This document proposes a privacy-supportive architecture for location-based services that allows users to make informed decisions about location privacy without significantly affecting service quality. The key aspects are:
1) Users first submit queries with generalized locations and receive a "service similarity profile" showing how results may vary across locations.
2) Users can then select a noisy location based on their privacy preferences while observing how it impacts results.
3) An example local search application is described to demonstrate how result set boundaries with no change can be identified, allowing large default privacy regions. Testing found users can add significant location noise while still getting accurate results.
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...Migrant Systems
This document proposes a decentralized access control method for data stored in the cloud using key policy attribute-based encryption (KP-ABE). It aims to allow fine-grained access control while maintaining data confidentiality and scaling efficiently. The method defines and implements access policies based on data attributes. It also allows the data owner to delegate access control tasks to cloud servers without revealing data contents. This is achieved using a combination of decentralized KP-ABE and a time-based file deletion scheme. The proposed approach is analyzed and shown to be highly secure and efficient.
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud computing. SAPA addresses the privacy issue that arises when a user challenges a cloud server to request access to another user's data, as the request itself could reveal private information. SAPA uses anonymous access request matching and attribute-based access control to determine if two users' access requests are mutually compatible without revealing either user's private access desires. It also employs proxy re-encryption so the cloud server can provide temporary shared access between authorized users. The protocol aims to simultaneously achieve data access control, authority sharing between compatible users, and protection of users' privacy during the access request process.
Location based spatial query processing in wireless broadcast environments(sy...Mumbai Academisc
This document discusses a novel approach for reducing latency in answering location-based spatial queries (LBSQs) in wireless broadcast environments. The approach uses peer-to-peer sharing to process queries using results cached in neighboring mobile peers, without requiring delay to communicate with a server. It maintains high scalability and accuracy while decreasing latency. The feasibility of the approach is demonstrated through probabilistic analysis and simulation results showing decreased latency as the number of clients increases.
Oruta: Privacy-Preserving Public Auditing for Shared Data in the CloudMigrant Systems
This document proposes a new mechanism called Oruta that allows privacy-preserving public auditing of shared data stored in the cloud. It utilizes ring signatures to construct homomorphic authenticators, allowing a third party auditor to verify the integrity of shared data for a group of users without revealing the identity of the signer on each data block. Oruta also supports batch auditing of multiple datasets and fully dynamic operations on shared data through the use of index hash tables. The mechanism aims to achieve public auditing, correctness, unforgeability, and identity privacy during the auditing process.
Privacy preserving optimal meeting location determination on mobile devicesIGEEKS TECHNOLOGIES
This paper proposes privacy-preserving algorithms for determining an optimal meeting location for a group of users. It addresses the privacy issues in location-based services (LBS) that require sharing of user locations. Two algorithms are presented that allow each user to provide a single location preference to the solver while preserving privacy from other users and the service provider. The paper evaluates the security and privacy of the algorithms through theoretical analysis and implementation on mobile devices. A user study provides insights into privacy concerns with LBS and the usability of the proposed solutions.
Privacy preserving optimal meeting location determination on mobile devicesAdz91 Digital Ads Pvt Ltd
The document proposes privacy-preserving algorithms for determining an optimal meeting location for a group of users. It aims to solve this fair rendezvous point (FRVP) problem in a way that protects users' location privacy from both other users and third-party service providers. The algorithms utilize homomorphic encryption to privately compute the meeting point from users' location preferences without revealing those preferences. The document evaluates the privacy and performance of the algorithms through both theoretical analysis and prototype implementation on mobile devices.
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...Migrant Systems
This document proposes a decentralized access control method for data stored in the cloud using key policy attribute-based encryption (KP-ABE). It aims to allow fine-grained access control while maintaining data confidentiality and scaling efficiently. The method defines and implements access policies based on data attributes. It also allows the data owner to delegate access control tasks to cloud servers without revealing data contents. This is achieved using a combination of decentralized KP-ABE and a time-based file deletion scheme. The proposed approach is analyzed and shown to be highly secure and efficient.
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud computing. SAPA addresses the privacy issue that arises when a user challenges a cloud server to request access to another user's data, as the request itself could reveal private information. SAPA uses anonymous access request matching and attribute-based access control to determine if two users' access requests are mutually compatible without revealing either user's private access desires. It also employs proxy re-encryption so the cloud server can provide temporary shared access between authorized users. The protocol aims to simultaneously achieve data access control, authority sharing between compatible users, and protection of users' privacy during the access request process.
Location based spatial query processing in wireless broadcast environments(sy...Mumbai Academisc
This document discusses a novel approach for reducing latency in answering location-based spatial queries (LBSQs) in wireless broadcast environments. The approach uses peer-to-peer sharing to process queries using results cached in neighboring mobile peers, without requiring delay to communicate with a server. It maintains high scalability and accuracy while decreasing latency. The feasibility of the approach is demonstrated through probabilistic analysis and simulation results showing decreased latency as the number of clients increases.
Oruta: Privacy-Preserving Public Auditing for Shared Data in the CloudMigrant Systems
This document proposes a new mechanism called Oruta that allows privacy-preserving public auditing of shared data stored in the cloud. It utilizes ring signatures to construct homomorphic authenticators, allowing a third party auditor to verify the integrity of shared data for a group of users without revealing the identity of the signer on each data block. Oruta also supports batch auditing of multiple datasets and fully dynamic operations on shared data through the use of index hash tables. The mechanism aims to achieve public auditing, correctness, unforgeability, and identity privacy during the auditing process.
Privacy preserving optimal meeting location determination on mobile devicesIGEEKS TECHNOLOGIES
This paper proposes privacy-preserving algorithms for determining an optimal meeting location for a group of users. It addresses the privacy issues in location-based services (LBS) that require sharing of user locations. Two algorithms are presented that allow each user to provide a single location preference to the solver while preserving privacy from other users and the service provider. The paper evaluates the security and privacy of the algorithms through theoretical analysis and implementation on mobile devices. A user study provides insights into privacy concerns with LBS and the usability of the proposed solutions.
Privacy preserving optimal meeting location determination on mobile devicesAdz91 Digital Ads Pvt Ltd
The document proposes privacy-preserving algorithms for determining an optimal meeting location for a group of users. It aims to solve this fair rendezvous point (FRVP) problem in a way that protects users' location privacy from both other users and third-party service providers. The algorithms utilize homomorphic encryption to privately compute the meeting point from users' location preferences without revealing those preferences. The document evaluates the privacy and performance of the algorithms through both theoretical analysis and prototype implementation on mobile devices.
Privacy - Preserving Reputation with Content Protecting Location Based Queriesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Privacy preserving relative location based services for mobile usersLeMeniz Infotech
Privacy preserving relative location based services for mobile users
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Web : http://www.lemenizinfotech.com
Web : http://www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Blog : http://ieeeprojectspondicherry.weebly.com
Blog : http://www.ieeeprojectsinpondicherry.blogspot.in/
Youtube:https://www.youtube.com/watch?v=eesBNUnKvws
LocX is a system that provides location privacy in geo-social applications without adding uncertainty to location data or relying on assumptions about server security. It applies secure, user-specific coordinate transformations to location data before sharing with servers. Friends share the same transformation secrets, allowing location queries to be correctly evaluated by servers, while preventing servers from seeing actual location data. LocX guarantees privacy even against powerful adversaries, and prototypes show it provides privacy with little performance overhead for mobile devices.
LocX is a system that provides improved location privacy for users of geo-social applications. It decouples a user's real-world location from the location data shared with servers through the use of coordinate transformations and encryption. Users generate mappings between transformed locations and encrypted indexes (L2I) that are stored on an index server via proxies, as well as mappings between indexes and encrypted location data (I2D) stored directly on a data server. This allows users to query for friends' location data based on transformed coordinates while preserving the privacy of their real locations.
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICESnexgentechnology
This document proposes a user-defined privacy grid system called Dynamic Grid System (DGS) to provide privacy-preserving location-based services. DGS uses a semi-trusted third party called a query server to process user requests while preserving the privacy of user locations. It divides query processing between the query server and service provider. Experimental results show DGS is more efficient than existing techniques requiring a fully-trusted third party, providing better privacy guarantees with lower communication and computation costs.
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICES - IEE...Nexgen Technology
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Privacy Preservation And Data Security In Location Based ServicesEditorJST
This document summarizes a research paper about preserving privacy and security in location-based services. It proposes a two-stage approach using oblivious transfer and a data retrieval phase to allow a user to query a database without revealing their identity or location to the server. The data on the server is encrypted for security. An intermediate service provider acts as a trusted third party to facilitate the private queries. If data is attacked, it can be recovered from a secondary server using message authentication codes to detect changes. The goal is to let users access location data privately while also protecting the server's data.
User defined privacy grid system for continuous location based services abstractSoftroniics india
This document proposes a user-defined privacy grid system (DGS) to provide privacy-preserving location-based services. Existing systems rely on a fully-trusted third party or only achieve regional location privacy. The proposed DGS uses a semi-trusted third party (query server) that does not store or access user locations. It allows users to define a query area and grid structure. The system encrypts location information and grid cell identifiers during communication between the user, query server, and service provider to match points of interest to the user while preserving privacy. Experimental results show it is more efficient than state-of-the-art techniques for continuous location-based services.
Securing Location of User in Geo Social NetworkingIRJET Journal
The document describes a technique called LocX that aims to improve location privacy in geo-social networks without adding uncertainty to query results. LocX works by having each user apply a secret coordinate transformation to their actual locations before sharing them with the server. This allows queries to be evaluated correctly by the user while preventing servers from seeing users' actual location data. The technique is designed to provide strong location privacy even against powerful attackers and to be efficient enough for use on mobile devices.
User defined privacy grid system for continuous location-based servicesLeMeniz Infotech
User defined privacy grid system for continuous location-based services
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Web : http://www.lemenizinfotech.com
Web : http://www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Blog : http://ieeeprojectspondicherry.weebly.com
Blog : http://www.ieeeprojectsinpondicherry.blogspot.in/
Youtube:https://www.youtube.com/watch?v=eesBNUnKvws
This document proposes a user-centric approach called MobiCrowd to improve location privacy in location-based services. MobiCrowd allows mobile users to collaborate by storing each other's location information and responding to queries, hiding users from the location server unless no collaborative peers have the requested information. An epidemic model is developed to analyze how parameters like query rates and data lifetime affect privacy. Results show MobiCrowd hides a high fraction of queries, significantly enhancing privacy, and implementation shows it is lightweight with negligible collaboration costs.
This document discusses privacy concerns when collaboratively publishing horizontally partitioned data from multiple data providers. It introduces the concept of an "m-adversary", which is a group of up to m colluding data providers. It also introduces the notion of "m-privacy", which guarantees anonymity against such m-adversaries. The paper then presents algorithms for efficiently checking m-privacy while maximizing data utility and handling different m-adversary attack scenarios. Experiments on real datasets show the approach achieves better utility and efficiency than existing methods while providing m-privacy guarantees.
Hiding in the mobile crowd location privacy through collaborationLeMeniz Infotech
Hiding in the mobile crowd location privacy through collaboration
Location-aware smartphones support various location-based services (LBSs): users query the LBS server and learn on the fly about their surroundings. However, such queries give away private information, enabling the LBS to track users. A user-collaborative privacy-preserving approach is proposed for LBSs. This solution does not require changing the LBS server architecture and does not assume third party servers; yet, it significantly improves users’ location privacy. The gain stems from the collaboration of mobile devices: they keep their context information in a buffer and pass it to others seeking such information.
Privacy preserving location sharing services for social networks(1)Kamal Spring
A common functionality of many location-based social networking applications is a location sharing service that allows a group of friends to share their locations. With a potentially un-trusted server, such a location sharing service may threaten the privacy of users. Existing solutions for Privacy-Preserving Location Sharing Services (PPLSS) require a trusted third party that has access to the exact location of all users in the system or rely on expensive algorithms or protocols in terms of computational or communication overhead. Other solutions can only provide approximate query answers. To overcome these limitations, we propose a new encryption notion, called Order-Retrievable Encryption (ORE), for PPLSS for social networking applications. The distinguishing characteristics of our PPLSS are that it allows a group of friends to share their exact locations without the need of any third party or leaking any location information to any server or users outside the group, achieves low computational and communication cost by allowing users to receive the exact location of their friends without requiring any direct communication between users or multiple rounds of communication between a user and a server, provides efficient query processing by designing an index structure for our ORE scheme, supports dynamic location updates, and provides personalized privacy protection within a group of friends by specifying a maximum distance where a user is willing to be located by his/her friends. Experimental results show that the computational and communication cost of our PPLSS is much better than the state-of-the-art solution.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
This document summarizes a proposed cloud security and data integrity framework that provides client accountability. The framework aims to address issues like lack of user control over cloud data, need for data transparency and tracking, and ensuring data integrity. It proposes using JAR (Java Archive) files for data sharing due to benefits like portability. The framework incorporates client-side verification using MD5 hashing, digital signature-based authentication of JAR files, and use of HMAC to ensure data integrity. It also uses password-based encryption of log files to keep them tamper-proof. The framework is intended to provide both accountability and security for data sharing in cloud environments.
4.authentication and key agreement based on anonymous identity for peer to-pe...Venkat Projects
The document proposes a peer-to-peer cloud authentication and key agreement (PCAKA) scheme based on anonymous identity to enable secure data migration between cloud servers. The scheme uses elliptic curve cryptography without a trusted authority to establish session keys between cloud providers. It protects server and user privacy through anonymous identities while enabling identity traceability for malicious servers. The proposed approach aims to develop trust between clouds and facilitate efficient cross-cloud data migration for mobile users.
PERTURBED ANONYMIZATION: TWO LEVEL SMART PRIVACY FOR LBS MOBILE USERS cscpconf
The use of smart mobile devices like tablets, smart phones and navigational gadgets provide
most promising communication and better services to mobile users. Location Based Services
(LBS) have become very common in recent years. Mobile users submit their location dependent
queries to the untrusted LBS server to acquire a particular service. Ideally, user’s personal
information such as location data is supposed to be protected while communicating to LBS and
at the same time quality of service must be maintained. Therefore, there is a need to have a
balanced trade-off between privacy and quality of service. To fulfil such trade-off, this paper
proposes a solution that first forms the cloaking region at mobile device, perform perturbation
to handle the problem of trusted third party and the anonymizer further anonymizes the location
to remove the problem of enough users required to form the cloaking region. The proposed
approach protects the location privacy of the user and also maintains the quality of service by
selecting appropriate service to the particular user. The proposed algorithm provides two-level
location protection to the user, and thus ensures smart mobility of the LBS user.
LPM: A DISTRIBUTED ARCHITECTURE AND ALGORITHMS FOR LOCATION PRIVACY IN LBSIJNSA Journal
Recent advances in mobile communication and development of sophisticated equipments lead to the wide spread use of Location Based Services (LBS). A major concern for large-scale deployment of LBSs is the potential abuse of their client location data, which may imply sensitive personal information. Protecting location information of the mobile user is challenging because a location itself may reveal user identity. Several schemes have been proposed for location cloaking. In our paper, we propose a generic Enhanced Location Privacy Model (LPM), which describes the concept, the architecture, algorithms and the functionalities for location privacy in LBS. As per the architecture, the system ensures location privacy, without trusting anybody including the peers or LBS servers. The system is fully distributed and evaluation shows its efficiency and high level of privacy with QoS
The document proposes a privacy-preserving reputation system for location-based queries. It aims to allow users to query a database of location data (points of interest) while protecting their location information and preventing unauthorized access. The system uses an adaptive oblivious transfer protocol for secure data transmission between the user and location server. It also establishes a secure communication mechanism using encryption and decryption during the data retrieval process. Additionally, the system incorporates a privacy-preserving reputation technique using authorization rules and data integrity checks to control misleading data and ensure data accuracy. The experimental results show that the proposed system using elliptic curve cryptography encryption has lower overhead and delay than existing systems using RSA encryption for private information retrieval.
Privacy - Preserving Reputation with Content Protecting Location Based Queriesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Privacy preserving relative location based services for mobile usersLeMeniz Infotech
Privacy preserving relative location based services for mobile users
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Web : http://www.lemenizinfotech.com
Web : http://www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Blog : http://ieeeprojectspondicherry.weebly.com
Blog : http://www.ieeeprojectsinpondicherry.blogspot.in/
Youtube:https://www.youtube.com/watch?v=eesBNUnKvws
LocX is a system that provides location privacy in geo-social applications without adding uncertainty to location data or relying on assumptions about server security. It applies secure, user-specific coordinate transformations to location data before sharing with servers. Friends share the same transformation secrets, allowing location queries to be correctly evaluated by servers, while preventing servers from seeing actual location data. LocX guarantees privacy even against powerful adversaries, and prototypes show it provides privacy with little performance overhead for mobile devices.
LocX is a system that provides improved location privacy for users of geo-social applications. It decouples a user's real-world location from the location data shared with servers through the use of coordinate transformations and encryption. Users generate mappings between transformed locations and encrypted indexes (L2I) that are stored on an index server via proxies, as well as mappings between indexes and encrypted location data (I2D) stored directly on a data server. This allows users to query for friends' location data based on transformed coordinates while preserving the privacy of their real locations.
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICESnexgentechnology
This document proposes a user-defined privacy grid system called Dynamic Grid System (DGS) to provide privacy-preserving location-based services. DGS uses a semi-trusted third party called a query server to process user requests while preserving the privacy of user locations. It divides query processing between the query server and service provider. Experimental results show DGS is more efficient than existing techniques requiring a fully-trusted third party, providing better privacy guarantees with lower communication and computation costs.
USER-DEFINED PRIVACY GRID SYSTEM FOR CONTINUOUS LOCATION-BASED SERVICES - IEE...Nexgen Technology
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Privacy Preservation And Data Security In Location Based ServicesEditorJST
This document summarizes a research paper about preserving privacy and security in location-based services. It proposes a two-stage approach using oblivious transfer and a data retrieval phase to allow a user to query a database without revealing their identity or location to the server. The data on the server is encrypted for security. An intermediate service provider acts as a trusted third party to facilitate the private queries. If data is attacked, it can be recovered from a secondary server using message authentication codes to detect changes. The goal is to let users access location data privately while also protecting the server's data.
User defined privacy grid system for continuous location based services abstractSoftroniics india
This document proposes a user-defined privacy grid system (DGS) to provide privacy-preserving location-based services. Existing systems rely on a fully-trusted third party or only achieve regional location privacy. The proposed DGS uses a semi-trusted third party (query server) that does not store or access user locations. It allows users to define a query area and grid structure. The system encrypts location information and grid cell identifiers during communication between the user, query server, and service provider to match points of interest to the user while preserving privacy. Experimental results show it is more efficient than state-of-the-art techniques for continuous location-based services.
Securing Location of User in Geo Social NetworkingIRJET Journal
The document describes a technique called LocX that aims to improve location privacy in geo-social networks without adding uncertainty to query results. LocX works by having each user apply a secret coordinate transformation to their actual locations before sharing them with the server. This allows queries to be evaluated correctly by the user while preventing servers from seeing users' actual location data. The technique is designed to provide strong location privacy even against powerful attackers and to be efficient enough for use on mobile devices.
User defined privacy grid system for continuous location-based servicesLeMeniz Infotech
User defined privacy grid system for continuous location-based services
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Web : http://www.lemenizinfotech.com
Web : http://www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Blog : http://ieeeprojectspondicherry.weebly.com
Blog : http://www.ieeeprojectsinpondicherry.blogspot.in/
Youtube:https://www.youtube.com/watch?v=eesBNUnKvws
This document proposes a user-centric approach called MobiCrowd to improve location privacy in location-based services. MobiCrowd allows mobile users to collaborate by storing each other's location information and responding to queries, hiding users from the location server unless no collaborative peers have the requested information. An epidemic model is developed to analyze how parameters like query rates and data lifetime affect privacy. Results show MobiCrowd hides a high fraction of queries, significantly enhancing privacy, and implementation shows it is lightweight with negligible collaboration costs.
This document discusses privacy concerns when collaboratively publishing horizontally partitioned data from multiple data providers. It introduces the concept of an "m-adversary", which is a group of up to m colluding data providers. It also introduces the notion of "m-privacy", which guarantees anonymity against such m-adversaries. The paper then presents algorithms for efficiently checking m-privacy while maximizing data utility and handling different m-adversary attack scenarios. Experiments on real datasets show the approach achieves better utility and efficiency than existing methods while providing m-privacy guarantees.
Hiding in the mobile crowd location privacy through collaborationLeMeniz Infotech
Hiding in the mobile crowd location privacy through collaboration
Location-aware smartphones support various location-based services (LBSs): users query the LBS server and learn on the fly about their surroundings. However, such queries give away private information, enabling the LBS to track users. A user-collaborative privacy-preserving approach is proposed for LBSs. This solution does not require changing the LBS server architecture and does not assume third party servers; yet, it significantly improves users’ location privacy. The gain stems from the collaboration of mobile devices: they keep their context information in a buffer and pass it to others seeking such information.
Privacy preserving location sharing services for social networks(1)Kamal Spring
A common functionality of many location-based social networking applications is a location sharing service that allows a group of friends to share their locations. With a potentially un-trusted server, such a location sharing service may threaten the privacy of users. Existing solutions for Privacy-Preserving Location Sharing Services (PPLSS) require a trusted third party that has access to the exact location of all users in the system or rely on expensive algorithms or protocols in terms of computational or communication overhead. Other solutions can only provide approximate query answers. To overcome these limitations, we propose a new encryption notion, called Order-Retrievable Encryption (ORE), for PPLSS for social networking applications. The distinguishing characteristics of our PPLSS are that it allows a group of friends to share their exact locations without the need of any third party or leaking any location information to any server or users outside the group, achieves low computational and communication cost by allowing users to receive the exact location of their friends without requiring any direct communication between users or multiple rounds of communication between a user and a server, provides efficient query processing by designing an index structure for our ORE scheme, supports dynamic location updates, and provides personalized privacy protection within a group of friends by specifying a maximum distance where a user is willing to be located by his/her friends. Experimental results show that the computational and communication cost of our PPLSS is much better than the state-of-the-art solution.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
This document summarizes a proposed cloud security and data integrity framework that provides client accountability. The framework aims to address issues like lack of user control over cloud data, need for data transparency and tracking, and ensuring data integrity. It proposes using JAR (Java Archive) files for data sharing due to benefits like portability. The framework incorporates client-side verification using MD5 hashing, digital signature-based authentication of JAR files, and use of HMAC to ensure data integrity. It also uses password-based encryption of log files to keep them tamper-proof. The framework is intended to provide both accountability and security for data sharing in cloud environments.
4.authentication and key agreement based on anonymous identity for peer to-pe...Venkat Projects
The document proposes a peer-to-peer cloud authentication and key agreement (PCAKA) scheme based on anonymous identity to enable secure data migration between cloud servers. The scheme uses elliptic curve cryptography without a trusted authority to establish session keys between cloud providers. It protects server and user privacy through anonymous identities while enabling identity traceability for malicious servers. The proposed approach aims to develop trust between clouds and facilitate efficient cross-cloud data migration for mobile users.
PERTURBED ANONYMIZATION: TWO LEVEL SMART PRIVACY FOR LBS MOBILE USERS cscpconf
The use of smart mobile devices like tablets, smart phones and navigational gadgets provide
most promising communication and better services to mobile users. Location Based Services
(LBS) have become very common in recent years. Mobile users submit their location dependent
queries to the untrusted LBS server to acquire a particular service. Ideally, user’s personal
information such as location data is supposed to be protected while communicating to LBS and
at the same time quality of service must be maintained. Therefore, there is a need to have a
balanced trade-off between privacy and quality of service. To fulfil such trade-off, this paper
proposes a solution that first forms the cloaking region at mobile device, perform perturbation
to handle the problem of trusted third party and the anonymizer further anonymizes the location
to remove the problem of enough users required to form the cloaking region. The proposed
approach protects the location privacy of the user and also maintains the quality of service by
selecting appropriate service to the particular user. The proposed algorithm provides two-level
location protection to the user, and thus ensures smart mobility of the LBS user.
LPM: A DISTRIBUTED ARCHITECTURE AND ALGORITHMS FOR LOCATION PRIVACY IN LBSIJNSA Journal
Recent advances in mobile communication and development of sophisticated equipments lead to the wide spread use of Location Based Services (LBS). A major concern for large-scale deployment of LBSs is the potential abuse of their client location data, which may imply sensitive personal information. Protecting location information of the mobile user is challenging because a location itself may reveal user identity. Several schemes have been proposed for location cloaking. In our paper, we propose a generic Enhanced Location Privacy Model (LPM), which describes the concept, the architecture, algorithms and the functionalities for location privacy in LBS. As per the architecture, the system ensures location privacy, without trusting anybody including the peers or LBS servers. The system is fully distributed and evaluation shows its efficiency and high level of privacy with QoS
The document proposes a privacy-preserving reputation system for location-based queries. It aims to allow users to query a database of location data (points of interest) while protecting their location information and preventing unauthorized access. The system uses an adaptive oblivious transfer protocol for secure data transmission between the user and location server. It also establishes a secure communication mechanism using encryption and decryption during the data retrieval process. Additionally, the system incorporates a privacy-preserving reputation technique using authorization rules and data integrity checks to control misleading data and ensure data accuracy. The experimental results show that the proposed system using elliptic curve cryptography encryption has lower overhead and delay than existing systems using RSA encryption for private information retrieval.
A Survey of Privacy-Preserving Algorithms for Finding meeting point in Mobile...IJERA Editor
Location privacy in Location Based Services (LBS) is the capability to protect the connection between user’s identity, uncertainty sources, servers and database, thereby restraining an impending attacker from conveniently linking users of LBS to convinced locations. Smart Phones have become most important gadget for maintaining the daily activities, highly interconnected urban population is also increasingly dependent on these gadgets to regulate and schedule their daily lives. These applications often depend on current location of user or a class of user. Use of Smart Mapping technology is also increasing in large area; this system provides an easy attainable online platform that can be used for accessing many services. This survey paper projects the privacy-preserving algorithm to find the most favorable meeting location for a class of users. GSM calculates the location of all users.
IRJET- Quantify Mutually Dependent Privacy Risks with Locality DataIRJET Journal
This document discusses how co-location information shared on social networks can threaten users' location privacy by enabling more accurate localization of users' locations over time. It formalizes the problem of quantifying privacy risks from co-location data and location information, and proposes optimal and approximate localization attack algorithms to incorporate co-location data. Experimental evaluations on mobility trace data show that considering a single friend's co-locations can decrease a user's median location privacy by up to 62%. Differential privacy perspectives are also discussed. The study aims to quantify the effect of co-location information on location privacy risks.
Anonymous Usage of Location-Based Services Through Spatial and.docxrossskuddershamus
Anonymous Usage of Location-Based Services Through Spatial and
Temporal Cloaking
Marco Gruteser and Dirk Grunwald
Department of Computer Science
University of Colorado at Boulder
Boulder, CO 80309
{gruteser,grunwald}@cs.colorado.edu
Abstract
Advances in sensing and tracking technology enable
location-based applications but they also create signif-
icant privacy risks. Anonymity can provide a high de-
gree of privacy, save service users from dealing with
service providers’ privacy policies, and reduce the ser-
vice providers’ requirements for safeguarding private in-
formation. However, guaranteeing anonymous usage of
location-based services requires that the precise location
information transmitted by a user cannot be easily used
to re-identify the subject. This paper presents a mid-
dleware architecture and algorithms that can be used by
a centralized location broker service. The adaptive al-
gorithms adjust the resolution of location information
along spatial or temporal dimensions to meet specified
anonymity constraints based on the entities who may
be using location services within a given area. Using
a model based on automotive traffic counts and carto-
graphic material, we estimate the realistically expected
spatial resolution for different anonymity constraints.
The median resolution generated by our algorithms is
125 meters. Thus, anonymous location-based requests
for urban areas would have the same accuracy currently
needed for E-911 services; this would provide sufficient
resolution for wayfinding, automated bus routing ser-
vices and similar location-dependent services.
1 Introduction
Improvements in sensor and wireless communication
technology enable accurate, automated determination
and dissemination of a user’s or object’s position [1, 2].
There is an immense interest in exploiting this positional
data through location-based services (LBS) [3, 4, 5, 6].
For instance, LBSs could tailor their functionality to the
user’s current location, or vehicle movement data would
improve traffic forecasting and road planning.
However, without safeguards, extensive deployment
of these technologies endangers users’ location privacy
and exhibits significant potential for abuse [7, 8, 9].
Common privacy principles demand, among others, user
consent, purpose binding,1 and adequate data protection
1 When seeking user consent, data collectors need to explain the spe-
cific purpose for which the data will be used. Subsequent use for other
purposes is prohibited without additional user approval.
for collection and usage of personal information [10].
Complying with these principles generally requires no-
tifying users (data subjects) about the data collection and
the purpose through privacy policies; it also entails im-
plementing security measures to ensure that collected
data is only accessed for the agreed-upon purpose.
This paper investigates a complimentary approach that
concentrates on the principle of minimal collection. In
this approach.
Cloaking Areas Location Based Services Using Dynamic Grid System & Privacy En...IJMTST Journal
Due to the large increasing use of Location Based Services (LBS), which require personal data of the user to provide the continuous service, protecting the privacy of these data has become a challenge. An approach to preserving a privacy is through anonymity, by hiding the identity and user location data of the mobile device from the service provider(third party) or from any unauthorized party who has access at the user’s request .Considering the challenge mentioned, in this paper gives a classification according to the Architecture, approaches and techniques used in previous works, and presents a survey of solutions to provide anonymity in LBS including the open issues or possible improvements to current solutions. All of this, in order to provide guidelines for choosing the best solution approach to a specific scenery in which anonymity is required.
This document summarizes a research paper on generating random regions in a spatial cloaking algorithm to preserve location privacy. The paper proposes two algorithms - the first provides a direct list of locations ordered by proximity, while the second generates regions of different shapes to minimize the chances of a user's location being disclosed. Spatial cloaking techniques blur a user's exact location into a cloaked region to satisfy privacy requirements like k-anonymity. The paper presents a system model where users communicate directly with location-based services instead of through peers, and describes how queries are processed by the services to search for points of interest within cloaked regions.
JPJ1437 Exploiting Service Similarity for Privacy in Location-Based Search Q...chennaijp
We are good IEEE java projects development center in Chennai and Pondicherry. We guided advanced java technologies projects of cloud computing, data mining, Secure Computing, Networking, Parallel & Distributed Systems, Mobile Computing and Service Computing (Web Service).
For More Details:
http://jpinfotech.org/final-year-ieee-projects/2014-ieee-projects/java-projects/
A survey on hiding user privacy in location based services through clusteringeSAT Journals
Abstract Smartphone’s are being more and more popular as the technology being evolve. The Smartphone’s are capable of providing the location aware services like GPS. They share all the location information with the central location server. When user submit any query then these query also carries some personal information of the user. This query and information is then submitted to the LGS server. At the LBS server this information is not much confidential. Someone can use this information to make user panic. To overcome this we are proposing the new collaborative approach to hide user’s personal data from the LBS server. Our approach does not lead to make changes in the architecture of the LBS server. And we are also not going to use the third party server. Here we are going to use the other user’s device to search other users query so that other user can be get hide from the LBS server. Keywords: Mobile networks, location-based services, location privacy, Bayesian inference attacks, epidemic models
DESIGN AND ANALYSIS OF DKRINGA PROTOCOL FOR LOCATION PRIVACY IN TRUSTED ENVIR...ijsptm
Originally K-anonymity principle was first used in relational databases to tackle the problem of data anonymity. In earlier protection techniques K threshold is used as personalization factor for mobile users. In case, K users are not present around needy client mobile user, query can be delayed and thus it will not help to achieve the Quality of service parameter. Moreover, authors have adopted methodology that if K-1
additional travelling users or queries are not seen by needy users, dummies are populated in the environment to improve the quality of service. Earlier architectures shows poor usage of K-principle, cryptography and cloaking space, which leads to threat during communication, more communication cost,
more computation cost. We present here enhanced privacy model in a trustworthy third party privacy context that employs the notion of K-anonymity. In this work, enhanced algorithms are introduced, that guarantees a success of Location Based Services (LBS) query replies coming back to mobile client. Client sends the query to the anonymization server (AS), where this server cloaks the users with other at least K
users. Our novelty in the experiment is that we have introduced cryptography from client to AS, modified
earlier algorithms for Ring-Band approach, smart location updates and simulated the scaled experiment in populated cities environment. The AS add the dummies but creates ring-band cloaking area and sends it to LBS server. Cryptography adds some time however ring-band approach reduces communication overhead. We have studied the performance with variation of different parameters. The response from LBS comes to AS with Point of Interests (POIs) along the ring-band. After which AS filters for precise POIs and sends reply to mobile client. With ring-band approach we may also skip the AS and have client to LBS approach directly but without identity protection.
Need a project proposal for my computer science 3 course. I dont eve.pdfaristogifts99
Need a project proposal for my computer science 3 course. I dont even know where to start.
Need a unique program proposal as well as the program itself with all header files,
implementation files, and source files. Also need it commented.
In the proposal, describe what you intend to do for your project in terms of:
-general description of the problem you will be solving
-itemized list of use cases
-list of parameters that will be part of the user interface
-what structures and algorithms will you be using
Your proposal should be submitted as a Word document giving your name, project title and four
sections for each of the bulleted items listed above. Each section should have one paragraph
summarizing the section, followed by text or bullets detailing them. At the end should be a
References section that lists any outside sources (such as a particular implementation or problem
or code library) you plan on using.
Solution
HIDING IN THE MOBILE CROWD LOCATION PRIVACY THROUGH COLLABORATION
ABSTRACT
Location-aware smartphones support various location-based services (LBSs): users query the
LBS server and learnon the fly about their surroundings. However, such queries give away
private information, enabling the LBS to track users. A user-collaborative privacy-preserving
approach is proposed for LBSs. This solution does not requirechanging the LBS server
architecture and does not assume third party servers; yet, it significantly improves users’
locationprivacy. The gain stems from the collaboration of mobile devices: they keep their context
information in a buffer and pass it toothers seeking such information. Thus, a user remains
hidden from the server, unless all the collaborative peers in the vicinity lackthe sought
information. A novel epidemic model is developed to capture possibly time-dependent,dynamics
of information propagation among users. Used in the Bayesian inference framework, this model
helps analyze theeffects of various parameters, such as users’ querying rates and the lifetime of
context information, on users’ location privacy.The results show that our scheme hides a high
fraction of location-based queries, thus significantly enhancing users’ locationprivacy. Finally,
implementation indicates that it is lightweight and the cost of collaboration is negligible.
EXISTING SYSTEM
To enhance privacy for LBS users several solutions have been proposed and two main
categories are
Centralizedand
User-centric
Centralized approaches
Centralized approaches introduce a third party inthe system, which protects users’ privacy by
operatingbetween the user and the LBS. Such an intermediaryproxy server could anonymize
queriesby removing any information that identifies the useror her device.
It could blend a user’squery with those of other users, so that the LBS serveralways sees a group
of queries.
User-centric approaches
User-centric approaches operate on the device. Typicallythey aim to blur the location
information by,for example, having the user’s s.
The document presents a novel attack model called Viterbi attack and a new metric called transition entropy to evaluate dummy-based location privacy preservation algorithms. The Viterbi attack exploits side information about the likelihood of trajectories between locations to identify the actual location of a user. Transition entropy considers privacy in trajectories rather than just static locations. The paper also proposes a new algorithm called robust dummy generation (RDG) that improves resilience against Viterbi attacks while maintaining performance on other metrics. It evaluates RDG and the new metric on a real location dataset.
Prototyping the Future Potentials of Location Based Services in the Realm of ...IOSR Journals
This document discusses prototyping future potentials of location-based services in e-governance. It begins by defining ubiquitous computing, context-aware applications, and location-based services. It then outlines two classes of LBS - pull, where users actively request location-based data, and push, where networks proactively provide information to users. The document also describes the key components of an LBS communication model, including user devices, communication networks, positioning systems, application servers, and data servers. Lastly, it discusses challenges with incorporating location and context into existing governance models.
JPD1435 Preserving Location Privacy in Geosocial Applicationschennaijp
We have best 2014 free dot not projects topics are available along with all document, you can easy to find out number of documents for various projects titles.
For More Details:
http://jpinfotech.org/final-year-ieee-projects/2014-ieee-projects/dot-net-projects/
IDP: A Privacy Provisioning Framework for TIP Attributes in Trusted Third Par...Rida Qayyum
Location-Based Services (LBS) System is rapidly growing due to radio communication services with wireless mobile devices having a positioning component in it. LBS System offers location-based services by knowing the actual user position. A mobile user uses LBS to access services relevant to their locations. In order to provide Point of Interest (POI), LBS confronts numerous privacy related challenges in three different formats including Non-Trusted Third Party (NTTP), Trusted Third Party (TTP), and Mobile Peer-to-Peer (P2P). The current study emphasized the TTP based LBS system where the Location server does not provide full privacy to mobile users. In TTP based LBS system, a user’s privacy is concerned with personal identity, location information, and time information. In order to accomplish privacy under these concerns, state-of-the-art existing mechanisms have been reviewed. Hence, the aim to provide a promising roadmap to research and development communities for the right selection of privacy approach has achieved by conducting a comparative survey of the TTP based approaches. Leading to these privacy attributes, the current study addressed the privacy challenge by proposing a new privacy protection model named “Improved Dummy Position” (IDP) that protects TIP (Time, Identity, and Position) attributes under TTP LBS System. In order to validate the privacy level, a comparative analysis has been conducted by implementing the proposed IDP model in the simulation tool, Riverbed Modeler academic edition. The different scenarios of changing query transferring rate evaluate the performance of the proposed model. Simulation results demonstrate that our IDP could be considered as a promising model to protect user’s TIP attributes in a TTP based LBS system due to better performance and improved privacy level. Further, the proposed model extensively compared with the existing work.
This document summarizes a study on users' privacy concerns regarding location-based services on mobile phones. The study compared position-aware services, which use a device's knowledge of its own location, to location-tracking services, which rely on other parties tracking a user's location. While users found both types of services equally useful, location-tracking services generated more privacy concerns. The study concluded development should focus on position-aware services but location-tracking could succeed if users can easily turn location-tracking off.
SURVEY PAPER ON PRIVACY IN LOCATION BASED SEARCH QUERIES.ijiert bestjournal
Due to tremendous growth in mobile phones,the mark et for Location Based Services is growing fast. Man y mobile phone applications uses location based services suc h as nearest store finder,car navigation system et c. Location � Based Services provides services to mobile device u sers based on the location information as well as d ata profile of the users. Using these services mobile users retrie ve information about nearest POI. This involves loc ation and data profile of the user�s to be misused. In order to pr otect user�s private information many solutions ar e offered but most of them only addressed on snapshot and no supp ort for continuous query and MQMO .Some papers add ressed MQMO but fails to provide privacy. This paper focus es on MQMO and also protect user�s private informat ion using PIR (private information retrieval) .
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...IRJET Journal
1) The document proposes a new encryption scheme called Order-Retrievable Encryption (ORE) to protect user location privacy in location-based social networks.
2) ORE allows users to share their exact locations with friends without leaking location information to outside parties. It also enables efficient location queries with low computational and communication costs.
3) An experimental evaluation shows that the proposed privacy-preserving location sharing system using ORE has much lower computational and communication overhead compared to existing solutions.
This document proposes a system called MobiCrowd that enhances user location privacy for location-based services. MobiCrowd enables users to obtain location information from other nearby users rather than directly querying the location server. This prevents the server from tracking users' locations. The system relies on users collaboratively sharing cached location data with one another using wireless peer-to-peer connections. Simulations show that MobiCrowd is effective at hiding users' query locations from the server, thereby significantly improving users' privacy.
Similar to Exploiting Service Similarity for Privacy in Location Based Search Queries (20)
Secure Mining of Association Rules in Horizontally Distributed DatabasesMigrant Systems
This document proposes a new protocol for securely mining association rules from horizontally partitioned databases. It improves upon the previous leading protocol from Kantarcioglu and Clifton (2018) in three main ways:
1. It introduces two novel secure multi-party algorithms - one for computing the union of private subsets and one for testing set inclusion.
2. It offers enhanced privacy protections compared to the previous protocol. Specifically, it only leaks excess information to small coalitions of players rather than individual players.
3. It is simpler and more efficient, requiring fewer communication rounds and less communication and computation overall.
The key contribution is a new protocol for securely computing the union of private subsets held by
NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Net...Migrant Systems
The document proposes NICE, a network intrusion detection and countermeasure selection framework for virtual network systems. NICE uses attack graph models to detect multi-step attacks. It deploys lightweight agents on cloud servers to capture traffic and analyze vulnerabilities. Suspicious VMs are put in inspection state, where deep packet inspection and virtual network changes are applied to detect attacks without interrupting services. NICE uses software switching and programmable networking to dynamically configure intrusion detection and isolate compromised VMs. Evaluations show NICE efficiently detects attacks while minimizing overhead on cloud resources.
Supporting Privacy Protection in Personalized Web SearchMigrant Systems
This document proposes a framework called UPS that aims to protect user privacy in personalized web search systems while maintaining personalization utility. The framework consists of an online profiler on the client side that generalizes user profiles for queries in real-time according to user-specified privacy requirements. Two metrics are defined to evaluate personalization utility and privacy risk for generalized profiles. Algorithms are developed to generalize profiles by optimizing these conflicting metrics. Experiments demonstrate the effectiveness and efficiency of the framework in balancing privacy protection and personalization.
This document provides a course syllabus for a Java training course. The syllabus outlines topics that will be covered including an overview of object-oriented programming in Java, important Java concepts like static, final, interface and abstract classes, exception handling, collections, generics, threads, JDBC, and J2EE technologies like JSP, Servlets, Struts and XML. It also discusses fees structure for the course and notes it will take place on Saturdays, Sundays and weekdays, with registration fees of Rs. 1000 and remaining Rs. 4000 to be paid during classes.
Business intelligence (BI) is the analysis of raw data to provide useful information for business decision-making. BI tools transform large amounts of data from various sources into insights through data management, discovery, and reporting. Data management tools prepare data for analysis. Data discovery applications like data mining, OLAP, and predictive analytics help users find patterns. Reporting tools such as visualizations, dashboards, and scorecards present analyzed data to convey insights easily. There are many categories of BI tools from various vendors that organizations can use to transform data into strategic information.
The document describes a proposed patent search system that aims to improve the usability of patent searches. It discusses modules for login, query processing, error correction, query suggestion, ranking results, and partitioning patents. The goal is to make the search process easier for users by correcting errors, expanding queries, and efficiently retrieving the most relevant results. Key techniques include topic modeling for suggestions, error correction using tries, and partitioning patents into groups for faster searching.
Cloud Computing
Cloud Computing is the emerging concept and technology which extensively changed the structure of IT industry by decreasing the requirements of Software's, Licenses, Storage Space, Hardware etc.
This Presentation focus on wt is business intelligent and tool available in market and which is demand high in other competitor and details about cognos ...
Enhancing Access Privacy of Range Retrievals over B+TreesMigrant Systems
PB+tree is a privacy-enhancing index that conceals the order of leaf nodes in an encrypted B+ tree. It groups the tree nodes into buckets and uses homomorphic encryption to prevent adversaries from determining the exact nodes retrieved by range queries over the encrypted database, while balancing privacy with computational overhead. Experiments show PB+tree effectively impairs an adversary's ability to recover the B+ tree structure or deduce query ranges in different attack scenarios.
The document summarizes a study on protecting user privacy when querying encrypted databases. It first describes how an adversary can infer information about user queries by monitoring I/O activity, even with an encrypted database and B+ tree. It then proposes a PB+ tree index that conceals the order of leaf nodes to prevent the adversary from determining the exact nodes or query ranges accessed. Finally, it notes that PB+ tree balances privacy and computational overhead, and experiments show it effectively impairs the adversary's ability to learn the B+ tree structure or query ranges in different scenarios.
Enhancing access privacy of range retrievals over b+treesMigrant Systems
The document proposes a new index structure called PB+tree to enhance privacy for range queries over encrypted B+trees. It first shows that an adversary can infer the structure of an encrypted B+tree and query ranges by observing I/O patterns of range queries. PB+tree aims to conceal the ordering of leaf nodes by grouping nodes into buckets and using homomorphic encryption to obscure which exact nodes are retrieved. It balances privacy with computational overhead. Experiments show PB+tree effectively impairs the adversary's ability to deduce the B+tree structure and query ranges.
. In this paper, a user authentication protocol named Password is designed, that makes use of the customer’s cellular phone and short message service to ensure protection against password stealing attacks. Password requires a unique phone number that will be possessed by each participating website.
we propose here a novel system for protecting finger print privacy by combining two different fingerprints into a new identity. In the enrollment, two fingerprints are captured from two different fingers
Thus, a new virtual identity is created for the two different fingerprints, which can be matched using minutiae-based fingerprint matching technique.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Exploiting Service Similarity for Privacy in Location Based Search Queries
1. MigrantSystems
This is an author created version of the article. The original manuscript is
available from http://doi.ieeecomputersociety.org/10.1109/TPDS.2013.34.
2. MigrantSystems
1
Exploiting Service Similarity for Privacy in
Location Based Search Queries
Rinku Dewri, Member, IEEE, and Ramakrisha Thurimella
Abstract—Location-based applications utilize the positioning capabilities of a mobile device to determine the current location of a user,
and customize query results to include neighboring points of interests. However, location knowledge is often perceived as personal
information. One of the immediate issues hindering the wide acceptance of location-based applications is the lack of appropriate
methodologies that offer fine grain privacy controls to a user without vastly affecting the usability of the service. While a number of
privacy-preserving models and algorithms have taken shape in the past few years, there is an almost universal need to specify one’s
privacy requirement without understanding its implications on the service quality. In this paper, we propose a user-centric location-
based service architecture where a user can observe the impact of location inaccuracy on the service accuracy before deciding the
geo-coordinates to use in a query. We construct a local search application based on this architecture and demonstrate how meaningful
information can be exchanged between the user and the service provider to allow the inference of contours depicting the change in
query results across a geographic area. Results indicate the possibility of large default privacy regions (areas of no change in result
set) in such applications.
Index Terms—Privacy-supportive LBS, location privacy, service quality.
F
1 INTRODUCTION
THE consumer market for location-based services
(LBS) is estimated to grow from 2.9 billion dollars in
2010 to 10.4 billion dollars in 2015 [1]. While navigation
applications are currently generating the most significant
revenues, location-based advertising and local search
will be driving the revenues going forward. The legal
landscape, unfortunately, is unclear about what happens
to a subscriber’s location data. The non-existence of
regulatory controls have led to a growing concern about
potential privacy violations arising out of the usage
of a location-based application. While new regulations
to plug the loopholes are being sought, the privacy-
conscious user currently feels reluctant to adopt one of
the most functional business models of the decade.
Privacy and usability are two equally important re-
quirements for successful realization of a location-based
application. Privacy (location) is loosely defined as a
“personally” assessed restriction on when and where
someone’s position is deemed appropriate for disclosure.
To begin with, this is a very dynamic concept. Usability
has a two fold meaning—a) privacy controls should be
intuitive yet flexible, and b) the intended purpose of an
application is reasonably maintained. Towards this end,
prior research have led to the development of a number
of privacy criteria, and algorithms for their optimal
achievement. However, there is no known attempt to
bring into view the mutual interactions between the
accuracy of a location coordinate and the service quality
from an application using those coordinates. Therefore,
• R. Dewri and R. Thurimella are with the Department of Computer Science,
University of Denver, CO 80208, USA. Email:{rdewri,ramki}@cs.du.edu.
the question of what minimal location accuracy is re-
quired for a LBS application to function, remains open.
The common man’s question is: “how important is my
position to get me to the nearest coffee shop?”—which
unfortunately remains unanswered in the scientific com-
munity.
It is worth mentioning that a separate line of research
in analyzing anonymous location traces have revealed
that user locations are heavily correlated, and knowing
a few frequently visited locations can easily identify the
user behind a certain trace [2], [3]. The privacy breach
in these cases occurs because the location to identity
mapping results in a violation of user anonymity. The
proposal in this work attempts to prevent the reverse
mapping—from user identity to user location—albeit in
a user-controllable manner.
1.1 Related Work
Location obfuscation has been extensively investigated
in the context of privacy. Obfuscation has been earlier
achieved either through the use of dummy queries or
cloaking regions. In the dummy query method, a user
hides her actual query (with the true location) amongst
a set of additional queries with incorrect locations [4], [5].
The user’s actual location is one amongst the locations
in the query set. The additional processing overhead at
the LBS, resulting from the dummy queries, must be
addressed while using this method. Cheng et al. propose
a data model to augment uncertainty to location data
using circular regions around all objects [6]. They use im-
precise queries that hide the location of the query issuer
and yield probabilistic results. The results are modeled
as the amount of overlap between the query range and
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS VOL:25 NO:2 YEAR 2014
3. MigrantSystems
2
the circular region around the queried objects. Yiu et
al. propose an incremental nearest neighbor processing
algorithm to retrieve query results [7]. The process starts
with an anchor, a location different from that of the user,
and it proceeds until an accurate query result can be
reported. The work focuses on reducing the communi-
cation cost of the repeated querying mechanism.
Trusted third party based approaches rely on an
anonymizer that creates spatial regions to hide the true
location of users. The use of spatial and temporal cloak-
ing to obfuscate user locations was first proposed by
Gruteser and Grunwald [8]. Continuing on, Gedik and
Liu develop a location privacy architecture where each
user can specify maximum temporal and spatial toler-
ances for the cloaking regions [9]. Drawing inspiration
from the concept of k-anonymity in database privacy
[10], Gedik and Liu enforce a location k-anonymity
requirement while creating the cloaking regions. This
requirement ensures that the user will not be uniquely
located inside the region in a given period of time.
Ghinita et al. propose a decentralized architecture to
construct an anonymous spatial region, and eliminate
the need for the centralized anonymizer [11]. In their
approach, mobile nodes utilize a distributed protocol
to self-organize into a fault-tolerant overlay network,
from which a k-anonymous cloaking set of users can
be determined. Kalnis et al. propose that all obfuscation
methods should satisfy the reciprocity property [12].
This prevents inversion attacks where knowledge of
the underlying anonymizing algorithm can be used to
identify the actual object [13]. Parameter specification
remains the biggest hindrance to real world application
of these techniques. Even when a user has advanced
knowledge to comprehend the implications of a param-
eter setting on location privacy, the impact on service is
unknown in these approaches. Refer to Section 1 of the
supplementary file for additional literature review.
1.2 Contributions
Our contributions in this work are two-fold. First, we
propose a novel architecture for LBS applications that
is directed towards revealing privacy/utility trade-offs
to a user before an actual geo-tagged query is made.
Unlike a typical competitive architecture where the LBS
provider does not actively participate in making privacy
decisions, we envision a privacy-supportive LBS as a
provider willing to provide supplemental information
for making “informed” privacy decisions. An informed
decision implies that the LBS user operates under reason-
able knowledge about the service level implications of
revealing her location with a given degree of inaccuracy.
Under this platform, a user first obtains an overview
of the impact of using inaccurate locations in a certain
query. Thereafter, the actual query made to the service
provider is geo-tagged with a location that the user has
carefully chosen to balance result accuracy and location
privacy. We describe in Section 2 the underlying ratio-
nale, setting, expectations and components that go into
such an architecture. Refer to Section 2 of the supple-
mentary file for a separate study, which demonstrates
that users have the flexibility of adding significant noise
to their locations and still obtain accurate search results.
As our second contribution, we present in Section
3, a proof of concept design for a privacy-supportive
local search LBS. Given a search term (e.g. generic ones
such as “cafes”, and targeted ones such as “starbucks
coffee”) and a highly generalized user location (e.g. the
metropolitan city), the privacy-supportive LBS generates
a concise representation of the variation in the 10-nearest
neighbor result set as a hypothetical user moves across
the large metropolitan area. Once the representation is
communicated to the user, she can infer the geographic
variability that can be introduced in her location coordi-
nates to retrieve all or a subset of the result set. Our re-
sults, using a publicly available local business database,
indicate that the proposed approach can precisely reveal
the area boundaries within which the result set is fully
preserved (a default privacy level). Further, we observe
a high degree of precision in estimating the area bound-
aries when user requirements on result set accuracy are
relaxed (i.e. location sensitivity is hardened). Section 4
presents the empirical results to support these claims.
2 PRIVACY-SUPPORTIVE LBS
Future LBS architectures must make room for a service
provider to cooperate with the user in making sound
privacy decisions. There is a growing skepticism on how
a LBS provider handles (or might handle) location data.
If strong market adoption is an agenda item for these
businesses, then it becomes their responsibility to present
evidence that the sought location accuracy is indeed
a characteristic requirement of the application. Further,
regulatory enforcements on location data procurement,
and subsequent liability in the event of improper han-
dling, can make the collection of unnecessarily precise
geo-locations an unattractive choice. From a computa-
tional perspective, only the service provider maintains
the database of queried objects in real time. Therefore, it
is reasonable that differences (or similarities) in the out-
put of a query can be efficiently computed at the server
side. A user cannot make informed privacy decisions
without this computation. In light of these arguments,
a privacy-supportive LBS seems both appropriate and
important. Note that a simple opt-in LBS is not privacy-
supportive, since the implications of not using ones geo-
location is not available to the user.
2.1 Setting
The communication setting we assume includes one or
more users equipped with GPS-enabled devices, and a
LBS provider possessing a database of points-of-interest
(POI). These points-of-interest may be static, as in local
business listings, or dynamic, as in a friend-finder service
where users frequently check-in/out of the underlying
4. MigrantSystems
3
geo-tagged query
privacy profile
query result
user device
1. high-level derivation
3. service-similarity profile
2. query-output
similarity profiler
5. regular
query
processor
privacy-supportive LBS
DB
.
.
.
.
data structure
{
4. location perturbation
{
Figure 1. Communication order for a location-based query in the presence of a privacy-supportive LBS.
social-networking platform. Similar to in almost all op-
erating LBS applications, user access to the service is
augmented by a geographic tag identifying the position
of the user. Authentication may or may not be required
to use the service, although many applications claim to
be able to provide a better result set in the latter case. The
service itself may require other parameters to be spec-
ified, such as search keywords or profile descriptions.
The geographic tag in the query is typically the GPS-
coordinates of the user device, but can also be a carefully
crafted location as explained in the next subsection.
2.2 Architecture
The location disclosure mechanism in a privacy-
supportive LBS architecture employs an intermediate
communication with the LBS. A high-level schematic of
the communication pattern is depicted in Fig. 1. The user
device forwards the query to the LBS, albeit uses a high-
level generalization of the user’s geographic location
in it. This generalization may be derived as per user-
specification (say at the level of the city), or obtained
automatically from the location approximation that a
provider can infer using a cell-towers and wifi-access
points database1
. In response to this first query phase,
the user obtains a service-similarity profile. This profile is
a representation of the similarities in the query output
at different geographic locations. The exact form taken
by this profile, as well as the data structures employed
in computing this profile, may vary from application to
application. A location perturbation engine on the user
side then determines a noisy location to use based on the
user’s privacy profile and the retrieved service-similarity
profile. The LBS processes the query with respect to the
noisy location.
A user can manually interact with the service-
similarity profile to assess which locations have the high-
est (or acceptable) level of result set similarity, within
the constraints of the location noise she wants to infuse
1. Creating and updating cell-towers and wi-fi access point maps is
a costly affair. The businesses that do so (Skyhook, Google, Apple,
Navizon, etc.) often consider it proprietary. The legal standard for
accessing these databases is currently being litigated in a number of
cases (http://epic.org/privacy/location_privacy).
into the query. In this case, a good visualization of
the similarity profile is required. Although this is the
most flexible method of putting the trade-off information
to use, such high degree of interaction will affect the
usability of the application, specially when queries are
made frequently. Hence, we assume that action axioms
have been provided by the user to make the process
automatic. The privacy profile then states how a location
is to be selected for different categories of applications,
their importance, and the relative location sensitivity.
Policy specifications such as these, and their integration
into the decision making process, warrant an extensive
exploration. We will avoid this frontier in this work. A
naive approach is to allow the user to select a location
sensitivity level (much like choosing the ringer-state in
a mobile phone), assess query result accuracy at the
corresponding location granularity (using the similarity
profile), and notify the user if the accuracy drops below
a threshold. Note that the policy executes within a
user’s device and reveals little or no information on how
locations get chosen.
2.3 Privacy expectations and threat model
We interpret location privacy as the accuracy with which
an adversary can determine the position of a user. This
interpretation resembles the intuitive perception that a
location estimated closer to our true position is more
encroaching on our privacy than a relatively distant es-
timation. However, the privacy-supportive architecture
does not make any assumption on what is “distant” and
what is “close enough.” This is a significant departure
from statistical measures of privacy, where a statement
on “what is private” must be made pro-actively before
issuing the query. A privacy-supportive LBS does not
require this decision until the user determines the us-
ability of the information that would be revealed as a
result of the location disclosure, if at all. In light of this
difference, the architecture, its underlying algorithms,
or the service provider itself, cannot make any claims
on the enforced level of privacy. It only facilitates the
process to enforce personally desirable levels of location
privacy after careful consideration of its impact. On
similar grounds, we assume a threat model where the
5. MigrantSystems
4
provider is semi-honest (follows protocol but may be
curious). Note that, on one hand, even the weakest of
the adversaries may learn the precise locations of a
privacy-indifferent user (one who always reveals the true
location), while on the other, even the strongest of the
adversaries may learn nothing additional from a privacy-
paranoid user. A privacy-aware user would use the
system to her advantage, perhaps frequently revealing
accurate (not necessarily precise) positions, and occa-
sionally the heavily perturbed ones. An adversary who
can classify these locations as real or dummy, infers some
knowledge about the user’s whereabouts—however, this
is information that the user has opted to reveal in the
first place.
3 A LOCAL SEARCH APPLICATION
Mobile local search is demonstrating an upward market
trend, the gap with the desktop counterpart diminishing
in the next three years, and then rising further2
. Given
the penetration of web-enabled handheld devices in the
consumer market, it has become exceedingly common
for a user to instantly look up the information she
seeks to find. These search queries are estimated to
produce 27.8 billion more queries than desktop-search
by the year 2016. A vast majority of the users performing
mobile search seek access to information pertinent in
the locality of the query. Multiple LBS applications—e.g.
Where, AroundMe, MeetMoi, Skout and Loopt—have
spawned in the past few years to address this market
segment. In general, a local search application provides
information on local businesses, events, and/or friends,
weighted by the location of the query issuer. Location
and service accuracy trade-offs are clearly present in a
local search LBS. A privacy-supportive variant is there-
fore well-suited for this application class. Local search
results tend to cycle through periods of plateaus and
minor changes as one moves away from a specified
location. The plateaus provide avenues for relaxation in
the location accuracy without affecting service accuracy,
while the minor changes allow one to assess accuracy in
a continuous manner.
3.1 Problem statement
In the traditional usage of a local search application,
the user would communicate a search keyword to the
provider, and retrieve a ranked list of records matching
the search term. Let us denote the items that match
the search term in the points-of-interest database by
P = {P1, P2, ..., PN }. A ranking function R is applied
to this set and a top-k subset of the ranked results
is returned to the user. Since neighboring results are
considered more useful, the ranking function would
utilize the geo-location of the user. We use Rk(P, pos)
to collectively denote this result set when retrieved with
respect to the position pos.
2. Source: BIA/Kesley Press Releases, April 2012
1.0
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0.0
Figure 2. Hypothetical query result set similarity with the
user at the center of the area.
3.1.1 An ideal scenario
Let us next consider a hypothetical scenario where the
user has access to a matrix that shows the percentage
similarity of the result set with respect to the user’s
current location. In order to formalize this map, let us
superimpose a grid of r ⇥ c cells on a geographic area
G. In local search, it is sufficient to restrict focus to this
geographic area while determining the set P. The posi-
tion of the user in the grid is given as p = hx0, y0i. Let
Sim be a similarity function, defined in this application
as follows.
Sim(hx, yi, hx0
, y0
i) =
|Rk(P, hx, yi) Rk(P, hx0
, y0
i)|
k
.
For brevity, we will also use Rk(P, hx, yi) and
Rk(P, hx0
, y0
i) as arguments to the Sim function. Let
Sx0,y0
be a matrix of r rows and c columns, with
Sx0,y0 [i, j] = Sim(hx0, y0i, hi, ji)
Hence, Sx0,y0
is a cell-by-cell measure of the similarity
of the result set retrieved for the user’s position relative
to that retrieved for any other position in the grid. As
depicted in Fig. 2, this matrix allows the user to identify
cell boundaries where the result set similarity gradually
decreases from 100% to 0%. We can call them the service-
contour of the issued query. The innermost region in the
figure, Sx0,y0
= 1.0, is the default privacy region—the
user can claim to be anywhere in that region and yet
retrieve the same result set as she would do by using
her precise coordinates. The size of this default region is
a characteristic feature of the distribution of the points
in the set P across the grid.
The service-contour of a query reveals the regions
where a certain percentage of the top-k results is re-
tained. Given a certain requirement on the fraction of
results that must be retained (i.e. the utility that must
be maintained), the area of the corresponding region
is a measure of the privacy achievable by the user,
6. MigrantSystems
5
since a query originating from any point in the region
will return a result set with the desired utility. The
user can calculate these regions for any level of utility
requirement, which in other words imply that an overall
picture of the privacy/utility trade-offs is available to
the user for decision making. Trading between service
accuracy and location inaccuracy is then a question of
choosing a point in one of the demarcated regions.
Unfortunately, the user device cannot compute Sx0,y0
without access to P, which resides at the LBS provider.
The LBS cannot compute Sx0,y0
since it requires access to
the exact position hx0, y0i. The question we investigate
is: what form of information can the LBS provide to the
user to help infer the service-contour?
3.1.2 Service-contour inferencing
There exists a trivial solution to the raised question—
push the set P and the ranking function R to the
user, and perform the top-k ranking locally on the user
device. As one can see, this solution clearly ignores
underlying communication overheads and policies on
sharing business intelligence. Note that the set P is not
simply a collection of positions, but includes additional
attributes about the businesses located at those positions.
This could range from names, addresses, categories, sub-
categories, to specifics such as value, feedback scores,
and entire profiles of individuals with personal infor-
mation. The ranking function R is often a well-guarded
business secret on how these attributes are combined.
Another approach is to send a set of similarity matrices
to the user, one each corresponding to a specific coordi-
nate in the grid. The approach requires the computation
and transfer of an inordinate amount of information
(O(r2
c2
)). Given a geographic area, our objective is to
restrict the transfer of information to a bounded size, or
O(1). The service-contour inferencing problem is then
defined as follows.
Service-contour inferencing: Give a set of points P on
a geographic area (represented as a r ⇥ c grid), a ranking
function R, and a similarity function Sim, find functions
Enc and Dec such that
1) output T = Enc(P, R, Sim) is O(1) in size, and
2) assuming S0
x,y = Dec(T , hx, yi), with hx, yi being any
point on the grid, we have S0
x,y = Sx,y.
3.1.3 Approximate inferencing
Without the bounded size constraint, the service-contour
inferencing problem can be solved by computing the top-
k results for each point in the grid, and then conveying
an identification vector with respect to each point. An
identification vector uniquely identifies the k results
corresponding to a point. The service-contour can then
be exactly generated. This is an attractive choice pro-
vided the communication overhead is not exceedingly
high. Note that the top-k results induce a set of order
k Voronoi regions [14], [15], [16], each region sharing
a certain result set. Therefore, the information to be
V :
V1 {a,b,c,d,e}
V2 {a,b,c,f,g}
V3 {f,g,h,i,j}
VSim :
V1 V2 V3
V1 1 0.6 0
V2 0.6 1 0.4
V3 0 0.4 1
I :
1 1 1 2 2
1 1 1 2 2
1 1 2 2 2
1 1 2 3 3
3 3 3 3 3
Figure 3. Set V shows hypothetical top-5 result sets on
a 5 ⇥ 5 grid. I depicts which result set is applicable at a
point. VSim shows pairwise similarity of the 3 unique result
sets for the grid. The image is a compact representation
of I and VSim —grey color codes used are: 1-white=1.0,
2-grey=0.6 and 3-black=0.0.
conveyed may be highly compressible. We shall use the
communication overhead of this method as a benchmark
in the experimental analysis.
Consider a hypothetical scenario where the top-k re-
sults corresponding to a point can be represented by one
of V symbols. Further, a maximum entropy condition is
achieved under arbitrary distribution of the points in P
across the grid. Therefore, each symbol is equi-probable
(1/V ). Under this setting, no lossless compression of
the symbol sequence describing the top-k results across
the grid can achieve a compression level better than
log2 V bits per point, i.e. rclog2V bits for T . Assuming
a 320 ⇥ 320 grid on a 32 ⇥ 32km2
area (a point then
resembles a 100m ⇥ 100m area), and V = 1000 unique
top-k result sets generated for the points in this area,
this number is around 124.5KB. While this is not a large
data transfer in itself, repeated querying will result in
an accumulated overhead that is a significant fraction of
typical bandwidth limitations. We seek algorithms that
can avoid such a communication overhead (even in the
worst case); however, provide a good approximation of
Sx,y. Note that this observation assumes a worst case
scenario and only pertains to the ability to correctly de-
termine if two points have different (or the same) result
sets. Computing the similarity would involve encoding
additional identifier data corresponding to every set.
3.2 Privacy-supported local search
The crucial piece of information to infer the service-
contour is the similarity measure Sim that tells the
percentage overlap in the result sets from two points.
Given that the top-k result sets (the output of R) do not
always change as one moves from one point to the next,
the same calculation is performed (operates on same
data) by Sim for most pairs of points. Let us denote by V
the set of distinct outputs of R for the points of the grid,
i.e. V = {Rk(P, hx, yi)|1 x c, 1 y r}. Note that
the size of V is going to be comparatively smaller than
the size of the grid. Let VSim be a matrix that denotes
7. MigrantSystems
6
the Sim values on pairs of elements of V, i.e.
VSim[i, j] = Sim(Vi, Vj), Vi, Vj 2 V.
Next, we define a r ⇥ c index matrix I such that
I[i, j] = t implies Rk(P, hi, ji) = Vt, where Vt is a
member of V. Fig. 3 captures the relationship between
V, VSim and I. In the same figure, we also see another
representation of the three sets in the form of a 5 ⇥ 5
pixel image. The color of each pixel is indicative of points
having the same value in I. In addition, the similarity
measure, as computed in VSim, can be inferred from the
shades of the colors.
Sim(hx, yi, hx0
, y0
i) = 1 |color(x, y) color(x0
, y0
)|
For example, the result set similarity between the
points h3, 3i and h5, 5i is VSim[2, 3] = 0.4, which can
also be derived as 1 |0.6 0.0|. The advantage here
is that the similarity information is conveyed without
the need to communicate V. The representation is rather
straightforward in this example, but need not be so for
arbitrary V, VSim and I.
3.2.1 Multi-dimensional scaling
The example above involves determining three greyscale
color codes (values in [0, 1]) such that the Euclidean
distance between two values is proportional to the simi-
larity measurements given by VSim. The objective is not
different when VSim has a significantly more number
of entries. We adopt the classical method of multi-
dimensional scaling at this step. The multi-dimensional
scaling problem is stated as follows for the problem at
hand.
Multi-dimensional scaling: Given a set of top-k result
sets V = {V1, V2, ..., Vn} and a similarity matrix VSim, obtain
a set of n m-dimensional vectors c1, c2, ..., cn that minimizes
X
i<j
(Euc (ci, cj) (1 VSim[i, j]))
2
.
Euc is the Euclidean distance function. The scaling
happens from a k-dimensional space to a m-dimensional
space. For the case when a minimum value of zero exists
(and is found), the Euclidean distance between any two
vectors ci and cj is equal to the dissimilarity between
two result sets Vi and Vj. Such distance preserving
embedding of high dimensional data is readily useful
for data visualization. Numerical solvers for a multi-
dimensional scaling problem are included in most sta-
tistical packages. We use the implementation provided
in the cmdscale function of the R statistical package. The
implementation follows the analysis of Mardia [17]. We
use a value of m = 3 since it allows one to graphically
visualize the similarity trend in the form of a RGB color
image. Higher values of m allow for the possibility
of better distance preservation, but results in a larger
encoded size.
The Enc function based on 3-dimensional scaling then
operates as follows: each component of the ci vectors are
box
inscribed-
circle
user location
<x0,y0>
fill-out
erroneous
inclusion
push out
Figure 4. Heuristics for service-contour inferencing.
Shaded regions depict true areas with a given service
similarity. Output of fill-out is shown as a dashed-line
around the determined area.
normalized to the [0, 1] interval, and a r⇥c pixel image is
created with the RGB color of pixel (i, j) set to cI[i,j]. This
image is the output T produced by the Enc function
and communicated to the user. Although a vector ci can
take infinite values in [0, 1]3
, the number of possibilities
reduce to 16.7 million due to the color mapping. Fig.
1 in Appendix A (see supplementary file) illustrates an
example image created by Enc for 10-nearest Starbucks
coffee shop locations in the city of Los Angeles, CA (1024
square kilometers area centered around Los Angeles City
Hall).
3.2.2 Inferring the service-contour
In order to retrieve the service-contour from T , the Dec
function uses the location of the user hx0, y0i as a point
of reference for similarity comparison. Let Tx,y be the
RGB color vector at the (x, y) pixel in T . The Euclidean
distance between Tx0,y0
and the color vector Ti,j of any
other pixel (i, j) (a point in the grid) attempts to closely
estimate the dissimilarity measure—the similarity esti-
mate then being S0
x0,y0
[i, j] = 1 Euc(Tx0,y0 , Ti,j). The
Dec function then simply computes this estimate for
all possible points hi, ji in the grid. Computation of the
service-contour can also be parameterized by a threshold
such that points in the grid with a similarity estimate
higher or equal to are the only ones identified. To do so,
one can begin at point hx0, y0i and continue to explore
neighboring points as long as the similarity estimate
satisfies the threshold. We explore three fast heuristics in
order to avoid a point by point generation of the service-
contour. Fig. 4 illustrates the difference between them.
Box: Starting from the user location hx0, y0i, a box is
grown by pushing the four edges outward (in clockwise
order), one point-step at a time. Edge pushing along a
direction is stopped whenever doing so will result in the
8. MigrantSystems
7
inclusion of a point with similarity estimate less than .
Inscribed-circle: Box-expansion tends to cover inaccu-
rate points (those outside the threshold) in the corner ar-
eas, specially when similarity estimates are not exact. A
circular region inscribed in the box, centered at hx0, y0i,
eliminates such errors on the corners of the box.
Fill-out: While an inscribed-circle is good at reducing
the error in some cases, it cannot cover irregular shaped
regions within the threshold. The fill-out method
expands the circular region by including neighboring
points that has the same color vectors as points within
the inscribed-circle.
An interactive process of inference would involve
determining the service-contour for a given value of
(say 90%), and then progressively growing it depending
on the area of the region inferred at a certain threshold.
We refrain from using methods based on computational
geometry due to their higher processing requirements.
Note that we have excluded the possibility of a mali-
cious server model in this scheme. A malicious server
can manipulate the similarity data to create the im-
pression that no two neighboring cells have the same
result set. However, it would not be correct to state
that such manipulations will force the user to reveal
her precise location. The decision on whether a default
privacy region is sufficiently large enough is user-driven.
A distorted picture of the similarity profile may in fact
drive the user to believe that no reasonable privacy can
be achieved in the application, and thereby discontinue
using it. In another case, a privacy-aware user may still
pick a location from a larger area, i.e. trade accuracy
(although based on distorted information) for privacy.
Hence, even after a malicious server manipulates the
similarity matrix intelligently, it is not guaranteed that
the location communicated by the user is true, or a
consequence of the privacy/accuracy trade-off process.
In addition, the server must also keep the user motivated
to use the service. This in itself is much more difficult
once the user observes discrepancies in the final query
answers and the physical realities. A formal evaluation
substantiating these arguments would be useful; other-
wise distributed methods to share trust scores on service
providers can be sought to identify malicious servers.
4 EMPIRICAL EVALUATION
The empirical evaluation is performed using the Sim-
pleGeo Places dataset that contains information on
more that 20 million places around the world, and
distributed under the Creative Commons open license.
The US part of the dataset has 12,993,248 entries,
with data corresponding to multiple business categories
and sub-categories. Entries are maintained in the Geo-
JSON format, and includes attributes such as name,
latitude/longitude, address, phone numbers, classifiers
(category, type, subcategory) and tags. In our study, a
place is considered a match for the search keyword if
it includes the keyword in any of these attributes, and
the city matches the city attribute. The evaluation is per-
formed for the four largest cities in USA—Los Angeles,
Houston, Chicago and New York. One of the factors
influencing the top-k results is the number of objects
returned by a query, and their distribution around the
query point. The existence of a large number of objects
implies that the top-k results are likely to change for
small changes in location. For objects that are low in den-
sity, large variations in the location are possible without
changing the result set. This behavior can be reasonably
assumed irrespective of the density of users in the city.
Therefore, we choose large cities where we can obtain
different densities of objects, specially ones with high
densities. Objects that are high in density in large cities
may not be so in a smaller city. Hence, we believe
that a comprehensive evaluation can be performed by
considering these large cities.
For each city, a 1024km2
area is used as the high-
level generalization G to generate the similarity profile. A
320⇥320 cells grid is superimposed on this area. Each cell
then reflects a 100m⇥100m area. This approach implicitly
assumes that positioning a user in a cell is equivalent to
exactly locating her. For Los Angeles and Houston, the
city center is at the center of this grid (h160, 160i). For
Chicago and New York, the city centers are at h288, 160i
and h32, 160i respectively. The geographic co-ordinates
are provided in Appendix A. Euclidean distance based
nearest neighbor is used as the ranking function, with
k = 10. We employ the cover tree algorithm by Beygelz-
imer et al. [18] to determine the 10 nearest query matches
with respect to a point on the grid.
Instead of experimenting with a large corpus of search
keywords, we generalize the notion of query points into
low, medium and high density objects. Low density
objects result from targeted queries, with frequencies
ranging from 10 to 50 within the grid. Queries resulting
in 50 to 200 objects are considered medium density,
while frequencies higher than that are considered high
density. We were able to generate low density objects by
using search terms such as “bowling”, “electronics store”
and local grocery store names in the cities. Medium
density objects are generated from search terms such
as “starbucks coffee” and “police”. High density objects
are generated by heavily generic terms such as “atm”
and “gas station.” For the high density case, frequen-
cies were often observed to be in the range of 400
to 900. The search keyword itself does not hold much
importance for this study, but is used to retrieve query
point distributions that reflect the real world. The results
below combine performance measures irrespective of
what search term produced them, the only distinction
being made is with respect to the density.
4.1 Evaluation process
Performance of the Enc and Dec functions are measured
using precision and recall metrics. Given a threshold , we
arrive at a set of points Z on the grid that the user can
9. MigrantSystems
8
precision
0.60.9
recall
0.20.50.8
box
inscribed−circle
fill−out
distance fromcity center (km)
recall−area
(sq.km)
02550
2 6 10 14
0.7
0.8
0.9
1.0
Los Angeles
precision
0.60.9
recall
0.20.50.8
box
inscribed−circle
fill−out
distance fromcity center (km)
recall−area
(sq.km)
075150
2 6 10 14 18 22 26
0.7
0.8
0.9
1.0
Chicago
precision
0.60.9
recall
0.20.50.8
box
inscribed−circle
fill−out
distance fromcity center (km)
recall−area
(sq.km)
03060
2 6 10 14 18 22 26
0.7
0.8
0.9
1.0
New York
Figure 5. Precision and recall when searching for “starbucks coffee” in a given city. Each plot shows performance of
fill-out for = 1.0 (leftmost) and then three sets of rectangles, one each for = 0.9, 0.8 and 0.7 (from left to right).
Lower edge of a rectangle represents 10th
percentile, upper edge represents the median (50th
percentile), and the
dot represents 25th
percentile. Also shown is the area recalled (in km2
) by the fill-out heuristic as a user moves away
(distance in km) from the city center. Trend lines are marked with the corresponding value.
use to perturb her location. Depending on the accuracy
of maintaing similarities, and the subsequent estimation
by the three heuristics, this set of points may be over
or underestimated. If Ztrue is the true set of points
satisfying the threshold, then the precision is given as
the fraction of points in Z that are also in Ztrue. Recall
is the percentage of points in Ztrue that are also in Z.
Precision =
|Z Ztrue|
|Z|
; Recall =
|Z Ztrue|
|Ztrue|
Precision can be viewed as the probability that the
service similarity guarantee (within the threshold) is not
violated. Recall measures the ability to identify the areas
where a certain level of service similarity is guaranteed.
While precision can be viewed as a measure of the
quality of service, the absolute recalled area (|Z Ztrue|)
is the size of the geographic region where the user can
hide herself, and yet retrieve true query results (within
the threshold). In other words, the recall-area may be
viewed as a measure of the privacy level obtained by
the user.
Experiments are performed for four service similarity
thresholds: = 1.0, 0.9, 0.8 and 0.7. For each value,
precision and recall are calculated for the three heuristics
using a sample of points as the user location hx0, y0i on
the grid. The sample consists of 1521 points uniformly
distributed on the grid—a sample point every 800m
(0.5mi) along the horizontal and vertical directions. For
= 1.0, results are only reported for the fill-out heuristic.
4.2 The case of “starbucks coffee”
The case of locally searching a coffee shop—e.g. “star-
bucks coffee”—often comes up in location privacy dis-
cussions. We present the detailed comparative results
with respect to a privacy-aware user trying to find the
nearest Starbucks coffee shop location. Fig. 5 and Fig. 6
show the comparative efficiency of the three heuristics
in the four cities. For each city, the precision and recall
plots show the performance of fill-out for = 1.0
(leftmost) and then three sets of rectangles, one each
for = 0.9, 0.8 and 0.7 (from left to right). A precision
and recall of 1.0 for fill-out at = 1.0 implies that a
privacy-indifferent user does not lose any accuracy in
the result set as a result of the process. In addition, the
heuristic exactly reveals the default privacy region with
respect to the issued query. For the other values, each
rectangle shows the 10th
percentile (lower edge), 25th
percentile (center dot) and 50th
percentile (upper edge)
of the computed precision and recall values. Recall that
the pth
percentile is the value below which p percentage
of the observations lie. The inscribed-circle and fill-out
heuristics guarantee 90% or more precision for 75% (25th
percentile) of the points sampled on the grid (possible
user locations), across the four cities. This is observed ir-
respective of the service similarity requirement imposed
by a user. Precision for the box heuristic is compara-
tively worse because of its tendency towards erroneous
inclusion of points. As expected, inscribed-circle clearly
improves upon this, but results in an extensive pruning
of the identified regions (poor recall). It is not difficult
to create a heuristic with high precision; however, the
desirable one has high recall as well.
Fill-out improves upon the recall of inscribed-circle
without heavily degrading the precision. However, the
recall values themselves are all below 50%. The bottom
of each plot shows trend lines depicting how the area
recalled (|Z Ztrue| in km2
) by the fill-out heuristic
changes as a user moves away from the city center. The
10. MigrantSystems
9
precision
0.60.9
recall
0.20.50.8
box
inscribed−circle
fill−out
distance fromcity center (km)
recall−area
(sq.km)
03060
2 6 10 14
0.7
0.8
0.9
1.0
Houston
Figure 6. Precision and recall when searching for “star-
bucks coffee” in the city of Houston, Texas. See Fig. 5
caption for details.
query object (“starbucks coffee”) has a relatively higher
concentration near the city center areas. The trend line
for = 1.0 (for which fill-out has 100% recall) indicates
that the default privacy region may not be significantly
large when query objects are concentrated. However,
areas as large as 20-40 km2
become available within
8km (⇠ 5mi) of the city center, provided one or two
incorrect results are acceptable. This is despite the poor
recall of the heuristic. These areas will presumably be
large enough for a privacy-conscious user, given that
the observations hold more strongly for regions that see
lesser crowd. Note that changing the service accuracy
requirement further down can expand the determined
area. Object locations in this case, although not the
nearest ones, will not be unrealistically far away.
4.3 Precision/recall trends
The precision and recall trends we observe for the case
of “starbucks coffee” are repeated for the other medium
density experiment (derived using the keyword “po-
lice”). For the fill-out heuristic, Fig. 7 shows the mean
(across the search keywords) of the 25th
percentiles of
the precision scores for different object densities. Full
precision for low density objects is almost guaranteed,
irrespective of the service accuracy threshold. How-
ever, the approach has difficulty maintaining those same
values for high density objects. High density objects
are often located close to each other, thereby creating
a scenario where moving small distances significantly
changes the result set. It also means that finding such
objects is not difficult in the real world. Note that
the density designation is not based on what is being
0.00.50.9
1.0 0.9 0.8 0.7
δ
precision
low
medium
high Los Angeles
0.00.50.9
1.0 0.9 0.8 0.7
δ
precision
low
medium
high
Houston
0.00.50.9
1.0 0.9 0.8 0.7
δ
precision
low
medium
high Chicago
0.00.50.9
1.0 0.9 0.8 0.7
δ
precision
low
medium
high
New York
Figure 7. Precision of fill-out heuristic for different ser-
vice similarity thresholds ( = 0.7, 0.8, 0.9, 1.0) and ob-
ject densities (low,medium,high). Vertical bar shows one-
standard-deviation.
queried—a “gas station” could be a high density object
in parts of a city, and low/medium in others. In the
latter case, when finding one could become difficult
by simply looking around, local search is possible in a
privacy-supportive manner. The ranking function is also
a crucial component in deciding the density of objects.
For instance, a ranking function that accounts for local
reviews of restaurants while making suggestions, will
result in a low density categorization for the keyword
“restaurants”, meaning the top-k result set does not
change significantly even for a high concentration of
restaurants in the area.
The recalled area is also significantly large for low
density objects, occasionally dropping when clusters of
such objects are found. Fig. 8 depicts this drop for
the cities of Chicago and New York. The observation
reinstates the fact that object densities can be locally
high. The conclusions made in the “starbucks coffee”
case remains applicable in general to the recalled area
for medium density objects. Refer to Section 3 in the
supplementary file for results on the communication
overhead associated with the proposed methodology.
4.4 Conclusions
Based on the observations from the empirical study,
we make the following conclusions on the efficacy of
a privacy-supportive local search application.
Precise geo-locations are necessary for result set accu-
racy when the queried objects exist as a dense cluster
in the search area. It seems unlikely that both loca-
tion privacy and result exactness can be maintained in
this case. A privacy-supportive application would allow
the user to aggressively trade-off the service similarity
requirement to determine a sufficiently large area for
11. MigrantSystems
10
80250
2 6 10 14
distance from city center(km)
Los Angeles
060
recall−area(sq.km)
0.7
0.8
0.9
1
80150
2 6 10 14
distance from city center(km)
Houston
060
recall−area(sq.km)
0.7
0.8
0.9
1
050100
5 10 15 20 25
distance from city center(km)
Chicago
060120
recall−area(sq.km)
0.7
0.8
0.9
1
550100
5 10 15 20 25
distance from city center(km)
New York
04080
recall−area(sq.km)
0.7
0.8
0.9
1
Figure 8. Area (km2
) recalled by the fill-out heuristic for different service similarity thresholds ( = 0.7, 0.8, 0.9, 1.0), as
user moves away (distance in km) from city center. Top plots are for low density objects and bottom plots for medium
density objects.
location perturbation. Given the high density of objects,
resulting objects can still be expected to be in the near
vicinity.
When object density is not dense, location accuracy
has a minor role to play in retrieving relevant results. A
privacy-supportive application would help identify the
large default-privacy regions resulting in such situations.
Next generation telecommunication systems could
very well make it possible to quickly (and cost-
effectively) transfer all information required to infer the
service-contour exactly. Until then, approximate infer-
encing algorithms can be used to reduce the commu-
nication overhead.
5 SUMMARY
In this paper, we proposed a novel architecture to help
identify privacy and utility trade-offs in a location-based
service. The architecture has a user-centric design that
delays the sharing of a location coordinate until the user
has evaluated the impact of its accuracy on the service
quality. Using the prototypical example of a local search
application, we showed the form of information that
can be exchanged between the user and the provider
to enable a privacy-supportive LBS. Section 4 of the
supplementary file suggests some future directions of
research for this work.
REFERENCES
[1] J. Sythoff and J. Morrison, Location-Based Services: Market Forecast,
2011-2015. Pyramid Research, 2011.
[2] P. Golle and K. Partridge, “On the Anonymity of Home/Work
Location Pairs,” in Proceedings of the 7th International Conference on
Pervasive Computing, 2009, pp. 390–397.
[3] H. Zang and J. Bolot, “Anonymization of Location Data Does
Not Work: A Large-Scale Measurement Study,” in Proceedings of
the 17th Annual International Conference on Mobile Computing and
Networking, 2011, pp. 145–156.
[4] M. Duckham and L. Kulik, “A Formal Model of Obfuscation
and Negotiation for Location Privacy,” in Proceedings of the 3rd
International Conference on Pervasive Computing, 2005, pp. 152–170.
[5] H. Kido, Y. Yanagisawa, and T. Satoh, “An Anonymous Commu-
nication Technique Using Dummies for Location-Based Services,”
in Proceedings of the IEEE International Conference on Pervasive
Services, 2005, pp. 88–97.
[6] R. Cheng, Y. Zhang, E. Bertino, and S. Prabhakar, “Preserving
User Location Privacy in Mobile Data Management Infrastruc-
tures,” in Proceedings of the 6th Workshop on Privacy Enhancing
Technologies, 2006, pp. 393–412.
[7] M. L. Yiu, C. S. Jensen, X. Huang, and H. Lu, “SpaceTwist: Manag-
ing the Trade-Offs Among Location Privacy, Query Performance,
and Query Accuracy in Mobile Services,” in Proceedings of the 24th
International Conference on Data Engineering, 2008, pp. 366–375.
[8] M. Gruteser and D. Grunwald, “Anonymous Usage of Location-
Based Services Through Spatial and Temporal Cloaking,” in
Proceedings of the 1st International Conference on Mobile Systems,
Applications, and Services, 2003, pp. 31–42.
[9] B. Gedik and L. Liu, “Protecting Location Privacy with Personal-
ized k-Anonymity: Architecture and Algorithms,” IEEE Transac-
tions on Mobile Computing, vol. 7, no. 1, pp. 1–18, 2008.
[10] P. Samarati, “Protecting Respondents’ Identities in Microdata
Release,” IEEE Transactions on Knowledge and Data Engineering,
vol. 13, no. 6, pp. 1010–1027, 2001.
[11] G. Ghinita, P. Kalnis, and S. Skiadopoulos, “PRIVE: Anonymous
Location-Based Queries in Distributed Mobile Systems,” in Pro-
ceedings of the 16th International Conference on World Wide Web, 2007,
pp. 371–380.
[12] P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias, “Pre-
venting Location-Based Identity Inference in Anonymous Spatial
Queries,” IEEE Transactions on Knowledge and Data Engineering,
vol. 19, no. 12, pp. 1719–1733, 2007.
[13] G. Ghinita, K. Zhao, D. Papadias, and P. Kalnis, “A Reciprocal
Framework for Spatial k-Anonymity,” Journal of Information Sys-
tems, vol. 35, no. 3, pp. 299–314, 2010.
[14] P. K. Agarwal, M. de Berg, J. Matousek, and O. Schwarzkopf,
“Constructing Levels in Arrangements and Higher Order Voronoi
Diagrams,” in Proceedings of the 10th Annual Symposium on Com-
putational Geometry, 1994, pp. 67–75.
[15] F. Aurenhammer and O. Schwarzkopf, “A Simple On-line Ran-
domized Incremental Algorithm for Computing Higher Order
Voronoi Diagrams,” in Proceedings of the 7th Annual Symposium
on Computational Geometry, 1991, pp. 142–151.
[16] D.-T. Lee, “On k-Nearest Neighbor Voronoi Diagrams in the
Plane,” IEEE Transactions on Computers, vol. C-31, no. 6, pp. 478–
487, 1982.
[17] K. V. Mardia, “Some Properties of Classical Multidimensional
Scaling,” Communications on Statistics – Theory and Methods, vol. A,
no. 7, pp. 1233–1241, 1978.
[18] A. Beygelzimer, S. Kakade, and J. Langford, “Cover Trees for
Nearest Neighbor,” in Proceedings of the Proceedings of the 23rd
International Conference on Machine Learning, 2006, pp. 97–104.
12. MigrantSystems
1
Supplement: Exploiting Service Similarity for
Privacy in Location Based Search Queries
Rinku Dewri, Member, IEEE, and Ramakrisha Thurimella
F
1 ADDITIONAL RELATED WORK
Location privacy preservation has received significant
interests over the past decade, both across policy makers
and academic researchers. Legislative enforcements to
preserve location privacy dates back to the United State’s
Communication Act of 1934, wherein “Section 222 re-
quires telecommunications carriers to provide confiden-
tiality for customer information as proprietary informa-
tion of another common carrier.” Disclosure is only al-
lowed during emergency situations, or with permissions
of the customer. Efforts are ongoing to enforce more
specific laws related to geolocation information tracking
and sharing (e.g. Location Privacy Act of 2011, currently
in the first step of the legislative process). However, laws
are often regional—while policies in the European Union
may require every user to consent to location sharing, a
policy in the United States may require users to opt-out
of a default sharing. Nonetheless, the important question
that still remains open is whether a user can derive any
reasonable utility out of the location-based service and
still protect her location information?
Multiple suggestions are available on how a cloaking
region should be formed. Bamba et al. enforce a loca-
tion l-diversity requirement in addition to k-anonymity,
where the number of still-object counts must also be
above a user-specified threshold [1]. Liu et al. propose
that a minimum level of entropy should also be main-
tained in the queries originating from the cloaking region
[2]. Dewri et al. have extended these concepts to the
case of continuous services [3], [4]. Shin et al. introduce
profile anonymization in cloaking regions, wherein at
least k 1 other users with the same profile (denoted
by a vector) as the request issuer is present [5]. Riboni et
al. make a similar argument, but in the context of service
parameters. Inferences that can be drawn based on these
parameters are avoided by smoothing the differences
among the distribution of the parameters in requests
from different cloaking regions [6].
A mix zone model is presented for location privacy by
Beresford and Stajano [7]. The objective of mix zones is
to prevent tracking of long-term user movements, while
• R. Dewri and R. Thurimella are with the Department of Computer Science,
University of Denver, CO 80208, USA. Email:{rdewri,ramki}@cs.du.edu.
short-term revelation of location data is permissible.
A trusted middleware usually mixes the identities of
users in specific zones, thereby preventing continuous
tracking. Extensions of this technique are proposed for
the scenario where user movements are constrained to
road networks [8].
Mokbel et al. explore query processing of different
types on spatial regions – private queries over pub-
lic data, public queries over private data, and private
queries over private data [9]. Their effort is directed
towards facilitating different query formats using cloak-
ing regions. Lee et al. explore privacy concerns in path
queries where source and destination inputs may reveal
personal information about users [10]. They propose
the notion of obfuscated path queries where multiple
sources and destinations are specified to hide the true in-
puts. Although we do not focus on continuous location-
based services in this work, it is worth noting that
certain locations (home or work places) reveal more
information about a user. Hence, the privacy expecta-
tions are also bound to be different when users are at
such locations. Historical location data is used by Xu
and Cai in a variant of location k-anonymity, where the
cloaking region is required to have at least k different
footprints [11]. In a later work, the authors argue that
the impact of a privacy parameter, such as k, on the
level of privacy is often difficult to perceive. Hence, they
treat privacy as a feeling-based property and propose
using the popularity of a public region as the privacy
level [12]. Each user specifies a spatial region as her
privacy index, and the cloaking region for the user must
at least have the same popularity as that of the specified
region. An entropy based computation is used to define
the popularity of a spatial region. Soriano et al. show
that the privacy assurances of this model do not hold
when the adversary possesses footprint knowledge on
the spatial regions over time [13]. Shokri et al. propose
a framework to quantify location privacy based on the
expected estimation error of an adversary [14]. This
work provides a method to arrive at different types of
inferences regarding a user’s location based on a known
mobility profile of the user. Using methods of likelihood
estimations, the authors show that measures such as the
anonymity set size or entropy, do not correctly quantify
the privacy enforced by the method [15].
13. MigrantSystems
2
Table 1
Minimum area (km2
) in which local search results (10 nearest neighbors) are same for a given percentage of the
continental United States landmass. Value in parenthesis shows minimum area that shares 9 out of the 10 results.
keyword 90% 75% 50% 25% 10%
atm 1 (2.4) 1 (6.4) 2 (20.8) 6 (73) 21.4 (273.2)
bus station 1 (6) 1 (15.8) 4 (60.9) 16.4 (229.4) 61.4 (721.12)
cafe 1 (2) 1 (6) 2 (20.3) 6 (85.3) 24 (267.1)
car rental 1 (3) 1 (8) 2 (28.7) 8 (117.95) 34.88 (450.66)
gas station 1 (2) 1 (5) 2 (17) 5 (59.8) 18.3 (208.5)
hospital 1 (2) 1 (6) 2 (18.4) 5 (69.2) 20.4 (297.32)
library 1 (5.9) 1 (14) 3.9 (54.2) 11.9 (152.88) 38.5 (409.8)
lodging 1 (8) 1 (22.2) 4.6 (83.2) 18.6 (301.65) 74 (887)
night club 1 (4) 1 (12.5) 3.5 (62) 15 (257.25) 65.5 (891.4)
parking 1 (5) 1 (15.2) 3.6 (50.8) 13.15 (206.7) 60.2 (632.6)
pharmacy 1 (2) 1 (6) 2 (18.2) 6 (73.5) 23.1 (288)
police 1 (6.9) 1 (17) 3.9 (55) 12.8 (167.6) 44.3 (438.08)
Data transformation is another method to prevent
the inference of locations. Agrawal et al. propose an
encryption technique called OPES (Order Preserving
Encryption Scheme) that allows comparison operations
to be directly applied on encrypted data [16]. Operand
decryption is however required for computing SUM and
AVG. Wong et al. overcome this drawback by develop-
ing an asymmetric scalar-product preserving encryption
[17]. This allows the preservation of relative distances
between database points. Khoshgozaran et al. employ
Hilbert curves to transform the data points and then an-
swer queries in the transformed space [18]. The param-
eters of the transformation, called the Space Decryption
Key, is assumed to be not known to an adversary. A new
paradigm in location privacy is based on private infor-
mation retrieval (PIR) techniques. Khoshgozaran et al.
propose K nearest neighbor queries that can be reduced
to a set of PIR block retrievals [19]. These retrievals can
be performed using a tamper-resistant processor located
at the server so that the content provider is oblivious of
the retrieved blocks. Papadopoulos et al. further warrant
the need to retrieve the same number of blocks across
queries [20]. While the use of PIR techniques in pro-
viding location privacy is an interesting direction to ex-
plore, computational inefficiency or the dependence on
additional hardware makes these approaches currently
unsuitable for mainstream adoption.
2 A MOTIVATING STUDY
The literature reviewed in this work highlights the ef-
forts of the academic community to prevent the sharing
of “pure” location information. An universal assumption
in most of these methods is that the user, by default,
is unwilling to share her location, irrespective of the
service-level impacts. One can argue that a user willing
to do so will simply avoid using the privacy-preserving
transformation. It is our opinion that individuals do not
view privacy as an immutable property, but rather as
a personal yet adaptable element. For instance, while a
mobile user may keep her GPS device turned off most
of the time, she may occasionally turn it on to achieve
ShopkickTM
(www.shopkick.com) rewards when visiting
a departmental store. This user’s perspective on location
privacy is guided by prospective gains from revealing
her location. As another example, a user may precisely
reveal her location (irrespective of its sensitivity) while
looking for nearby emergency care centers; the same
user may not be willing to do so while getting a listing
of nearby local businesses. This user’s perspective on
location privacy is requirement driven, depending on the
assessed (personally) importance of location sensitivity
and service usefulness. We performed an empirical study
to determine if a location-based search application can
generate any utility to an extreme user (always paranoid
about revealing current location) in this latter category.
Consider a grid of cells, each 1000x1000m2
, across
the continental United States landmass. An individual
located at any of these cells issues a local search query
that retrieves the 10 nearest businesses matching the
search term. Table 1 lists, for a given percentage of cells
in the grid where the individual could be located, the
number of other cells that would receive the same query
answer as received by this individual. The values in
parenthesis indicate the number of other cells that would
retrieve at least 9 out of the 10 businesses retrieved by the
individual. In the context of the paranoid user, this data
highlights that, for most places that the user could be
located (say 75% of the landmass), she has the freedom
to use a location coordinate anywhere in an area of size
at least 6.4 km2
and still retrieve 9 out of the 10 nearest
ATMs. The statistics can be different depending on the
actual search term issued by the user. In addition, an
area of 6.4 km2
may still not be comforting enough for
the user. A possibility then is to consider an area that
guarantees a 8 out of 10 match. This process presents
an adaptive mechanism for the user who can choose
to trade-off location accuracy at the expense of service
accuracy, or vice versa. The challenge however lies in
the fact that the user does not necessarily have the
requisite resources (both in terms of computation and
data) to compute these areas. On the other hand, the
LBS provider that performs the local search has the
14. MigrantSystems
3
computational and data resources to compute the area
boundaries, provided it can accurately (and quickly)
convey the information without requiring the user to
reveal her location.
3 COMMUNICATION OVERHEAD
The communication overhead is measured by the
amount of information that is to be transferred to the
user to infer the service-contour. The baseline for our
comparison is the size of the sets I and V, after compres-
sion using the DEFLATE algorithm. The object identifiers
for elements in V are obtained from the unique identi-
fiers assigned by SimpleGeo in its database. The data
transferred when using the Enc function includes the
compressed version of the set T .
For low density objects, the transferred data has a
35% reduction in size from that of the baseline data.
Although the absolute size of the baseline data is in the
range of 5 to 10 KB, the impact of the improvement is
seen when aggregated over a number of queries. The
reduction factor (transferred data size over baseline data
size) is rather varying for medium density objects—
values ranging from 0.8 to 0.15 in some cases. Absolute
values for the baseline data are observed to be in the
range of 25 to 150 KB. The critical factor contributing to
the difference in size is the set V, which in turn depends
on the number of distinct result sets that can be obtained
within a geographic area.
4 FUTURE DIRECTIONS
One of the assumptions we made in the empirical
study is that the rank order of the top-k results is not
important. Without this assumption, the (dis)similarity
measurement will have to be redefined to include dis-
agreements in the result ordering. Higher utility will be
maintained if the result objects that are the closest to the
user are indeed retrieved by the mechanism.
For a continuous query LBS model, the policy that de-
termines the final choice of the location must also induce
realistic correlations between subsequent locations. This
would involve analyzing the current service-contour
from multiple reference points, in an effort to generate
a reasonable trajectory of future locations. The difficulty
appears because of the possibility of dynamic updates
to the objects data base. Additional directions include
reducing the communication overhead, efficiently solv-
ing the service-contour inferencing problem for a mov-
ing objects data base, augmenting the inference process
with clear privacy policy descriptions, and integrating
application sensitivity into the decision making process.
Dynamic updates in our application environment can
occur by addition/deletion of objects. These updates
can happen in the background, and the query processor
can have access to the updated database as soon as
the update operations are complete. We note that, as a
result of this process, the query performance will not
degrade, although stale results may be generated for
a brief period. If the update time is not significant, a
locking mechanism can be enforced to guarantee result
validity. It is also important to note that frequent updates
to POI databases are not likely. In this work, we did
not consider the possibility of mobile POI points (for
example, as in a friend finder service where the searched
objects are also mobile). We believe that the case of
mobile POIs needs an extensive and a formal study in
its own, since the locations of the moving objects may
be sensitive information. In such a case, obtaining the
service-contour is not as straightforward as in the case
of a local search.
APPENDIX A
Table 2
City center co-ordinates used in the empirical study.
City Latitude Longitude
Los Angeles 34.0536910N 118.2431260W
Houston 29.7601770N 95.36929100W
Chicago 41.870450N 87.6299050W
New York 40.7132560N 74.0059050W
Figure 1. Output T of Enc function based on multi-
dimensional scaling for a query involving “starbucks cof-
fee” as the search term in the city of Los Angeles, CA.
The ranking function is 10-nearest-neighbors. Note: color
variations are lost in greyscale viewing.
REFERENCES
[1] B. Bamba, L. Liu, P. Pesti, and T. Wang, “Supporting Anonymous
Location Queries in Mobile Environments with Privacy Grid,”
in Proceedings of the 17th International World Wide Web Conference,
2008, pp. 237–246.
[2] F. Liu, K. A. Hua, and Y. Cai, “Query l-Diversity in Location-
Based Services,” in Proceedings of the 10th International Conference
on Mobile Data Management: Systems, Services and Middleware, 2009,
pp. 436–442.
[3] R. Dewri, I. Ray, I. Ray, and D. Whitley, “On the Formation
of Historically k-Anonymous Anonymity Sets in a Continuous
LBS,” in 6th International ICST Conference on Security and Privacy
in Communication Networks, 2010, pp. 71–88.
15. MigrantSystems
4
[4] ——, “Query m-Invariance: Preventing Query Disclosures in
Continuous Location-Based Services,” in Proceedings of the 11th
International Conference on Mobile Data Management, 2010, pp. 95–
104.
[5] H. Shin, J. Vaidya, and V. Atluri, “A Profile Anonymization Model
for Location Based Services,” Journal of Computer Security, vol. 19,
no. 5, pp. 795–833, 2011.
[6] C. B. D. Riboni, L. Pareschi and S. Jajodia, “Preserving Anonymity
of Recurrent Location-Based Queries,” in Proceedings of the 16th
International Symposium on Temporal Representation and Reasoning,
2009.
[7] A. R. Beresford and F. Stajano, “Mix Zones: User Privacy in
Location-Aware Services,” in Proceedings of the Second IEEE Annual
Conference on Pervasive Computing and Communications Workshops,
2004, pp. 127–131.
[8] B. Palanisamy and L. Liu, “MobiMix: Protecting Location Privacy
with Mix-Zones Over Road Networks,” in Proceedings of the 27th
International Conference on Data Engineering, 2011, pp. 494–505.
[9] M. F. Mokbel, C. Chow, and W. G. Aref, “The New Casper: Query
Processing for Location Services Without Compromising Privacy,”
in Proceedings of the 32nd International Conference on Very Large Data
Bases, 2006, pp. 763–774.
[10] K. C. K. Lee, W.-C. Lee, H. V. Leong, and B. Zheng, “OPAQUE:
Protecting Path Privacy in Directions Search,” in Proceedings of the
25th International Conference on Data Engineering, 2009, pp. 1271–
1274.
[11] T. Xu and Y. Cai, “Exploring Historical Location Data for
Anonymity Preservation in Location-Based Services,” in IEEE
INFOCOM 2008, 2008, pp. 1220–1228.
[12] ——, “Feeling-Based Location Privacy Protection for Location-
Based Services,” in Proceedings of the 16th ACM Conference on
Computer and Communications Security, 2009, pp. 348–357.
[13] M. Soriano, S. Qing, and J. Lopez, “Time Warp: How Time Affects
Privacy in LBSs,” in Proceedings of the 12th International Conference
on Information and Communications Security, 2010, pp. 325–339.
[14] R. Shokri, G. Theodorakopoulos, J.-Y. L. Boudec, and J.-P. Hubaux,
“Quantifying Location Privacy,” in Proceedings of the 32nd IEEE
Symposium on Security and Privacy, 2011, pp. 247–262.
[15] R. Shokri, C. Troncoso, C. Diaz, J. Freudiger, and J.-P. Hubaux,
“Unraveling an Old Cloak: k-Anonymity for Location Privacy,”
in Proceedings of the 9th Annual ACM Workshop on Privacy in the
Electronic Society, 2010, pp. 115–118.
[16] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, “Order Preserving
Encryption for Numeric Data,” in Proceedings of the ACM SIGMOD
International Conference on Management of Data, 2004, pp. 563–574.
[17] W. K. Wong, D. W. Cheung, B. Kao, and N. Mamouslis, “Secure
kNN Computation on Encrypted Databases,” in Proceedings of the
35th SIGMOD International Conference on Management of Data, 2009,
pp. 139–152.
[18] A. Khoshgozaran and C. Shahabi, “Blind Evaluation of Nearest
Neighbor Queries Using Space Transformation to Preserve Loca-
tion Privacy,” in Proceedings of the 10th International Conference on
Advances in Spatial and Temporal Databases, 2007, pp. 239–257.
[19] A. Khoshgozaran, C. Shahabi, and H. Shirani-Mehr, “Location Pri-
vacy: Going beyond k-Anonymity, Cloaking and Anonymizers,”
Journal of Knowledge and Information Systems, vol. 26, no. 3, pp.
435–465, 2011.
[20] S. Papadopoulos, S. Bakiras, and D. Papadias, “Nearest Neighbor
Search with Strong Location Privacy,” VLDB Endowment, vol. 3,
no. 1-2, pp. 619–629, 2010.