Towards Private Navigation of Tree Structured Spatial Indexes

With many location-based services, spatial data such as points of interest are indexed at a potentially untrusted host and queries are evaluated by navigating the underlying index structure used to partition the data. While encryption can prevent the host from learning the data content (i.e., what is accessed), it cannot hide the frequency that index nodes are accessed while navigating the index for query processing. Combining the knowledge of such access frequencies with public knowledge readily available about points of interest, the host can infer sensitive information about the indexed data and hence the locations of the users querying it (violating location privacy). In this paper, we propose a technique that hides frequency access to the nodes of tree-structured spatial indexes (e.g., R-tree) from an untrusted server hosting the data. With our approach, each access to an index node requires reading an extra node using a precomputed node-based probability distribution function to guarantee uniform node access at all tree levels. We analytically verify the strong level of privacy achieved with a constant computation and acceptable communication and storage overhead for employing our private index navigation scheme.

[1]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[2]  Luc Bouganim,et al.  Chip-Secured Data Access: Confidential Data on Untrusted Servers , 2002, VLDB.

[3]  Tetsuji Satoh,et al.  Protection of Location Privacy using Dummies for Location-based Services , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[4]  Cyrus Shahabi,et al.  Location privacy: going beyond K-anonymity, cloaking and anonymizers , 2011, Knowledge and Information Systems.

[5]  Marios Hadjieleftheriou,et al.  R-Trees - A Dynamic Index Structure for Spatial Searching , 2008, ACM SIGSPATIAL International Workshop on Advances in Geographic Information Systems.

[6]  Sean W. Smith,et al.  Practical server privacy with secure coprocessors , 2001, IBM Syst. J..

[7]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[8]  Hua Lu,et al.  SpaceTwist: Managing the Trade-Offs Among Location Privacy, Query Performance, and Query Accuracy in Mobile Services , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[9]  K. Selçuk Candan,et al.  Secure and Privacy Preserving Outsourcing of Tree Structured Data , 2004, Secure Data Management.

[10]  Cyrus Shahabi,et al.  Blind Evaluation of Nearest Neighbor Queries Using Space Transformation to Preserve Location Privacy , 2007, SSTD.

[11]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[12]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[13]  K. Selçuk Candan,et al.  Hiding Tree Structured Data and Queries from Untrusted Data Stores , 2005, Inf. Secur. J. A Glob. Perspect..

[14]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[15]  Dmitri Asonov Querying Databases Privately: A New Approach to Private Information Retrieval , 2004, Lecture Notes in Computer Science.

[16]  Panos Kalnis,et al.  Outsourcing Search Services on Private Spatial Data , 2009, 2009 IEEE 25th International Conference on Data Engineering.