An efficient blind filter: Location privacy protection and the access control in FinTech

Abstract Financial technology(FinTech) is a new item in the financial industry, which has become a popular item that describes novel technologies adopted by the financial service institutions. This term covers a large range of techniques, from data security to financial service. Specially, user privacy protection is generally considered one of the most significant aspects in the financial security domain and preserving data carrying privacy is a critical task in producing a privacy protection strategy, e.g., one of the crucial issues in mobile finance is to ensure the legitimate mobile device users can efficiently search inclusive information from servers without leaking the user privacy. More precisely, more and more mobile finance APP(e.g., AliPay, China Unionpay Quick Pass) has the auxiliary tool or third-party services function that enable users make a location-based services(LBS) query, while the LBS usually carry users’ location privacy and that data of service providers should be accessed by legitimate users. In order to address this problem, in this paper, we propose a privacy-preserving LBS framework which supports the query area is a square area based on the user’s location, and achieves fine-grained access control on the financial service provider data, user’s privacy(especially location privacy), confidentiality of the service provider data, and accurate query result. More precisely, our framework also uses redundant point-of-interesting(POI) records to protect privacy against LBS provider(LBSP), but employs a semi-trusted third party(called proxy) to filter out redundant POI records. We propose a novel blind filter protocol based on comparable attribute-based encryption(CABE) and “transformation” technique, which can filter out the encrypted POI records under the condition that both LBSP and proxy without knowing the user’s location information. In comparison with existing solutions, our framework not only realize access control on service provider data innately, but also incurs lower communication and computation overhead on the user side. The analysis and the experiments indicate that our framework is secure and efficient for mobile devices in terms of computation and the communication overhead.

[1]  Tetsuji Satoh,et al.  Protection of Location Privacy using Dummies for Location-based Services , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[2]  Qinghua Li,et al.  Achieving k-anonymity in privacy-aware location-based services , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[3]  Min Chen,et al.  SA-EAST , 2017, ACM Trans. Embed. Comput. Syst..

[4]  Frank Dürr,et al.  A classification of location privacy attacks and approaches , 2012, Personal and Ubiquitous Computing.

[5]  Yuguang Fang,et al.  Protecting Location Privacy for Task Allocation in Ad Hoc Mobile Cloud Computing , 2018, IEEE Transactions on Emerging Topics in Computing.

[6]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[7]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[8]  Lars Kulik,et al.  A Formal Model of Obfuscation and Negotiation for Location Privacy , 2005, Pervasive.

[9]  Xiaodong Lin,et al.  FINE: A fine-grained privacy-preserving location-based service framework for mobile devices , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[10]  Yanli Ren,et al.  Towards Efficient, Secure, and Fine-Grained Access Control System in MSNs with Flexible Revocations , 2015, Int. J. Distributed Sens. Networks.

[11]  Keke Gai,et al.  An Empirical Study on Preprocessing High-Dimensional Class-Imbalanced Data for Classification , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[12]  Nenghai Yu,et al.  CABE: A New Comparable Attribute-Based Encryption Construction with 0-Encoding and 1-Encoding , 2017, IEEE Transactions on Computers.

[13]  Yuguang Fang,et al.  A game-theoretic approach for achieving k-anonymity in Location Based Services , 2013, 2013 Proceedings IEEE INFOCOM.

[14]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[15]  Romit Roy Choudhury,et al.  Hiding stars with fireworks: location privacy through camouflage , 2009, MobiCom '09.

[16]  Mohammad Emtiyaz Khan,et al.  SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[17]  Li Xiong,et al.  Protecting Locations with Differential Privacy under Temporal Correlations , 2014, CCS.

[18]  Min Chen,et al.  Blind Filtering at Third Parties: An Efficient Privacy-Preserving Framework for Location-Based Services , 2018, IEEE Transactions on Mobile Computing.

[19]  Keke Gai,et al.  Efficiency-Aware Workload Optimizations of Heterogeneous Cloud Computing for Capacity Planning in Financial Industry , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.

[20]  Jianliang Xu,et al.  VERDICT: Privacy-preserving authentication of range queries in location-based services , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[21]  Xiao Chen,et al.  Location privacy-preserving k nearest neighbor query under user's preference , 2016, Knowl. Based Syst..

[22]  Yunhao Liu,et al.  PLP: Protecting Location Privacy Against Correlation Analyze Attack in Crowdsensing , 2017, IEEE Transactions on Mobile Computing.

[23]  Mianxiong Dong,et al.  FCSS: Fog-Computing-based Content-Aware Filtering for Security Services in Information-Centric Social Networks , 2019, IEEE Transactions on Emerging Topics in Computing.

[24]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[25]  Tooska Dargahi,et al.  ABAKA: A novel attribute-based k-anonymous collaborative solution for LBSs , 2016, Comput. Commun..

[26]  Qinghua Li,et al.  Enhancing privacy through caching in location-based services , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[27]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[28]  Keke Gai,et al.  Phase-Change Memory Optimization for Green Cloud with Genetic Algorithm , 2015, IEEE Transactions on Computers.

[29]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[30]  Keke Gai,et al.  Security and Privacy Issues: A Survey on FinTech , 2016, SmartCom.

[31]  Xi Fang,et al.  Truthful incentive mechanisms for k-anonymity location privacy , 2013, 2013 Proceedings IEEE INFOCOM.

[32]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[33]  KwangJin Park,et al.  A Privacy-Preserving Location-Based System for Continuous Spatial Queries , 2016, Mob. Inf. Syst..

[34]  Marco Gruteser,et al.  USENIX Association , 1992 .

[35]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[36]  Yue Zhang,et al.  APPA: An anonymous and privacy preserving data aggregation scheme for fog-enhanced IoT , 2019, J. Netw. Comput. Appl..

[37]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[38]  Elisa Bertino,et al.  Privacy-Preserving and Content-Protecting Location Based Queries , 2014, IEEE Trans. Knowl. Data Eng..

[39]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[40]  Meikang Qiu,et al.  Privacy Protection for Preventing Data Over-Collection in Smart City , 2016, IEEE Transactions on Computers.

[41]  Taeho Jung,et al.  Search me if you can: Privacy-preserving location query service , 2012, 2013 Proceedings IEEE INFOCOM.

[42]  Keke Gai,et al.  Intrusion detection techniques for mobile cloud computing in heterogeneous 5G , 2016, Secur. Commun. Networks.