A Spatial Cloaking Framework A Spatial Cloaking Framework A Spatial Cloaking Framework A Spatial Cloaking Framework based on Range Search for based on Range Search for Nearest Nearest Neighbor Neighbor Search Search Hyoungshick Kim Hyoungshick Kim Computer Laboratory Computer Laboratory p p y y University of University of Cambridge Cambridge
Nearest Nearest Nearest Neighbor Nearest Neighbor Neighbor Query Neighbor Query Query Query Where is the nearest POI (e.g. gas station) ? Where is the nearest POI (e.g. gas station) ? ( ( g g g g ) ) Query Example: “gas station loc: Query Example: “gas station loc: Cambridge CB3 0FD UK Query Example: gas station loc: Query Example: gas station loc: Cambridge CB3 0FD, UK Cambridge CB3 0FD UK” Cambridge CB3 0FD, UK ” 2
Query Privacy Query Privacy Query Privacy Query Privacy 1: Here is “ 1: Here is “Cambridge CB3 0FD, UK” Cambridge CB3 0FD, UK” 2: The nearest gas station is … 2: The nearest gas station is … Service Provider Service Provider User User collects the following information about user: collects the following information about user: I do not want to I do not want to give give User account User account – – physical location physical location User device’s network address User device’s network address – – this information this information this information. this information. physical location physical location In this setting, we assume the service provider is the adversary. In this setting, we assume the service provider is the adversary. 3
How? Use Third Party How? Use Third Party Anonymizer How? Use Third Party How? Use Third Party Anonymizer Anonymizer Anonymizer 1: Query 1: Query 2: Collected 2: Collected queries queries 3: Answer 3: Answer 1: Query 1: Query 2: Collected 2: Collected answers answers 3: Answer 3: Answer Anonymizer Anonymizer Service Provider Service Provider Users Users hides hides the relationship the relationship between between queries and queries and queriers queriers. queriers queriers. Most Most existing Most Most existing existing systems existing systems systems [GG systems [GG GG03 GG03 03, BF 03 BF04 BF04 BF 04, MCA 04 MCA06 MCA MCA06 06, BL 06 BL08 BL BL08 08] are 08] are are designed are designed designed designed under under the the assumption assumption of of trusted trusted anonymizers anonymizers. 4
Limitations of Trusted Limitations of Trusted Anonymizer Limitations of Trusted Limitations of Trusted Anonymizer Anonymizer Anonymizer Major Major redesign redesign of of technologies technologies (e (e. .g g. ., , protocols protocols or or trusted trusted mechanism) mechanism) or ) or business business models models Single Single server server failure/overhead failure/overhead A large A large large number large number number of number of of users of users users users 5
Alternatives Alternatives User Centric Alternatives Alternatives – User Centric User Centric User Centric 1: 1: “Transformed query” “Transformed query” 2: Answer for 2: Answer for “Transformed query” “Transformed query” Service Provider Service Provider User User 3: Find the nearest neighbor from 3: Find the nearest neighbor from the answer for the answer for “transformed “transformed I I cannot infer the user location cannot infer the user location query” query” query” query”. from this “transformed query” from this “transformed query”. . 6
Previous Work Previous Work Previous Work Previous Work False False dummies dummies [KYS [KYS05 05] ] High High communication/processing communication/processing cost cost Transformation Transformation based based on on obfuscated obfuscated map map [ [KS KS07 07] ] Approximate answer Approximate Approximate Approximate answer answer answer A third third party party is is still still required required to to create create an an obfuscated obfuscated map map Transformation based Transformation based on on Private Private Information Information Retrieval Retrieval (PIR) (PIR) [GKKST [GKKST GKKST08 GKKST08 08] 08] Theoretically Theoretically secure secure High High communication/processing communication/processing cost cost Incremental Incremental spatial spatial cloaking cloaking with with a a fake fake dummy dummy [ [YJHL YJHL08 08] ] POIs * from Incremental fetching Incremental fetching POIs from the the service service provider provider with with a fake fake dummy dummy until until the the user user can can produce produce the the exact exact result result Multiple Multiple message message rounds rounds to to stop stop the the incremental incremental search search The user’s The user’s desired desired level level of of privacy privacy (or (or region) region) cannot cannot be be guaranteed guaranteed. . * POI: Point of Interest POI: Point of Interest 7
Our Transformation Our Transformation Our Transformation Our Transformation Control the Control the granularity granularity of of location location query. query. West Cambridge West Cambridge Cambridge CB3 0FD, UK Cambridge CB3 0FD, UK Previously, this approach seems not desirable. Previously, this approach seems not desirable. High communication High High communication High communication cost is required communication cost is required. cost is required. cost is required But, communication cost is dramatically But, communication cost is dramatically decreasing. decreasing. Local search in user device is required. Local search in user device is required. But, computing capability of mobile devices is improving. But, computing capability of mobile devices is improving. 8
Naïve Range Search Query Naïve Range Search Query Naïve Range Search Query Naïve Range Search Query 1: A range (center, radius) 1: A range (center, radius) s 3 s 2 q 2: POIs within the range 2: POIs within the range { S 1 , , S 2 } s 1 3: Choose the nearest neighbor 3: Choose the nearest neighbor S 1 . g 1 s 3 s 2 q S 1 is S is is not is not not the not the the correct the correct correct answer correct answer answer answer. s 1 9
How Can We Prevent It? How Can We Prevent It? How Can We Prevent It? How Can We Prevent It? Increase the Increase Increase the Increase the size the size size of size of of range of range range window range window window. window 1. 1. 1 Communication cost is increasing depending on Communication cost is increasing depending on Communication cost is increasing depending on Communication cost is increasing depending on the size of window. the size of window. q A user cannot determine the optimal window A user cannot determine the optimal window size to guarantee the nearest neighbor. size to guarantee the nearest neighbor. Create the Create Create the Create the range the range range window range window window to window to to locate to locate locate q near locate q near near the near the the center the center center of center of of of 2. 2. 2. 2. the the window window. . This technique may give the information about This technique may give the information about the position the position q . q 10
Our Approach Our Approach Our Approach Our Approach 11
Our Our challenging challenging issues g g g g issues are are how how how to how to to find to find find the find the the optimal the optimal optimal range optimal range range window range window window window. • • Use Use the the local local Voronoi Voronoi diagram diagram how how to to guarantee guarantee that that the the user user can can be be • uniformly uniformly located uniformly uniformly located located at located at at any at any any position any position position within position within within within the the window window. . Use Use the Use Use the the fake the fake fake (random) fake (random) (random) query (random) query query position query position position position 12
Voronoi Voronoi Diagram Voronoi Voronoi Diagram Diagram Diagram Subdivision of plane (space) into cells Subdivision of plane (space) into cells S = { S 1 , S 2 ,… S n } points in the plane V ( S i ) = { x : d( x , S i ) < d( x , S j ) for all j ≠ i } x The position The position p x ’s ’s the nearest the nearest S i neighbor neighbor is is S i .
Proposed Framework Proposed Framework Proposed Framework Proposed Framework 1: Given a security parameter 1: Given a security parameter r , , generate a random circle generate a random circle including including q with the radius with the radius r . 3: Compute the intersected 3: Compute the intersected Voronoi Voronoi cells. cells. 2: Random circle ( 2: Random circle ( q ’ 2: Random circle ( 2: Random circle ( q , ’ r ) , r ) r q s 3 q’ q’ s 2 q q 4: { S 1 S 2 S 3 } 4: { 4: { 4: { S 1 , , S 2 , , S 3 } 2 5: Choose the nearest 5: Choose the nearest s 1 neighbor S 3 . neighbor g 3 The The The adversary The adversary adversary cannot adversary cannot cannot obtain cannot obtain obtain the obtain the the information the information information about information about about about q except except that that it it is is located located with with the the circle circle. . 14
Recommend
More recommend
