r2 r2 r3 r3 r1 r1 r4 r4 Directed Graph • G(V, E): directed graph • V: set of nodes (requests) • E: set of edges • edge eij=(ri, rj) ∈ E, iff | rirj | < ri. • edge eji=(rj, ri) ∈ E, iff | rirj | < rj. • rican be anonymized immediately if there are at least k-1 other forwarded requests in Uout and k-1 other forwarded requests in Uin Location anonymity set Uout= {r2, r3, r4 } outgoing neighbors Identifier anonymity set Uin= {r3, r4 } incoming neighbors
original request Anonymizing Proxy id Min Heap Directed Graph Spatial Index Cloaking Algorithm: Maintenance Range Query C Location Anonymity Set r.Uout Identifier Anonymity Set r.Uin
r Get the top request r Min Heap Directed Graph Spatial Index Min Heap Cloaking Algorithm: Cloaking Enough forwarded neighbors in Uout and Uin? remover in the graph remover in the graph Delay it until all its neighbors have been forwarded r
Improvement with Dummy • Guarantee a 100% success rate. • Only need to maintain the in-degree and out-degree of each node r. • Cloaking region of each dummy request d is a random spatial region between MBR (r, d) and MBR (r.Uout). • Both in-degree neighbors and out-degree neighbors high privacy level • Satisfy the spatial QoS requirement of r • Indistinguishable from actual requests
Experimental Settings • Brinkhoff Network-based Generator of Moving Objects. • Input: • Road map of Oldenburg County • Output: • 20K moving objects with the location range [0-200] • Minimum Update interval=20K • The identifier, the location information (x,y). • K=2-5 • = 2-10 • =1000-3000, =10 • CliqueCloak vs. No Dummy vs. Dummy • The success rate with different requirements • The relative anonymity level • Cost of dummy
Cloaking Success Rate • Our method (no dummy) has 5-25% higher success rate. • Larger k lower success rate. • Our method (no dummy) is more robust. • Relative location anonymity level = k’ / k • Our method (no dummy) supports larger k values
=[0.015-0.05]% of the space • =[0.05-0.25]% of the update interval. Cloaking Success Rate • Our method (no dummy) has higher success rate. • Larger or , more flexibility, higher success rate.
Dummy Cost & Cloaking Efficiency • Portion = dummy / (dummy + true) • Larger k, more dummies • Average 10%, acceptable • Our method (no dummy) has much shorter cloaking time. • Larger k, longer time.
Related Works • Quad-tree based Cloaking Algorithm • Recursively subdivides the entire into quadrants, until the quadrant includes the user and other k-1 users M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking, MobiSys, 2003 • Clique-Cloak Algorithm • Personalized privacy requirements: k, spatial and temporal tolerance values • An undirected graph is constructed to search for clique that includes the user’s message and other k-1 messages. B. Gedik and L. Liu.Location Privacy in Mobile Systems: A Personalized Anonymization Model. ICDCS, 2005. • Casper • Grid-based cloaking algorithm • Privacy-aware query processor M. F. Mokbel, C. Chow and W. G. Aref. The New Casper: Query Processing for Location Services without Compromising Privacy. VLDB. 2006.
Conclusions • Problem: quality-aware privacy protection inLBS • Classifylocationanonymity and identifier anonymity. • Solution • NewQuality-Aware K-Anonymity Model • Efficient directed-graph based cloaking algorithm • An option of using dummy requests • Experimental evaluation • Various privacy andQoS requirements • Efficient