Mobile devices with global positioning capabilities allow users to retrieve points of interest (POI) in their proximity. To protect user privacy, it is important not to disclose exact user coordinates to un-trusted entities that provide location-based services. Currently, there are two main approaches to protect the location privacy of users: (i) hiding locations inside cloaking regions (CRs) and (ii) encrypting location data using private information retrieval (PIR) protocols. Previous work focused on finding good trade-offs between privacy and performance of user protection techniques, but disregarded the important issue of protecting the POI dataset D. For instance, location cloaking requires large-sized CRs, leading to excessive disclosure of POIs (O(|D|) in the worst case). PIR, on the other hand, reduces this bound to O(Ö{|D|})O(sqrt{|D|}), but at the expense of high processing and communication overhead. We propose hybrid, two-step approaches for private location-based queries which provide protection for both the users and the database. In the first step, user locations are generalized to coarse-grained CRs which provide strong privacy. Next, a PIR protocol is applied with respect to the obtained query CR. To protect against excessive disclosure of POI locations, we devise two cryptographic protocols that privately evaluate whether a point is enclosed inside a rectangular region or a convex polygon. We also introduce algorithms to efficiently support PIR on dynamic POI sub-sets. We provide solutions for both approximate and exact NN queries. In the approximate case, our method discloses O(1) POI, orders of magnitude fewer than CR- or PIR-based techniques. For the exact case, we obtain optimal disclosure of a single POI, although with slightly higher computational overhead. Experimental results show that the hybrid approaches are scalable in practice, and outperform the pure-PIR approach in terms of computational and communication overhead.
展开▼
机译:具有全球定位功能的移动设备允许用户检索附近的兴趣点(POI)。为了保护用户隐私,重要的是不要向提供基于位置的服务的不受信任的实体披露确切的用户坐标。当前,有两种主要方法来保护用户的位置隐私:(i)将位置隐藏在隐身区域(CR)内,以及(ii)使用私有信息检索(PIR)协议对位置数据进行加密。先前的工作着眼于在隐私和用户保护技术的性能之间找到良好的折衷,但忽略了保护POI数据集D的重要问题。例如,位置掩盖需要大型CR,从而导致POI的过多披露(O( | D |)在最坏的情况下)。另一方面,PIR可以将此限制减小到O(Ö{| D |})O(sqrt {| D |}),但以处理和通信开销较高为代价。我们针对基于私有位置的查询提出了混合的两步方法,该方法为用户和数据库提供了保护。第一步,将用户位置概括为可提供强大隐私性的粗粒度CR。接下来,对获得的查询CR应用PIR协议。为了防止过度公开POI位置,我们设计了两种加密协议,它们可以私下评估点是封闭在矩形区域内还是凸多边形内。我们还介绍了可有效支持动态POI子集上的PIR的算法。我们提供近似和精确NN查询的解决方案。在近似的情况下,我们的方法公开了O(1)POI,比基于CR或PIR的技术少几个数量级。对于确切的情况,我们获得了单个POI的最佳公开信息,尽管计算开销稍高。实验结果表明,混合方法在实践中具有可扩展性,并且在计算和通信开销方面优于纯PIR方法。
展开▼
