Privacy in location-based applications; going beyond k-anonymity, cloaking and anonymizers
暂无分享,去创建一个
An obvious requirement for evaluating spatial queries in Location Based Services (LBS) is that the location of the query point needs to be shared with the location server responding to user queries. Spatial data such as points of interest are indexed at this potentially untrusted server (host) and queries are evaluated by navigating the underlying index structure used to partition the data. However, a user’s location is highly sensitive information that once compromised, can expose him to various threats such as stalking and inference about his health problems or political/religious affiliations. Such growing concerns about users’ location privacy in LBS is considered to be the biggest impediment to the explosive growth and popularity of location-based services. The anonymity and cloaking-based approaches proposed to address this problem cannot provide stringent privacy guarantees without incurring costly computation and communication overhead. Furthermore, they require a trusted intermediate anonymizer to protect user locations during query processing.
In this dissertation, we identify the key challenges of enabling privacy in location-based services using an untrusted server model. We propose three solutions to the location privacy problem. Our first solution employs a space transformation scheme to privately evaluate location queries in a space unknown to the untrusted server. The novel one-way transformation developed allows fast computation of location queries in the transformed space while respecting user privacy. We develop our second solution based on the theory of Private Information Retrieval to achieve yet stronger levels of privacy. This strong measure of privacy comes with more computational cost. Finally, we propose a more fundamental technique that enables oblivious traversal of tree-structured spatial indexes for query processing. With this technique, the original spatial index is replaced with an encrypted spatial index that is hosted at the server. While preserving user privacy, this technique allows a wide range of spatial queries to be efficiently evaluated over the encrypted index.