Upload
saskia
View
41
Download
0
Tags:
Embed Size (px)
DESCRIPTION
A Two-level Protocol to Answer Private Location-based Queries. Roopa Vishwanathan Yan Huang [RoopaVishwanathan, huangyan]@unt.edu Computer Science and Engineering University of North Texas. Privacy Issues in Location-based Services. - PowerPoint PPT Presentation
Citation preview
A Two-level Protocol to Answer Private Location-based Queries
Roopa VishwanathanYan Huang
[RoopaVishwanathan, huangyan]@unt.eduComputer Science and Engineering
University of North Texas
Privacy Issues in Location-based Services
Client requests information from the server related to her current location
Client wants to maintain privacy and anonymity Location can be associated with user identity, e.g. service
request at your own house Thus client does not want the server to know her location
Server wants to release as precise information as possible
06/09/09 ISI 2009, Dallas, Texas2
Existing Approaches
Cloaking: k-anonymity [3][4][5]
Client requests are sent to an anonymizer
Anonymizer “cloaks” client’s location to a region that include k-1 other clients
Anonymizer forwards queries to the server using the cloaked location
Need to trust the anonymizer
06/09/09 ISI 2009, Dallas, Texas3
Existing Approaches … cont’d
Peer-to-peer [6][7]
A client c searches for k-1 peers
One peer acts as agent on behalf c
Chosen agent forwards requests to server using cloaked region
Need to be able to find k-1 peers
Need to trust the chosen agent peer
406/09/09 ISI 2009, Dallas, Texas
Drawbacks of Existing Approaches
Need to trust the anonymizer or peers
Reveals some spatial information (general region of query)
Correlation attacks
Could possibly identify the client
Large volume of query results
06/09/09 ISI 2009, Dallas, Texas5
Problem Definition and Motivation
Nearest Neighbor Query Example: Find me the nearest gas station from the location based server (LBS)
Goal: Find a way to protect privacy of the client while ensuring server returns precise data Privacy means: no release of identity or location of the
client
Motivation: Recent research shows PIR is a feasible and privacy-preserving approach, but server reveals too much data
606/09/09 ISI 2009, Dallas, Texas
Our Approach
Focus on Exact-Nearest-Neighbour queries
Uses PIR framework by Shahabi et al. [1] as a first step
Applies Oblivious Transfer [2] as the second step (to make server data precise)
06/09/09 ISI 2009, Dallas, Texas7
Private Information Retrieval (PIR)
Based on a computationally hard problem
Client sends an encrypted request for information
Server does not know what it reveals
06/09/09 ISI 2009, Dallas, Texas8
Bob: X[ 1,2,3,…..,N ] Alice: Wants bit i
v(X, E(i))
PIR Theory
906/09/09 ISI 2009, Dallas, Texas
PIR in Location-based Services
06/09/09 ISI 2009, Dallas, Texas10
User input: [ y1,y2,..,yn ]
Server computes: zr = Πnj=1
w (r,j)
w (r,j)=yj2 if Mr,j = 0 and w
(r,j)=yj otherwise
Server returns: z = [ z1, z2, .., zn]
User computes:
If za ε QR, Ma,b = 0
else Ma,b = 1
Example of PIR in LBS
06/09/09 ISI 2009, Dallas, Texas11
User location: M2,3
User generates request: y =[y1,y2,y3,y4]
y3 ε QNR, y1,y2,y4 ε QR
Server replies: [z1,z2,z3,z4]
If z2 ε QR, M2,3 = 0, else M2,3 = 1
Oblivious Transfer
Fundamental cryptographic protocol
Alice asks for one bit of information from Bob
Alice does not get to know any other bit
Bob does not know what bit Alice asked for
Many variants: 1-of-2, 1-of-n, k-of-n
1206/09/09 ISI 2009, Dallas, Texas
Example of Oblivious Transfer (OT)
1306/09/09 ISI 2009, Dallas, Texas
Exampleof OT … cont’d
1406/09/09 ISI 2009, Dallas, Texas
The Two-level Protocol: First Step
06/09/09 ISI 2009, Dallas, Texas15
Server divides the area into Voronoi cells and superimposes a grid on it
Each grid cell has list of Points Of Interests (POIs) associated with it
One POI each in a Voronoi cell
Contents of grid cells are the list of POIs
First Step: PIR …. cont’d
06/09/09 ISI 2009, Dallas, Texas16
Client requests a column corresponding to its grid cell using PIR: e.g .PIR(C)
Server prepares encrypted column C
Second Step – Oblivious Transfer (OT)
Client initiates 1-of-n OT with server
Client and server agree on a set of keys
Server encrypts each bit of PIR response with a different set of keys (according to the index of the bit) and sends it across
Server and client exchange keys (through 1-of-2 OT)
Client can decrypt the bit it wants and none else
1706/09/09 ISI 2009, Dallas, Texas
High-level View
Client knows it location
Tries to execute PIR to get its cell
Server prepares PIR response corresponding to a column that the client is in and encrypts it
Client and server engage in 1-of-n OT to get client’s cell from the column
1806/09/09 ISI 2009, Dallas, Texas
High-level View … cont’d
Contents of client’s grid cell are its neighbours (Point of Interests of POIs)
Client can easily calculate which point is the nearest
May contain redundant POIs
Repeated/redundant POIs can be discarded
1906/09/09 ISI 2009, Dallas, Texas
Complexity
N : number of objects (POIs),
M: number of bits in each
Request by client: O(M · N)
Response by server:
O(M·N + √N log √N)
Total time: O(M·N + √N log √N)
2006/09/09 ISI 2009, Dallas, Texas
Comparison of Costs
2106/09/09 ISI 2009, Dallas, Texas
Action PIR OT Our Two Level Protocol
Req. by user O(√n) O(logn) O(√n+log√n)
Res. By server
O(m√n)
O(mn) O(m√n)
Total time O(m√n)
O(mlogn+mn)
O(m√n+log√n)
Conclusion
Contribution: Proposed a two-level protocol for private location queries PIR over the entire grid – large amount of data would be
revealed OT over the entire grid – very expensive
Our approach – reduces amount of data revealed, not very expensive
Future direction: alternative approach (multi-level PIR)
2206/09/09 ISI 2009, Dallas, Texas
References
1. G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi and K.Tan. Private Queries in Location Based Services: Anonymizers are not Necessary. In Proc. of ACM SIGMOD 2008, pp. 121-132.
2. B. Pinkas and M. Naor. Efficient Oblivious Transfer Protocols. In Proc. Of 12th ACM-SIAM Symposium on Discrete Algorithms. pp. 448-457, 2001.
3. B. Gedik and L. Liu. Privacy in mobile systems: A personalized anonymization model. In Proc. Of ICDCS. Pp. 620-629, 2005.
4. P. Kalnis, G. Ghinita, K. Mouratidis and D. Papadias. Preventing location-based identity inference in anonymous spatial queries. In Proc. Of IEEE TKDE, pp. 239-257, 2007.
2306/09/09 ISI 2009, Dallas, Texas
References … cont’d
5. M. Mokbel, C. Chow and W. Aref. The new Casper: Query Processing for location-based services without compromising privacy. In Proc. Of VLDB, pp. 219-239, 2005.
6. C.Y. Chow, M. Mokbel and X. Liu. A peer-to-peer spatial cloaking algorithm for anonymous location-based services. In Proc. of ACM International Symposium on GIS. Pp. 247-256, 2006.
7. G. Ghinita, P. Kalnis and S. Skiadopoulos. PRIVE: Anonymous location-based queries in distributed mobile systems. In Proc. of 1st Intl. Conference on World Wide Web (WWW), pp. 371-380, 2007.
2406/09/09 ISI 2009, Dallas, Texas