IJPRES
MAINTAIN CONTROL OVER LOCATION
SERVER DATA BASED ON OBLIVIOUS
TRANSFER AND PRIVATE INFORMATION
RETRIEVAL
1
P. RAGHAVENDRA REDDY
1
M.Tech Student, Department of CSE, Universal College Of Engineering and Technology , Dokiparru village, Medikondur Mandal, Guntur District, A.P, India.
ABSTRACT— In this manuscript we present a solution to
one of the location-predicated query quandaries. This quandary is defined as follows: (i) a utilizer wants to query a database of location data, kenned as Points Of Interest (POIs), and does not optate to reveal his/her location to the server due to privacy concerns; (ii) the owner of the location data, that is, the location server, does not optate to simply distribute its data to all users. The location server desires to have some control over its data, since the data is its asset. We recommend a major enhancement upon anterior solutions by introducing a two stage approach, where the first step is predicated on Oblivious Transfer and the second step is predicated on Private Information Retrieval, to achieve a secure solution for both parties. The solution we present is efficient and practical in many scenarios. We implement our solution on a desktop machine and a mobile contrivance to assess the efficiency of our protocol. We additionally introduce a security model and analyze the security in the context of our protocol. Finally, we highlight a security impotency of our antecedent work and present a solution to surmount it.
INDEX TERMS—Location based query, private query,
private information retrieval, oblivious transfer
INTRODUCTION
A Location based administration (LBS) is a data, excitement and utility administration by and large available by cell phones, for example, cellular telephones, GPS gadgets, pocket Pcs, and working through a portable system. A LBS can offer numerous administrations to the clients focused around the land position of their cell phone. The
clients issuing inquiries, additionally keep clients from
administrations gave by a LBS are commonly focused around a state of investment database. By recovering the Points Of Interest (Pois) from the database server, the client can get answers to different area based inquiries, which incorporate however are not constrained to - finding the closest ATM machine, corner store, doctor's facility, or police headquarters. As of late there has been an emotional increment in the quantity of cell phones questioning area servers for data about Pois. Among numerous testing hindrances to the wide sending of such application, security confirmation is a real issue. For example, clients may feel hesitant to uncover their areas to the LBS, in light of the fact that it might be feasible for an area server to realize who is making a certain question by interfacing these areas with a private telephone directory database, since clients are prone to perform numerous questions from home.
The Location Server (LS), which offers a few LBS, uses its assets to assemble data about different intriguing Pois. Subsequently, it is normal that the LS would not unveil any data without charges. In this way the LBS needs to guarantee that LS's information is not gotten to by any unapproved client. Amid the procedure of transmission the clients ought not be permitted to find any data for which they have not paid. It is subsequently essential that arrangements be concocted that address the security of the
[9], [10]. As opposed to determining a k, they suggest
IJPRES
getting to substance to which they don't have approval.
Related Work
The primary answer for the issue was proposed by Beresford [1], in which the protection of the client is kept up by always showing signs of change the client's name or nom de plume some mixzone. It can be demonstrated that, because of the way of the information being traded between the client and the server, the regular changing of the client's name gives little insurance to the client's protection. A later examination of the mixzone approach has been connected to street systems [2]. They explored the obliged number of clients to fulfill the unlinkability property when there are rehashed inquiries over an interim. This obliges watchful control of what number of clients are contained inside the mixzone, which is hard to attain in practice.
A correlative system to the mixzone methodology is focused around k-secrecy [3], [4], [5]. The idea of k-obscurity was presented as a technique for safeguarding protection when discharging touchy records [6]. This is attained by generalization and concealment calculations to guarantee that a record couldn't be recognized from (k−1) different records. The answers for LBS utilize a trusted anonymiser to give obscurity to the area information, such that the area information of a client can't be recognized from (k−1)other clients.
An improved trusted anonymiser approach has likewise been proposed, which permits the clients to set their level of protection focused around the worth ofk [7], [8]. This implies that, given the overhead of the anonymiser, a little estimation of k could be utilized to build the effectiveness. Then again, a vast estimation of k could be decided to enhance the protection, if the clients felt that their position information could be utilized malevolently. Picking a worth fork, be that as it may, appears unnatural.
There have been exertions to make the process less counterfeit by including the idea of feeling-based protection
and yields jumbled areas focused around amassing
that the client determines a shrouding area that they feel will secure their protection, and the framework sets the quantity of cells for the locale focused around the prevalence of the region. The notoriety is registered by utilizing authentic foot shaped impression database that the server gathered.
New security measurements have been recommended that catches the clients' protection as for Lbss [11]. The creators start by investigating the inadequacies of straightforward k-obscurity in the setting of area inquiries. Next, they propose protection measurements that empowers the clients to tag values that better match their inquiry security necessities. From these security measurements they likewise propose spatial generalization calculations that concur with the client's protection prerequisites.
Techniques have additionally been proposed to confound and bend the area information, which incorporate way and position disarray. Way perplexity was exhibited by Hoh and Gruteser [12]. The essential thought is to add vulnerability to the area information of the clients at the focuses the ways of the clients cross, making it hard to follow clients focused around crude area information that was k-anonymised. Position perplexity has likewise been proposed as a methodology to give protection [13], [14]. The thought is for the trusted anonymiser to gathering the clients as per a shrouding district (CR), therefore making it harder for the LS to distinguish a single person. A typical issue with general CR strategies is that there may exist some semantic data about the geology of an area that doles out the client's area. Case in point, it would not bode well for a client to be on the water without a pontoon. Additionally, distinctive individuals may discover certain spots delicate. Damianiet al. have introduced a skeleton that comprises of a jumbling motor that takes a clients profile, which contains puts that the client esteems touchy,
This thought was stretched out to give database
IJPRES
calculations [15].
As arrangements focused around the utilization of a focal anonymiser are not reasonable, Hashem and Kulik exhibited a plan whereby a gathering of trusted clients develop an impromptu system and the undertaking of questioning the LS is assigned to a solitary client [16]. This thought enhances the past work by the way that there is no single purpose of disappointment. In the event that a client that is questioning the LS all of a sudden goes disconnected from the net, then an alternate competitor can be effortlessly found. Then again, producing a trusted adhoc organize in a certifiable situation is not generally conceivable. An alternate system for maintaining a strategic distance from the utilization of a trusted anonymiser is to utilize "sham" areas [17], [18]. The essential thought is to confound the area of the client by sending numerous arbitrary different areas to the server, such that the server can't recognize the real area from the fake areas. This acquires both transforming and correspondence overhead for the client gadget. The client needs to haphazardly pick a set of fake areas and also transmitting them over a system, squandering data transmission. We allude the intrigued peruser to Krumm [19], for a more definite study around there. The greater part of the long ago talked about issues are settled with the presentation of a private data recovery (PIR) area plan [20]. The essential thought is to utilize PIR to empower the client to question the area database without trading off the protection of the inquiry. As a rule, PIR plans permit a client to recover information (bit or piece) from a database, without unveiling the file of the information to be recovered to the database server. Ghinita et al. utilized a variation of PIR which is focused around the quadratic residuosity issue. Essentially the quadratic residuosity issue expresses that is computationally tricky to figure out if a number is a quadratic buildup of some composite modulus n(x2=q(mod n)), where the factorization of n is obscure.
day, clients can't pick up any more information than what
insurance. This convention comprises of two stages. In the first stage, the client and server use homomorphic encryption to permit the client to secretly figure out if his/her area is contained inside a cell, without uncovering his/her organizes to the server. In the second stage, PIR is utilized to recover the information contained inside the fitting cell. The homomorphic encryption plan used to secretly look at two whole numbers is the Paillier encryption plan. The Paillier encryption plan is known to be additively homomorphic and multiplicatively by a steady homomorphic. This implies that we can include or scale numbers actually when all numbers are encoded. Both gimmicks are utilized to focus the sign (most noteworthy bit) of(a−b), and consequently the client has the capacity focus the cell in which he/she is placed, without revealing his/her location.
System Design
In this paper, we propose a novel convention for area based inquiries that has real execution upgrades regarding the methodology by Ghinita at el. Like such convention, our convention is composed as indicated by two stages. In the first stage, the client secretly decides his/her area inside an open lattice, utilizing neglectful exchange. This information contains both theidand related symmetric key for the square of information in the private matrix. In the second stage, the client executes a communicational proficient PIR, to recover the proper piece in the private network. This piece is decoded utilizing the symmetric key acquired within the past stage. Our convention consequently gives assurance to both the client and the server. The client is secured in light of the fact that the server is not able to focus his/her area. Thus, the server's information is secured since a noxious client can just decode the piece of information acquired by PIR with the encryption key procured in the past stage. At the end of the adversaries. One for each communication direction. We
IJPRES
they have paid for. We comment that this paper is an upgrade of a past work. Specifically, the accompanying commitments are made.
1) Redesigned the key structure 2) Added a formal security model
3) Implemented the solution on both a mobile device and desktop machine
As with our previous work, the implementation demonstrates the efficiency and practicality of our approach.
The system model consists of three types of entities (see Fig.1): the set of users who wish to access location data U, a mobile service provider SP, and a location server LS. From the point of view of a user, the SP and LS will compose a server, which will serve both functions. The user does not need to be concerned with the specifics of the communication.
The users in our model use some location-based service provided by the location server LS. For example, what is the nearest ATM or restaurant? The purpose of the mobile service provider SP is to establish and maintain the communication between the location server and the user. The location server LS owns a set of POI records ri for 1≤ri ≤ρ. Each record describes a POI, giving GPS coordinates to its location (xgps,ygps), and a description or name about what is at the
location.
We reasonably assume that the mobile service provider SP is a passive entity and is not allowed to collude with the LS. We make this assumption because the SP can determine the whereabouts of a mobile device, which, if allowed to collude with the LS, completely subverts any method for privacy. There is simply no technological method for preventing this attack. As a consequence of this assumption, the user is able to either use GPS (Global Positioning System) or the mobile service provider to acquire his/her coordinates. Since we are assuming that the mobile service provider SP is trusted to maintain the connection, we consider only two possible ResponseRetrieval2 (Client) (RR2):
consider the case in which the user is the adversary and tries to obtain more than he/she is allowed. Next we consider the case in which the location server LS is the adversary, and tries to uniquely associate a user with a grid coordinate
Oblivious Transfer Phase
1) QueryGeneration1 (Client) (QG1):
Takes as input indices i,j, and the dimensions of the key matrix m, n, and outputs a query Q1 and secret s1,
denoted as (Q1, s1) = QG1( i, j, m, n ).
2) ResponseGeneration1 (Server) (RG1):
Takes as input the key matrix Km×n , and the query
Q1,and outputs a response R1, denoted as (R1) =
RG1(Km×n,Q1).
3) ResponseRetrieval1 (Client) (RR1):
Takes as input indices i, j, the dimensions of the key matrix m, n, the query Q1 and the secret s1, and the response R1, and outputs a cellkey ki,j and cell-id IDi,j
,denoted as (ki,j ,ID i,j) = RR1(i, j, m, n,(Q1,s1),R1). Private Information Retrieval Phase :
4) QueryGeneration2 (Client)(QG2):
Takes as input the cell-id IDi,j, and the set of prime
powers S, and outputs a query Q2 and secret s2,
denoted as(Q2, s2) = QG2(IDi,j ,S).
5) ResponseGeneration2 (Server) (RG2):
Takes as input the database D, the query Q2, and the set of prime powers S, and outputs a response R2,
denoted as (R2) = RG2(D,Q2,S).
IJPRES
Takes as input the cell-key ki,j and cell-id IDi,j , the query Q2
and secret s2, the response R2, and outputs the data d, denoted
as (d) = R R2 (ki,j , IDi,j ,(Q2,s2),R2).
Our transfer phase can be repeatedly used to retrieve points of interest from the location database. With these functions described, we can build security definitions for both the client and server.
CONCLUSION
In this paper we have displayed an area based question arrangement that utilizes two conventions that empowers a client to secretly focus and gain area information.
The principal step is for a client to secretly focus his/her area utilizing unmindful exchange on an open network.
The second step includes a private data recovery collaboration that recovers the record with high correspondence effectiveness.
We dissected the execution of our convention and found it to be both computationally and communicationally more effective than the arrangement by Ghinitaet al., which is the latest arrangement. We actualized a product model utilizing a desktop machine and a cell phone. The product model shows that our convention is inside down to earth limits.
REFERENCES
[1] A. Beresford and F. Stajano, “Location privacy in pervasive computing,”IEEE Pervasive Comput., vol. 2, no. 1, pp. 46– 55, Jan.–Mar. 2003.
[2] B. Palanisamy and L. Liu, “MobiMix: Protecting location privacy with mix-zones over road networks,” inProc. ICDE, Hannover, Germany, 2011, pp. 494–505.
[3] C. Bettini, X. Wang, and S. Jajodia, “Protecting privacy against location-based personal identification,” in Proc. 2nd VDLB Int. Conf. SDM, W. Jonker and M. Petkovic, Eds., Trondheim, Norway, 2005, pp. 185–199, LNCS 3674. [4] B. Gedik and L. Liu, “Location privacy in mobile systems: A personalized anonymization model,” inProc. ICDCS,
Columbus, OH, USA, 2005, pp. 620–629.
[5] M. Gruteser and D. Grunwald, “Anonymous usage of locationbased services through spatial and temporal cloaking,” inProc. 1st Int. Conf. MobiSys, 2003, pp. 31–42.
[6] L. Sweeney, “k-Anonymity: A model for protecting privacy,” Int. J. Uncertain. Fuzziness Knowl. Based Syst., vol. 10, no. 5, pp. 557–570, Oct. 2002.
[7] S. Mascetti and C. Bettini, “A comparison of spatial generalization algorithms for lbs privacy preservation,” inProc. Int. Mobile Data Manage., Mannheim, Germany, 2007, pp. 258–262.
[8] M. F. Mokbel, C.-Y. Chow, and W. G. Aref, “The new casper: Query processing for location services without compromising privacy,” inProc. VLDB, Seoul, Korea, 2006, pp. 763–774.
IJPRES
[9] L. Marconi, R. Pietro, B. Crispo, and M. Conti, “Time warp: How time affects privacy in LBSs,” in Proc. ICICS, Barcelona, Spain, 2010, pp. 325–339.
[10]T. Xu and Y. Cai, “Feeling-based location privacy protection for location-based services,” in Proc. 16th ACM CCS, Chicago, IL, USA, 2009, pp. 348–357.
[11]X. Chen and J. Pang, “Measuring query privacy in location-based services,” inProc. 2nd ACM CODASPY, San Antonio, TX, USA, 2012, pp. 49–60.
[12]B. Hoh and M. Gruteser, “Protecting location privacy through path confusion,” in Proc. 1st Int. Conf. SecureComm, 2005, pp. 194–205.
[13]P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias, “Preventing location-based identity inference in anonymous spatial queries,” IEEE Trans. Knowl. Data Eng., vol. 19, no. 12, pp. 1719–1733, Dec. 2007.
[14]M. F. Mokbel, C.-Y. Chow, and W. G. Aref, “The new casper: Query processing for location services without compromising privacy,” inProc. VLDB, Seoul, Korea, 2006, pp. 763–774.
[15]M. Damiani, E. Bertino, and C. Silvestri, “The PROBE framework for the personalized cloaking of private locations,” Trans. Data Privacy, vol. 3, no. 2, pp. 123–148, 2010.
[16]T. Hashem and L. Kulik, “Safeguarding location privacy in wireless ad-hoc networks,” in Proc. 9th Int. Conf. UbiComp, Innsbruck, Austria, 2007, pp. 372–390.
[17]M. Duckham and L. Kulik, “A formal model of obfuscation and negotiation for location privacy,” inProc. 3rd Int. Conf. Pervasive Comput., H. Gellersen, R. Want, and A. Schmidt, Eds., 2005, pp. 243–251, LNCS 3468.
[18]H. Kido, Y. Yanagisawa, and T. Satoh, “An anonymous communication technique using dummies for location-based services,” in Proc. Int. Conf. ICPS, 2005, pp. 88–97.
[19]J. Krumm, “A survey of computational location privacy,” Pers. Ubiquitous Comput., vol. 13, no. 6, pp. 391–399, Aug. 2009.
[20]G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, “Private queries in location based services: Anonymizers are not necessary,” inProc. ACM SIGMOD, Vancouver, BC, Canada, 2008,pp. 121–132.