Oblivious Location-Based Service Query

07/05/2019
by   Jinguang Han, et al.
Queen's University Belfast
0

Privacy-preserving location-base services (LBS) have been proposed to protect users' location privacy. However, there are still some problems in existing schemes: (1) a semi-trusted third party (TTP) is required; or (2) both the computation cost and communication cost to generate a query are linear in the size of the queried area. In this paper, to improve query efficiency, an oblivious location-based service query (OLBSQ) scheme is proposed. Our scheme captures the following features: (1) a semi-trusted TTP is not required; (2) a user can query services from a service provider without revealing her exact location; (3) the service provider can only know the size of a query made by a user; and (4) both the computation cost and the communication cost to generate a query is constant, instead of linear in the size of the queried area. We formalise the definition and security model of OLBSQ schemes. The security of our scheme is reduced to well-known complexity assumptions. The novelty is to reduce the computation cost and communication cost of making a query and enable the service provider to obliviously and incrementally generate decrypt keys for queried services. This contributes to the growing work of formalising privacy-preserving LBS schemes and improving query efficiency.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

12/13/2021

Comments on "A Privacy-Preserving Online Ride-Hailing System Without Involving a Third Trusted Server"

Recently, Xie et al. (IEEE Transactions on Information Forensics and Sec...
02/01/2020

A Quantum-based Database Query Scheme for Privacy Preservation in Cloud Environment

Cloud computing is a powerful and popular information technology paradig...
05/30/2021

SHELBRS: Location Based Recommendation Services using Switchable Homomorphic Encryption

Location-Based Recommendation Services (LBRS) has seen an unprecedented ...
07/05/2020

Octopus: Privacy-Preserving Collaborative Evaluation of Loan Stacking

With the rise of online lenders, the loan stacking problem has become a ...
04/26/2018

NEXUS: Using Geo-fencing Services without revealing your Location

While becoming more and more present in our every day lives, services th...
07/15/2019

Utility-aware and privacy-preserving mobile query services

Location-based queries enable fundamental services for mobile road netwo...
11/09/2021

Cryptanalysis of the Privacy-Preserving Ride-Hailing Service TRACE

In a typical ride-hailing service, the service provider (RS) matches a c...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

The advent of mobile devices and mobile networks triggered a new services named location-based services (LBS). LBS systems enable service providers (SPs) to provide users with accurate services based on their geographical locations. Nowadays, increasing number of users use LBS systems to query nearby Points of Interest (PoI) including shopping centers, restaurants, banks, hospitals, traffic information, navigation, etc. However, to query a service, a user must reveal her location to the service provider (SP). Hence, untrusted SPs can profile a user’s movement by tracing her location, and conclude her personal information, such as working place, health condition, commercial partners, etc. This raises a serious privacy issue. To protect users’ location privacy, privacy-preserving LBS schemes were proposed where either a semi-trusted third party (TTP) is required or the computation cost of a query is linear in the size of the queried area. However, in practice, it is difficult to find a party who can work as a semi-trusted TTP in LBS schemes, and mobile devices have constrained computation power and limited storage space.

Considering the above problems, an oblivious location-based service query (OLBSQ) scheme is proposed to enhance the security of SPs’ services and protect users’ location privacy. Especially, our OLBSQ scheme provides mobile uses with a light query algorithm which has constant computation cost.

1.1 Related Work

Due to it can provide accurate services, LBS schemes are becoming increasingly popular. Nevertheless, location privacy has been the primary concern of LBS users. To protect users’ location privacy, privacy-preserving LBS schemes were proposed.

1.1.1 Privacy-Preserving LBS with A Trusted Third Party

In these schemes, to protect mobile users’ location privacy, a trusted third party called location anonymizer is required to blur a user’s exact location into a cloaked area. Meanwhile, the cloaked area must satisfy the user’s privacy requirements. The popular privacy requirement is -anonymity, namely a user’s location is indistinguishable from other users’ locations. Gruteser and Grunwald [11] proposed an anonymous LBS scheme where the location anonymizer needs to remove any identifiers such as network and address, and perturbs the position data. In [11], the location anonymizer knows users’ location, and users need to periodically update their location information to the location anonymizer.

Proposed by Mokbel, Chow and Aref [16], is a privacy-aware query processing method for LBS. In Casper [16], the location anonymizer blurs users’ exact location into cloaked spatial areas and a privacy-aware query processor is embedded in the database to deal with queries based on the cloaked spatial areas. The privacy-aware query processor supports three types of queries: private queries over public data, public queries over private data and private queries over private data.

Xu and Cai [22] addressed the location anonymity issue in continuous LBS schemes. In [22]

, entropy was used to measure the anonymity degree of a cloaking area, which consider both the number of the users and their anonymity probability distribution in the cloaking area. When issuing a query, a mobile user sends his query and desired anonymity level to the location anonymizer, and then the location anonymizer generates a session identity for the user and contact the service provider to establish a service session. After a service session is established, the location anonymizer needs to periodically identify a cloaking area for the user according to her latest location, and report the cloaking area to the service provider. Furthermore, a polynomial time algorithm was proposed to find a cloaking area satisfying the anonymity requirement.

Kalnis et al. [15] proposed a framework to prevent location-based identity inference of users. In [15], when receiving a query, the location anonymizer first removes the user’s identity, and uses an anonymizing spatial region to hide the user’s location. This framework optimizes the processing of both location anonymity and spatial queries.

Gedik and Liu [7] introduced a scalable architecture to protect users’ location privacy. The architecture consists of a model of personalised location anonymity and a set of location perturbation algorithms. In [7], upon receiving a query from a user, the location anonymizer remove the identity of the user and perturbs her location by replacing a 2-dimensional point with a spatial cloaking ranger. Especially, users are allowed to specify the minimum level of anonymity and the maximum temporal and spatial tolerances.

Chen et al. [5] proposed a new scheme to protect users’ location privacy. In [5], redundant point-of-interest (POI) records were applied to protect location privacy. When receiving a query from a user, the location anonymizer first generates a -anonymity rectangle area for the user, and then sends the anonymous query to the service provider. Notably, a blind filter scheme was proposed to enable the location anonymizer to filter out the redundant POI records on behalf of users.

To leveraging spatial diversity in LBS, He et al. [12] first proposed ambient environment-dependent location privacy metrics and a stochastic model, and then developed an optimal stopping-based LBS scheme which enable users to leverage the spatial diversity.

Grissa et al. [10] proposed two schemes to protect the location privacy of second users where a TTP named fusion centre (FC) is required to orchestrates the sensing operation. The first scheme is based on an order-preserving encryption (OPE) and has lower communication head, while the second scheme is based on a secure comparison protocol and has lesser architectural cost.

Schlegel et al. [20] proposed a user-defined privacy LBS scheme called dynamic grid system (DGS) which support both privacy-preserving continuous -nearest-neighbor (-NN) and range queries. In [20], each user generates a grid structure according to her privacy requirement and embeds it into an encrypted query area. When making a query, a user encrypts a secret key and the grid structure by using an identity-based encryption scheme, and sends the ciphertexts to the service provider. Subsequently, the user generates an encrypted identifier for each cell in the intended area using a deterministic encryption technique, and sends it to the TTP. To process a query, the service provider decrypts the ciphertext and obtains the secret key and the grid architecture. The service provider uses the secret key and the deterministic encryption technique to generate encrypted identifiers for all cells where POIs exist. Later, the service provider sends all the encrypted identifiers to the TTP. The TTP match the encrypted identifiers from the user and those from the service provider, and send the same encrypted identifiers to the user. Finally, the user can decrypt the encrypted identifiers and know the locations of the POIs. Notably, the communication cost to generate a query is linear with the number of POI in the vicinity and independent of the number of cells in the grid.

In above schemes, a TTP is required to protect users’ location privacy. However, in practice, it is difficult to find an entity which can play the role of the TTP.

1.1.2 Privacy-Preserving LBS without A Trusted Third Party

Chow, Mokbel and Liu [6] proposed a peer-to-peer (P2P) spatial cloaking scheme which enables users to obtain services without the need of a TTP. Prior to make a query, a user needs to forms a group from her peers via single-hop communication/multiple-hop routing. The spatial cloaked area should cover all peers in the group. Furthermore, the user randomly selects one peer in the group as her agent and sends both her query and cloaked spatial region to the agent. The agent forwards the query to the service provider and receives a list of answers including actual answers and false answers. Then, the agent sends the answers to the user. Finally, the user filter out false answers and obtain the actual answers. The P2P spatial cloaking scheme supports two models: on-demand model and proactive model. Comparatively, the on-demand model is efficient, but requires longer response time.

Ghinita, Kalnis and Skiadopoulos [9] proposed a decentralised LBS scheme named where each user can organises herself into a hierarchical overlay network and make service queries anonymously. Each user can decide the degree of anonymity and the algorithm can identify an appropriate set consisting of users in a distributed manner. To protect users’ anonymity, the HILB-ASR algorithm was proposed to guarante that the probability of identifying a real service requester is always bounded by . This scheme is scalable and fault tolerant.

Paulet et al. [18] proposed a privacy-preserving and content-protecting LBS scheme. This scheme was derived from the oblivious transfer (OT) scheme [17] and private information retrieve (PIR) [8]. Each user firsts runs the OT protocol with the service provider to obtain the location identity and a secret key, and then executes the PIR protocol with the service provider to obtain the location data by using the secret key. The author formalised the security model and analysed the security of the proposed scheme.

Schlegel et al. [21] proposed an order-retrievable encryption (ORE) scheme with the following two properties: (1) it can generate a encrypted query location; (2) given two encrypted user locations, a server can determine which one is closed to the an encrypted query location. Subsequently, based on the proposed ORE scheme, a privacy-preserving location sharing services scheme was presented. In [21], a user or a group initiator should create a group. The group initiator generates a shared key for the ORE scheme and a shared key for AES scheme. Every user in the group updates periodically her location information to a database server using the ORE and AES techniques. When receiving a encrypted query location, the server can search out the exact answer without knowing the location information. Finally, the user can use the shared key for AES to decrypt the cipherext and obtain the location information. In [21], a group of users need to share keys prior to sharing location information.

Hu et al. [13] proposed a LBS with query content privacy scheme based on homomorphic encryption, OT and PIR. In [13]

, a user can obtain accurate services, but does not release any query content information to the server. The homomorphic encryption is used to compute the Euclidean distance between the attribute vector submitted by a user and the attribute vectors in the database. The OT protocol was used to find the exact match vectors for the queried attribute vector. Finally, the PIR protocol was applied to obtain the intended POI set. The security of the proposed scheme was analysed, instead of formal reduction.

In these schemes [6, 9, 18, 21, 13], both the computation and communication cost to generate a query are linear with the size of the queried area. This is undesirable to the devices which have limited computation power and storage space, such as smart phone, tablet, etc.

1.2 Contributions

To protect users’ location privacy, we propose an OLBSQ scheme which can provide the following important features: (1) a semi-trusted TTP is not required; (2) a user can query services from a service provider without revealing her exact location; (3) a service provider can only know the size of a query made by a user; and (4) both the computation cost and the communication cost to generate a query is constant, instead of linear with the size of the queried area.

Our contributions include: (1) both the definition and security model of the proposed OLBSQ scheme are formalised; (2) a concrete OLBSQ scheme is proposed; (3) the security of the proposed OLBSQ is reduced to well-known complexity assumptions.

1.3 Organization

The remaining of this paper is organised as follows. Preliminaries used throughout this paper are introduced in Section 2. In Section 3, we formally present our construction. In Section 4, we prove the security of our scheme. Finally, Section 5 concludes this paper.

2 Preliminaries

In this section, all preliminaries used throughout this paper are introduced.

2.1 Formal Definition

Figure 1: The Framework of Our OLBSQ Scheme

Let be a location structure (e.g. grid) and be a point in . By , we denote that the area with start point and size in . For example, if is a grid system, is the area consisting of the left-bottom point and continuous cells. Let be the services included in and be the encrypted services. stands for the services included in the area . Fig. 1 describes the framework of our OLBSQ scheme. The service provider first generates a secret key and some public parameters , selects a location structure . Suppose that has a set of service , he encrypts each service in by using and its location information, and obtains an encrypted set of services . To query services included in an area, a user select a start point and the query size , and then commit to be a point . Furthermore, generates a proof that the queried area starting from with size is included in . sends to . If is correct, uses to obliviously and incrementally compute a set of keys according to and , and sends to . Finally, decommit , and obtain a set of decryption key which enable her to access the intended services.

An OLBSQ scheme consists of the following two algorithms:

  • Setup Taking as input a security parameter , a location structure and a set of services , this algorithm outputs a secret key for , some public parameters and the encrypted services .

  • Service-Transfer. This is an interactive algorithm executed between a user and the service provider . takes as input the public parameters , the start point and the query size , and outputs the intended services . takes as input the public parameters and the secret key , and outputs the committed start point , query size and a proof that the queried area with start point and size is in .

Definition 1

We say that an oblivious location-based service query scheme is correct if and only if

2.2 Security Model

The security model of OLBSQ schemes is formalised by using the simulation-based model [3, 4, 14, 19] where the real world experiment and ideal world experiment are defined. In the real world experiment, there are some parties who run the protocol: an adversary who controls some of the parties and an environment who provides inputs to all honest parties and interact arbitrarily with . The dishonest parties are controlled by . In the ideal world experiment, there are same parties as in the real world experiment. Notably, these parties do not run the protocol. They submit their inputs to a ideal functionality and receive outputs from . specifies the behaviour that the desired protocol should implement in the real world. provides inputs to and receives outputs from honest parties. Let be a simulator who controls the dishonest parties in the ideal world experiment as does in the real world experiment. Furthermore, interacts with arbitrarily.

Definition 2

Let be the probability with which runs the protocol with and outputs 1 in the real world experiment. Let be the probability with which interacts with and , and outputs 1 in the ideal world experiment. We say that the protocol securely realizes the functionality if

The ideal functionality of OLBSQ schemes is formalized in Fig. 2.

Functionality: is executed among a service provider , a user and an adversary , and works as follows: Upon receiving a message from , store . Upon receiving a message from , check whether the message was previously stored. If no such message was stored, send nothing to ; otherwise, send to and receive a response . Pass to . If , send to . If , send to where .

Figure 2: The Functionality of Oblivious Location-Based Service Query Schemes

2.3 Bilinear Map and Complexity Assumptions

Let , and be three cyclic groups with prime order . A map is a bilinear map if it satisfies the following properties:

  1. Bilinearity. For all , and , ;

  2. Non-degeneracy. , where is the identity of ;

  3. Efficiency. For all and , there is an efficient algorithm to compute .

If , is called a symmetric bilinear map. Let be a generator of symmetric bilinear group which takes as input a security parameter and outputs a bilinear group with prime order and .

Definition 3

(-Strong Diffie-Hellman (-SDH) Assumption [2]). Let and . Suppose that be a generator of . Given , we say that the -SDH assumption holds on the bilinear group if all probable polynomial-time adversarties can output with a negligible advantage, namely

where and .

Definition 4

( -Power Decisional Diffie-Hellman (-PDDH) Assumption [4]). Let , be a generator of and . Given , we say that -PDDH assumption holds on if all probable polynomial-time adversary can distinguish from with a negligible advantage, namely

where .

3 Construction

In this section, we describe the formal construction of our OLBQS scheme.

3.1 High-Level Overview

To construct our scheme, we use the grid structure which is described in Fig. 3. The location of each cell is determined by the coordinate of the point at its upper-right corner. Suppose that all services included in a cell are encrypted under a same key. Firstly, the service provider divides the whole area into cells, and then generates a secret key and some public parameters. The service provider encrypts each service in a cell by using his secret key and the coordinate of the cell. Finally, the service provider publishes the public parameters and the encrypted services.

When making a service query, a user selects a start point and the query size where and are the numbers of cells in each row and each column, respectively. The user commits to be a point , generates a proof that the queried area is included in , and sends to the service provider. After receiving , the service provider first checks the correctness of , and then uses his secret key to obliviously an incrementally compute a set of keys according and . Furthermore, the service provider generates a proof that these keys are computed correctly, and sends the keys and to the user. Finally, the user verifies the proof , de-commits the keys and obtains the corresponding decryption keys. Finally, the user decrypts the ciphertexts and obtains the intended services. Notably, to retrieve a service, the user only needs to execute 3 exponent operations on .

Figure 3: Grid Location Model of Our Scheme

3.2 Our Construction

Our OLBSQ scheme is presented in Fig. 4 and Fig. 5.

Setup. The service provider first divides the whole area into cells. generates a bilinear group by running , and then selects its secret key where and . To encrypt the service in a cell using its coordinate , computes and for and . To enable each user to prove that a committed point is in the whole area and to obliviously and incrementally generate decryption keys according ’s query, computes , , , , , , , , for and . Actually, are used by to prove that a committed start point is within for and ; while other parameters are used by to computes decryption keys. Finally, the public parameters are and .

Setup divides the whole area into cells. Let be the service in the cell . runs . Let be generators of . SP selects , and computes , , , , , , , , , , for and . The secret key is and the public parameters are and .

Figure 4: Setup Algorithm

Service-Transfer User: Service Provider: Selects a start point   Generates a proof and the query size .   Selects , and computes , , , , , , , , , and a proof    For and , Let compute                . and a proof                             Computes                 and               . , Let . for and .

Figure 5: Service Transfer Algorithm

Service-Transfer. To make a query, first selects a start point and query size . generates a proof that he knows the value which is used to encrypt services. If is correct, selects and commits into . Let . Furthermore, generates a proof that the query area is within . sends and to .

If is correct, obliviously and incrementally computes a set of keys using his secret key and generates a proof that and are generates correctly, where and . Let . sends and to .

If is correct, uses to de-commit the key and obtain . Furthermore, can obtain the services by computing , where and .

3.3 Efficiency Analysis

The computation cost and communication cost of our OLBSQ scheme are presented in Table 1 and Table 2, respectively. By , , , , we denote the time of executing one exponent on the group , executing one exponent on the group , executing a pairing and executing one hash function, respectively. , and stand for the size of one element in the group , and , respectively.

Algorithm Setup Service Transfer
Query Retrieve
Computation Cost
Table 1: Computation Cost of Our OLBSQ Scheme
Algorithm Setup Service Transfer
Communication Cost
Table 2: Communication Cost of Our OLBSQ Scheme

4 Security Analysis

In this section, the security of our OLBSQ scheme described in Fig. 4 and Fig. 5 is proven.

Theorem 4.1

Our oblivious location-based service query scheme in Fig. 4 and Fig. 5 securely realize the functionality in Fig. 2 under the -SDH and -PDDH assumptions.

To prove Theorem 4.1, we consider the cases where either the user or the service provider is corrupted. We show that there exists a simulator such that it can interact with the ideal functionality (simply denoted as ) and the environment appropriately and and are indistinguishable.

In order to prove the indistinguishability between and , a sequence of hybrid games Game, Game, , Game are defined. For each Game, we show that there exists a simulator that runs as a subroutine and provides ’s view, for . Hybrid stands for the probability that outputs running in the world provided by . runs and other honest parties in the real-world experiment, so Hybrid . runs in the ideal-world experiment, so Hybrid .

Therefore,