Research On Information Privacy Protection In Location-based Service

As a brand new age of information technology, mobile Internet has great meanings for human development, which has affected our society in all aspects of our production and life such as health, entertainment, finance, politics, and education. One of the most important feature of mobile Internet is mobility. By introducing the location information, mobile Internet becomes more integrated with our daily lives. Location Based Service (LBS) is one of the hottest information services. Only in China, it has formed a huge marketing with tens of billions Yuan. LBS has been the most conspicuous service.However, the development of LBS is not always smooth. Privacy disclosure in the usage of LBS is one of the key factors that limits its development. Recently, there are plenty of researches for privacy protection in LBS. LBS applications can be divided into two categories:"user-ask and server-answer" model and "server-ask and user-answer" model. Most of the LBS privacy-preserving researches are based on the first model, while only a few researches pay attention to the second one. Therefore, in this dissertation, we focus on the privacy protection of the second model, especially the typical application, location-based information survey application (LB-ISA). In this application, the participants contribute their location information and individual data. The server calculates the geographic distribution of participants’information, while the location privacy and data privacy of the individual user should be protected.The main work and contributions are as follows:1. A privacy-preserving protocol for LS-ISA (PPPL) based on mobile cloud computing is proposed. PPPL is based on the "clone" technology in mobile cloud computing, and combines the P2P technology and homomorphic public key encryption algorithm. It protects the user’s location privacy and data privacy based on the "independent and semi-trusted" threat model. PPPL not only conquers the single point of failure in proxy-based methods, but also overcomes the disadvantages of the privacy-preserving methods without proxy such as consuming much local resources, providing unstable privacy-preserving strength. The evaluation verifies that in the large scale applications, the increase rate of the load on one clone is O(logn), which is far less than0(n) which is the increase rate of the load on the central proxy in proxy-based methods.2. Two multiple aggregation protocols SMAP and GMAP are proposed to defend the modification attack. Based on the threat model weakening the security assumption "semi-trusted", MAP guarantees that the LBS server can get the correct result with a larger probability when the attacker modifies parts of preprocessed results. Theoretical proof and evaluation verify that when the control factor y E (0,0.5), SMAP is safer than PPPL. Furthermore, GMAP strengthens the capability to defend the modification attack by enlarging the security factor h. Meanwhile, in order to balance the security and the performance, a method to choose the optimal parameters is proposed and proved, which minimizes the resource consumption of GMAP while guaranteeing the requested security protection strength.3. Two multi-path aggregation protocols MPAP and SMPAP are proposed to defend the collusion attack. Based on the threat model weakening the security assumption "independent", MPAP protects the user’s data privacy by dividing the user’s data into multiple parts, and transmitting them through multiple different paths. Theoretical proof verifies that under the same control factor y, MPAP provides better privacy protection than PPPL. However, by data segmentation, the server would not get the correct result when any part of the data is lost, which increases the threat to the correctness of results (e.g. blocking attack). Therefore, a Shamir threshold based multi-path aggregation protocol SMPAP is proposed. From the theoretical proof and evaluation, compared with MPAP, SMPAP can largely reduce the threat to the correctness of result under the blocking attack when providing the same privacy-preserving strength.4. An efficient noise addition protocol NAP for information privacy protection in LS-ISA is proposed. In this protocol, noise is the critical factor. Therefore, we quantify the accuracy of result and the privacy of individual data, and develop a mathematical framework to derive the optimal noise distribution, where the noise provides the best privacy protection while guaranteeing that the result has an acceptable deviation. Based on the framework, the relationship of the optimal noise distribution and the distribution of original individual data is investigated. Furthermore, in the situations that the original individual data satisfies Gaussian distribution, the truncated Gaussian distribution and arbitrary continuous distribution respectively, we deeply investigate the properties of the optimal noise distribution, and get the optimal noise distribution or asymptotically optimal one. Evaluation verifies that given the distribution of the original individual data, the performance of the noise distribution from NAP is much better than the performance of Homogeneous distribution and Laplace distribution, and achieves or is close to the performance of the theoretical optimal noise.