Embed Size (px)
Citation preview
Research ArticleAn Improved Privacy-Preserving Framework for Location-BasedServices Based on Double Cloaking Regions with SupplementaryInformation Constraints
Li Kuang1 Yin Wang1 Pengju Ma1 Long Yu1 Chuanbin Li1
Lan Huang1 and Mengyao Zhu2
1School of Software Central South University Changsha 410075 China2School of Communication and Information Engineering Shanghai University Shanghai 200444 China
Correspondence should be addressed to Mengyao Zhu zhumengyaoshueducn
Received 18 August 2017 Accepted 10 October 2017 Published 7 November 2017
Academic Editor Lianyong Qi
Copyright copy 2017 Li Kuang et alThis is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
With the rapid development of location-based services in the field of mobile network applications users enjoy the convenience oflocation-based services on one side while being exposed to the risk of disclosure of privacy on the other side Attacker will makea fierce attack based on the probability of inquiry map data point of interest (POI) and other supplementary information Theexisting location privacy protection techniques seldom consider the supplementary information held by attackers and usually onlygenerate single cloaking region according to the protected location point and the query efficiency is relatively low In this paperwe improve the existing LBSs system framework in which we generate double cloaking regions by constraining the supplementaryinformation and then k-anonymous task is achieved by the cooperation of the double cloaking regions specifically speaking kdummy points of fixed dummy positions in the double cloaking regions are generated and the LBSs query is then performedFinally the effectiveness of the proposed method is verified by the experiments on real datasets
1 Introduction
In recent years with the rapid development of cellularnetwork and GPS (Global Positioning System) positioningtechnology the use of LBSs (location-based services) devices(such as phone PAD) became more and more popular whiledriving the rapid growth of LBSs applications The typicalLBSs applications include retrieval of POI (such asMeiTuan)map (such as GoogleMaps) GPS navigation (such as Amap)and location-aware social networks (such as Wechat) It canbe said that LBSs have penetrated into many aspects oflife and the invocation of LBSs undoubtedly brings greatconvenience to peoplersquos life
At the same time LBSs privacy risks also attract theattention of the society because when the user requests LBSsspecific location information is needed to submit and thelocations which are involved in a large number of userrsquosquery data [1 2] may reveal userrsquos privacy such as homeaddress living habits and social relations In the era of big
data security the emphasis is put on the problem of securityof data being sent data at rest and data being processedand deleted from the system [3] If such information isleaked to malicious attackers the user will be exposed to aserious threat In practice there is no server that is absolutelysecure LBSP (location-based services providers) itself mayalso be an attacker and even anonymizer on third partiescannot be trusted absolutely In addition the client receivesa large number of results returned by anonymizer which willincrease the cost of computation and they may wait for theservice due to too many dummy positions therefore the usermay be not satisfied by the application usage experience
The existing LBSs framework is shown as Figure 1 Theclient sends userrsquos request 119876119880 to the anonymizer The 119876119880includes the UID (User ID) the specific location 119897119906 theprivacy protection requirement k and the query content conThe anonymizer then sends the processed request 119876119860 tothe LBSPs 119876119860 includes randomly generated query requestsfor 119896 dummies locations Location information is different
HindawiSecurity and Communication NetworksVolume 2017 Article ID 7495974 15 pageshttpsdoiorg10115520177495974
2 Security and Communication Networks
Client Anonymizer LBSPs
QA(qA1 qA2 qA3 qAk)
CR CR
QU = (UID k lu con)
Figure 1 A centralized framework of LBSs
from userrsquos location in each 119902119860119894 while the remaining requestinformation is the same LBSP then returns the candidateresults CR of the request 119876119860 to the anonymizer and theanonymizer passes CR to the client and finally the clientfilters the best result from the returned CR as the final resultof the request
The traditional LBSs privacy protection algorithms sel-dom consider that the anonymizer is not credible so thatthe userrsquos specific location information is sent directly to theanonymizer If the data in anonymizer is leaked and usedby the attackers the userrsquos location data will be discloseddirectly In addition the attacker may make a fierce attackbased on the probability of inquiry map data POI andother supplementary information For example if a regionis covered by a very low query number of locations such aslakes andmountains the attacker can exclude the region witha large probability so that the risk of userrsquos exposure in theremaining region will be increased
In this paper we propose improving the existing LBSsframework and design several related algorithms within theframework First userrsquos actual location which is containedin the query request is generalized into grid id and theuserrsquos grid region is matched to another region by a dynamicmatching algorithm so that double cloaking regions areformed by considering that the attacker has a backgroundof the number of historical queries second k fixed dummypositions are generated in double cloaking regions to achievek-anonymous requirements by the proposed dummies gen-eration algorithm and finally the queries in dummy posi-tions of double cloaking regions are sent to LBSPs and thecandidate results are filtered and sent back to the user Ourproposed framework as well as the algorithms can solve thecontradiction between service quality privacy and resourceoverhead effectively
The remainder of the paper is organized as followsRelated work is discussed in Section 2 The preliminaries ofthis paper are given in Section 3 The proposed approachis illustrated in Section 4 The experimental results arepresented in Section 5 And finally the conclusions and futurework are given in Section 6
2 Related Work
At present researchers have put forward a lot of privacyprotection methods for LBSs and k-anonymous [4ndash16] is
the core idea of many methods Gruteser and Grunwald [4]propose the concept of location k-anonymity K-anonymityrequires that when a user sends a location request datato a LBSPs the cloaking region in which a query user islocated must contain at least the other 119896 minus 1 users so thatthe probability that the location query user is identifieddoes not exceed 1k Yiu et al [5] propose a Space Twistsolution which introduces a trusted third party after theuser sends their real location information to the trusted thirdparty it will send a dummy coordinate to LBS service ratherthan userrsquos real coordinate Mokbel et al [6] propose a k-anonymity protectionmethodwhich introduces a third partyanonymous server when the user sends a request to theLBSPs the location information is sent to the anonymousserver first The anonymous server generalizes the userrsquoslocation into a region of k-anonymity nature and then theanonymous server sends the request to the LBSPs and returnsthe candidate result set to the user finally the user selects thebest one
Spatial cloaking [17ndash25] is a fairly popular mechanismChow et al [17] propose Casper cloak algorithm which usesa quad-tree data structure and allows users to determine thesize of 119896 and the minimum anonymous area but the privacycan be guaranteed only when usersrsquo positions are distributedevenly Jin and Papadimitratos [18] allow P2P responses tobe validated with very low fraction of queries affected evenif a significant fraction of nodes are compromised Chenand Pang [21] propose that the cloaking region is randomlychosen from the ones with top-k largest position entropy
Dummy position [26ndash30] generation is also a commonmethod for location privacy protection Kido et al [26 27]first propose a dummy position generation mechanism Guoet al [28] combine the dynamic pseudonym transformationmechanism with the userrsquos personalized features to protectuserrsquos location privacy Palanisamy and Liu [29] propose aMix-zone approach for protecting userrsquos privacy
Encryption-based methods [12 31ndash37] make userrsquos loca-tion completely invisible to the server by encrypting LBSSquery Although encryption-based methods have high pri-vacy and high quality of service the calculation and com-munication costs are large the deployment is complex andthe optimization algorithm is needed Khoshgozaran et al[12 34] propose an encryption method based on the Hilbertcurve to transfer userrsquos position as well as his POI fromtwo-dimensional coordinates to one-dimensional encryption
Security and Communication Networks 3
space the one-dimensional encryption space transformedby two different parameters of Hilbert curve still maintainsthe proximity in two-dimensional space so that 119896-nearestneighbor query and range query can also be performed inone-dimensional encrypted space PIR (Private InformationRetrieval) [35] method is used to protect userrsquos query privacyand it has the advantages of high privacy protection andgood service quality Lu et al [36] propose the PLAM privacyprotection framework which uses homomorphic encryptionto protect user privacy but with much time overhead Fu etal [37] use the powerful computing power of the server topropose a retrieval encryption scheme to meet the privacyrequirements of different threat models
In summary the existing location privacy protectionmechanisms and methods still have the following problems(1) the existing methods often do not consider the supple-mentary information when generating cloaking region ifthe attacker has supplementary information the success rateof the attack will be increased and the privacy security ofthe user will be challenged (2) In the existing frameworkthe candidate results that anonymizer returns to the useroften include a large number of useless dummy positionswhich not only increase the computational overhead but alsoreduce usersrsquo experience (3) Dummy position coordinatesare often generated randomly without considering whetherit will affect the quality of final service
The differences of this paper include the following (1) wepropose generating double cloaking regions while assumingthat the attacker has a background of supplementary infor-mation so the privacy protection can be greatly improved(2) the proposed anonymizer in the LBSs framework willnot return all candidate results but merely returns a half tothe client so that the computation overhead is reduced anduserrsquos waiting time is reduced (3)wepropose generating fixeddummy positions according to the value of 119896 and uniformdistribution rule which can solve the contradiction betweenservice quality privacy and resource overhead effectively
3 Preliminaries
31 Strong Attack and Its Illustrating Examples In this paperwe assume that the attacker is a strong attacker LBSPscan be seen as strong attackers since LBSPs not only havesupplementary information such as the number of historicalqueries but also know the privacy protection mechanismA strong attacker usually infers the region where the user islocated and then combines the supplementary information tofilter the userrsquos region and even makes reverse attack basedon the privacy protection mechanism so that the attackercan uniquely identify the userrsquos region then infer the userrsquosreal location from the region and finally access the userrsquosprivacy
For example as shown in Figure 3(a) if the userrsquos regionrandomly matches a cloaking region with history querynumber of 1 obviously it is a region with very low numberof historical queries while if the userrsquos real location is in theregion with history query number of 20 there will be a greatpossibility of determining the userrsquos real region
The strong attacker may not only have the supplementaryinformation but also know the privacy protection mech-anism Suppose that we simply use the region which isthe closest to the userrsquos history query as the generationmechanismof double cloaking region and the attacker knowsthe mechanism As shown in Figure 3(b) the query time inuserrsquos region is 20 and the region with query times 22 willform the double cloaking regions If the attacker is the LBSPitself it will analyze the two regions if the userrsquos real regionis that with query times 22 the closest one is the regionwith 23 To form a double cloaking region the region withquery times 22 will select that with 23 instead of 20 so itcan be determined that the userrsquos real region is that with 20Therefore if attackers have supplementary information andknow the privacy protection mechanisms it will increase therisk of users to disclose the specific location
32 Problem Definition and Related Concepts
Definition 1 (space division based on quad-tree) As shownin Figure 4 this paper uses the quad-tree data structure [8]The space is divided layer by layer from top to bottom andeach layer is divided into 4ℎ grids especially speaking the0th layer of the entire space is divided into 1 grid the 1st layercontains 4 grids the 2nd layer contains 16 grids and so onuntil the side length of each grid reaches the threshold L andthe space will be divided into 119867 layers The total numberof the history query times on each layer is the same butthe entire spatial area is subdivided so that the length 119871 ofeach grid is gradually reduced The smaller the L the lowerthe level of privacy protection and the higher the quality ofservice on the contrary the bigger the L the higher the levelof privacy protection and the lower the quality of serviceTheinformation in each grid is contained in the hash table wheretheGID is the number of the grid andNoU is the userrsquos historyquery times in each grid
Definition 2 (query request from user 119876119880 (119880119868119863 119896 ℎ 119866119868119863119888119900119899)) As shown in Figure 2 the query request submitted bythe user to the anonymizer is denoted as 119876119880 (UID k h GIDcon) where UID is the userrsquos identification information k isuserrsquos requirement on k-anonymous protection mechanismwhich determines the number of dummies to generate his userrsquos requirements on the generalization level of spacewhich is required to be larger than 2 since the query wouldbe too poor if ℎ is less than or equal to 2 Both the user andthe anonymizer use the quad-tree data structure to store thespatial informationTheGID is the grid IDwhich is generatedaccording to the userrsquos specific location con is the querycontent which is not the focus of this study
Definition 3 (query request from anonymizer 119876119860 (1199021198601 11990211986021199021198603 119902119860119896)) The query request passed by the anonymizerto LBSPs is denoted as 119876119860(1199021198601 1199021198602 1199021198603 119902119860119896) where119902119860119894(119863119868119863 119897119889119894 119888119900119899) is a request for each dummy and DID(Dummies ID) is the identification information of the 119896dummies generated by the anonymizer 119897119889119894 is the locationinformation of 119896 dummies con is the query content
4 Security and Communication Networks
Client Anonymizer LBSPs
QA(qA1 qA2 qA3 qAk)
CRU CRA
QU = (UID k ℎ GID con)
Figure 2 Improved framework of LBSs system
1 2 25 26
18 24 33 45
28 20 22 30
51 43 23 13
(a) Cloaking region isformed by randomlymatching the number ofqueries
1 2 25 26
18 24 33 45
28 20 22 30
51 43 23 13
(b) Cloaking region isformed according to theclosest number of query
Figure 3 Two mechanisms of generating cloaking region
CID NoUThe entire system area (level 0) Hash table
2 times 2 grid structure (level 1)
4 times 4 grid structure (level 2)
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
Figure 4 Data storage structure
Definition 4 (candidate results to anonymizer 119862119877119860) TheLBSPs return the candidate results to the anonymizer as119862119877119860which is the results of the request for 119896 dummies in the doublecloaking region Each request result corresponds to the DIDof the query request
Definition 5 (candidate results to user119862119877119880) The anonymizerreturns candidate results to the user as 119862119877119880 which onlyincludes the query results of the dummies in the RCR
Definition 6 (quality of service) The quality of serviceobtained by the user is measured by the Euclidean distancebetween the dummy and the user If the user is closerto the dummy position the location of request and theresult are more similar therefore the service quality wouldbe higher Assume that the userrsquos specific position is 119897119906its latitude and longitude coordinate is (119897119900119899119906 119897119886119905119906) and119897119889119894 (119894 = 1 2 3 119896) is the 119894th dummy position its latitudeand longitude coordinate is (119897119900119899119889119894 119897119886119905119889119894) 119903 is the radius of the
Security and Communication Networks 5
earth generally taken as 6371 km The distance between userand dummy is calculated as formula (1)
dis119894 (119897119906 119897119889119894) = 2119903 lowast arcsin (radicsin(1198891198971198861199051198942 )2 + cos (119897119886119905119889119894) lowast cos (119897119886119905119906) lowast sin(1198891198971199001198991198942 )2) (1)
where
119889119897119900119899119894 = 120587 1003816100381610038161003816119897119900119899119889119894 minus 1198971199001198991199061003816100381610038161003816180 119889119897119886119905119894 = 120587 1003816100381610038161003816119897119886119905119889119894 minus 1198971198861199051199061003816100381610038161003816180
(2)
The smaller the value of dis119894(119897119906 119897119889119894) the better the quality ofservice of 119894th dummy and we can take the query result of the119894th dummy as the final query result
Problem Definition We know that the user the anonymousserver and LBSPs share the space division based on quad-treeAnd we also know that the user submits 119876119880 to anonymizerand the anonymizer passes 119876119860 to LBSPs the LBSPs return119862119877119860 to anonymizer and the anonymizer returns 119862119877119880 toclient In this process it is assumed that the anonymizer andLBSPs are not fully credible so the strong attacker is mostlikely to guess the specific location of the user according to thebackground knowledge which includes the number of histor-ical queries and privacy protection mechanism thus causingthe userrsquos privacy to be disclosed The problem that we wantto solve is improving the quality of service experienced by theuser and reducing the computing overhead of the user whenhe accesses the LBSs while ensuring his location security
33 Symbolic Correspondence For simplicity we list thenotations used in this paper as Notation section shows
4 Privacy-Preserving Framework andAlgorithms for LBSs
41 Approach Overview In order to protect the userrsquos reallocation which is contained in the query request we employthe double cloaking region mechanism The double cloakingregion includes real cloaking region (RCR) and fake cloakingregion (FCR) The RCR is the userrsquos grid and the anonymizergenerates FCR by dynamic clustering method FRC has threemain functions (1) FCR andRCR together generate 119896 dummypositions to reach 119896-anonymous requirements (2) FCR andRCR form a double cloaking region against strong-attacks(3) when the anonymizer returns the candidate results to theclient the candidate results of the request for the dummiesin the FCR are filtered directly The dummies in the doublecloaking region are sent to the LBSPs to request the service
The whole process of our proposed solution is shownas Figure 5 (the system execution order is demonstrated bythe numbers) (1) a RCR is generated according to the userrsquos
specific location (2) the query request 119876119880 is submitted tothe anonymizer (3) Dynamic Matching Algorithm (DMA)is employed by the anonymizer to generate a FCR accordingto the GID in 119876119880 so that a double cloaking region withsimilar query times is formed (4) k2 dummy positionsare generated in the two regions respectively by using thedummies generation algorithm (DGA) and the two dummysets are denoted DSs1 and DSs2 (5) the query request 119876119860from the dummy positions in DSs1 and DSs2 is submittedto LBSPs together (6) LBSP answers 119862119877119860 according to 119876119860(7) 119862119877119860 are replied to the anonymizer (8) the anonymizerforms 119862119877119880 according to the DIDs (Dummy IDs) in 119862119877119860 tofilter out the query results inDSs1 (9) 119862119877119880 is returned to theclient and the client selects the query result 119902119860119894 of the dummywhose dis119894(119897119906 119897119889119894) is minimum as the query result accordingto formula (1)
In our improved framework there are two importantalgorithms which are dynamic matching algorithm (DMA)and dummies generation algorithm (DGA) and we willillustrate the two algorithms in the following subsections
42 DynamicMatching Algorithm Themain idea of dynamicmatching algorithm (DMA for short) is to separate theregionswith relatively large relatively small and zero numberof queries so that the two regions with obviously differentnumber of queries will not be matched together to form adouble cloaking region As shown in Figure 6(a) the pointsrepresent the positions where users make historical requestsThe position coordinates are projected into a 2D map andthe whole region is divided into 4ℎ grids according to thegeneralization level of space h RCR where the user locatedis represented by the region with black solid line The regionis divided into 9 times 9 grids in Figure 6(a) as an example
As shown in Figure 6(b) first a 4 times 4 grid region whichcontainsRCR is allocated randomly and FCRwill bematchedin this region as well second the number of historical queriesin each grid is counted and stored in a matrix representedby 1198664times4 An example of 1198664times4 is shown in Figure 7 where thenumber of queries in RCR is 25 and the number of historicalqueries in each grid of the 4 times 4 region with black line inFigure 6(b) is also shown
And then the numbers of queries in the 4 times 4 regionare divided into three categories relatively large relativelysmall and zero which are realized by the classical dynamicclustering algorithm [38] To form a double cloaking regionwe remove the region with zero number of queries firstly andthen FCR is only selected randomly from the regions with thenumber in the same category as RCR
6 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 5 The improved framework
(a) The positions where users make historical requests (b) Users are allocated randomly into the 4 times 4 grid region
Figure 6 Historical requests on the map
Take the data in Figure 7 as an exampleDMA first dividesthe number of queries into three categories 14 16 22 2525 27 1 1 1 6 6 8 9 and 0 0 0 respectively Assumethat the query number of the userrsquos region is 25 the FCRmaybe the grid with the query number 22 and the two regionswill form a double cloaking region
The pseudocode of DMA is shown as Algorithm 1
43 Dummies Generation Algorithm The core idea of dum-mies generation algorithm (DGA) is to generate 119896 fixeddummy positions to approximate the userrsquos real positionand it tries to distribute the fixed dummy positions overthe region as evenly as possible and then the answer tothe query request by the user will be approximated by thatfrom the best dummy location It is common to generate
Security and Communication Networks 7
27 14 0 8
25 6 0 6
25 9 1 1
16 22 1 0
Figure 7 Number of historical queries in 4 times 4 region
Input Privacy protection level h Userrsquos grid ID GIDOutput Double Cloaking Region (RCR and FCR)(1) Anonymizer selects the spatial hierarchy according to the privacy protection level h(2) Randomly match the userrsquos grid into a grid region G4times4(3) for query count in G4times4(4) if query count =0 then(5) add query count to Sets(6) end if(7) end for(8) e Sets are randomly divided into set1 and set2 equally(9) Do(10) akg1 = average(set1) akg2 = average(set2)(11) for 119904 in Sets(12) if (s minus akg1)2 lt (s minus akg2)2 then(13) s belong to c1(14) else(15) s belong to c2(16) end if(17) end for(18) while there are changes on the elements in c1 and c2(19) if the number of GID belongs to c1 then(20) FCR isselected randomly from the regions with the number in c1 except RCR(21) else FCR is selected randomly from the regions with the number in c2 except RCR(22) end if(23) return FCR and RCR
Algorithm 1 DMA (dynamic matching algorithm)
dummy positions randomly in the double cloaking regionshowever we propose defining two rules to generate fixeddummy positions according to 119896 In Figure 8 the red solidcircle represents the userrsquos real position and the solid circlesrepresent the fixed dummy positions according to our ruleswhile the dotted circles represent the dummy positionsgenerated randomly As shown in Figure 8(a) when 1198891 gt 1198892that is the shortest distance between the user and the fixeddummy is shorter than that between the user and the randomdummy we say that the quality of service of the fixed dummypositions is higher than that of the random dummy positionsaccording to Definition 6 On the contrary as shown inFigure 8(b) when 1198891 lt 1198892 we say that the quality of service ofthe fixed dummy positions is lower than that of the random
dummy positions We verify that the service quality of DGAis higher than that of random way in Section 52
The coordinate systemof the two-dimensional coordinateorigin is established at the lower left vertex of the grid In theanonymizer there is data of each grid length 119871 in each spatialhierarchy 1198961 and 1198962 both equal to k2 and they represent thenumber of dummypositions to be generated inRCR andFCRrespectively There are two core rules in DGA
Base Rule R1 When 1198961 (or 1198962) le 5 the fixed dummy positionswhen 1198961 (or 1198962) = 1 2 3 4 5 are shown as Figures 9(a)ndash9(e)respectively
(1) When 1198961 (or 1198962) = 1 the dummy position is set at(1198712 1198712) as shown in Figure 9(a)
8 Security and Communication Networks
d1
d2
(a) 1198891 gt 1198892
d1
d2
(b) 1198891 lt 1198892
Figure 8 The shortest distance between the user and the random dummy 1198891 compared to that between the user and the fixed dummy 1198892
(a) 1198961 = 1 (b) 1198961 = 2 (c) 1198961 = 3
(d) 1198961 = 4 (e) 1198961 = 5
Figure 9 Base rule 1198771
(2) When 1198961 (or 1198962) = 2 the dummy positions are(1198712 1198714) (1198712 31198714) as shown in Figure 9(b)
(3) When 1198961 (or 1198962) = 3 the dummy positions are(1198714 1198714) (1198712 31198714) (31198714 1198714) as shown in Fig-ure 9(c)
(4) When 1198961 (or 1198962) = 4 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714) asshown in Figure 9(d)
(5) When 1198961 (or 1198962) = 5 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714)(1198712 1198712) as shown in Figure 9(e)
Generalization Rule R2 When 1198961 (or 1198962) = 119899 and 119899 gt 5 wehave the following
First divide the whole region into 4 grids and each valuein the 4 grids is as follows
(1) If 119899 4 = 0 1198994 dummy positions are assigned ineach of the 4 grids
(2) If 119899 4 = 1 (1198994) + 1 1198994 1198994 1198994 dummy positionsare assigned in the 4 grids respectively starting fromthe left upper corner continuing in the clockwisedirection
(3) If 119899 4 = 2 (1198994) + 1 (1198994) + 1 1198994 1198994 dummypositions are assigned in the 4 grids respectively
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
2 Security and Communication Networks
Client Anonymizer LBSPs
QA(qA1 qA2 qA3 qAk)
CR CR
QU = (UID k lu con)
Figure 1 A centralized framework of LBSs
from userrsquos location in each 119902119860119894 while the remaining requestinformation is the same LBSP then returns the candidateresults CR of the request 119876119860 to the anonymizer and theanonymizer passes CR to the client and finally the clientfilters the best result from the returned CR as the final resultof the request
The traditional LBSs privacy protection algorithms sel-dom consider that the anonymizer is not credible so thatthe userrsquos specific location information is sent directly to theanonymizer If the data in anonymizer is leaked and usedby the attackers the userrsquos location data will be discloseddirectly In addition the attacker may make a fierce attackbased on the probability of inquiry map data POI andother supplementary information For example if a regionis covered by a very low query number of locations such aslakes andmountains the attacker can exclude the region witha large probability so that the risk of userrsquos exposure in theremaining region will be increased
In this paper we propose improving the existing LBSsframework and design several related algorithms within theframework First userrsquos actual location which is containedin the query request is generalized into grid id and theuserrsquos grid region is matched to another region by a dynamicmatching algorithm so that double cloaking regions areformed by considering that the attacker has a backgroundof the number of historical queries second k fixed dummypositions are generated in double cloaking regions to achievek-anonymous requirements by the proposed dummies gen-eration algorithm and finally the queries in dummy posi-tions of double cloaking regions are sent to LBSPs and thecandidate results are filtered and sent back to the user Ourproposed framework as well as the algorithms can solve thecontradiction between service quality privacy and resourceoverhead effectively
The remainder of the paper is organized as followsRelated work is discussed in Section 2 The preliminaries ofthis paper are given in Section 3 The proposed approachis illustrated in Section 4 The experimental results arepresented in Section 5 And finally the conclusions and futurework are given in Section 6
2 Related Work
At present researchers have put forward a lot of privacyprotection methods for LBSs and k-anonymous [4ndash16] is
the core idea of many methods Gruteser and Grunwald [4]propose the concept of location k-anonymity K-anonymityrequires that when a user sends a location request datato a LBSPs the cloaking region in which a query user islocated must contain at least the other 119896 minus 1 users so thatthe probability that the location query user is identifieddoes not exceed 1k Yiu et al [5] propose a Space Twistsolution which introduces a trusted third party after theuser sends their real location information to the trusted thirdparty it will send a dummy coordinate to LBS service ratherthan userrsquos real coordinate Mokbel et al [6] propose a k-anonymity protectionmethodwhich introduces a third partyanonymous server when the user sends a request to theLBSPs the location information is sent to the anonymousserver first The anonymous server generalizes the userrsquoslocation into a region of k-anonymity nature and then theanonymous server sends the request to the LBSPs and returnsthe candidate result set to the user finally the user selects thebest one
Spatial cloaking [17ndash25] is a fairly popular mechanismChow et al [17] propose Casper cloak algorithm which usesa quad-tree data structure and allows users to determine thesize of 119896 and the minimum anonymous area but the privacycan be guaranteed only when usersrsquo positions are distributedevenly Jin and Papadimitratos [18] allow P2P responses tobe validated with very low fraction of queries affected evenif a significant fraction of nodes are compromised Chenand Pang [21] propose that the cloaking region is randomlychosen from the ones with top-k largest position entropy
Dummy position [26ndash30] generation is also a commonmethod for location privacy protection Kido et al [26 27]first propose a dummy position generation mechanism Guoet al [28] combine the dynamic pseudonym transformationmechanism with the userrsquos personalized features to protectuserrsquos location privacy Palanisamy and Liu [29] propose aMix-zone approach for protecting userrsquos privacy
Encryption-based methods [12 31ndash37] make userrsquos loca-tion completely invisible to the server by encrypting LBSSquery Although encryption-based methods have high pri-vacy and high quality of service the calculation and com-munication costs are large the deployment is complex andthe optimization algorithm is needed Khoshgozaran et al[12 34] propose an encryption method based on the Hilbertcurve to transfer userrsquos position as well as his POI fromtwo-dimensional coordinates to one-dimensional encryption
Security and Communication Networks 3
space the one-dimensional encryption space transformedby two different parameters of Hilbert curve still maintainsthe proximity in two-dimensional space so that 119896-nearestneighbor query and range query can also be performed inone-dimensional encrypted space PIR (Private InformationRetrieval) [35] method is used to protect userrsquos query privacyand it has the advantages of high privacy protection andgood service quality Lu et al [36] propose the PLAM privacyprotection framework which uses homomorphic encryptionto protect user privacy but with much time overhead Fu etal [37] use the powerful computing power of the server topropose a retrieval encryption scheme to meet the privacyrequirements of different threat models
In summary the existing location privacy protectionmechanisms and methods still have the following problems(1) the existing methods often do not consider the supple-mentary information when generating cloaking region ifthe attacker has supplementary information the success rateof the attack will be increased and the privacy security ofthe user will be challenged (2) In the existing frameworkthe candidate results that anonymizer returns to the useroften include a large number of useless dummy positionswhich not only increase the computational overhead but alsoreduce usersrsquo experience (3) Dummy position coordinatesare often generated randomly without considering whetherit will affect the quality of final service
The differences of this paper include the following (1) wepropose generating double cloaking regions while assumingthat the attacker has a background of supplementary infor-mation so the privacy protection can be greatly improved(2) the proposed anonymizer in the LBSs framework willnot return all candidate results but merely returns a half tothe client so that the computation overhead is reduced anduserrsquos waiting time is reduced (3)wepropose generating fixeddummy positions according to the value of 119896 and uniformdistribution rule which can solve the contradiction betweenservice quality privacy and resource overhead effectively
3 Preliminaries
31 Strong Attack and Its Illustrating Examples In this paperwe assume that the attacker is a strong attacker LBSPscan be seen as strong attackers since LBSPs not only havesupplementary information such as the number of historicalqueries but also know the privacy protection mechanismA strong attacker usually infers the region where the user islocated and then combines the supplementary information tofilter the userrsquos region and even makes reverse attack basedon the privacy protection mechanism so that the attackercan uniquely identify the userrsquos region then infer the userrsquosreal location from the region and finally access the userrsquosprivacy
For example as shown in Figure 3(a) if the userrsquos regionrandomly matches a cloaking region with history querynumber of 1 obviously it is a region with very low numberof historical queries while if the userrsquos real location is in theregion with history query number of 20 there will be a greatpossibility of determining the userrsquos real region
The strong attacker may not only have the supplementaryinformation but also know the privacy protection mech-anism Suppose that we simply use the region which isthe closest to the userrsquos history query as the generationmechanismof double cloaking region and the attacker knowsthe mechanism As shown in Figure 3(b) the query time inuserrsquos region is 20 and the region with query times 22 willform the double cloaking regions If the attacker is the LBSPitself it will analyze the two regions if the userrsquos real regionis that with query times 22 the closest one is the regionwith 23 To form a double cloaking region the region withquery times 22 will select that with 23 instead of 20 so itcan be determined that the userrsquos real region is that with 20Therefore if attackers have supplementary information andknow the privacy protection mechanisms it will increase therisk of users to disclose the specific location
32 Problem Definition and Related Concepts
Definition 1 (space division based on quad-tree) As shownin Figure 4 this paper uses the quad-tree data structure [8]The space is divided layer by layer from top to bottom andeach layer is divided into 4ℎ grids especially speaking the0th layer of the entire space is divided into 1 grid the 1st layercontains 4 grids the 2nd layer contains 16 grids and so onuntil the side length of each grid reaches the threshold L andthe space will be divided into 119867 layers The total numberof the history query times on each layer is the same butthe entire spatial area is subdivided so that the length 119871 ofeach grid is gradually reduced The smaller the L the lowerthe level of privacy protection and the higher the quality ofservice on the contrary the bigger the L the higher the levelof privacy protection and the lower the quality of serviceTheinformation in each grid is contained in the hash table wheretheGID is the number of the grid andNoU is the userrsquos historyquery times in each grid
Definition 2 (query request from user 119876119880 (119880119868119863 119896 ℎ 119866119868119863119888119900119899)) As shown in Figure 2 the query request submitted bythe user to the anonymizer is denoted as 119876119880 (UID k h GIDcon) where UID is the userrsquos identification information k isuserrsquos requirement on k-anonymous protection mechanismwhich determines the number of dummies to generate his userrsquos requirements on the generalization level of spacewhich is required to be larger than 2 since the query wouldbe too poor if ℎ is less than or equal to 2 Both the user andthe anonymizer use the quad-tree data structure to store thespatial informationTheGID is the grid IDwhich is generatedaccording to the userrsquos specific location con is the querycontent which is not the focus of this study
Definition 3 (query request from anonymizer 119876119860 (1199021198601 11990211986021199021198603 119902119860119896)) The query request passed by the anonymizerto LBSPs is denoted as 119876119860(1199021198601 1199021198602 1199021198603 119902119860119896) where119902119860119894(119863119868119863 119897119889119894 119888119900119899) is a request for each dummy and DID(Dummies ID) is the identification information of the 119896dummies generated by the anonymizer 119897119889119894 is the locationinformation of 119896 dummies con is the query content
4 Security and Communication Networks
Client Anonymizer LBSPs
QA(qA1 qA2 qA3 qAk)
CRU CRA
QU = (UID k ℎ GID con)
Figure 2 Improved framework of LBSs system
1 2 25 26
18 24 33 45
28 20 22 30
51 43 23 13
(a) Cloaking region isformed by randomlymatching the number ofqueries
1 2 25 26
18 24 33 45
28 20 22 30
51 43 23 13
(b) Cloaking region isformed according to theclosest number of query
Figure 3 Two mechanisms of generating cloaking region
CID NoUThe entire system area (level 0) Hash table
2 times 2 grid structure (level 1)
4 times 4 grid structure (level 2)
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
Figure 4 Data storage structure
Definition 4 (candidate results to anonymizer 119862119877119860) TheLBSPs return the candidate results to the anonymizer as119862119877119860which is the results of the request for 119896 dummies in the doublecloaking region Each request result corresponds to the DIDof the query request
Definition 5 (candidate results to user119862119877119880) The anonymizerreturns candidate results to the user as 119862119877119880 which onlyincludes the query results of the dummies in the RCR
Definition 6 (quality of service) The quality of serviceobtained by the user is measured by the Euclidean distancebetween the dummy and the user If the user is closerto the dummy position the location of request and theresult are more similar therefore the service quality wouldbe higher Assume that the userrsquos specific position is 119897119906its latitude and longitude coordinate is (119897119900119899119906 119897119886119905119906) and119897119889119894 (119894 = 1 2 3 119896) is the 119894th dummy position its latitudeand longitude coordinate is (119897119900119899119889119894 119897119886119905119889119894) 119903 is the radius of the
Security and Communication Networks 5
earth generally taken as 6371 km The distance between userand dummy is calculated as formula (1)
dis119894 (119897119906 119897119889119894) = 2119903 lowast arcsin (radicsin(1198891198971198861199051198942 )2 + cos (119897119886119905119889119894) lowast cos (119897119886119905119906) lowast sin(1198891198971199001198991198942 )2) (1)
where
119889119897119900119899119894 = 120587 1003816100381610038161003816119897119900119899119889119894 minus 1198971199001198991199061003816100381610038161003816180 119889119897119886119905119894 = 120587 1003816100381610038161003816119897119886119905119889119894 minus 1198971198861199051199061003816100381610038161003816180
(2)
The smaller the value of dis119894(119897119906 119897119889119894) the better the quality ofservice of 119894th dummy and we can take the query result of the119894th dummy as the final query result
Problem Definition We know that the user the anonymousserver and LBSPs share the space division based on quad-treeAnd we also know that the user submits 119876119880 to anonymizerand the anonymizer passes 119876119860 to LBSPs the LBSPs return119862119877119860 to anonymizer and the anonymizer returns 119862119877119880 toclient In this process it is assumed that the anonymizer andLBSPs are not fully credible so the strong attacker is mostlikely to guess the specific location of the user according to thebackground knowledge which includes the number of histor-ical queries and privacy protection mechanism thus causingthe userrsquos privacy to be disclosed The problem that we wantto solve is improving the quality of service experienced by theuser and reducing the computing overhead of the user whenhe accesses the LBSs while ensuring his location security
33 Symbolic Correspondence For simplicity we list thenotations used in this paper as Notation section shows
4 Privacy-Preserving Framework andAlgorithms for LBSs
41 Approach Overview In order to protect the userrsquos reallocation which is contained in the query request we employthe double cloaking region mechanism The double cloakingregion includes real cloaking region (RCR) and fake cloakingregion (FCR) The RCR is the userrsquos grid and the anonymizergenerates FCR by dynamic clustering method FRC has threemain functions (1) FCR andRCR together generate 119896 dummypositions to reach 119896-anonymous requirements (2) FCR andRCR form a double cloaking region against strong-attacks(3) when the anonymizer returns the candidate results to theclient the candidate results of the request for the dummiesin the FCR are filtered directly The dummies in the doublecloaking region are sent to the LBSPs to request the service
The whole process of our proposed solution is shownas Figure 5 (the system execution order is demonstrated bythe numbers) (1) a RCR is generated according to the userrsquos
specific location (2) the query request 119876119880 is submitted tothe anonymizer (3) Dynamic Matching Algorithm (DMA)is employed by the anonymizer to generate a FCR accordingto the GID in 119876119880 so that a double cloaking region withsimilar query times is formed (4) k2 dummy positionsare generated in the two regions respectively by using thedummies generation algorithm (DGA) and the two dummysets are denoted DSs1 and DSs2 (5) the query request 119876119860from the dummy positions in DSs1 and DSs2 is submittedto LBSPs together (6) LBSP answers 119862119877119860 according to 119876119860(7) 119862119877119860 are replied to the anonymizer (8) the anonymizerforms 119862119877119880 according to the DIDs (Dummy IDs) in 119862119877119860 tofilter out the query results inDSs1 (9) 119862119877119880 is returned to theclient and the client selects the query result 119902119860119894 of the dummywhose dis119894(119897119906 119897119889119894) is minimum as the query result accordingto formula (1)
In our improved framework there are two importantalgorithms which are dynamic matching algorithm (DMA)and dummies generation algorithm (DGA) and we willillustrate the two algorithms in the following subsections
42 DynamicMatching Algorithm Themain idea of dynamicmatching algorithm (DMA for short) is to separate theregionswith relatively large relatively small and zero numberof queries so that the two regions with obviously differentnumber of queries will not be matched together to form adouble cloaking region As shown in Figure 6(a) the pointsrepresent the positions where users make historical requestsThe position coordinates are projected into a 2D map andthe whole region is divided into 4ℎ grids according to thegeneralization level of space h RCR where the user locatedis represented by the region with black solid line The regionis divided into 9 times 9 grids in Figure 6(a) as an example
As shown in Figure 6(b) first a 4 times 4 grid region whichcontainsRCR is allocated randomly and FCRwill bematchedin this region as well second the number of historical queriesin each grid is counted and stored in a matrix representedby 1198664times4 An example of 1198664times4 is shown in Figure 7 where thenumber of queries in RCR is 25 and the number of historicalqueries in each grid of the 4 times 4 region with black line inFigure 6(b) is also shown
And then the numbers of queries in the 4 times 4 regionare divided into three categories relatively large relativelysmall and zero which are realized by the classical dynamicclustering algorithm [38] To form a double cloaking regionwe remove the region with zero number of queries firstly andthen FCR is only selected randomly from the regions with thenumber in the same category as RCR
6 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 5 The improved framework
(a) The positions where users make historical requests (b) Users are allocated randomly into the 4 times 4 grid region
Figure 6 Historical requests on the map
Take the data in Figure 7 as an exampleDMA first dividesthe number of queries into three categories 14 16 22 2525 27 1 1 1 6 6 8 9 and 0 0 0 respectively Assumethat the query number of the userrsquos region is 25 the FCRmaybe the grid with the query number 22 and the two regionswill form a double cloaking region
The pseudocode of DMA is shown as Algorithm 1
43 Dummies Generation Algorithm The core idea of dum-mies generation algorithm (DGA) is to generate 119896 fixeddummy positions to approximate the userrsquos real positionand it tries to distribute the fixed dummy positions overthe region as evenly as possible and then the answer tothe query request by the user will be approximated by thatfrom the best dummy location It is common to generate
Security and Communication Networks 7
27 14 0 8
25 6 0 6
25 9 1 1
16 22 1 0
Figure 7 Number of historical queries in 4 times 4 region
Input Privacy protection level h Userrsquos grid ID GIDOutput Double Cloaking Region (RCR and FCR)(1) Anonymizer selects the spatial hierarchy according to the privacy protection level h(2) Randomly match the userrsquos grid into a grid region G4times4(3) for query count in G4times4(4) if query count =0 then(5) add query count to Sets(6) end if(7) end for(8) e Sets are randomly divided into set1 and set2 equally(9) Do(10) akg1 = average(set1) akg2 = average(set2)(11) for 119904 in Sets(12) if (s minus akg1)2 lt (s minus akg2)2 then(13) s belong to c1(14) else(15) s belong to c2(16) end if(17) end for(18) while there are changes on the elements in c1 and c2(19) if the number of GID belongs to c1 then(20) FCR isselected randomly from the regions with the number in c1 except RCR(21) else FCR is selected randomly from the regions with the number in c2 except RCR(22) end if(23) return FCR and RCR
Algorithm 1 DMA (dynamic matching algorithm)
dummy positions randomly in the double cloaking regionshowever we propose defining two rules to generate fixeddummy positions according to 119896 In Figure 8 the red solidcircle represents the userrsquos real position and the solid circlesrepresent the fixed dummy positions according to our ruleswhile the dotted circles represent the dummy positionsgenerated randomly As shown in Figure 8(a) when 1198891 gt 1198892that is the shortest distance between the user and the fixeddummy is shorter than that between the user and the randomdummy we say that the quality of service of the fixed dummypositions is higher than that of the random dummy positionsaccording to Definition 6 On the contrary as shown inFigure 8(b) when 1198891 lt 1198892 we say that the quality of service ofthe fixed dummy positions is lower than that of the random
dummy positions We verify that the service quality of DGAis higher than that of random way in Section 52
The coordinate systemof the two-dimensional coordinateorigin is established at the lower left vertex of the grid In theanonymizer there is data of each grid length 119871 in each spatialhierarchy 1198961 and 1198962 both equal to k2 and they represent thenumber of dummypositions to be generated inRCR andFCRrespectively There are two core rules in DGA
Base Rule R1 When 1198961 (or 1198962) le 5 the fixed dummy positionswhen 1198961 (or 1198962) = 1 2 3 4 5 are shown as Figures 9(a)ndash9(e)respectively
(1) When 1198961 (or 1198962) = 1 the dummy position is set at(1198712 1198712) as shown in Figure 9(a)
8 Security and Communication Networks
d1
d2
(a) 1198891 gt 1198892
d1
d2
(b) 1198891 lt 1198892
Figure 8 The shortest distance between the user and the random dummy 1198891 compared to that between the user and the fixed dummy 1198892
(a) 1198961 = 1 (b) 1198961 = 2 (c) 1198961 = 3
(d) 1198961 = 4 (e) 1198961 = 5
Figure 9 Base rule 1198771
(2) When 1198961 (or 1198962) = 2 the dummy positions are(1198712 1198714) (1198712 31198714) as shown in Figure 9(b)
(3) When 1198961 (or 1198962) = 3 the dummy positions are(1198714 1198714) (1198712 31198714) (31198714 1198714) as shown in Fig-ure 9(c)
(4) When 1198961 (or 1198962) = 4 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714) asshown in Figure 9(d)
(5) When 1198961 (or 1198962) = 5 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714)(1198712 1198712) as shown in Figure 9(e)
Generalization Rule R2 When 1198961 (or 1198962) = 119899 and 119899 gt 5 wehave the following
First divide the whole region into 4 grids and each valuein the 4 grids is as follows
(1) If 119899 4 = 0 1198994 dummy positions are assigned ineach of the 4 grids
(2) If 119899 4 = 1 (1198994) + 1 1198994 1198994 1198994 dummy positionsare assigned in the 4 grids respectively starting fromthe left upper corner continuing in the clockwisedirection
(3) If 119899 4 = 2 (1198994) + 1 (1198994) + 1 1198994 1198994 dummypositions are assigned in the 4 grids respectively
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 3
space the one-dimensional encryption space transformedby two different parameters of Hilbert curve still maintainsthe proximity in two-dimensional space so that 119896-nearestneighbor query and range query can also be performed inone-dimensional encrypted space PIR (Private InformationRetrieval) [35] method is used to protect userrsquos query privacyand it has the advantages of high privacy protection andgood service quality Lu et al [36] propose the PLAM privacyprotection framework which uses homomorphic encryptionto protect user privacy but with much time overhead Fu etal [37] use the powerful computing power of the server topropose a retrieval encryption scheme to meet the privacyrequirements of different threat models
In summary the existing location privacy protectionmechanisms and methods still have the following problems(1) the existing methods often do not consider the supple-mentary information when generating cloaking region ifthe attacker has supplementary information the success rateof the attack will be increased and the privacy security ofthe user will be challenged (2) In the existing frameworkthe candidate results that anonymizer returns to the useroften include a large number of useless dummy positionswhich not only increase the computational overhead but alsoreduce usersrsquo experience (3) Dummy position coordinatesare often generated randomly without considering whetherit will affect the quality of final service
The differences of this paper include the following (1) wepropose generating double cloaking regions while assumingthat the attacker has a background of supplementary infor-mation so the privacy protection can be greatly improved(2) the proposed anonymizer in the LBSs framework willnot return all candidate results but merely returns a half tothe client so that the computation overhead is reduced anduserrsquos waiting time is reduced (3)wepropose generating fixeddummy positions according to the value of 119896 and uniformdistribution rule which can solve the contradiction betweenservice quality privacy and resource overhead effectively
3 Preliminaries
31 Strong Attack and Its Illustrating Examples In this paperwe assume that the attacker is a strong attacker LBSPscan be seen as strong attackers since LBSPs not only havesupplementary information such as the number of historicalqueries but also know the privacy protection mechanismA strong attacker usually infers the region where the user islocated and then combines the supplementary information tofilter the userrsquos region and even makes reverse attack basedon the privacy protection mechanism so that the attackercan uniquely identify the userrsquos region then infer the userrsquosreal location from the region and finally access the userrsquosprivacy
For example as shown in Figure 3(a) if the userrsquos regionrandomly matches a cloaking region with history querynumber of 1 obviously it is a region with very low numberof historical queries while if the userrsquos real location is in theregion with history query number of 20 there will be a greatpossibility of determining the userrsquos real region
The strong attacker may not only have the supplementaryinformation but also know the privacy protection mech-anism Suppose that we simply use the region which isthe closest to the userrsquos history query as the generationmechanismof double cloaking region and the attacker knowsthe mechanism As shown in Figure 3(b) the query time inuserrsquos region is 20 and the region with query times 22 willform the double cloaking regions If the attacker is the LBSPitself it will analyze the two regions if the userrsquos real regionis that with query times 22 the closest one is the regionwith 23 To form a double cloaking region the region withquery times 22 will select that with 23 instead of 20 so itcan be determined that the userrsquos real region is that with 20Therefore if attackers have supplementary information andknow the privacy protection mechanisms it will increase therisk of users to disclose the specific location
32 Problem Definition and Related Concepts
Definition 1 (space division based on quad-tree) As shownin Figure 4 this paper uses the quad-tree data structure [8]The space is divided layer by layer from top to bottom andeach layer is divided into 4ℎ grids especially speaking the0th layer of the entire space is divided into 1 grid the 1st layercontains 4 grids the 2nd layer contains 16 grids and so onuntil the side length of each grid reaches the threshold L andthe space will be divided into 119867 layers The total numberof the history query times on each layer is the same butthe entire spatial area is subdivided so that the length 119871 ofeach grid is gradually reduced The smaller the L the lowerthe level of privacy protection and the higher the quality ofservice on the contrary the bigger the L the higher the levelof privacy protection and the lower the quality of serviceTheinformation in each grid is contained in the hash table wheretheGID is the number of the grid andNoU is the userrsquos historyquery times in each grid
Definition 2 (query request from user 119876119880 (119880119868119863 119896 ℎ 119866119868119863119888119900119899)) As shown in Figure 2 the query request submitted bythe user to the anonymizer is denoted as 119876119880 (UID k h GIDcon) where UID is the userrsquos identification information k isuserrsquos requirement on k-anonymous protection mechanismwhich determines the number of dummies to generate his userrsquos requirements on the generalization level of spacewhich is required to be larger than 2 since the query wouldbe too poor if ℎ is less than or equal to 2 Both the user andthe anonymizer use the quad-tree data structure to store thespatial informationTheGID is the grid IDwhich is generatedaccording to the userrsquos specific location con is the querycontent which is not the focus of this study
Definition 3 (query request from anonymizer 119876119860 (1199021198601 11990211986021199021198603 119902119860119896)) The query request passed by the anonymizerto LBSPs is denoted as 119876119860(1199021198601 1199021198602 1199021198603 119902119860119896) where119902119860119894(119863119868119863 119897119889119894 119888119900119899) is a request for each dummy and DID(Dummies ID) is the identification information of the 119896dummies generated by the anonymizer 119897119889119894 is the locationinformation of 119896 dummies con is the query content
4 Security and Communication Networks
Client Anonymizer LBSPs
QA(qA1 qA2 qA3 qAk)
CRU CRA
QU = (UID k ℎ GID con)
Figure 2 Improved framework of LBSs system
1 2 25 26
18 24 33 45
28 20 22 30
51 43 23 13
(a) Cloaking region isformed by randomlymatching the number ofqueries
1 2 25 26
18 24 33 45
28 20 22 30
51 43 23 13
(b) Cloaking region isformed according to theclosest number of query
Figure 3 Two mechanisms of generating cloaking region
CID NoUThe entire system area (level 0) Hash table
2 times 2 grid structure (level 1)
4 times 4 grid structure (level 2)
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
Figure 4 Data storage structure
Definition 4 (candidate results to anonymizer 119862119877119860) TheLBSPs return the candidate results to the anonymizer as119862119877119860which is the results of the request for 119896 dummies in the doublecloaking region Each request result corresponds to the DIDof the query request
Definition 5 (candidate results to user119862119877119880) The anonymizerreturns candidate results to the user as 119862119877119880 which onlyincludes the query results of the dummies in the RCR
Definition 6 (quality of service) The quality of serviceobtained by the user is measured by the Euclidean distancebetween the dummy and the user If the user is closerto the dummy position the location of request and theresult are more similar therefore the service quality wouldbe higher Assume that the userrsquos specific position is 119897119906its latitude and longitude coordinate is (119897119900119899119906 119897119886119905119906) and119897119889119894 (119894 = 1 2 3 119896) is the 119894th dummy position its latitudeand longitude coordinate is (119897119900119899119889119894 119897119886119905119889119894) 119903 is the radius of the
Security and Communication Networks 5
earth generally taken as 6371 km The distance between userand dummy is calculated as formula (1)
dis119894 (119897119906 119897119889119894) = 2119903 lowast arcsin (radicsin(1198891198971198861199051198942 )2 + cos (119897119886119905119889119894) lowast cos (119897119886119905119906) lowast sin(1198891198971199001198991198942 )2) (1)
where
119889119897119900119899119894 = 120587 1003816100381610038161003816119897119900119899119889119894 minus 1198971199001198991199061003816100381610038161003816180 119889119897119886119905119894 = 120587 1003816100381610038161003816119897119886119905119889119894 minus 1198971198861199051199061003816100381610038161003816180
(2)
The smaller the value of dis119894(119897119906 119897119889119894) the better the quality ofservice of 119894th dummy and we can take the query result of the119894th dummy as the final query result
Problem Definition We know that the user the anonymousserver and LBSPs share the space division based on quad-treeAnd we also know that the user submits 119876119880 to anonymizerand the anonymizer passes 119876119860 to LBSPs the LBSPs return119862119877119860 to anonymizer and the anonymizer returns 119862119877119880 toclient In this process it is assumed that the anonymizer andLBSPs are not fully credible so the strong attacker is mostlikely to guess the specific location of the user according to thebackground knowledge which includes the number of histor-ical queries and privacy protection mechanism thus causingthe userrsquos privacy to be disclosed The problem that we wantto solve is improving the quality of service experienced by theuser and reducing the computing overhead of the user whenhe accesses the LBSs while ensuring his location security
33 Symbolic Correspondence For simplicity we list thenotations used in this paper as Notation section shows
4 Privacy-Preserving Framework andAlgorithms for LBSs
41 Approach Overview In order to protect the userrsquos reallocation which is contained in the query request we employthe double cloaking region mechanism The double cloakingregion includes real cloaking region (RCR) and fake cloakingregion (FCR) The RCR is the userrsquos grid and the anonymizergenerates FCR by dynamic clustering method FRC has threemain functions (1) FCR andRCR together generate 119896 dummypositions to reach 119896-anonymous requirements (2) FCR andRCR form a double cloaking region against strong-attacks(3) when the anonymizer returns the candidate results to theclient the candidate results of the request for the dummiesin the FCR are filtered directly The dummies in the doublecloaking region are sent to the LBSPs to request the service
The whole process of our proposed solution is shownas Figure 5 (the system execution order is demonstrated bythe numbers) (1) a RCR is generated according to the userrsquos
specific location (2) the query request 119876119880 is submitted tothe anonymizer (3) Dynamic Matching Algorithm (DMA)is employed by the anonymizer to generate a FCR accordingto the GID in 119876119880 so that a double cloaking region withsimilar query times is formed (4) k2 dummy positionsare generated in the two regions respectively by using thedummies generation algorithm (DGA) and the two dummysets are denoted DSs1 and DSs2 (5) the query request 119876119860from the dummy positions in DSs1 and DSs2 is submittedto LBSPs together (6) LBSP answers 119862119877119860 according to 119876119860(7) 119862119877119860 are replied to the anonymizer (8) the anonymizerforms 119862119877119880 according to the DIDs (Dummy IDs) in 119862119877119860 tofilter out the query results inDSs1 (9) 119862119877119880 is returned to theclient and the client selects the query result 119902119860119894 of the dummywhose dis119894(119897119906 119897119889119894) is minimum as the query result accordingto formula (1)
In our improved framework there are two importantalgorithms which are dynamic matching algorithm (DMA)and dummies generation algorithm (DGA) and we willillustrate the two algorithms in the following subsections
42 DynamicMatching Algorithm Themain idea of dynamicmatching algorithm (DMA for short) is to separate theregionswith relatively large relatively small and zero numberof queries so that the two regions with obviously differentnumber of queries will not be matched together to form adouble cloaking region As shown in Figure 6(a) the pointsrepresent the positions where users make historical requestsThe position coordinates are projected into a 2D map andthe whole region is divided into 4ℎ grids according to thegeneralization level of space h RCR where the user locatedis represented by the region with black solid line The regionis divided into 9 times 9 grids in Figure 6(a) as an example
As shown in Figure 6(b) first a 4 times 4 grid region whichcontainsRCR is allocated randomly and FCRwill bematchedin this region as well second the number of historical queriesin each grid is counted and stored in a matrix representedby 1198664times4 An example of 1198664times4 is shown in Figure 7 where thenumber of queries in RCR is 25 and the number of historicalqueries in each grid of the 4 times 4 region with black line inFigure 6(b) is also shown
And then the numbers of queries in the 4 times 4 regionare divided into three categories relatively large relativelysmall and zero which are realized by the classical dynamicclustering algorithm [38] To form a double cloaking regionwe remove the region with zero number of queries firstly andthen FCR is only selected randomly from the regions with thenumber in the same category as RCR
6 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 5 The improved framework
(a) The positions where users make historical requests (b) Users are allocated randomly into the 4 times 4 grid region
Figure 6 Historical requests on the map
Take the data in Figure 7 as an exampleDMA first dividesthe number of queries into three categories 14 16 22 2525 27 1 1 1 6 6 8 9 and 0 0 0 respectively Assumethat the query number of the userrsquos region is 25 the FCRmaybe the grid with the query number 22 and the two regionswill form a double cloaking region
The pseudocode of DMA is shown as Algorithm 1
43 Dummies Generation Algorithm The core idea of dum-mies generation algorithm (DGA) is to generate 119896 fixeddummy positions to approximate the userrsquos real positionand it tries to distribute the fixed dummy positions overthe region as evenly as possible and then the answer tothe query request by the user will be approximated by thatfrom the best dummy location It is common to generate
Security and Communication Networks 7
27 14 0 8
25 6 0 6
25 9 1 1
16 22 1 0
Figure 7 Number of historical queries in 4 times 4 region
Input Privacy protection level h Userrsquos grid ID GIDOutput Double Cloaking Region (RCR and FCR)(1) Anonymizer selects the spatial hierarchy according to the privacy protection level h(2) Randomly match the userrsquos grid into a grid region G4times4(3) for query count in G4times4(4) if query count =0 then(5) add query count to Sets(6) end if(7) end for(8) e Sets are randomly divided into set1 and set2 equally(9) Do(10) akg1 = average(set1) akg2 = average(set2)(11) for 119904 in Sets(12) if (s minus akg1)2 lt (s minus akg2)2 then(13) s belong to c1(14) else(15) s belong to c2(16) end if(17) end for(18) while there are changes on the elements in c1 and c2(19) if the number of GID belongs to c1 then(20) FCR isselected randomly from the regions with the number in c1 except RCR(21) else FCR is selected randomly from the regions with the number in c2 except RCR(22) end if(23) return FCR and RCR
Algorithm 1 DMA (dynamic matching algorithm)
dummy positions randomly in the double cloaking regionshowever we propose defining two rules to generate fixeddummy positions according to 119896 In Figure 8 the red solidcircle represents the userrsquos real position and the solid circlesrepresent the fixed dummy positions according to our ruleswhile the dotted circles represent the dummy positionsgenerated randomly As shown in Figure 8(a) when 1198891 gt 1198892that is the shortest distance between the user and the fixeddummy is shorter than that between the user and the randomdummy we say that the quality of service of the fixed dummypositions is higher than that of the random dummy positionsaccording to Definition 6 On the contrary as shown inFigure 8(b) when 1198891 lt 1198892 we say that the quality of service ofthe fixed dummy positions is lower than that of the random
dummy positions We verify that the service quality of DGAis higher than that of random way in Section 52
The coordinate systemof the two-dimensional coordinateorigin is established at the lower left vertex of the grid In theanonymizer there is data of each grid length 119871 in each spatialhierarchy 1198961 and 1198962 both equal to k2 and they represent thenumber of dummypositions to be generated inRCR andFCRrespectively There are two core rules in DGA
Base Rule R1 When 1198961 (or 1198962) le 5 the fixed dummy positionswhen 1198961 (or 1198962) = 1 2 3 4 5 are shown as Figures 9(a)ndash9(e)respectively
(1) When 1198961 (or 1198962) = 1 the dummy position is set at(1198712 1198712) as shown in Figure 9(a)
8 Security and Communication Networks
d1
d2
(a) 1198891 gt 1198892
d1
d2
(b) 1198891 lt 1198892
Figure 8 The shortest distance between the user and the random dummy 1198891 compared to that between the user and the fixed dummy 1198892
(a) 1198961 = 1 (b) 1198961 = 2 (c) 1198961 = 3
(d) 1198961 = 4 (e) 1198961 = 5
Figure 9 Base rule 1198771
(2) When 1198961 (or 1198962) = 2 the dummy positions are(1198712 1198714) (1198712 31198714) as shown in Figure 9(b)
(3) When 1198961 (or 1198962) = 3 the dummy positions are(1198714 1198714) (1198712 31198714) (31198714 1198714) as shown in Fig-ure 9(c)
(4) When 1198961 (or 1198962) = 4 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714) asshown in Figure 9(d)
(5) When 1198961 (or 1198962) = 5 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714)(1198712 1198712) as shown in Figure 9(e)
Generalization Rule R2 When 1198961 (or 1198962) = 119899 and 119899 gt 5 wehave the following
First divide the whole region into 4 grids and each valuein the 4 grids is as follows
(1) If 119899 4 = 0 1198994 dummy positions are assigned ineach of the 4 grids
(2) If 119899 4 = 1 (1198994) + 1 1198994 1198994 1198994 dummy positionsare assigned in the 4 grids respectively starting fromthe left upper corner continuing in the clockwisedirection
(3) If 119899 4 = 2 (1198994) + 1 (1198994) + 1 1198994 1198994 dummypositions are assigned in the 4 grids respectively
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
4 Security and Communication Networks
Client Anonymizer LBSPs
QA(qA1 qA2 qA3 qAk)
CRU CRA
QU = (UID k ℎ GID con)
Figure 2 Improved framework of LBSs system
1 2 25 26
18 24 33 45
28 20 22 30
51 43 23 13
(a) Cloaking region isformed by randomlymatching the number ofqueries
1 2 25 26
18 24 33 45
28 20 22 30
51 43 23 13
(b) Cloaking region isformed according to theclosest number of query
Figure 3 Two mechanisms of generating cloaking region
CID NoUThe entire system area (level 0) Hash table
2 times 2 grid structure (level 1)
4 times 4 grid structure (level 2)
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
middot middot middot
Figure 4 Data storage structure
Definition 4 (candidate results to anonymizer 119862119877119860) TheLBSPs return the candidate results to the anonymizer as119862119877119860which is the results of the request for 119896 dummies in the doublecloaking region Each request result corresponds to the DIDof the query request
Definition 5 (candidate results to user119862119877119880) The anonymizerreturns candidate results to the user as 119862119877119880 which onlyincludes the query results of the dummies in the RCR
Definition 6 (quality of service) The quality of serviceobtained by the user is measured by the Euclidean distancebetween the dummy and the user If the user is closerto the dummy position the location of request and theresult are more similar therefore the service quality wouldbe higher Assume that the userrsquos specific position is 119897119906its latitude and longitude coordinate is (119897119900119899119906 119897119886119905119906) and119897119889119894 (119894 = 1 2 3 119896) is the 119894th dummy position its latitudeand longitude coordinate is (119897119900119899119889119894 119897119886119905119889119894) 119903 is the radius of the
Security and Communication Networks 5
earth generally taken as 6371 km The distance between userand dummy is calculated as formula (1)
dis119894 (119897119906 119897119889119894) = 2119903 lowast arcsin (radicsin(1198891198971198861199051198942 )2 + cos (119897119886119905119889119894) lowast cos (119897119886119905119906) lowast sin(1198891198971199001198991198942 )2) (1)
where
119889119897119900119899119894 = 120587 1003816100381610038161003816119897119900119899119889119894 minus 1198971199001198991199061003816100381610038161003816180 119889119897119886119905119894 = 120587 1003816100381610038161003816119897119886119905119889119894 minus 1198971198861199051199061003816100381610038161003816180
(2)
The smaller the value of dis119894(119897119906 119897119889119894) the better the quality ofservice of 119894th dummy and we can take the query result of the119894th dummy as the final query result
Problem Definition We know that the user the anonymousserver and LBSPs share the space division based on quad-treeAnd we also know that the user submits 119876119880 to anonymizerand the anonymizer passes 119876119860 to LBSPs the LBSPs return119862119877119860 to anonymizer and the anonymizer returns 119862119877119880 toclient In this process it is assumed that the anonymizer andLBSPs are not fully credible so the strong attacker is mostlikely to guess the specific location of the user according to thebackground knowledge which includes the number of histor-ical queries and privacy protection mechanism thus causingthe userrsquos privacy to be disclosed The problem that we wantto solve is improving the quality of service experienced by theuser and reducing the computing overhead of the user whenhe accesses the LBSs while ensuring his location security
33 Symbolic Correspondence For simplicity we list thenotations used in this paper as Notation section shows
4 Privacy-Preserving Framework andAlgorithms for LBSs
41 Approach Overview In order to protect the userrsquos reallocation which is contained in the query request we employthe double cloaking region mechanism The double cloakingregion includes real cloaking region (RCR) and fake cloakingregion (FCR) The RCR is the userrsquos grid and the anonymizergenerates FCR by dynamic clustering method FRC has threemain functions (1) FCR andRCR together generate 119896 dummypositions to reach 119896-anonymous requirements (2) FCR andRCR form a double cloaking region against strong-attacks(3) when the anonymizer returns the candidate results to theclient the candidate results of the request for the dummiesin the FCR are filtered directly The dummies in the doublecloaking region are sent to the LBSPs to request the service
The whole process of our proposed solution is shownas Figure 5 (the system execution order is demonstrated bythe numbers) (1) a RCR is generated according to the userrsquos
specific location (2) the query request 119876119880 is submitted tothe anonymizer (3) Dynamic Matching Algorithm (DMA)is employed by the anonymizer to generate a FCR accordingto the GID in 119876119880 so that a double cloaking region withsimilar query times is formed (4) k2 dummy positionsare generated in the two regions respectively by using thedummies generation algorithm (DGA) and the two dummysets are denoted DSs1 and DSs2 (5) the query request 119876119860from the dummy positions in DSs1 and DSs2 is submittedto LBSPs together (6) LBSP answers 119862119877119860 according to 119876119860(7) 119862119877119860 are replied to the anonymizer (8) the anonymizerforms 119862119877119880 according to the DIDs (Dummy IDs) in 119862119877119860 tofilter out the query results inDSs1 (9) 119862119877119880 is returned to theclient and the client selects the query result 119902119860119894 of the dummywhose dis119894(119897119906 119897119889119894) is minimum as the query result accordingto formula (1)
In our improved framework there are two importantalgorithms which are dynamic matching algorithm (DMA)and dummies generation algorithm (DGA) and we willillustrate the two algorithms in the following subsections
42 DynamicMatching Algorithm Themain idea of dynamicmatching algorithm (DMA for short) is to separate theregionswith relatively large relatively small and zero numberof queries so that the two regions with obviously differentnumber of queries will not be matched together to form adouble cloaking region As shown in Figure 6(a) the pointsrepresent the positions where users make historical requestsThe position coordinates are projected into a 2D map andthe whole region is divided into 4ℎ grids according to thegeneralization level of space h RCR where the user locatedis represented by the region with black solid line The regionis divided into 9 times 9 grids in Figure 6(a) as an example
As shown in Figure 6(b) first a 4 times 4 grid region whichcontainsRCR is allocated randomly and FCRwill bematchedin this region as well second the number of historical queriesin each grid is counted and stored in a matrix representedby 1198664times4 An example of 1198664times4 is shown in Figure 7 where thenumber of queries in RCR is 25 and the number of historicalqueries in each grid of the 4 times 4 region with black line inFigure 6(b) is also shown
And then the numbers of queries in the 4 times 4 regionare divided into three categories relatively large relativelysmall and zero which are realized by the classical dynamicclustering algorithm [38] To form a double cloaking regionwe remove the region with zero number of queries firstly andthen FCR is only selected randomly from the regions with thenumber in the same category as RCR
6 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 5 The improved framework
(a) The positions where users make historical requests (b) Users are allocated randomly into the 4 times 4 grid region
Figure 6 Historical requests on the map
Take the data in Figure 7 as an exampleDMA first dividesthe number of queries into three categories 14 16 22 2525 27 1 1 1 6 6 8 9 and 0 0 0 respectively Assumethat the query number of the userrsquos region is 25 the FCRmaybe the grid with the query number 22 and the two regionswill form a double cloaking region
The pseudocode of DMA is shown as Algorithm 1
43 Dummies Generation Algorithm The core idea of dum-mies generation algorithm (DGA) is to generate 119896 fixeddummy positions to approximate the userrsquos real positionand it tries to distribute the fixed dummy positions overthe region as evenly as possible and then the answer tothe query request by the user will be approximated by thatfrom the best dummy location It is common to generate
Security and Communication Networks 7
27 14 0 8
25 6 0 6
25 9 1 1
16 22 1 0
Figure 7 Number of historical queries in 4 times 4 region
Input Privacy protection level h Userrsquos grid ID GIDOutput Double Cloaking Region (RCR and FCR)(1) Anonymizer selects the spatial hierarchy according to the privacy protection level h(2) Randomly match the userrsquos grid into a grid region G4times4(3) for query count in G4times4(4) if query count =0 then(5) add query count to Sets(6) end if(7) end for(8) e Sets are randomly divided into set1 and set2 equally(9) Do(10) akg1 = average(set1) akg2 = average(set2)(11) for 119904 in Sets(12) if (s minus akg1)2 lt (s minus akg2)2 then(13) s belong to c1(14) else(15) s belong to c2(16) end if(17) end for(18) while there are changes on the elements in c1 and c2(19) if the number of GID belongs to c1 then(20) FCR isselected randomly from the regions with the number in c1 except RCR(21) else FCR is selected randomly from the regions with the number in c2 except RCR(22) end if(23) return FCR and RCR
Algorithm 1 DMA (dynamic matching algorithm)
dummy positions randomly in the double cloaking regionshowever we propose defining two rules to generate fixeddummy positions according to 119896 In Figure 8 the red solidcircle represents the userrsquos real position and the solid circlesrepresent the fixed dummy positions according to our ruleswhile the dotted circles represent the dummy positionsgenerated randomly As shown in Figure 8(a) when 1198891 gt 1198892that is the shortest distance between the user and the fixeddummy is shorter than that between the user and the randomdummy we say that the quality of service of the fixed dummypositions is higher than that of the random dummy positionsaccording to Definition 6 On the contrary as shown inFigure 8(b) when 1198891 lt 1198892 we say that the quality of service ofthe fixed dummy positions is lower than that of the random
dummy positions We verify that the service quality of DGAis higher than that of random way in Section 52
The coordinate systemof the two-dimensional coordinateorigin is established at the lower left vertex of the grid In theanonymizer there is data of each grid length 119871 in each spatialhierarchy 1198961 and 1198962 both equal to k2 and they represent thenumber of dummypositions to be generated inRCR andFCRrespectively There are two core rules in DGA
Base Rule R1 When 1198961 (or 1198962) le 5 the fixed dummy positionswhen 1198961 (or 1198962) = 1 2 3 4 5 are shown as Figures 9(a)ndash9(e)respectively
(1) When 1198961 (or 1198962) = 1 the dummy position is set at(1198712 1198712) as shown in Figure 9(a)
8 Security and Communication Networks
d1
d2
(a) 1198891 gt 1198892
d1
d2
(b) 1198891 lt 1198892
Figure 8 The shortest distance between the user and the random dummy 1198891 compared to that between the user and the fixed dummy 1198892
(a) 1198961 = 1 (b) 1198961 = 2 (c) 1198961 = 3
(d) 1198961 = 4 (e) 1198961 = 5
Figure 9 Base rule 1198771
(2) When 1198961 (or 1198962) = 2 the dummy positions are(1198712 1198714) (1198712 31198714) as shown in Figure 9(b)
(3) When 1198961 (or 1198962) = 3 the dummy positions are(1198714 1198714) (1198712 31198714) (31198714 1198714) as shown in Fig-ure 9(c)
(4) When 1198961 (or 1198962) = 4 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714) asshown in Figure 9(d)
(5) When 1198961 (or 1198962) = 5 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714)(1198712 1198712) as shown in Figure 9(e)
Generalization Rule R2 When 1198961 (or 1198962) = 119899 and 119899 gt 5 wehave the following
First divide the whole region into 4 grids and each valuein the 4 grids is as follows
(1) If 119899 4 = 0 1198994 dummy positions are assigned ineach of the 4 grids
(2) If 119899 4 = 1 (1198994) + 1 1198994 1198994 1198994 dummy positionsare assigned in the 4 grids respectively starting fromthe left upper corner continuing in the clockwisedirection
(3) If 119899 4 = 2 (1198994) + 1 (1198994) + 1 1198994 1198994 dummypositions are assigned in the 4 grids respectively
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 5
earth generally taken as 6371 km The distance between userand dummy is calculated as formula (1)
dis119894 (119897119906 119897119889119894) = 2119903 lowast arcsin (radicsin(1198891198971198861199051198942 )2 + cos (119897119886119905119889119894) lowast cos (119897119886119905119906) lowast sin(1198891198971199001198991198942 )2) (1)
where
119889119897119900119899119894 = 120587 1003816100381610038161003816119897119900119899119889119894 minus 1198971199001198991199061003816100381610038161003816180 119889119897119886119905119894 = 120587 1003816100381610038161003816119897119886119905119889119894 minus 1198971198861199051199061003816100381610038161003816180
(2)
The smaller the value of dis119894(119897119906 119897119889119894) the better the quality ofservice of 119894th dummy and we can take the query result of the119894th dummy as the final query result
Problem Definition We know that the user the anonymousserver and LBSPs share the space division based on quad-treeAnd we also know that the user submits 119876119880 to anonymizerand the anonymizer passes 119876119860 to LBSPs the LBSPs return119862119877119860 to anonymizer and the anonymizer returns 119862119877119880 toclient In this process it is assumed that the anonymizer andLBSPs are not fully credible so the strong attacker is mostlikely to guess the specific location of the user according to thebackground knowledge which includes the number of histor-ical queries and privacy protection mechanism thus causingthe userrsquos privacy to be disclosed The problem that we wantto solve is improving the quality of service experienced by theuser and reducing the computing overhead of the user whenhe accesses the LBSs while ensuring his location security
33 Symbolic Correspondence For simplicity we list thenotations used in this paper as Notation section shows
4 Privacy-Preserving Framework andAlgorithms for LBSs
41 Approach Overview In order to protect the userrsquos reallocation which is contained in the query request we employthe double cloaking region mechanism The double cloakingregion includes real cloaking region (RCR) and fake cloakingregion (FCR) The RCR is the userrsquos grid and the anonymizergenerates FCR by dynamic clustering method FRC has threemain functions (1) FCR andRCR together generate 119896 dummypositions to reach 119896-anonymous requirements (2) FCR andRCR form a double cloaking region against strong-attacks(3) when the anonymizer returns the candidate results to theclient the candidate results of the request for the dummiesin the FCR are filtered directly The dummies in the doublecloaking region are sent to the LBSPs to request the service
The whole process of our proposed solution is shownas Figure 5 (the system execution order is demonstrated bythe numbers) (1) a RCR is generated according to the userrsquos
specific location (2) the query request 119876119880 is submitted tothe anonymizer (3) Dynamic Matching Algorithm (DMA)is employed by the anonymizer to generate a FCR accordingto the GID in 119876119880 so that a double cloaking region withsimilar query times is formed (4) k2 dummy positionsare generated in the two regions respectively by using thedummies generation algorithm (DGA) and the two dummysets are denoted DSs1 and DSs2 (5) the query request 119876119860from the dummy positions in DSs1 and DSs2 is submittedto LBSPs together (6) LBSP answers 119862119877119860 according to 119876119860(7) 119862119877119860 are replied to the anonymizer (8) the anonymizerforms 119862119877119880 according to the DIDs (Dummy IDs) in 119862119877119860 tofilter out the query results inDSs1 (9) 119862119877119880 is returned to theclient and the client selects the query result 119902119860119894 of the dummywhose dis119894(119897119906 119897119889119894) is minimum as the query result accordingto formula (1)
In our improved framework there are two importantalgorithms which are dynamic matching algorithm (DMA)and dummies generation algorithm (DGA) and we willillustrate the two algorithms in the following subsections
42 DynamicMatching Algorithm Themain idea of dynamicmatching algorithm (DMA for short) is to separate theregionswith relatively large relatively small and zero numberof queries so that the two regions with obviously differentnumber of queries will not be matched together to form adouble cloaking region As shown in Figure 6(a) the pointsrepresent the positions where users make historical requestsThe position coordinates are projected into a 2D map andthe whole region is divided into 4ℎ grids according to thegeneralization level of space h RCR where the user locatedis represented by the region with black solid line The regionis divided into 9 times 9 grids in Figure 6(a) as an example
As shown in Figure 6(b) first a 4 times 4 grid region whichcontainsRCR is allocated randomly and FCRwill bematchedin this region as well second the number of historical queriesin each grid is counted and stored in a matrix representedby 1198664times4 An example of 1198664times4 is shown in Figure 7 where thenumber of queries in RCR is 25 and the number of historicalqueries in each grid of the 4 times 4 region with black line inFigure 6(b) is also shown
And then the numbers of queries in the 4 times 4 regionare divided into three categories relatively large relativelysmall and zero which are realized by the classical dynamicclustering algorithm [38] To form a double cloaking regionwe remove the region with zero number of queries firstly andthen FCR is only selected randomly from the regions with thenumber in the same category as RCR
6 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 5 The improved framework
(a) The positions where users make historical requests (b) Users are allocated randomly into the 4 times 4 grid region
Figure 6 Historical requests on the map
Take the data in Figure 7 as an exampleDMA first dividesthe number of queries into three categories 14 16 22 2525 27 1 1 1 6 6 8 9 and 0 0 0 respectively Assumethat the query number of the userrsquos region is 25 the FCRmaybe the grid with the query number 22 and the two regionswill form a double cloaking region
The pseudocode of DMA is shown as Algorithm 1
43 Dummies Generation Algorithm The core idea of dum-mies generation algorithm (DGA) is to generate 119896 fixeddummy positions to approximate the userrsquos real positionand it tries to distribute the fixed dummy positions overthe region as evenly as possible and then the answer tothe query request by the user will be approximated by thatfrom the best dummy location It is common to generate
Security and Communication Networks 7
27 14 0 8
25 6 0 6
25 9 1 1
16 22 1 0
Figure 7 Number of historical queries in 4 times 4 region
Input Privacy protection level h Userrsquos grid ID GIDOutput Double Cloaking Region (RCR and FCR)(1) Anonymizer selects the spatial hierarchy according to the privacy protection level h(2) Randomly match the userrsquos grid into a grid region G4times4(3) for query count in G4times4(4) if query count =0 then(5) add query count to Sets(6) end if(7) end for(8) e Sets are randomly divided into set1 and set2 equally(9) Do(10) akg1 = average(set1) akg2 = average(set2)(11) for 119904 in Sets(12) if (s minus akg1)2 lt (s minus akg2)2 then(13) s belong to c1(14) else(15) s belong to c2(16) end if(17) end for(18) while there are changes on the elements in c1 and c2(19) if the number of GID belongs to c1 then(20) FCR isselected randomly from the regions with the number in c1 except RCR(21) else FCR is selected randomly from the regions with the number in c2 except RCR(22) end if(23) return FCR and RCR
Algorithm 1 DMA (dynamic matching algorithm)
dummy positions randomly in the double cloaking regionshowever we propose defining two rules to generate fixeddummy positions according to 119896 In Figure 8 the red solidcircle represents the userrsquos real position and the solid circlesrepresent the fixed dummy positions according to our ruleswhile the dotted circles represent the dummy positionsgenerated randomly As shown in Figure 8(a) when 1198891 gt 1198892that is the shortest distance between the user and the fixeddummy is shorter than that between the user and the randomdummy we say that the quality of service of the fixed dummypositions is higher than that of the random dummy positionsaccording to Definition 6 On the contrary as shown inFigure 8(b) when 1198891 lt 1198892 we say that the quality of service ofthe fixed dummy positions is lower than that of the random
dummy positions We verify that the service quality of DGAis higher than that of random way in Section 52
The coordinate systemof the two-dimensional coordinateorigin is established at the lower left vertex of the grid In theanonymizer there is data of each grid length 119871 in each spatialhierarchy 1198961 and 1198962 both equal to k2 and they represent thenumber of dummypositions to be generated inRCR andFCRrespectively There are two core rules in DGA
Base Rule R1 When 1198961 (or 1198962) le 5 the fixed dummy positionswhen 1198961 (or 1198962) = 1 2 3 4 5 are shown as Figures 9(a)ndash9(e)respectively
(1) When 1198961 (or 1198962) = 1 the dummy position is set at(1198712 1198712) as shown in Figure 9(a)
8 Security and Communication Networks
d1
d2
(a) 1198891 gt 1198892
d1
d2
(b) 1198891 lt 1198892
Figure 8 The shortest distance between the user and the random dummy 1198891 compared to that between the user and the fixed dummy 1198892
(a) 1198961 = 1 (b) 1198961 = 2 (c) 1198961 = 3
(d) 1198961 = 4 (e) 1198961 = 5
Figure 9 Base rule 1198771
(2) When 1198961 (or 1198962) = 2 the dummy positions are(1198712 1198714) (1198712 31198714) as shown in Figure 9(b)
(3) When 1198961 (or 1198962) = 3 the dummy positions are(1198714 1198714) (1198712 31198714) (31198714 1198714) as shown in Fig-ure 9(c)
(4) When 1198961 (or 1198962) = 4 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714) asshown in Figure 9(d)
(5) When 1198961 (or 1198962) = 5 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714)(1198712 1198712) as shown in Figure 9(e)
Generalization Rule R2 When 1198961 (or 1198962) = 119899 and 119899 gt 5 wehave the following
First divide the whole region into 4 grids and each valuein the 4 grids is as follows
(1) If 119899 4 = 0 1198994 dummy positions are assigned ineach of the 4 grids
(2) If 119899 4 = 1 (1198994) + 1 1198994 1198994 1198994 dummy positionsare assigned in the 4 grids respectively starting fromthe left upper corner continuing in the clockwisedirection
(3) If 119899 4 = 2 (1198994) + 1 (1198994) + 1 1198994 1198994 dummypositions are assigned in the 4 grids respectively
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
6 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 5 The improved framework
(a) The positions where users make historical requests (b) Users are allocated randomly into the 4 times 4 grid region
Figure 6 Historical requests on the map
Take the data in Figure 7 as an exampleDMA first dividesthe number of queries into three categories 14 16 22 2525 27 1 1 1 6 6 8 9 and 0 0 0 respectively Assumethat the query number of the userrsquos region is 25 the FCRmaybe the grid with the query number 22 and the two regionswill form a double cloaking region
The pseudocode of DMA is shown as Algorithm 1
43 Dummies Generation Algorithm The core idea of dum-mies generation algorithm (DGA) is to generate 119896 fixeddummy positions to approximate the userrsquos real positionand it tries to distribute the fixed dummy positions overthe region as evenly as possible and then the answer tothe query request by the user will be approximated by thatfrom the best dummy location It is common to generate
Security and Communication Networks 7
27 14 0 8
25 6 0 6
25 9 1 1
16 22 1 0
Figure 7 Number of historical queries in 4 times 4 region
Input Privacy protection level h Userrsquos grid ID GIDOutput Double Cloaking Region (RCR and FCR)(1) Anonymizer selects the spatial hierarchy according to the privacy protection level h(2) Randomly match the userrsquos grid into a grid region G4times4(3) for query count in G4times4(4) if query count =0 then(5) add query count to Sets(6) end if(7) end for(8) e Sets are randomly divided into set1 and set2 equally(9) Do(10) akg1 = average(set1) akg2 = average(set2)(11) for 119904 in Sets(12) if (s minus akg1)2 lt (s minus akg2)2 then(13) s belong to c1(14) else(15) s belong to c2(16) end if(17) end for(18) while there are changes on the elements in c1 and c2(19) if the number of GID belongs to c1 then(20) FCR isselected randomly from the regions with the number in c1 except RCR(21) else FCR is selected randomly from the regions with the number in c2 except RCR(22) end if(23) return FCR and RCR
Algorithm 1 DMA (dynamic matching algorithm)
dummy positions randomly in the double cloaking regionshowever we propose defining two rules to generate fixeddummy positions according to 119896 In Figure 8 the red solidcircle represents the userrsquos real position and the solid circlesrepresent the fixed dummy positions according to our ruleswhile the dotted circles represent the dummy positionsgenerated randomly As shown in Figure 8(a) when 1198891 gt 1198892that is the shortest distance between the user and the fixeddummy is shorter than that between the user and the randomdummy we say that the quality of service of the fixed dummypositions is higher than that of the random dummy positionsaccording to Definition 6 On the contrary as shown inFigure 8(b) when 1198891 lt 1198892 we say that the quality of service ofthe fixed dummy positions is lower than that of the random
dummy positions We verify that the service quality of DGAis higher than that of random way in Section 52
The coordinate systemof the two-dimensional coordinateorigin is established at the lower left vertex of the grid In theanonymizer there is data of each grid length 119871 in each spatialhierarchy 1198961 and 1198962 both equal to k2 and they represent thenumber of dummypositions to be generated inRCR andFCRrespectively There are two core rules in DGA
Base Rule R1 When 1198961 (or 1198962) le 5 the fixed dummy positionswhen 1198961 (or 1198962) = 1 2 3 4 5 are shown as Figures 9(a)ndash9(e)respectively
(1) When 1198961 (or 1198962) = 1 the dummy position is set at(1198712 1198712) as shown in Figure 9(a)
8 Security and Communication Networks
d1
d2
(a) 1198891 gt 1198892
d1
d2
(b) 1198891 lt 1198892
Figure 8 The shortest distance between the user and the random dummy 1198891 compared to that between the user and the fixed dummy 1198892
(a) 1198961 = 1 (b) 1198961 = 2 (c) 1198961 = 3
(d) 1198961 = 4 (e) 1198961 = 5
Figure 9 Base rule 1198771
(2) When 1198961 (or 1198962) = 2 the dummy positions are(1198712 1198714) (1198712 31198714) as shown in Figure 9(b)
(3) When 1198961 (or 1198962) = 3 the dummy positions are(1198714 1198714) (1198712 31198714) (31198714 1198714) as shown in Fig-ure 9(c)
(4) When 1198961 (or 1198962) = 4 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714) asshown in Figure 9(d)
(5) When 1198961 (or 1198962) = 5 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714)(1198712 1198712) as shown in Figure 9(e)
Generalization Rule R2 When 1198961 (or 1198962) = 119899 and 119899 gt 5 wehave the following
First divide the whole region into 4 grids and each valuein the 4 grids is as follows
(1) If 119899 4 = 0 1198994 dummy positions are assigned ineach of the 4 grids
(2) If 119899 4 = 1 (1198994) + 1 1198994 1198994 1198994 dummy positionsare assigned in the 4 grids respectively starting fromthe left upper corner continuing in the clockwisedirection
(3) If 119899 4 = 2 (1198994) + 1 (1198994) + 1 1198994 1198994 dummypositions are assigned in the 4 grids respectively
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 7
27 14 0 8
25 6 0 6
25 9 1 1
16 22 1 0
Figure 7 Number of historical queries in 4 times 4 region
Input Privacy protection level h Userrsquos grid ID GIDOutput Double Cloaking Region (RCR and FCR)(1) Anonymizer selects the spatial hierarchy according to the privacy protection level h(2) Randomly match the userrsquos grid into a grid region G4times4(3) for query count in G4times4(4) if query count =0 then(5) add query count to Sets(6) end if(7) end for(8) e Sets are randomly divided into set1 and set2 equally(9) Do(10) akg1 = average(set1) akg2 = average(set2)(11) for 119904 in Sets(12) if (s minus akg1)2 lt (s minus akg2)2 then(13) s belong to c1(14) else(15) s belong to c2(16) end if(17) end for(18) while there are changes on the elements in c1 and c2(19) if the number of GID belongs to c1 then(20) FCR isselected randomly from the regions with the number in c1 except RCR(21) else FCR is selected randomly from the regions with the number in c2 except RCR(22) end if(23) return FCR and RCR
Algorithm 1 DMA (dynamic matching algorithm)
dummy positions randomly in the double cloaking regionshowever we propose defining two rules to generate fixeddummy positions according to 119896 In Figure 8 the red solidcircle represents the userrsquos real position and the solid circlesrepresent the fixed dummy positions according to our ruleswhile the dotted circles represent the dummy positionsgenerated randomly As shown in Figure 8(a) when 1198891 gt 1198892that is the shortest distance between the user and the fixeddummy is shorter than that between the user and the randomdummy we say that the quality of service of the fixed dummypositions is higher than that of the random dummy positionsaccording to Definition 6 On the contrary as shown inFigure 8(b) when 1198891 lt 1198892 we say that the quality of service ofthe fixed dummy positions is lower than that of the random
dummy positions We verify that the service quality of DGAis higher than that of random way in Section 52
The coordinate systemof the two-dimensional coordinateorigin is established at the lower left vertex of the grid In theanonymizer there is data of each grid length 119871 in each spatialhierarchy 1198961 and 1198962 both equal to k2 and they represent thenumber of dummypositions to be generated inRCR andFCRrespectively There are two core rules in DGA
Base Rule R1 When 1198961 (or 1198962) le 5 the fixed dummy positionswhen 1198961 (or 1198962) = 1 2 3 4 5 are shown as Figures 9(a)ndash9(e)respectively
(1) When 1198961 (or 1198962) = 1 the dummy position is set at(1198712 1198712) as shown in Figure 9(a)
8 Security and Communication Networks
d1
d2
(a) 1198891 gt 1198892
d1
d2
(b) 1198891 lt 1198892
Figure 8 The shortest distance between the user and the random dummy 1198891 compared to that between the user and the fixed dummy 1198892
(a) 1198961 = 1 (b) 1198961 = 2 (c) 1198961 = 3
(d) 1198961 = 4 (e) 1198961 = 5
Figure 9 Base rule 1198771
(2) When 1198961 (or 1198962) = 2 the dummy positions are(1198712 1198714) (1198712 31198714) as shown in Figure 9(b)
(3) When 1198961 (or 1198962) = 3 the dummy positions are(1198714 1198714) (1198712 31198714) (31198714 1198714) as shown in Fig-ure 9(c)
(4) When 1198961 (or 1198962) = 4 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714) asshown in Figure 9(d)
(5) When 1198961 (or 1198962) = 5 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714)(1198712 1198712) as shown in Figure 9(e)
Generalization Rule R2 When 1198961 (or 1198962) = 119899 and 119899 gt 5 wehave the following
First divide the whole region into 4 grids and each valuein the 4 grids is as follows
(1) If 119899 4 = 0 1198994 dummy positions are assigned ineach of the 4 grids
(2) If 119899 4 = 1 (1198994) + 1 1198994 1198994 1198994 dummy positionsare assigned in the 4 grids respectively starting fromthe left upper corner continuing in the clockwisedirection
(3) If 119899 4 = 2 (1198994) + 1 (1198994) + 1 1198994 1198994 dummypositions are assigned in the 4 grids respectively
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
8 Security and Communication Networks
d1
d2
(a) 1198891 gt 1198892
d1
d2
(b) 1198891 lt 1198892
Figure 8 The shortest distance between the user and the random dummy 1198891 compared to that between the user and the fixed dummy 1198892
(a) 1198961 = 1 (b) 1198961 = 2 (c) 1198961 = 3
(d) 1198961 = 4 (e) 1198961 = 5
Figure 9 Base rule 1198771
(2) When 1198961 (or 1198962) = 2 the dummy positions are(1198712 1198714) (1198712 31198714) as shown in Figure 9(b)
(3) When 1198961 (or 1198962) = 3 the dummy positions are(1198714 1198714) (1198712 31198714) (31198714 1198714) as shown in Fig-ure 9(c)
(4) When 1198961 (or 1198962) = 4 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714) asshown in Figure 9(d)
(5) When 1198961 (or 1198962) = 5 the dummy positions are(1198714 1198714) (31198714 1198714) (1198714 31198714) (31198714 31198714)(1198712 1198712) as shown in Figure 9(e)
Generalization Rule R2 When 1198961 (or 1198962) = 119899 and 119899 gt 5 wehave the following
First divide the whole region into 4 grids and each valuein the 4 grids is as follows
(1) If 119899 4 = 0 1198994 dummy positions are assigned ineach of the 4 grids
(2) If 119899 4 = 1 (1198994) + 1 1198994 1198994 1198994 dummy positionsare assigned in the 4 grids respectively starting fromthe left upper corner continuing in the clockwisedirection
(3) If 119899 4 = 2 (1198994) + 1 (1198994) + 1 1198994 1198994 dummypositions are assigned in the 4 grids respectively
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 9
76
75 75
19
1919
5 5
4 5
(a) An initial divisionwhen 119896 = 302
5 5
4 5
5 5 5 5 5 5
5 5 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
5 5
4 5
5 5
4 5
5 5
4 5
5 5
4 4
444
(b) The final division when119896 = 302
Figure 10 An illustrating example of DGA
Inpute value of k in the k-anonymity RCR FCROutput k1 dummies in RCR and k2 dummies in FCR ID at each DummyDID(1) Generate 4lceillog4lceilk15rceilrceil 4lceillog4lceilk25rceilrceil small grids in RCR and FCR(2) Generate fixed dummies in RCR and FCR based on R1 R2(3) Add ID for each dummy(4) return k1 k2 dummies ID at each Dummy DID
Algorithm 2 DGA (dummies generation algorithm)
(4) If 119899 4 = 3 (1198994)+1 (1198994)+1 (1198994)+1 1198994 dummypositions are assigned in the 4 grids respectively
Second if (1198994) + 1 or 1198994 is still larger than 5 repeat thefirst step otherwise follow the base rule 1198771 to distribute thedummy positions
In total 4lceillog4lceiln5rceilrceil small grids will be generated in theregion
Take 1198961 = 302 as an example as shown in Figure 10(1) in the first level of division the region will be dividedinto 4 grids and dummy positions in each grid are 76 7675 and 75 respectively (2) since 76 or 75 is larger than 5in the second level of division the 4 grids will be dividedinto 4 grids further for example the left upper grid with 76will be divided into 4 grids with 19 19 19 and 19 dummypositions respectively and the other three grids follow thesame way (3) since 19 is larger than 5 in the third level ofdivision the grid with 19 will be divided into 4 grids with5 5 5 and 4 dummy positions respectively and the otherthree grids follow the same way (4) since 5 or 4 is not largerthan 5 the division stops and in total 4lceillog4lceilk15rceilrceil = 64 gridsare generated and the generation of fixed positions in the 64small grids follows rule 1198771
According to DGA anonymizer can store DD (Dummiesdata) that satisfies various 119896 values in the database so that thequery requests for services can be responded to quickly Thepseudocode of DGA is shown as Algorithm 2
5 Experiment and Analysis
51 Experiment Setting In this paper we use the historicalGPS sampling point data within the range of 55 km times 35 kminHefei city as historical inquiry points which includesmorethan 60000 sampling points produced by more than 30000people The data consists of ID latitude and longitude in
which ldquoIDrdquo is the userrsquos unique identifier ldquolongituderdquo andldquolatituderdquo together tell the location where the user submitsa query For convenience the experiment selects an area of32 km times 32 km and sets the threshold of edge length 119871 to50m The space is divided into 64 times 64 grids and the spatialregion is divided into 7 layers from 0th to 6th layer
We will compare the dummy algorithm (DA) and naivealgorithm (NA) with our proposed Double Cloaking Algo-rithm (DCA for short which consists of DMA and DGA)As shown in Figure 11 the DA is similar to the DCAprocess except the red box in Figure 11 Specially speakingDCA generates fixed dummy positions according to DGAwhile DA generates random dummy positions in the doublecloaking regionsWe aim to compare the quality of service forDA and DCA
As shown in Figure 12 NA is similar to the DCA processexcept the red boxes in Figure 12 NA does not generatedouble cloaking regions the anonymizer generates 119896 dummypositions directly in the userrsquos region and sends the queries indummies to LBSPs then receives the candidate results fromLBSPs and passes to the user without filtration We aim tocompare the time cost of NA DA and DCA
The coding language is Python and the experiment runswith the 64 bit Windows 10 operating system configured asIntel (R) Core (TM) i5-4590 CPU and 8GB
52 Experimental Result and Analysis
521 The Time Cost of Generating Dummies As shown inFigure 13 when 119896 changeswithin (2 50) the time cost ofDCAfor generating dummy positions is steady always 017msBecause DCA can be divided into two steps DMA and thenDGA the time cost of DMA is not affected by k moreoverthe k-anonymous fixed dummy positions have already beenset and stored so it only needs to choose the fixed positions
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
10 Security and Communication Networks
user
0 10 9 8
18 20 27 26
16 18 22 15
14 9 5 13
Client Anonymizer
LBSPs
GenerateSend toCorrespondence
4
12
3
5
6
789
CRU
CRA
DSs1
DSs2
Figure 11 Dummy algorithm
user
Client Anonymizer
LBSPs
GenerateSend to
4
12
3
5
678CRU
CRA
Figure 12 Naive algorithm
according to k therefore the time cost of DCA is relativelyfixed and remains a constant value
DA can also be divided into two steps the first step isthe same as DCA and the second step is to generate randomdummy positions which should be computed in real time
so it will take more time than DCA to generate each dummyposition and the bigger the value of k the more time it takes
While NA only takes time to generate the 119896 dummypositions randomly when 119896 is less than 28NA takes less timethan DCA when 119896 is equal to 28 DCA and NA spend the
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 11
DCADANA
100
200
300
400
500
Gen
erat
e dum
mie
s cos
t tim
e (in
us)
k
50403020100
Figure 13 Comparison on time cost of generating dummies
DCA
DANA
k
50403020100
0
50
100
150
200
CPU
tim
e con
sum
ptio
n (in
us)
Figure 14 Comparison on time cost of result processing on clientside
same time with the continuous increase of k NA begins totake more time than DCA
522 The Time Cost of Result Processing As shown inFigure 14 the time cost of NA for result processing on theclient side is almost twice as that in DCA and DA Becausewhen the anonymizer sends 119862119877119880 to the client DCA andDA generate the double cloaking regions the 119896 dummypositions are equally distributed into two regions and onlythe candidate results in RCR are returned to the client bythe anonymizer NA generates 119896 dummy positions in onecloaking region the anonymizer returns a set of candidateresults for 119896 dummy positions to the client The number of
DCADANA
k
50403020100
0
20
40
60
80
100
Tota
l tim
e con
sum
ptio
n (in
ms)
Figure 15 Comparison on total time consumption
candidate results in NA is twice of that in DCA and DA inorder to select the optimal dummy position the client needsto calculate the dis119894(119897119906 119897119889119894) between all dummy positions inthe candidate results and the userrsquos specific position So thereis an obvious difference amongNA andDCADA on the timecost of result processing on the client
Please note the experiment is simulated on computer andthe unit of the experimental result is microsecond (us) butin actual environment when the results are processed byclient on smart phones the unit of time cost will fall intomillisecond (ms) level
523 Total Time Consumption In this section we willcompare the total time cost of the three algorithms takinginto account the device performance of the anonymizer andthe client In general the computing power of our PC ismuchbetter than that of phones used by the client Theoreticallythe floating-point computing power of 13 GHz frequencyquad-core ARM processor is about 10MFLOPss and thatof 25 GHz frequency Intel quad-core Q8300 is 25GFLOPssthe two differ 2500 times Due to the different computingpower of different devices we deem conservatively that thecomputing power of PC is 500 times as much as the clientdevice while the computing power of anonymizer is the sameas PC therefore the total time consumption is
Total Time = Time of Generating Dummies + 500times Time of Result Processing (3)
According to formula (3) it can be known that thetime cost on the client side is much larger than that onthe anonymizer and the result processing accounts for themajority percentage of the total time consumption As shownin Figure 15 the total time consumed by NA is about twiceas much as DCA and DA when 119896 is given In terms of time
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
12 Security and Communication Networks
30 35 40 45 50 55 60
Spatial hierarchy (h)
0 5 10 1520
25kminus
Cou
nt
6000
5000
4000
3000
2000
1000
0
7000
ℎ = 3 DAℎ = 3 DCAℎ = 4 DA
ℎ = 4 DCAℎ = 5 DAℎ = 5 DCA
ℎ = 6 DAℎ = 6 DCA
Figure 16 Comparison on the probability of getting better quality of service
efficiency DCA and DA are better than NA Since NA doesnot generate double cloaking regions its privacy protectioncapability is weaker than DCA and DA and in the nextexperiment we only compare DCA and DA
524 Comparison onQuality of Service betweenDCAandDAIn order to compareDCA andDA on the quality of service wefirst conduct 10000 times of experiments on different valuesof ℎ and k and count the times when 1198891 gt 1198892and 1198891 lt 1198892 asshown in Figures 8(a) and 8(b) As shown in Figure 16 given119896 and h for the 10000 experiment if 1198891 gt 1198892 the count ofDCA adds 1 if 1198891 lt 1198892 the count of DA adds 1
When ℎ is specific while 119896 varies between (1 25) thecount of DGA ranges between 6000 and 7200 and the countof DA ranges between 2800 and 4000 when ℎ varies thecount range of DGA and DA does not change much becausealthough ℎ becomes larger and 119871 becomes smaller in thecloaking region the ratio of the fixed dummy positions to119871 stays the same and the position of the random dummypositions is also independent of L
In summary DCA has a greater probability of gettingbetter quality of service than DA
We further compare the average quality of service ofDCAandDAWe conduct 10000 times of experiments on differentvalues of ℎ and k and compute the average quality of serviceIn the experiment k ranges from 1 to 25 and ℎ ranges from3 to 6 According to Definition 6 we can see that the smallerthe distance from the user the better the quality of service InFigures 17(a)ndash17(d) with the decrease of h the average qualityof service of DCA and DA is decreasing but the averagequality of service of DCA is always better than DA Withthe increase of k the average quality of service of DCA andDA is increasing and when 119896 is larger than 15 the trendof increasing becomes slow In summary DCA has a betteraverage quality of service than DA
6 Conclusion
In this paper we propose an improved privacy-preservingframework for location-based services based on doublecloaking regions with supplementary information con-straints Compared to previous work our method is effectivein solving the strong attack with supplementary informationand comparing to generating random dummy positionsgenerating fixed ones improves the service quality but reducesthe computational overhead for the client However when thedistribution of the information data is extremely nonuniformthe dynamic matching algorithm is difficult to match theregion of similar information and forms double cloakingregions with the userrsquos region In the future we plan toimprove the dynamic matching algorithm in addition wewill consider the continuous query requests of the mobileuser
Notations
LBSPs Location-Based Services ProvidersGID Grid IDDIDs Dummies IDsUID User ID119876119880 A set of query requests submitted by the
user to the Anonymizer119876119860 A set of query requests passed by theAnonymizer to LBSPs119862119877119860 The set of candidate results sent by LBSPsto Anonymizer119862119877119880 The set of candidate results sent byAnonymizer to Client1198664times4 RCR randomly matches into the grid of4 times 4ℎ Spatial hierarchy
LS Level saturated
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 13
DCADA
5
10
15
20
25
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(a) ℎ = 6
DCADA
10
20
30
40
50
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
5 10 15 20 250
k1
(b) ℎ = 5
DCADA
20
40
60
80
100
Aver
age m
inim
um d
istan
ce to
the u
ser (
m)
0 10 15 20 255
k1
(c) ℎ = 4
DCADA
5 10 15 20 250
k1
25
50
75
100
125
150
175
200Av
erag
e min
imum
dist
ance
to th
e use
r (m
)
(d) ℎ = 3
Figure 17 Comparison on the average quality of service
dis119894(119897119906 119897119889119894) Euclidean distance between user anddummy
DD Dummies Data
Conflicts of Interest
The authors declare that they have no conflicts of interest
Acknowledgments
The research is supported by ldquoNational Natural ScienceFoundation ofChinardquo (no 61772560) ldquoNatural Science Foun-dation of Hunan Provincerdquo (no 2016JJ3154) ldquoKey SupportProjects of Shanghai Science and Technology Committeerdquo(no 16010500100) ldquoScientific Research Project for Professorsin Central South University Chinardquo (no 904010001) and
ldquoInnovation Project for Graduate Students in Central SouthUniversityrdquo (no 1053320170313)
References
[1] D Vatsalan Z Sehili P Christen et al Privacy-PreservingRecord Linkage for Big Data Current Approaches and ResearchChallenges Handbook of Big Data Technologies SpringerInternational Publishing 2017 851ndash895
[2] H Ye X Cheng M Yuan L Xu J Gao and C Cheng ldquoAsurvey of security and privacy in big datardquo in Proceedingsof the 16th International Symposium on Communications andInformation Technologies ISCIT 2016 pp 268ndash272 QingdaoChina September 2016
[3] A Jakobik Big Data Security Resource Management forBig Data Platforms Springer International Publishing 2016241ndash261
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
14 Security and Communication Networks
[4] M Gruteser and D Grunwald ldquoAnonymous usage of location-based services through spatial and temporal cloakingrdquo in Pro-ceedings of the 1st International Conference on Mobile SystemsApplications and Services pp 31ndash42 ACM San Francisco CalifUSA May 2003
[5] M L Yiu C S Jensen X Huang and H Lu ldquoSpaceTwistmanaging the trade-offs among location privacy query perfor-mance and query accuracy in mobile servicesrdquo in Proceedingsof the IEEE 24th International Conference on Data Engineering(ICDE rsquo08) pp 366ndash375 IEEE Press Cancun Mexico April2008
[6] M Mokbel F C Chow Y and G Aref W ldquoThe new casperQuery processing for location services without compromisingprivacyrdquo in Proceedings of the 32nd international conference onVery large data bases pp 763ndash774 VLDB Endowment 2006
[7] X Pan J L Xu and X F Meng ldquoProtecting location privacyagainst location-dependent attacks in mobile servicesrdquo IEEETransactions on Knowledge and Data Engineering vol 24 no8 pp 1506ndash1519 2012
[8] X Zhu H Chi B NiuW Zhang Z Li and H Li ldquoMobiCacheWhen k-anonymity meets cacherdquo in Proceedings of the 2013IEEE Global Communications Conference GLOBECOM 2013pp 820ndash825 IEEE Atlanta GA USA December 2013
[9] Y Wang D Xu X He C Zhang F Li and B Xu ldquoL2P2location-aware location privacy protection for location-basedservicesrdquo in Proceedings of the IEEE Conference on Com-puter Communications (INFOCOM rsquo12) pp 1996ndash2004 IEEEOrlando Fla USA March 2012
[10] T Hashem L Kulik and R Zhang ldquoCountering overlappingrectangle privacy attack for moving kNN queriesrdquo InformationSystems vol 38 no 3 pp 430ndash453 2013
[11] B Yao F Li and X Xiao ldquoSecure nearest neighbor revisitedrdquo inProceedings of the IEEE 29th International Conference on DataEngineering (ICDE rsquo13) pp 733ndash744 IEEE Brisbane AustraliaApril 2013
[12] A Khoshgozaran C Shahabi and H Shirani-Mehr ldquoLocationprivacy Going beyond K-anonymity cloaking and anonymiz-ersrdquoKnowledge and Information Systems vol 26 no 3 pp 435ndash465 2011
[13] R Shokri G Theodorakopoulos P Papadimitratos E Kazemiand J-P Hubaux ldquoHiding in the mobile crowd Location pri-vacy through collaborationrdquo IEEE Transactions on Dependableand Secure Computing vol 11 no 3 pp 266ndash279 2014
[14] Y Elmehdwi B K Samanthula andW Jiang ldquoSecure k-nearestneighbor query over encrypted data in outsourced environ-mentsrdquo in Proceedings of the 30th IEEE International Conferenceon Data Engineering (ICDE rsquo14) pp 664ndash675 Chicago IL USAApril 2014
[15] H Hu and J Xu ldquoNon-exposure location anonymityrdquo inProceedings of the 25th IEEE International Conference on DataEngineering ICDE 2009 pp 1120ndash1131 Shanghai China April2009
[16] B Gedik and L Liu A Customizable k-Anonymity Model forProtecting Location Privacy Georgia Institute of Technology2004
[17] C-Y Chow M F Mokbel and W G Aref ldquoCasper queryprocessing for location serviceswithout compromising privacyrdquoACM Transactions on Database Systems (TODS) vol 34 no 4article 24 2009
[18] H Jin and P Papadimitratos ldquoResilient privacy protection forlocation-based services through decentralizationrdquo in Proceed-ings of the the 10th ACMConference pp 253ndash258 Boston MassUSA July 2017
[19] H Jadallah and Z Al Aghbari ldquoAman Spatial cloaking forprivacy-aware location-based queries in the cloudrdquo in Proceed-ings of the International Conference on Internet of Things andCloud Computing ICC 2016 New York NY USA March 2016
[20] F-Y Tai J-K Song Y-C Tsai and H-P Tsai ldquoCloaking sensi-tive patterns Td preserve location privacy for LBS applicationsrdquoin Proceedings of the 3rd IEEE International Conference onConsumer Electronics-Taiwan ICCE-TW 2016 Nantou TaiwanMay 2016
[21] X Chen and J Pang ldquoMeasuring query privacy in location-based servicesrdquo in Proceedings of the the secondACM conferencepp 49ndash60 San Antonio Tex USA Feburary 2012
[22] M Li Z Qin and C Wang ldquoSensitive semantics-aware per-sonality cloaking on road-network environmentrdquo InternationalJournal of Security and Its Applications vol 8 no 1 pp 133ndash1462014
[23] Y Huang Z Huo and X-F Meng ldquoCoprivacy a collaborativelocation privacy-preserving method without cloaking regionrdquoChinese Journal of Computers vol 34 no 10 pp 1976ndash1985 2011
[24] Y Cai and G Xu Cloaking with Footprints to Provide LocationPrivacy Protection in Location-Based Services US Patent 2017
[25] C Li and B Palanisamy ldquoDe-anonymizable location cloakingfor privacy-controlled mobile systemsrdquo in Proceedings of theInternational Conference on Network and System Security pp449ndash458 Springer Cham Switzerland
[26] H Kido Y Yanagisawa and T Satoh ldquoAn anonymous commu-nication technique using dummies for location-based servicesrdquoin Proceedings of the 2nd International Conference on PervasiveServices (ICPS rsquo05) pp 88ndash97 IEEE Press Santorini GreeceJuly 2005
[27] H Kido Y Yanagisawa and T Satoh ldquoProtection of locationprivacy using dummies for location-based servicesrdquo in Proceed-ings of the 21st International Conference on Data EngineeringWorkshops (ICDEW rsquo05) p 1248 Tokyo Japan April 2005
[28] M Guo N Pissinou and S S Iyengar ldquoPseudonym-basedanonymity zone generation for mobile service with strongadversary modelrdquo in Proceedings of the 2015 12th Annual IEEEConsumer Communications and Networking Conference CCNC2015 pp 335ndash340 Las Vegas NV USA January 2015
[29] B Palanisamy and L Liu ldquoAttack-resilient mix-zones over roadnetworks Architecture and algorithmsrdquo IEEE Transactions onMobile Computing vol 14 no 3 pp 495ndash508 2015
[30] B Niu Z Zhang X Li and H Li ldquoPrivacy-area aware dummygeneration algorithms for location-based servicesrdquo in Proceed-ings of the1st IEEE International Conference onCommunicationsICC ( rsquo14) pp 957ndash962 Sydney Australia June 2014
[31] S Papadopoulos S Bakiras andD Papadias ldquoNearest neighborsearch with strong location privacyrdquo in Proceedings of the VLDBEndowment pp 619ndash629
[32] K Mouratidis and M L Yiu ldquoShortest path computationwith no information leakagerdquo in Proceedings of the VLDBEndowment pp 692ndash703
[33] Z Liao L Kong XWang et al ldquoA visual analytics approach fordetecting and understanding anomalous resident behaviors insmart healthcarerdquo Applied Sciences (Switzerland) vol 7 no 3article no 254 2017
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Security and Communication Networks 15
[34] A Khoshgozaran and C Shahabi ldquoBlind evaluation of nearestneighbor queries using space transformation to preserve loca-tion privacyrdquo Advances in Spatial and Temporal Databases pp239ndash257 2007
[35] R Paulet M G Kaosar X Yi and E Bertino ldquoPrivacy-preserving and content-protecting location based queriesrdquoIEEE Transactions on Knowledge and Data Engineering vol 26no 5 pp 1200ndash1210 2014
[36] R Lu X Lin Z Shi and J Shao ldquoPLAM A privacy-preservingframework for local-area mobile social networksrdquo in Proceed-ings of the 33rd IEEE Conference on Computer CommunicationsIEEE INFOCOM 2014 pp 763ndash771 Canada May 2014
[37] Z Fu X Sun Q Liu L Zhou and J Shu ldquoAchieving effi-cient cloud search services multi-keyword ranked search overencrypted cloud data supporting parallel computingrdquo IEICETransactions on Communications vol 98 no 1 pp 190ndash2002015
[38] R Verde F A T Carvalho and Y Lechevallier A DynamicalClustering Algorithm for Multi-Nominal Data Data AnalysisClassification andRelatedMethods Springer Berlin Germany2000
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal of
Volume 201
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 201
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
![A Framework for Vulnerability Detection in European Train ...SecurityandCommunicationNetworks seriousweaknessesinthecipherwereidentied[]. Hence, rainbowtablesabletodecryptencryptedmessagesareavail-ableontheInternet](https://img.dokumen.tips/doc/110x75/6108f00e4b814b4ab9651574/a-framework-for-vulnerability-detection-in-european-train-securityandcommunicationnetworks.jpg)
