不需第三方的模糊位置隱私保護協定

由於智慧型手機使用者常利用其內建定位功能來查詢週遭資料的適地性服務(Location-based service, LBS)，藉以找出離其最接近如餐廳資訊之興趣點(Point of interest, POI)。然而，LBS提供者可能藉機蒐集、彙整某特定使用者的查詢內容及移動路徑，藉以分析該使用者的個人習慣而造成破壞使用者資料與位置隱私(Location Privacy)的問題。因此，可以藉由隱藏使用者身分或是創建模糊區塊以模糊使用者位置。但是單獨隱匿身分或模糊位置的方式仍可能洩漏使用者隱私。因此，提出經由可信任第三方伺服器(Anonymizer)將k個位置相近的使用者換過成這群組中所挑選的一人為身分代表(k-anonymity)送至LBS伺服器來模糊使用者身分及位置來改善LBS伺服器可藉由分析查詢者位置的問題。但是這種主從式架構會有單點失敗SPOF(Single point of failure)以及必須相信中間伺服器的問題。因此，利用使用者間互相合作的方式來達到模糊的目的。然而，這方式仍需要信任共同參與模糊位置的其他使用者。因此，惡意使用者可以藉此交換方式取得正常使用者的位置資訊，甚至可以進一步與LBS服務提供者聯合竊取該使用者個人資訊而增高了隱私洩漏風險。為了保護使用者的隱私我們提出一個由查詢者產生蜂巢架構模糊區域及k-1個位置的查詢(Pseudonymity)方法，以改善傳統方形網格查詢重疊的情形。我們的方法可以節省伺服器計算以及傳輸，也不會降低使用者隱私安全保護。

關鍵字

位置隱私

並列摘要

More and more users tend to use their smartphone's built-in positioning service to find the nearest points of interest (POI), such as cafes or restaurants. However, such convenient services can turn dangerous if location-based service (LBS) providers secretly collect users’ search and travel habits. This causes breaches of users’ data privacy and location privacy. For this reason, researchers have been trying to obfuscate users’ locations and identities to secure their privacy. However, neither of the two approaches is secured enough to guarantee users’ privacy. Hence, new schemes have been proposed to use an anonymizer to obfuscate users’ private information first and then forward users’ query to a LBS server. Unfortunately such a server-client structure may suffer from a single point of failure. Decentralized approaches are proposed to deal with single point of trust and try to achieve obfuscation of sensitive information in the collaboration among users. The problem is that a malicious user may be included into the collaboration and therefore is able to breach other users’ location privacy. Hence, we propose a new scheme that requires a user’s mobile device generate obfuscation areas based a cellular structure. In order to achieve k-anonymity, the user also needs to generate k-1 pseudonyms. By doing so, we guarantee the user’s privacy as a grid-cell structure does. But our scheme lowers the overlapped search, and consequently decreases the computation loads and communications when the server accesses a requested map.

並列關鍵字

Location-based service ； Location Privacy ； k-anonymity ； Obfuscation Queries

參考文獻

[5]A. Pfitzmann and M. Köhntopp, "Anonymity,Unobservability,and Pseudonymity - A Proposal for Terminology," Designing Privacy Enhancing Technologies International Workshop on Design Issues in Anonymity and Unobservability, Lecture Notes in Computer Science, 2001, Volume 2009/2001, pp1-9.

[7]M.L. Damiani, E. Bertino, and C. Silvestri, "Protecting location privacy against spatial inferences: the PROBE approach", in Proc. SPRINGL, 2009, pp.32-41.

[8]H. Kido , Y. Yanagisawa and T. Satoh ,"An Anonymous Communication Technique using Dummies for Location-based Services," ICPS '05. Proceedings. International Conference on Pervasive Services, pp88-97.

[11]C. Zhang and Y. Huang, "Cloaking locations for anonymous location based services: a hybrid approach," GEOINFORMATICA Volume.13, Number.2, pp159-182, April. 2008.

[12]J.H. Um,H.D. Kim and J.W. Chang, " An Advanced Cloaking Algorithm Using Hilbert Curves for Anonymous Location Based Service," Social Computing (SocialCom), 2010 IEEE Second International Conference on, pp1093-1098, Aug. 2010

國際替代計量

不需第三方的模糊位置隱私保護協定

全文下載

主題瀏覽