Our Contribution

The main goal of this work is to rank the Web services by predicting the missing QoS values for any particular user QU based on users’ locations and past experiences with other Web services in a privacy preserving manner. The QoS experiences and locations are encrypted before sending to the service providers for further processing. Specifically, we have considered the Round Trip Time (RTT)1 as QoS values in our proposed protocol. This work is also an extension of our previous work [107], which was published in ICDCS-17. In [107], we proposed a privacy preserving protocol for generating movie recommendations based on users’ ratings. In this work we extend the previous protocol by incorporating another sub-protocol where QU is able to calculate distances with other users and to filter a set of users who are located nearby or within a given region in a privacy preserving manner. All of the users locations and distances are kept private while performing this operation. The encrypted QoS values of nearby users are used to calculate similarity and QoS prediction for QU. Another extension is that the proposed protocol is investigated on a different scenario, which is the Web service recommendations based on QoS values and geographical locations of users. To the best of our knowledge, we are the first to use the geographical locations in creating Web service recommendations and preserving the privacy of users using cryptography-based techniques. Specifically, our contributions are as follows:

1

The RTT is defined as the time duration between a service user sending a request and receiving a response from Web service.

Privacy Preserving Location Aware Web Service Recommendation 124

1. For the first time we propose a location-aware Web service recommendations framework in a privacy preserving manner and users’ privacy are preserved using cryptography-based techniques.

2. We propose a new privacy preserving user filtering protocol based on the locations where the users, who are not within a given region can be eliminated, without actually disclosing their locations. The proposed distance computation and user filtering protocols are not only useful in providing Web service recommendations but also in other types of location- based services, where geographical locations are provided in latitude-longitude format. 3. We incorporate the proposed user filtering protocol in Web service recommendations,

so that the QoS prediction can be influenced by the QoS experiences of nearby located users.

4. Our protocol is able to predict missing QoS for QU without disclosing any private infor- mation to service providers. Moreover, all the computations are carried out in a privacy preserving manner.

5.1.2 System Model

In the protocol settings, as shown in Fig. 5.2, we incorporate two service providers: Rec- ommender Server (RS) and Privacy Server (PS), similar to previously established techniques [107,116], where RS is responsible for generating recommendations and PS is responsible for providing cryptographic primitives such as generating keys and decryption power for public key encryption. We assume that the participants in the system are honest but curious and that there is no collusion between them. It is feasible to choose such system with two servers not colluding with each other since a certification authority2 can certify the servers by providing a (1) Certification Letter outlining the details of the certification and describing the conditions of holding certification and (2) Certification Report which provides customers with an overview of

2

As an example, in Australia, the Australian Signals Directorate (ASD) certifies the cloud services based on relevant policies (e.g., Australian Government Information Security Manual and Australian Privacy Principles) and this certification motivates service providers to be honest. More related information can be found in

Privacy Preserving Location Aware Web Service Recommendation 125

Figure 5.2: System model.

the security aspects which should be considered prior to accreditation. Specifically, the system model consists of two servers and a total ofnusers who hold their geographical locations and QoS values. The protocol is divided into two sections. The first section is privacy preserving user filtering where the QU filters set of users who are located nearby or within a given region. The second section is privacy preserving Web service ranking in which the PS generates key pairs and all users use the public key to encrypt their QoS values which are stored by the RS. Upon receiving the query, the RS predicts the missing QoS for QU using homomorphic prop- erties of public key encryptions and sends the resultant ciphertexts to PS. Then PS uses its decryption power to decrypt the results and returns the ranking of Web services based on the predictions. At the end of the protocol, the RS and PS retain no private information relating to any users. According to our protocol, the RS and PS are loosely coupled where the PS can serve multiple users and RSs for recommendations in different areas.

5.1.3 Preliminaries

5.1.3.1 Notations and Definitions

The following described notations will be used for the rest of the section 5.1.

1. k= 1,2, ..., n is a set of users and j= 1,2, ..., mis a set of Web services, wherenand m

Privacy Preserving Location Aware Web Service Recommendation 126

who wants to get recommendations on unobserved Web services, also represented as u

(we will represent the query user asu or QU throughout the rest of the section 5.1). 2. rk,j represents a QoS value which has been generated by the invocation of userkon Web

service j. rk,j = 0 if the QoS is missing, which means the user k has not invoked the

Web service j.

3. ¯rk, ¯ru ands(u, k) represent the average QoS values of userk,uand the similarity between

usersu and k.

4. Pu,j represents the prediction of missing QoS values for user u on Web servicej.

5. A geographical location of a user k is presented aslk = (pk,1, pk,2), where pk,1 and pk,2 represents the latitude and longitude of the location.

6. trepresents the distance threshold. The n0 presents the set of users who are not located within tdistance from u.

7. P K and SK define the public and private keys of our cryptographic protocols. Epk(m)

andDsk(C) present the encryption of a plaintextmand decryption function of ciphertext

C using public and secret key respectively.