SOFTWARE: ASP.NET | VB.NET | C#.NET | RAZOR MVC 4 ASP.NET | RESTful Web services
Location-based services (LBS) require users to continuously report their location to a potentially untrusted server to obtain services based on their location, which can expose them to privacy risks. Unfortunately, existing privacy-preserving techniques for LBS have several limitations, such as requiring a fully-trusted third party, offering limited privacy guarantees and incurring high communication overhead. . (1) The system only requires a semi-trusted third party, responsible for carrying out simple matching operations correctly.This semi-trusted third party does not have any information about a user’s location. (2) Secure snapshot and continuous location privacy is guaranteed under our defined adversary models.
(3) The communication cost for the user does not depend on the user’s desired privacy level, it only depends on the number of relevant points of interest in the vicinity of the user.(4) Although we only focus on range and k-nearest-neighbor queries. In this work, our system can be easily extended to support other spatial queries without changing the algorithms run by the semi-trusted third party and the database server, provided the required search area of a spatial query can be abstracted into spatial regions. Experimental results show that our DGS is more efficient than the state-of-the-art privacy-preserving technique for continuous LBS.
Mobile user builds on top of the basic design, and introduces two new mechanisms to overcome its limitations. First, in Mobile user we split the mapping between the location and its data into two pairs: a mapping from the transformed location to an encrypted index (called L2I), and a mapping from the index to the encrypted location data (called I2D). This splitting helps in making our system efficient. Second, users store and retrieve the L2Is via untrusted proxies. This redirection of data via proxies, together with splitting, significantly improves privacy in Mobile user. For efficiency, I2Ds are not proxied, yet privacy is preserved (as explained later).
Users store their L2Ison the service provider via untrusted Query server. These query can be any of the following: Planet Lab nodes, corporate NAT sand email servers in a user’s work places, a user’s home and office desktops or laptops, or Tor nodes. We only need a one-hop indirection between the user and the service provider. These diverse types of Query server provide tremendous flexibility in Query server L2Is, thus a user can store her L2Is via different Query server without restricting herself to a single Query server. Furthermore, compromising these Query server by an attacker does not break users’ location privacy, as (a) the Query server also only see transformed location coordinates and hence do not learn the users’ real locations, and (b) due to the noise added toL2Is (described later).
First consider storing L2I on the service provider. This transformation preserves the distances between points1, so circular range and nearest neighbor queries for a friend’s location data can be processed in the same way on transformed coordinates as on real-world coordinates. Then the user generates a random index using her random number generator and encrypts it with her symmetric key to obtain at the transformed coordinate on the service provider via a Query server. The L2I is small in size and is application independent, as it always contains the coordinates and an encrypted random index. Thus the over head due to proxying is very small.
This is secure because the data server only sees the index stored by the user and the corresponding encrypted blob of data. In the worst case, the data server can link all the different indices to the same user device, and then link these indices to the retrieving user’s device. But this only reveals that one user is interested in another user’s data, but not any information about the location of the users, or the content of the I2Ds, or the real-world sites to which the data in the encrypted blob corresponds to.
The most popular privacy-preserving techniques require a TTP to be placed between the user and the service provider to hide the user’s location information from the service provider. The main task of the third party is keeping track of the exact location of all users and blurring a querying user’s location into a cloaked area that includes k − 1 other users to achieve k-anonymity.
Our goal is to build a system that caters to these scenarios and enables users to query for friends’ data based on locations, while preserving their location privacy.We want to support: a) point query to query for data associated with a particular location, b) circular range query to query for data associated with all locations in a certain range (around the user), and c) nearest-neighbor query to query for data associated with locations nearest to a given location
Finally, while it is also useful to query for data that belongs to non-friends in certain scenarios.Location data privacy: The servers should not be able to view the content of data stored at a location. Flexibility to support point, circular range, and nearest neighbor queries on location data.
This project describes the design, prototype implementation, and evaluation of LocX, a system for building location based social applications (LBSAs) while preserving user location privacy. LocX provides location privacy for users without injecting uncertainty or errors into the system, and does not rely on any trusted servers or components. LocX takes a novel approach to provide location privacy while maintaining overall system efficiency, by leveraging the social data-sharing property of the target applications. In LocX, users efficiently transform all their locations shared with the server and encrypt all location data stored on the server using inexpensive symmetric keys. Only friends with the right keys can query and decrypt a user’s data.
We introduce several mechanisms to achieve both privacy and efficiency in this process, and analyze their privacy properties.Using evaluation based on both synthetic and real-world LBSA traces, we find that LocX adds little computational and communication overhead to existing systems. Our LocX prototype runs efficiently even on resource constrained mobile phones. Overall, we believe that LocX takes a big step toward making location privacy practical for a large class of emerging geosocial applications.