Resilient privacy protection for location-based services through decentralization

Jin, Hongyu; Papadimitratos, Panos

doi:10.1145/3098243.3098268

Cited by 10 publications

(10 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are many schemes implementing caching mechanism to help protect privacy and improve user experience, such as [15], [48]- [52], and most of them cache data in peers. In [48], some special peers run as serving nodes who are responsible for caching all POI data for the region it is located in and serve neighboring peers' queries. Serving nodes are determined by a TTP-like entity and serving nodes themselves act like TTPs.…”

Section: Distributed P2p-based Schemesmentioning

confidence: 99%

Achieving User-Defined Location Privacy Preservation Using a P2P System

Liu

Wang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

As location-based services become widely used in daily life, there is growing concern in preserving location privacy of users to avoid that attackers infer information about users by collecting and analyzing requests initiated by users. We argue that a good location privacy preservation scheme should have these properties. First, a user should never expose its precise location to any other entity. Second, a user should be able to specify its own requirement on the strength of privacy preservation, since a stricter preservation requirement may increase its overhead. Third, the scheme should be able to preserve as many as possible aspects of users' privacy under various attacks. With these desired properties in mind, we carefully design an encoding scheme of users' identifiers and a fully distributed architecture for our purpose and propose a privacy preservation scheme based on them. With the help of the encoding scheme and the distributed architecture, we develop a distributed negotiation algorithm to help users conduct negotiations among themselves to find their cloaked regions that satisfy their self-defined requirements without exposing their precise locations. The negotiations are completed without coordination from any central servers, and a random proxy is selected for each individual request, therefore the potential risks caused by any central server (location-based service servers or trusted-third-party servers) are mitigated as much as possible. Experiments show that our scheme can satisfy different strengths of privacy preservation required by each user even under the most severe scenarios.

show abstract

Section: Distributed P2p-based Schemesmentioning

confidence: 99%

Achieving User-Defined Location Privacy Preservation Using a P2P System

Liu

Wang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…However, the above P2P approaches are not reliable when there are malicious peers in the network. To secure the P2P scheme, Jin et al [23,24] introduced the pseudonymous authentication technique to provide message authentication and integrity for peer communication, thus significantly suppressing the impact of malicious peers.…”

Section: Related Workmentioning

confidence: 99%

k-Trustee: Location injection attack-resilient anonymization for location privacy

Jin

Palanisamy

Joshi

2018

Computers & Security

View full text Add to dashboard Cite

Cloaking-based location privacy preserving mechanisms have been widely adopted to protect users' location privacy when using location-based services. A fundamental limitation of such mechanisms is that users and their location information in the system are inherently trusted by the Anonymization Server without any verification. In this paper, we show that such an issue could lead to a new class of attacks called location injection attacks which can successfully violate users' in-distinguishability (guaranteed by k-Anonymity) among a set of users. We propose and characterize location injection attacks by presenting a set of attack models and quantify the costs associated with them. We then propose and evaluate k-Trustee, a trust-aware location cloaking mechanism that is resilient to location injection attacks and guarantees a lower bound on the user's in-distinguishability. k-Trustee guarantees that each user in a given cloaked region can achieve the required privacy level of k-Anonymity by including at least k-1 other trusted users in the cloaked region. We demonstrate the effectiveness of k-Trustee through extensive experiments in a real-world geographic map and our experimental results show that the proposed cloaking algorithm guaranteeing k-Trustee is effective against various location injection attacks.

show abstract

“…Spatial cloaking [17][18][19][20][21][22][23][24][25] is a fairly popular mechanism. Chow et al [17] propose Casper cloak algorithm, which uses a quad-tree data structure and allows users to determine the size of and the minimum anonymous area, but the privacy can be guaranteed only when users' positions are distributed evenly.…”

Section: Related Workmentioning

confidence: 99%

“…Chow et al [17] propose Casper cloak algorithm, which uses a quad-tree data structure and allows users to determine the size of and the minimum anonymous area, but the privacy can be guaranteed only when users' positions are distributed evenly. Jin and Papadimitratos [18] allow P2P responses to be validated with very low fraction of queries affected even if a significant fraction of nodes are compromised. Chen and Pang [21] propose that the cloaking region is randomly chosen from the ones with top-k largest position entropy.…”

Section: Related Workmentioning

confidence: 99%

“…It is common to generate Security and Communication Networks add query count to Sets (6) end if (7) end for (8) e Sets are randomly divided into set 1 and set 2 equally (9) Do (10) akg 1 = average(set 1 ); akg 2 = average(set 2 ); (11) for in Sets (12) if (s − akg 1 ) 2 < (s − akg 2 ) 2 then (13) s belong to c 1 (14) else (15) s belong to c 2 (16) end if (17) end for (18) while there are changes on the elements in c 1 and c 2 (19) if the number of GID belongs to c 1 then (20) FCR isselected randomly from the regions with the number in c 1 except RCR (21) else FCR is selected randomly from the regions with the number in c 2 except RCR (22) dummy positions randomly in the double cloaking regions; however, we propose defining two rules to generate fixed dummy positions according to . In Figure 8, the red solid circle represents the user's real position and the solid circles represent the fixed dummy positions according to our rules, while the dotted circles represent the dummy positions generated randomly.…”

Section: Dummies Generation Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

An Improved Privacy-Preserving Framework for Location-Based Services Based on Double Cloaking Regions with Supplementary Information Constraints

Kuang

Wang

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

With the rapid development of location-based services in the field of mobile network applications, users enjoy the convenience of location-based services on one side, while being exposed to the risk of disclosure of privacy on the other side. Attacker will make a fierce attack based on the probability of inquiry, map data, point of interest (POI), and other supplementary information. The existing location privacy protection techniques seldom consider the supplementary information held by attackers and usually only generate single cloaking region according to the protected location point, and the query efficiency is relatively low. In this paper, we improve the existing LBSs system framework, in which we generate double cloaking regions by constraining the supplementary information, and then k-anonymous task is achieved by the cooperation of the double cloaking regions; specifically speaking, k dummy points of fixed dummy positions in the double cloaking regions are generated and the LBSs query is then performed. Finally, the effectiveness of the proposed method is verified by the experiments on real datasets.

show abstract

Resilient privacy protection for location-based services through decentralization

Cited by 10 publications

References 49 publications

Achieving User-Defined Location Privacy Preservation Using a P2P System

Achieving User-Defined Location Privacy Preservation Using a P2P System

k-Trustee: Location injection attack-resilient anonymization for location privacy

An Improved Privacy-Preserving Framework for Location-Based Services Based on Double Cloaking Regions with Supplementary Information Constraints

Contact Info

Product

Resources

About