Approximate and exact hybrid algorithms for private nearest-neighbor queries with database protection

Mobile devices with global positioning capabilities allow users to retrieve points of interest (POI) in their proximity. To protect user privacy, it is important not to disclose exact user coordinates to un-trusted entities that provide location-based services. Currently, there are two main approaches to protect the location privacy of users: (i) hiding locations inside cloaking regions (CRs) and (ii) encrypting location data using private information retrieval (PIR) protocols. Previous work focused on finding good trade-offs between privacy and performance of user protection techniques, but disregarded the important issue of protecting the POI dataset D. For instance, location cloaking requires large-sized CRs, leading to excessive disclosure of POIs (O(|D|) in the worst case). PIR, on the other hand, reduces this bound to $O(\sqrt{|D|})$, but at the expense of high processing and communication overhead. We propose hybrid, two-step approaches for private location-based queries which provide protection for both the users and the database. In the first step, user locations are generalized to coarse-grained CRs which provide strong privacy. Next, a PIR protocol is applied with respect to the obtained query CR. To protect against excessive disclosure of POI locations, we devise two cryptographic protocols that privately evaluate whether a point is enclosed inside a rectangular region or a convex polygon. We also introduce algorithms to efficiently support PIR on dynamic POI sub-sets. We provide solutions for both approximate and exact NN queries. In the approximate case, our method discloses O(1) POI, orders of magnitude fewer than CR- or PIR-based techniques. For the exact case, we obtain optimal disclosure of a single POI, although with slightly higher computational overhead. Experimental results show that the hybrid approaches are scalable in practice, and outperform the pure-PIR approach in terms of computational and communication overhead.

[1]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[2]  Panos Kalnis,et al.  PRIVE: anonymous location-based queries in distributed mobile systems , 2007, WWW '07.

[3]  Yonglong Luo,et al.  Secure Two-Party Point-Circle Inclusion Problem , 2007, Journal of Computer Science and Technology.

[4]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[5]  Marc Fischlin,et al.  A Cost-Effective Pay-Per-Multiplication Comparison Method for Millionaires , 2001, CT-RSA.

[6]  Mark de Berg,et al.  Computational geometry: algorithms and applications , 1997 .

[7]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[8]  Christopher Charnes,et al.  Algorithms and Theory of Computation Handbook , 2009 .

[9]  Max Crochemore,et al.  Algorithms and Theory of Computation Handbook , 2010 .

[10]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[11]  Marco Gruteser,et al.  Protecting privacy, in continuous location-tracking applications , 2004, IEEE Security & Privacy Magazine.

[12]  Ian F. Blake,et al.  Strong Conditional Oblivious Transfer and Computing on Intervals , 2004, ASIACRYPT.

[13]  Cyrus Shahabi,et al.  Blind Evaluation of Nearest Neighbor Queries Using Space Transformation to Preserve Location Privacy , 2007, SSTD.

[14]  Wenliang Du,et al.  Secure Multi-party Computational Geometry , 2001, WADS.

[15]  Hua Lu,et al.  SpaceTwist: Managing the Trade-Offs Among Location Privacy, Query Performance, and Query Accuracy in Mobile Services , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[16]  Tetsuji Satoh,et al.  An anonymous communication technique using dummies for location-based services , 2005, ICPS '05. Proceedings. International Conference on Pervasive Services, 2005..

[17]  Daniel E. Flath Introduction to Number Theory , 2018 .

[18]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.

[19]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[20]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[21]  Elisa Bertino,et al.  PROBE: An Obfuscation System for the Protection of Sensitive Location Information in LBS , 2008 .

[22]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[23]  Panos Kalnis,et al.  MobiHide: A Mobilea Peer-to-Peer System for Anonymous Location-Based Queries , 2007, SSTD.

[24]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[25]  Marco Gruteser,et al.  USENIX Association , 1992 .

[26]  Wen-Guey Tzeng,et al.  An Efficient Solution to the Millionaires' Problem Based on Homomorphic Encryption , 2005, ACNS.

[27]  Chi-Yin Chow,et al.  A peer-to-peer spatial cloaking algorithm for anonymous location-based service , 2006, GIS '06.

[28]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[29]  Chi-Yin Chow,et al.  Enabling Private Continuous Queries for Revealed User Locations , 2007, SSTD.