A Two-level Protocol to Answer Private Location-based Queries
description
Transcript of A Two-level Protocol to Answer Private Location-based Queries
![Page 1: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/1.jpg)
A Two-level Protocol to Answer Private Location-based Queries
Roopa VishwanathanYan Huang
[RoopaVishwanathan, huangyan]@unt.eduComputer Science and Engineering
University of North Texas
![Page 2: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/2.jpg)
Privacy Issues in Location-based Services
Client requests information from the server related to her current location
Client wants to maintain privacy and anonymity Location can be associated with user identity, e.g. service
request at your own house Thus client does not want the server to know her location
Server wants to release as precise information as possible
06/09/09 ISI 2009, Dallas, Texas2
![Page 3: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/3.jpg)
Existing Approaches
Cloaking: k-anonymity [3][4][5]
Client requests are sent to an anonymizer
Anonymizer “cloaks” client’s location to a region that include k-1 other clients
Anonymizer forwards queries to the server using the cloaked location
Need to trust the anonymizer
06/09/09 ISI 2009, Dallas, Texas3
![Page 4: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/4.jpg)
Existing Approaches … cont’d
Peer-to-peer [6][7]
A client c searches for k-1 peers
One peer acts as agent on behalf c
Chosen agent forwards requests to server using cloaked region
Need to be able to find k-1 peers
Need to trust the chosen agent peer
406/09/09 ISI 2009, Dallas, Texas
![Page 5: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/5.jpg)
Drawbacks of Existing Approaches
Need to trust the anonymizer or peers
Reveals some spatial information (general region of query)
Correlation attacks
Could possibly identify the client
Large volume of query results
06/09/09 ISI 2009, Dallas, Texas5
![Page 6: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/6.jpg)
Problem Definition and Motivation
Nearest Neighbor Query Example: Find me the nearest gas station from the location based server (LBS)
Goal: Find a way to protect privacy of the client while ensuring server returns precise data Privacy means: no release of identity or location of the
client
Motivation: Recent research shows PIR is a feasible and privacy-preserving approach, but server reveals too much data
606/09/09 ISI 2009, Dallas, Texas
![Page 7: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/7.jpg)
Our Approach
Focus on Exact-Nearest-Neighbour queries
Uses PIR framework by Shahabi et al. [1] as a first step
Applies Oblivious Transfer [2] as the second step (to make server data precise)
06/09/09 ISI 2009, Dallas, Texas7
![Page 8: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/8.jpg)
Private Information Retrieval (PIR)
Based on a computationally hard problem
Client sends an encrypted request for information
Server does not know what it reveals
06/09/09 ISI 2009, Dallas, Texas8
Bob: X[ 1,2,3,…..,N ] Alice: Wants bit i
v(X, E(i))
![Page 9: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/9.jpg)
PIR Theory
906/09/09 ISI 2009, Dallas, Texas
![Page 10: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/10.jpg)
PIR in Location-based Services
06/09/09 ISI 2009, Dallas, Texas10
User input: [ y1,y2,..,yn ]
Server computes: zr = Πnj=1
w (r,j)
w (r,j)=yj2 if Mr,j = 0 and w
(r,j)=yj otherwise
Server returns: z = [ z1, z2, .., zn]
User computes:
If za ε QR, Ma,b = 0
else Ma,b = 1
![Page 11: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/11.jpg)
Example of PIR in LBS
06/09/09 ISI 2009, Dallas, Texas11
User location: M2,3
User generates request: y =[y1,y2,y3,y4]
y3 ε QNR, y1,y2,y4 ε QR
Server replies: [z1,z2,z3,z4]
If z2 ε QR, M2,3 = 0, else M2,3 = 1
![Page 12: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/12.jpg)
Oblivious Transfer
Fundamental cryptographic protocol
Alice asks for one bit of information from Bob
Alice does not get to know any other bit
Bob does not know what bit Alice asked for
Many variants: 1-of-2, 1-of-n, k-of-n
1206/09/09 ISI 2009, Dallas, Texas
![Page 13: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/13.jpg)
Example of Oblivious Transfer (OT)
1306/09/09 ISI 2009, Dallas, Texas
![Page 14: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/14.jpg)
Exampleof OT … cont’d
1406/09/09 ISI 2009, Dallas, Texas
![Page 15: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/15.jpg)
The Two-level Protocol: First Step
06/09/09 ISI 2009, Dallas, Texas15
Server divides the area into Voronoi cells and superimposes a grid on it
Each grid cell has list of Points Of Interests (POIs) associated with it
One POI each in a Voronoi cell
Contents of grid cells are the list of POIs
![Page 16: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/16.jpg)
First Step: PIR …. cont’d
06/09/09 ISI 2009, Dallas, Texas16
Client requests a column corresponding to its grid cell using PIR: e.g .PIR(C)
Server prepares encrypted column C
![Page 17: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/17.jpg)
Second Step – Oblivious Transfer (OT)
Client initiates 1-of-n OT with server
Client and server agree on a set of keys
Server encrypts each bit of PIR response with a different set of keys (according to the index of the bit) and sends it across
Server and client exchange keys (through 1-of-2 OT)
Client can decrypt the bit it wants and none else
1706/09/09 ISI 2009, Dallas, Texas
![Page 18: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/18.jpg)
High-level View
Client knows it location
Tries to execute PIR to get its cell
Server prepares PIR response corresponding to a column that the client is in and encrypts it
Client and server engage in 1-of-n OT to get client’s cell from the column
1806/09/09 ISI 2009, Dallas, Texas
![Page 19: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/19.jpg)
High-level View … cont’d
Contents of client’s grid cell are its neighbours (Point of Interests of POIs)
Client can easily calculate which point is the nearest
May contain redundant POIs
Repeated/redundant POIs can be discarded
1906/09/09 ISI 2009, Dallas, Texas
![Page 20: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/20.jpg)
Complexity
N : number of objects (POIs),
M: number of bits in each
Request by client: O(M · N)
Response by server:
O(M·N + √N log √N)
Total time: O(M·N + √N log √N)
2006/09/09 ISI 2009, Dallas, Texas
![Page 21: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/21.jpg)
Comparison of Costs
2106/09/09 ISI 2009, Dallas, Texas
Action PIR OT Our Two Level Protocol
Req. by user O(√n) O(logn) O(√n+log√n)
Res. By server
O(m√n)
O(mn) O(m√n)
Total time O(m√n)
O(mlogn+mn)
O(m√n+log√n)
![Page 22: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/22.jpg)
Conclusion
Contribution: Proposed a two-level protocol for private location queries PIR over the entire grid – large amount of data would be
revealed OT over the entire grid – very expensive
Our approach – reduces amount of data revealed, not very expensive
Future direction: alternative approach (multi-level PIR)
2206/09/09 ISI 2009, Dallas, Texas
![Page 23: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/23.jpg)
References
1. G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi and K.Tan. Private Queries in Location Based Services: Anonymizers are not Necessary. In Proc. of ACM SIGMOD 2008, pp. 121-132.
2. B. Pinkas and M. Naor. Efficient Oblivious Transfer Protocols. In Proc. Of 12th ACM-SIAM Symposium on Discrete Algorithms. pp. 448-457, 2001.
3. B. Gedik and L. Liu. Privacy in mobile systems: A personalized anonymization model. In Proc. Of ICDCS. Pp. 620-629, 2005.
4. P. Kalnis, G. Ghinita, K. Mouratidis and D. Papadias. Preventing location-based identity inference in anonymous spatial queries. In Proc. Of IEEE TKDE, pp. 239-257, 2007.
2306/09/09 ISI 2009, Dallas, Texas
![Page 24: A Two-level Protocol to Answer Private Location-based Queries](https://reader036.fdocuments.us/reader036/viewer/2022081515/5681594e550346895dc68d60/html5/thumbnails/24.jpg)
References … cont’d
5. M. Mokbel, C. Chow and W. Aref. The new Casper: Query Processing for location-based services without compromising privacy. In Proc. Of VLDB, pp. 219-239, 2005.
6. C.Y. Chow, M. Mokbel and X. Liu. A peer-to-peer spatial cloaking algorithm for anonymous location-based services. In Proc. of ACM International Symposium on GIS. Pp. 247-256, 2006.
7. G. Ghinita, P. Kalnis and S. Skiadopoulos. PRIVE: Anonymous location-based queries in distributed mobile systems. In Proc. of 1st Intl. Conference on World Wide Web (WWW), pp. 371-380, 2007.
2406/09/09 ISI 2009, Dallas, Texas