A Spatial Cloaking Framework A Spatial Cloaking Framework A Spatial - - PowerPoint PPT Presentation
A Spatial Cloaking Framework A Spatial Cloaking Framework A Spatial Cloaking Framework A Spatial Cloaking Framework based on Range Search for based on Range Search for Nearest Nearest Neighbor Neighbor Search Search Hyoungshick Kim
Where is the nearest POI (e.g. gas station) ? Where is the nearest POI (e.g. gas station) ? ( g g ) ( g g ) Query Example: “gas station loc: Query Example: “gas station loc: Cambridge CB3 0FD UK Cambridge CB3 0FD UK” ”
2
Query Example: gas station loc: Query Example: gas station loc: Cambridge CB3 0FD, UK Cambridge CB3 0FD, UK
1: Here is “ 1: Here is “Cambridge CB3 0FD, UK” Cambridge CB3 0FD, UK” 2: The nearest gas station is … 2: The nearest gas station is …
collects the following information about user: collects the following information about user:
User account User account – – physical location physical location
User device’s network address User device’s network address – –
physical location physical location
3
In this setting, we assume the service provider is the adversary. In this setting, we assume the service provider is the adversary.
1: Query 1: Query 2: Collected 2: Collected queries queries 3: Answer 3: Answer 2: Collected 2: Collected 1: Query 1: Query
answers answers 3: Answer 3: Answer
hides hides the relationship the relationship between between queries and queries and queriers queriers. queriers queriers.
Most Most existing existing systems systems [GG GG03 03 BF BF04 04 MCA MCA06 06 BL BL08 08] are are designed designed
4
Most Most existing existing systems systems [GG GG03 03, BF BF04 04, MCA MCA06 06, BL BL08 08] are are designed designed under under the the assumption assumption of
trusted anonymizers anonymizers.
Major
Single
A large
5
1: 1: “Transformed query” “Transformed query” 2: Answer for 2: Answer for “Transformed query” “Transformed query”
3: Find the nearest neighbor from 3: Find the nearest neighbor from the answer for the answer for “transformed “transformed query” query” I I cannot infer the user location cannot infer the user location query” query”. from this “transformed query” from this “transformed query”. .
6
False False dummies dummies [KYS [KYS05 05] ]
High High communication/processing communication/processing cost cost
Transformation Transformation based based on
map [ [KS KS07 07] ]
Approximate Approximate answer answer
Approximate Approximate answer answer
A third third party party is is still still required required to to create create an an obfuscated
map
Transformation Transformation based based on
Private Information Information Retrieval Retrieval (PIR) (PIR) [GKKST GKKST08 08] [GKKST GKKST08 08]
Theoretically Theoretically secure secure
High High communication/processing communication/processing cost cost
Incremental Incremental spatial spatial cloaking cloaking with with a a fake fake dummy dummy [ [YJHL YJHL08 08] ]
Incremental Incremental fetching fetching POIs POIs* from from the the service service provider provider with with a fake fake dummy dummy until until the the user user can can produce produce the the exact exact result result
Multiple Multiple message message rounds rounds to to stop stop the the incremental incremental search search
The The user’s user’s desired desired level level of
privacy (or (or region) region) cannot cannot be be guaranteed guaranteed. .
7
*POI: Point of Interest
POI: Point of Interest
Cambridge CB3 0FD, UK Cambridge CB3 0FD, UK West Cambridge West Cambridge
High High communication communication cost is required cost is required
Previously, this approach seems not desirable. Previously, this approach seems not desirable.
High High communication communication cost is required. cost is required.
But, communication cost is dramatically But, communication cost is dramatically decreasing. decreasing.
Local search in user device is required. Local search in user device is required.
But, computing capability of mobile devices is improving. But, computing capability of mobile devices is improving.
8
1: A range (center, radius) 1: A range (center, radius)
q
2: POIs within the range 2: POIs within the range
s2 s3
3: Choose the nearest neighbor 3: Choose the nearest neighbor S1.
s1
{S1, , S2} g
1
s2 s3
S is is not not the the correct correct answer answer
q
9
s1
S1 is is not not the the correct correct answer answer.
1
Increase Increase the the size size of
range window window
1. 1.
Increase Increase the the size size of
range window window.
Communication cost is increasing depending on Communication cost is increasing depending on
q
Communication cost is increasing depending on Communication cost is increasing depending on the size of window. the size of window.
A user cannot determine the optimal window A user cannot determine the optimal window size to guarantee the nearest neighbor. size to guarantee the nearest neighbor.
2. 2.
Create Create the the range range window window to to locate locate q near near the the center center of
2. 2.
Create Create the the range range window window to to locate locate q near near the the center center of
the the window window. .
This technique may give the information about This technique may give the information about
q
the position the position q.
10
11
12
Subdivision of plane (space) into cells
S = {S1,S2,…Sn} points in the plane
V(Si) = { x : d(x, Si) < d(x, Sj) for all j ≠ i} x
Si
1: Given a security parameter 1: Given a security parameter r, , 3: Compute the intersected 3: Compute the intersected Voronoi Voronoi cells. cells. generate a random circle generate a random circle including including q with the radius with the radius r. 2: Random circle ( 2: Random circle (q’ ’ r)
q q’ q’ r
2: Random circle ( 2: Random circle (q , , r)
q s2 s3
4: { 4: {S1 S2 S3}
q
5: Choose the nearest 5: Choose the nearest neighbor neighbor S3.
s1
2
4: { 4: {S1, , S2, , S3} g
3
The The adversary adversary cannot cannot obtain
the information information about about
14
The The adversary adversary cannot cannot obtain
the information information about about q except except that that it it is is located located with with the the circle circle. .
1: Find the nearest 1: Find the nearest Si from q’. from q’. 2: Find the POIs within the 2: Find the POIs within the di t 2 di t 2 d distance 2 distance 2r + + d. s4 s5 s6 s3 s4 s5 s6 s2 s3 q’ q’ s7 s2
3
q’ q’ s7 d r s1 3: Find the intersected 3: Find the intersected Voronoi Voronoi cells. cells. 2 2r + d r + d s1 s3 s4 s5 s6 s s2
3
s7
O(n + + t t log log t)
O(log n + + t t log log t) with pre ) with pre-
processing Running time Running time (n: # of
: # of Si
i,
, t: # of POIs within 2 : # of POIs within 2r+d) 15
s1 ( g ( g g ) p ) p p g p g
Th Th t POI POI (N ) f th th iti iti i il il The The nearest nearest POI POI (Nq) of
the query query position position q is is necessarily necessarily included included in in the the POIs POIs within within 2 2r + + d in in the the step step 2 2. . P f A th t P f A th t N i t i l d d th POI i th t 2 i t i l d d th POI i th t 2
is not included the POIs in the step 2. From the assumption, From the assumption, dist( dist(Nq, q’) ) 2 2r + + d. Let . Let f be the be the farthest point on the circle from farthest point on the circle from Nq’
q’.
N Nq q’ q’ N f
dist( dist(q, Nq’
q’)
) dist( dist(f, Nq’
q’)
) r + + d dist( dist(q, Nq
q)
)
d
Th f Th f N i i t th t POI f t th t POI f
s1 2r + d r + d Nq’
’
Therefore Therefore Nq is is not the nearest POI from not the nearest POI from q. By the contradiction, the assumption is By the contradiction, the assumption is wrong. wrong.
16
2r d r d
wrong. wrong.
1: Random circle (q’, r) 1: Random circle (q’, r) 2: POIs on the intersected cells 2: POIs on the intersected cells
q q’ q’ r s2 s3 q q s1
The The
answer answer for for the the exact exact nearest nearest neighbor neighbor search search
However, it still requires However, it still requires high communication cost high communication cost when when a user needs a high level privacy. a user needs a high level privacy.
17
1: Given a security parameter 1: Given a security parameter r, , 2: Random circle ( 2: Random circle (q’, ’, r), ), A i A i k ( 2) ( 2) generate a random circle generate a random circle including including q with the radius with the radius r. 3: Compute the intersected 3: Compute the intersected Voronoi Voronoi cells. cells. Answer size Answer size k (=2) (=2)
q q’ q’ r s2 s3 q
5: 5: {S1 S2} 6: Choose the nearest 6: Choose the nearest neighbor neighbor S1.
s1
2
q
5: 5: {S1, , S2} g
1
4: Select 4: Select k k POIs POIs with the with the probability probability p.
the the intersected area of intersected area of Si
i
18 p p = the the area of the area of the circle circle
i i
19
CA CA NA NA 864 POIs 864 POIs 9,203 POIs 9,203 POIs 50 50 1 550 1 550 50 50 1 050 1 050 We generated 100 random queries using the Gaussian We generated 100 random queries using the Gaussian r = 50 = 50 ∽ ∽ 1,550 1,550 r r = 50 = 50 ∽ ∽ 1,050 1,050
20
distribution of the POIs in each dataset. distribution of the POIs in each dataset.
CA CA NA NA
The communication The communication cost is the number of (TCP/IP) packets cost is the number of (TCP/IP) packets transmitted. transmitted.
We observe that # of packets are under 3 for CA (or 12 for NA). We observe that # of packets are under 3 for CA (or 12 for NA).
21
*POI size: 8 bytes, Packet header: 40
POI size: 8 bytes, Packet header: 40-
bytes, MTU: 576 bytes
CA CA NA NA
All samplings provide reasonable error distance for small r r. All samplings provide reasonable error distance for small All samplings provide reasonable error distance for small r r.
The 70% sampling is scalable even for large r r. .
22
23
24
We show a spatial cloaking based on range search is
Minimum location information leaking on range Minimum location information leaking on range Reasonable processing and communication cost due to the local
Voronoi diagram
Advantages
Simple client-server architecture Flexible privacy level
Future work
“ d k ”
Extension to “road networks” Optimal route planning
25
26
[GG [GG03 03] ] Marco Marco Gruteser Gruteser and and Dirk Dirk Grunwald Grunwald. . “Anonymous “Anonymous Usage Usage of
Location-
Based Services Services Through Through Spatial Spatial and and Temporal Temporal Cloaking Cloaking. .” ” MobiSys MobiSys 2003 2003
[MCA [MCA06 06] ] Mohamed Mohamed F F. . Mokbel Mokbel, , Chi Chi-
Yin Chow Chow and and Walid Walid G G. . Aref Aref. . “The “The New New Casper Casper: : Query Query Processing Processing for for Location Location Services Services without without Compromising Compromising Privacy Privacy.” ” VLDB VLDB 2006 2006 g p g p g y
[BL [BL08 08] ] B B. . Gedik Gedik and and Ling Ling Liu Liu. . “Protecting “Protecting Location Location Privacy Privacy with with Personalized Personalized k k-
Anonymity: : Architecture Architecture and and Algorithms Algorithms. .” ” IEEE IEEE Transactions Transactions on
Mobile Computing Computing In In Mobile Mobile Computing Computing 2008 2008 [YJHL [YJHL08 08] M L Yi Yi Ch i ti Ch i ti S J X H d H L “ “S T i t S T i t M i M i
[YJHL [YJHL08 08] Man Man Lung Lung Yiu, Yiu, Christian Christian S. Jensen, Jensen, Xuegang Xuegang Huang Huang and and Hua Hua Lu Lu. . “ “SpaceTwist SpaceTwist: Managing Managing the the Trade Trade-
Offs Among Among Location Location Privacy, Privacy, Query Query Performance, Performance, and and Query Query Accuracy Accuracy in in Mobile Mobile Services Services. .” ” ICDE ICDE 2008 2008
[GKKST [GKKST08 08] ] Gabriel Gabriel Ghinita Ghinita, , Panos Panos Kalnis Kalnis, , Ali Ali Khoshgozaran Khoshgozaran, , Cyrus Cyrus Shahabi Shahabi and and Kian Kian-
Lee Tan Tan. . “Private “Private queries queries in in location location based based services services: : anonymizers anonymizers are are not not necessary necessary. .” ” SIGMOD SIGMOD 2008 2008
[BF [BF04 04] ] Alastair Alastair R R. . Beresford Beresford and and Frank Frank Stajano Stajano. . “Mix “Mix-
zones: : User User privacy privacy in in location location-
aware services services. .” ” PerSec PerSec 2004 2004 [KYS [KYS05 05] H Kido Kido Y Yanagisawa Yanagisawa and and T Satoh Satoh “An “An anonymous anonymous communication communication technique technique using using
[KYS [KYS05 05] H. Kido, Kido, Y. Yanagisawa Yanagisawa and and T. Satoh
“An anonymous anonymous communication communication technique technique using using dummies dummies for for location location-
based services services. .” ” ICPS ICPS 2005 2005
[KS [KS07 07] ] A A. . Khoshgozaran Khoshgozaran and and C C. . Shahabi Shahabi. . “Blind “Blind Evaluation Evaluation of
Nearest Neighbor Neighbor Queries Queries Using Using Space Space Transformation Transformation to to Preserve Preserve Location Location Privacy Privacy. .” ” SSTD SSTD 2007 2007