CN110611667A - Dynamic position privacy protection method and device in edge computing environment - Google Patents

Dynamic position privacy protection method and device in edge computing environment Download PDF

Info

Publication number
CN110611667A
CN110611667A CN201910830093.3A CN201910830093A CN110611667A CN 110611667 A CN110611667 A CN 110611667A CN 201910830093 A CN201910830093 A CN 201910830093A CN 110611667 A CN110611667 A CN 110611667A
Authority
CN
China
Prior art keywords
user
preset
location
point
edge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910830093.3A
Other languages
Chinese (zh)
Other versions
CN110611667B (en
Inventor
曾伟
蒋鑫龙
陈前
潘志文
张辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Semisky Technology Co Ltd
Original Assignee
Shenzhen Semisky Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Semisky Technology Co Ltd filed Critical Shenzhen Semisky Technology Co Ltd
Priority to CN201910830093.3A priority Critical patent/CN110611667B/en
Publication of CN110611667A publication Critical patent/CN110611667A/en
Application granted granted Critical
Publication of CN110611667B publication Critical patent/CN110611667B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Abstract

The invention discloses a dynamic position privacy protection method in a marginal computing environment, which comprises the following steps: confirming the position of a user, and acquiring a user interest point in a preset environment range according to the position of the user; counting the distribution density of the interest points in the preset environment range; determining a protection budget according to the counted distribution density of the interest points, and calculating a disturbance position point corresponding to the user position by a preset differential privacy protection algorithm based on the protection budget; and processing the generated disturbance position point by using a preset edge processing node and uploading the disturbance position point to a preset cloud server. The invention also discloses a dynamic position privacy protection device in the edge computing environment. The invention generates the disturbance position point from the user real position point in the environment range in a limited mode, and sends the retrieval range of the disturbance position point based on the disturbance position point when the user initiates a service request, so as to protect the position of the user by the application of the disturbance position point and realize the beneficial effect of protecting the user real position information.

Description

Dynamic position privacy protection method and device in edge computing environment
Technical Field
The invention relates to the technical field of position privacy protection, in particular to a dynamic position privacy protection method and device in an edge computing environment.
Background
With more and more terminal devices accessing the network, data generated by the terminal devices under the internet of everything background reaches a mass level, and according to the forecast of relevant statistical mechanisms in Cisco, the number of the terminal devices connected to the network reaches 500 hundred million, the total data flow of the global data center is expected to reach 10.4 bytes (ZettaBytes, ZB) by 2020, and 45% of the data generated by the internet of things is stored, processed and analyzed at the edge of the network. The explosive increase of the networking quantity of the terminal equipment causes the cloud computing capacity to be far from the speed of data scale increase, and edge computing aiming at transferring an application service program in the cloud computing center part from a cloud end to the network edge is carried out.
The organic combination of the edge calculation and the Location Based Service (LBS) can effectively improve the real-time performance, accuracy, robustness and safety of the Location Service, and greatly reduce the overhead of the Location data transmission and calculation. The interconnection and intercommunication capacity between the objects in the edge calculation mode is greatly improved, the interconnection of people and the objects at higher levels is increased, and a man-machine-object ternary calculation space with higher calculation capacity and perception capacity is formed. The distributed service mode has the characteristics of elastic management, cooperative execution, environment isomerism, real-time processing and the like, the service is more localized and personalized, and the privacy information is more independently controllable. These features naturally fit the LBS 'providing personalized and diversified information services to everyone (anybody) and things (anything)' at any time (anytime) and anywhere (anywhere). However, the LBS brings convenience and service to people and also raises a wide privacy concern, and the problem of location privacy protection under marginal computing needs to be researched and solved urgently. Location privacy under edge computation mainly contains two parts:
(1) location privacy for LBS users
The user needs to upload personal position information while enjoying LBS, and the position data not only directly contains the position privacy information of the user, but also implies other personal sensitive information which the user does not want to reveal, such as family addresses, health conditions, religious beliefs, social relations and the like. Directly divulging location information to an untrusted third party (e.g., LBS provider) or opening the door to the misuse of the user's personal privacy data, even results in loss of the user's lives and property.
(2) Location privacy for terminal devices
The terminal typically offloads its tasks or uploads data to nearby edge nodes, from which the edge nodes corresponding to the tasks can infer an approximate positional relationship between the terminal and other nodes. In addition, when a terminal uses services of a plurality of edge nodes at a plurality of positions, the path track of the terminal can be acquired on the assumption that the edge nodes are communicated with each other, and as long as the terminal is attached to a person or an important object, the position privacy of the person or the object is in danger. If a terminal strictly selects the closest edge node as a computing resource, an attacker can easily infer from the edge node that there is a user terminal in its vicinity.
Privacy protection techniques in traditional cloud-oriented computing location services are difficult to apply directly to edge computing environments because:
(1) the resource limitation of the terminal equipment can affect the effective implementation of the privacy protection strategy;
(2) the high heterogeneity of edge computing networks also causes some changes in the location representation and privacy concepts themselves;
(3) the calculation and transmission capability of the edge nodes are limited, the provided service is single, the comprehensive service is enjoyed and other edge nodes need to be accessed, and the edge nodes may have a collusion relationship or cause collusion attack on user privacy information;
(4) the light weight of the privacy protection strategy or the reduction of the privacy protection strength is caused, however, the edge node is close to the user terminal, and compared with cloud computing, the accurate position of the user is more easily acquired, so that great challenges are brought to the position privacy safety of the user, and more severe requirements are provided for the light weight design of the privacy protection strategy.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a dynamic position privacy protection method and device in an edge computing environment, and aims to solve the technical problem that in the prior art, the traditional privacy protection technology facing edge computing is difficult to apply to the edge computing environment, so that the position privacy based on edge computing has no privacy protection mechanism capable of realizing the position privacy protection effect, and the position privacy protection effect is not strong, and the privacy position is easy to leak, so that the safety is low.
In order to achieve the above object, the present invention provides a dynamic location privacy protection method in an edge computing environment, which includes the following steps:
confirming the position of a user, and acquiring a user interest point in a preset environment range according to the position of the user;
counting the distribution density of the interest points of the user in the preset environment range;
determining a protection budget according to the counted interest point distribution density, and calculating a disturbance position point corresponding to the user position by a preset differential privacy protection algorithm based on the protection budget;
and processing the generated disturbance position point by using a preset edge processing node and uploading the disturbance position point to a preset cloud server.
Preferably, the step of confirming the user position and obtaining the user interest point within the preset environment range according to the user position further includes:
receiving user access information, and determining the position of a user according to the user access information;
and generating user interest points according to the user positions in a preset format.
Preferably, the step of determining a protection budget according to the counted interest point distribution density, and calculating a disturbance location point corresponding to the user location by a preset differential privacy protection algorithm based on the protection budget further includes:
determining a density grade according to the density condition of the distribution density of the interest points;
and determining the corresponding protection budget according to the determined density level.
Preferably, the step of processing the generated disturbance location point with a preset edge processing node and uploading the disturbance location point to a preset cloud server further includes:
receiving a service request of a user based on location service, and judging a corresponding service request type of the service request of the location service, wherein the service request type comprises an independent request and an associated request;
and determining a corresponding preset edge processing node according to the service request type.
Preferably, the step of determining a corresponding preset edge processing node according to the service request type further includes:
and issuing a processing task to the determined preset edge processing node.
Preferably, the step of issuing a processing task to the determined preset edge processing node further includes:
and counting the processing tasks and issuing the processing tasks to preset edge processing nodes according to the processing tasks, wherein the preset edge processing nodes may comprise one or more than one according to the processing tasks and the processing capacity of the edge processing nodes.
Preferably, the step of processing the generated disturbance location point with a preset edge processing node and uploading the disturbance location point to a preset cloud server further includes:
when receiving a query service request, acquiring a query range based on the query service request;
and calculating a query area based on the disturbance position point through the preset edge processing node by taking the query range as a parameter, and returning the searched query area.
In addition, to achieve the above object, the present invention further provides a dynamic location privacy protecting apparatus in an edge computing environment, including: the system comprises a memory, a processor and a location privacy protecting program stored on the memory and capable of being operated on the processor, wherein the location privacy protecting program in the edge computing environment realizes the steps of the location privacy protecting method in the edge computing environment when being executed by the processor.
The invention provides a dynamic position privacy protection method in a marginal computing environment, which comprises the steps of confirming the position of a user, and acquiring a user interest point in a preset environment range according to the position of the user; counting the distribution density of the interest points of the user in the preset environment range; determining a protection budget according to the counted interest point distribution density, and calculating a disturbance position point corresponding to the user position by a preset differential privacy protection algorithm based on the protection budget; and processing the generated disturbance position point by using a preset edge processing node and uploading the disturbance position point to a preset cloud server. In addition, when a user initiates a service request based on the edge environment position, the environment range based on the disturbance position point is sent by the user based on the disturbance position point, and then the beneficial effect of the user based on position privacy protection is realized by the application of the disturbance position point.
Drawings
FIG. 1 is a schematic diagram of a terminal \ device structure of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a method for dynamic location privacy protection in a marginal computing environment according to the present invention;
FIG. 3 is a schematic diagram of a Laplace probability density function;
FIG. 4 is a schematic diagram of a two-dimensional Laplace probability density function variation;
FIG. 5 is a schematic effect diagram of the comparison of query ranges before and after disturbance.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: confirming the position of a user, and acquiring a user interest point in a preset environment range according to the position of the user; counting the distribution density of the interest points of the user in the preset environment range; determining a protection budget according to the counted interest point distribution density, and calculating a disturbance position point corresponding to the user position by a preset differential privacy protection algorithm based on the protection budget; and processing the generated disturbance position point by using a preset edge processing node and uploading the disturbance position point to a preset cloud server.
Because the traditional privacy protection technology facing edge computing in the prior art is difficult to be applied to an edge computing environment, the position privacy based on edge computing has no privacy protection mechanism capable of realizing the position privacy protection effect, and the technical problem of low safety caused by the fact that the position privacy protection effect is not strong and the privacy position is easy to leak is solved.
The invention provides a solution, which generates a disturbance position point by limiting a privacy processing flow from a user position in an environment range in a limited mode, so as to obtain environment data based on the disturbance position point by a user initiating a query service, and in addition, when the user initiates a service request based on an edge environment position, the user sends the environment range based on the disturbance position point in a disturbance position point mode, thereby realizing the beneficial effect of the user based on position privacy protection by the application of the disturbance position point.
As shown in fig. 1, fig. 1 is a schematic diagram of a terminal \ device structure of a hardware operating environment according to an embodiment of the present invention.
The terminal of the embodiment of the invention can be a PC, and can also be a mobile or non-mobile terminal device such as a smart phone, a tablet computer, an electronic book reader, a portable computer and the like.
As shown in fig. 1, the terminal may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a type of computer storage medium, may include an operating system, a network communication module, a user interface module, and a dynamic location privacy preserving application in a marginal computing environment.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to invoke the dynamic location privacy preserving application in the edge computing environment stored in the memory 1005 and perform the following operations:
confirming the position of a user, and acquiring a user interest point in a preset environment range according to the position of the user;
counting the distribution density of the interest points of the user in the preset environment range;
determining a protection budget according to the counted interest point distribution density, and calculating a disturbance position point corresponding to the user position by a preset differential privacy protection algorithm based on the protection budget;
and processing the generated disturbance position point by using a preset edge processing node and uploading the disturbance position point to a preset cloud server.
Further, the processor 1001 may invoke a dynamic location privacy preserving application in an edge computing environment stored in the memory 1005, and further perform the following operations:
receiving user access information, and determining the position of a user according to the user access information;
and generating user interest points according to the user positions in a preset format.
Further, the processor 1001 may invoke a dynamic location privacy preserving application in an edge computing environment stored in the memory 1005, and further perform the following operations:
determining a density grade according to the density condition of the distribution density of the interest points;
and determining the corresponding protection budget according to the determined density level.
Further, the processor 1001 may invoke a dynamic location privacy preserving application in an edge computing environment stored in the memory 1005, and further perform the following operations:
receiving a service request of a user based on location service, and judging a corresponding service request type of the service request of the location service, wherein the service request type comprises an independent request and an associated request;
and determining a corresponding preset edge processing node according to the service request type.
Further, the processor 1001 may invoke a dynamic location privacy preserving application in an edge computing environment stored in the memory 1005, and further perform the following operations:
and issuing a processing task to the determined preset edge processing node.
Further, the processor 1001 may invoke a dynamic location privacy preserving application in an edge computing environment stored in the memory 1005, and further perform the following operations:
and counting the processing tasks and issuing the processing tasks to preset edge processing nodes according to the processing tasks, wherein the preset edge processing nodes may comprise one or more than one according to the processing tasks and the processing capacity of the edge processing nodes.
Further, the processor 1001 may invoke a dynamic location privacy preserving application in an edge computing environment stored in the memory 1005, and further perform the following operations:
when receiving a query service request, acquiring a query range based on the query service request;
and calculating a query area based on the disturbance position point through the preset edge processing node by taking the query range as a parameter, and returning the searched query area.
Referring to fig. 2, fig. 2 is a schematic flowchart of a first embodiment of a dynamic location privacy protection method in an edge computing environment according to the present invention, where the dynamic location privacy protection method in the edge computing environment includes:
step S10, confirming the position of a user, and acquiring the interest point of the user in a preset environment range according to the position of the user;
and confirming the user position of the user through the terminal application of the current user based on the position. Because the user position is based on the terminal application with the positioning function, when confirming the user position, the user position can be determined based on the network access information of the current application terminal of the user, namely, the user position is confirmed, and the user interest point in the preset environment range is obtained according to the user position, the method also comprises the following steps:
receiving user access information, and determining the position of a user according to the user access information;
and generating user interest points according to the user positions in a preset format.
The method comprises the steps of receiving user access information based on network application in a current preset environment range, wherein the user access information is terminal information connected by a user based on the terminal application, and in practical application, when the terminal is accessed to a network, equipment parameters of the terminal are generally acquired according to a network access protocol of the current application network, wherein the equipment parameters may further include user information logged in by the current user application terminal. In addition, according to the currently received user access information, the user access information is analyzed to determine the position of the user based on the user access information.
As described above, according to the currently confirmed user position, the user interest point needs to be determined based on the user position. The user points of interest may be initiated based on user point of interest gathering requirements of the current edge environment. Therefore, when the user interest point is registered, the current user application terminal is accessed to the network in the preset environment range to realize network connection, so that the user application terminal realizes network application through network connection, and the network captures the user interest information through the accessed user application terminal and the user application terminal based on network connection, thereby realizing the capture and collection of the user interest point. Further, based on the currently determined user location and the operation of the user interest points generated by the user location, in practical applications, the manner of generating the user interest points based on the user location may be generated based on a currently set preset format, the preset format may be set according to a user privacy algorithm of the current edge environment, and based on the current big data era, the user interest points generated based on the user location may include, but are not limited to, user application information.
Step S20, counting the interest point distribution density of the user interest points in the preset environment range;
and determining the interest point distribution density of the user interest points in the preset environment range based on the user position according to the user interest points generated by the user position at present. Furthermore, compared with cloud computing, edge computing is generally located indoors and is a distributed computing structure, the edge computing structure is closer to the edge side of a network, the environment is more complex, more wireless technologies are used for transmission, and the number of interest points in a limited environment is represented to a great extentThe number of users in the current range. In the embodiment of the invention, a user uses terminal equipment to sense the current environment through wireless Wi-Fi, and uploads the position density distribution of the user and the type of the requested position service to an LBS cloud server. The invention adopts the distribution density of the interest points to determine the user distribution density under the current environment, the distribution density information of the interest points is generally determined by the number of Access Points (APs) in a specified range, and Wi-FiMac addresses are adopted as the unique identification of the user ID. For example, a mobile user in an indoor environment is defined to send a location distribution sensing request Q to an LBS cloud server through a secure connection channel by using an intelligent terminalL(u, r, task, t). Wherein u represents the user identification, a terminal Wi-FiMac address is used as a unique identification, r represents the radius of the query range expected by the user for submitting the LBS query request, task represents the query content of the user request, and t represents the request Q submitted by the userLTime of (d). The LBS cloud server takes delta r-r + rand (random number of 0-5) as the number N of APs in a radius range around the AP according to the current access of the user submitting the requestPOICalculating the distribution density rho of interest points around the userPOI
The LBS cloud server obtains (u, p) according to calculationpoiT) matching cloud preset experience "ppoiAnd extracting the corresponding value range belonging to the mapping table.
Step S30, determining a protection budget according to the counted interest point distribution density, and calculating a disturbance position point corresponding to the user position by a preset differential privacy protection algorithm based on the protection budget;
determining a protection budget according to the determined distribution density of the interest points, wherein when determining the protection budget based on the distribution density of the interest points, the protection budget needs to be determined based on a preset density level, that is, the protection budget is determined according to the counted distribution density of the interest points, and a disturbance position point corresponding to the user position is calculated by a preset differential privacy protection algorithm based on the protection budget, and the method further includes:
determining a density grade according to the density condition of the distribution density of the interest points;
and determining the corresponding protection budget according to the determined density level.
The method comprises the steps of determining the density grade of the interest point distribution density based on the interest point distribution density in the current preset environment range, wherein the density grade can be determined based on a preset density determination step, the preset density determination step can be set based on a privacy protection mechanism of a current edge environment algorithm, and thus, according to the density grade determined according to the density condition of the determined interest point distribution density, a corresponding protection budget is determined according to the density grade, and the protection budget is the calculation grade of the privacy protection algorithm for calculating the interest points of a user at present. In practical application, the LBS cloud server is generally used for data determination, the LBS cloud server unloads tasks to relevant edge processing nodes according to the interest point distribution density (POI) determined in step S10 and the requested location service type information, and issues different DP protection budgets to the side according to the distribution status of the interest points in the environment where the user is located, and dynamic lightweight location privacy protection is provided by using the end cloud in cooperation with the overall architecture. In general, the greater the distribution density of the interest points in the region, the greater the privacy protection strength required to be met, and the smaller the value of the DP protection budget e.
As described above, according to the determined distribution density of the interest points and the protection budget determined based on the distribution density of the interest points, the disturbance location point corresponding to the user location is calculated based on the protection budget by using a preset differential privacy protection algorithm, in practical application, the user terminal device processes location data by using a lightweight privacy processing technology, namely a differential privacy protection technology, and allocates the DP protection budget e fed back by the LBS cloud server to the privacy protection with the maximum intensity of the current location of the user, so that the privacy disclosure risk is effectively reduced, and the acquired service quality is ensured. When a plurality of users request services, different users allocate different DP protection budgets, and collusion attack initiated by edge processing node collusion can be effectively prevented. The processing of location data for its differential privacy protection technique may be as follows:
the LBS cloud server unloads the response task to the relevant edge processing node according to the type (independent/associated) of the task judgment request service, and a single edge processing node is responsible for one type of service processing. Meanwhile, the LBS cloud server transmits the value range belonging to the element extracted by the S1 to the user mobile terminal, the Laplace mechanism adds random noise obeying Laplace distribution to the exact query result to realize protection belonging to the element-DP, and the probability density function of the Laplace distribution is as follows:
the distribution of the protection budget can be seen in fig. 3, and fig. 3 is a schematic diagram of a Laplace probability density function. From Laplace distributions (as shown in fig. 3) with different protection budgets, it can be seen that the smaller the value of e is, the more effective the disturbance position is, and the greater the privacy protection strength is.
Aiming at the response task of the associated service, the combined property of a differential privacy protection algorithm is adopted, a combined DP mechanism is executed, and an algorithm M is arranged1,M2,...MnAssigning users different privacy preserving budgets e within a given e range1,∈2,....∈nProviding the userAnd (4) protecting.
And the user terminal performs privacy protection processing on the real position data of the user by adopting a DP protection technology according to the value range belonging to the feedback of the distribution density of the interest points of the user at the current position of the user through the cloud. DP protection technology is a privacy definition that c.dwork in 2006 addresses the issue of privacy disclosure of statistical databases, with the advantage that it can fully prove security in theory, without considering any possible background knowledge that an attacker possesses. The differential privacy is continuously developed and perfected in theory, and is widely applied to the fields of statistics, data mining, social networks, machine learning, internet of things and the like. Geo-indestructibility, proposed by ME andres et al, in 2013, will differentiate privacyThe application of protection technology in the field of location privacy protection has pushed a new height. The invention adopts a Laplace mechanism to provide the user with the real position Lu=(xu,yu) Adding random noise generation satisfying DP idea obeying Laplace distributionPAnd (x ', y') to implement e-DP protection of the position data, and the establishment of the indoor position coordinate system and the position mapping process involved in the process are not discussed.
Suppose an attacker has some prior distribution knowledge about the user's true location distribution, denoted as pi (L)u) The probability distribution of the position disturbance can also be knownIf the attacker observes the disturbance location L at this timepThen, the posterior distribution knowledge of the real position of the user can be predicted by using the Bayesian rule (formula (3)), and the difference sigma (L) of the two can be comparedu)/π(Lu) To determine the true position for the user.
Defined according to DP, the location of the generated disturbance LpThe requirements are satisfied:
if two different user positions L are in the same spaceuAnd Lu'Mapping the disturbance positions to the same disturbance position L with extremely similar probabilities after disturbancepThen the attacker cannot follow the observed perturbation position LpTo accurately map LuWith other Lu'To distinguish them. The principle of epsilon-DP can be proved to limit the effect of attacker background knowledge to a controllable range, no matter whether the attacker possesses any prior distribution knowledge pi (L)u) The posterior distribution knowledge obtained by the user always meets the following requirements:
ideally e is 0,a ratio sigma (L) of a priori distribution knowledge to a posteriori distribution knowledge mastered by an attackeru)/π(Lu) 1, cannot be distinguished by differentiation, and the true location information for use is fully protected.
The invention refers to the real position L of the useru=(xu,yu) Converting the signal into a polar coordinate form and then adding noise to generate a disturbance position LP=(x',y'):
X'=Xu+Lap_noise*cosθ;
Y’=Yu+Lap_noise*sinθ
Wherein theta is any random number between [0,2 pi ], Lap _ noise is two-dimensional Laplace noise, and the probability density function is as follows:
wherein X0,X∈R2Representing two different position points in the same two-dimensional space, with the probability density function being represented by X0As a center, the specific variation thereof can be shown in fig. 4, and fig. 4 is a schematic diagram of the variation of the two-dimensional Laplace probability density function.
The projection of the two-dimensional Laplace distribution on any vertical plane passing through the center is linear Laplace distribution, the concept of belonging to the E-DP is completely met, the privacy processing method realized by the method also meets the constraint of belonging to the E-DP and is protected by the principle of belonging to the DP. And finally, sending the position data of the disturbed user after the DP protection processing at the stage to a relevant edge computing processing node of the service response, and waiting for the disturbed user to feed back a service inquiry result.
And step S40, processing the generated disturbance location point with a preset edge processing node and uploading the processed disturbance location point to a preset cloud server.
And transmitting the disturbance position point to a preset edge processing node based on the disturbance position point obtained by calculating the user interest point by the current preset differential privacy protection algorithm, so that the preset edge processing node processes the disturbance position point to improve the privacy protection mechanism of the user position based on the disturbance position point. As described above, in practical applications, based on the processing capability of the edge processing node, when the perturbation position point is processed by a preset edge processing node, the step of determining the corresponding edge processing node of the currently processed perturbation position point based on the location service type information of the privacy protection mechanism initiated based on the user location in the current preset environment range, that is, processing the generated perturbation position point by the preset edge processing node and uploading the perturbation position point to a preset cloud server, further includes:
receiving a service request of a user based on location service, and judging a corresponding service request type of the service request of the location service, wherein the service request type comprises an independent request and an associated request;
and determining a corresponding preset edge processing node according to the service request type.
In practical application, considering the privacy processing task amount of a disturbed location point, a general edge processing node is divided into an independent edge processing node and a related edge processing node according to the current processable task type, namely a service request based on the current user location service, the independent computing request of the edge processing node needs to be processed by a preset independent edge processing node, the related computing request needs to be processed by a preset related edge processing node to realize the processing request of user interest points with different request types, the user interest privacy processing request is initiated when the user interest points in a preset environment range are obtained to realize the grabbing of the user interest points in the preset environment range, and further a user location privacy protection mechanism is realized, thus, the user location service request based on the location service is initiated when the current user interest points are obtained, after the user location is calculated as a disturbance location point, the step of issuing the disturbance location point to a preset edge processing node according to the request type of the service request of the location service, that is, determining a corresponding preset edge processing node according to the service request type, further includes:
and issuing a processing task to the determined preset edge processing node.
Determining a preset edge processing node corresponding to a target according to a received service request of a user based on location service, and issuing a calculated disturbance location point to the preset edge processing node for processing, wherein when issuing the disturbance location point, a processing task based on calculation of the disturbance location point is involved, that is, the processing task based on calculation of the disturbance location point is issued to the corresponding preset edge processing node, and further, considering the situation that the processing task amount is taken into consideration to improve the calculation efficiency, the step of receiving the issued processing task based on the processing capability of the preset edge processing node, that is, issuing the processing task to the determined preset edge processing node, further comprises:
and counting the processing tasks and issuing the processing tasks to preset edge processing nodes according to the processing tasks, wherein the preset edge processing nodes may comprise one or more than one according to the processing tasks and the processing capacity of the edge processing nodes.
When a preset edge processing node is used for processing a disturbance position point, processing tasks need to be issued based on the processing capacity of the current edge processing node, and the issuing application needs to be issued based on the maximum processing efficiency, so that the processing capacity of the target preset edge processing node is determined, and the tasks of the edge processing node are issued according to the processing capacity and the amount of the processing tasks, and thus, when the processing task of the disturbance position point is large, the corresponding preset edge processing node may include one or more processing tasks.
As described above, the step of processing the calculated disturbance location point based on the edge processing node, where the edge processing node performs the environment range calculation for the user query service based on the disturbance location point when processing the disturbance location point, that is, the step of processing the generated disturbance location point by the preset edge processing node and uploading the generated disturbance location point to the preset cloud server only based on the disturbance location point when the edge processing node processes the disturbance location point and is based on the query request initiated by the current user when processing the disturbance location point, further includes:
when receiving a query service request, acquiring a query range based on the query service request;
and calculating a query area based on the disturbance position point through the preset edge processing node by taking the query range as a parameter, and returning the searched query area.
Based on the edge node processing operation, the cloud server receives an inquiry service request initiated by a user, determines an inquiry range according to the inquiry service request, wherein the inquiry range is based on the inquiry condition initiated by the current inquiry address and the inquiry requirement content, therefore, when the inquiry service request is received, the inquiry range of the inquiry service request needs to be determined, determines a disturbance position point of a target according to the inquiry range, and further processes the inquiry result of the point based on the disturbance position by using a preset edge processing node, namely, the disturbance position point is used as the inquiry range to enable the preset edge processing node to process the disturbance position point, the processing result comprises an inquiry area based on the disturbance position point and area information based on the inquiry area, the area information content of the area information is generated based on the inquiry service request, and in the practical application, the relevant edge processing receives the user location information uploaded in the step S3 and performs service feedback in cooperation with the cloud, and meanwhile stores the query service in a cache region for quick response of similar service requests. In order to ensure the integrity of the service, the Lap _ noise described in S3 is added on the basis of the radius r of the query range expected by the user submitting the LBS query request at this stage of the present invention, the query range is expanded to ensure the integrity of the result, the schematic effect of the comparison of the query range before and after disturbance is as shown in fig. 5, and fig. 5 is a schematic effect diagram of the comparison of the query range before and after disturbance.
Wherein L isrQuery range, L, with r as radius, initiated for user's true location pointpInitiating with R (R + Lap) for DP perturbation position pointnoise) The query range of the radius is the query range of the radius, so that the query range fed back by the disturbance position always completely contains the real position point of the user no matter where the disturbance position is locatedAnd in the query range, the integrity of the query result is ensured, and the user filters and selects after obtaining the feedback of the query result, deletes the wrong query result and obtains the required service.
In the embodiment, the privacy processing flow is limited, the disturbance position point is generated in a limited mode according to the user position in the environment range, so that the environment data based on the disturbance position point is obtained by initiating the query service through the user, in addition, when the user initiates the service request based on the edge environment position, the environment range based on the disturbance position point is also sent through the user based on the disturbance position point, and further, the beneficial effect of the user based on the position privacy protection is realized through the application of the disturbance position point.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (8)

1. A dynamic location privacy protection method in an edge computing environment is characterized by comprising the following steps:
confirming the position of a user, and acquiring a user interest point in a preset environment range according to the position of the user;
counting the distribution density of the interest points of the user in the preset environment range;
determining a protection budget according to the counted interest point distribution density, and calculating a disturbance position point corresponding to the user position by a preset differential privacy protection algorithm based on the protection budget;
and processing the generated disturbance position point by using a preset edge processing node and uploading the disturbance position point to a preset cloud server.
2. The method for dynamic location privacy protection in a border computing environment as claimed in claim 1, wherein the step of confirming the location of the user and obtaining the interest points of the user within a preset environment range according to the location of the user further comprises:
receiving user access information, and determining the position of a user according to the user access information;
and generating user interest points according to the user positions in a preset format.
3. The dynamic location privacy protection method in edge computing environment according to claim 1, wherein the step of determining a protection budget according to the statistical interest point distribution density, and calculating a perturbation location point corresponding to the user location by a preset differential privacy protection algorithm based on the protection budget further includes:
determining a density grade according to the density condition of the distribution density of the interest points;
and determining the corresponding protection budget according to the determined density level.
4. The dynamic location privacy protection method in an edge computing environment according to claim 1, wherein the step of processing the generated perturbation location point with a preset edge processing node and uploading the perturbation location point to a preset cloud server further comprises:
receiving a service request of a user based on location service, and judging a corresponding service request type of the service request of the location service, wherein the service request type comprises an independent request and an associated request;
and determining a corresponding preset edge processing node according to the service request type.
5. The dynamic location privacy protection method in an edge computing environment according to claim 4, wherein the step of determining the corresponding preset edge processing node according to the service request type further comprises:
and issuing a processing task to the determined preset edge processing node.
6. The dynamic location privacy protection method in an edge computing environment as claimed in claim 5, wherein the step of issuing processing tasks to the determined edge processing nodes further comprises:
and counting the processing tasks and issuing the processing tasks to preset edge processing nodes according to the processing tasks, wherein the preset edge processing nodes may comprise one or more than one according to the processing tasks and the processing capacity of the edge processing nodes.
7. The dynamic location privacy protection method in an edge computing environment according to claim 1, wherein the step of processing the generated perturbation location point with a preset edge processing node and uploading the perturbation location point to a preset cloud server further comprises:
when receiving a query service request, acquiring a query range based on the query service request;
and calculating a query area based on the disturbance position point through the preset edge processing node by taking the query range as a parameter, and returning the searched query area.
8. A dynamic location privacy protection device in an edge computing environment, the dynamic location privacy protection device in the edge computing environment comprising: a memory, a processor, and a location privacy preserving program stored on the memory and executable on the processor in an edge computing environment, the location privacy preserving program being executed by the processor to implement the steps of the method for dynamic location privacy preserving in an edge computing environment according to any one of claims 1 to 7.
CN201910830093.3A 2019-09-02 2019-09-02 Dynamic position privacy protection method and device in edge computing environment Active CN110611667B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910830093.3A CN110611667B (en) 2019-09-02 2019-09-02 Dynamic position privacy protection method and device in edge computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910830093.3A CN110611667B (en) 2019-09-02 2019-09-02 Dynamic position privacy protection method and device in edge computing environment

Publications (2)

Publication Number Publication Date
CN110611667A true CN110611667A (en) 2019-12-24
CN110611667B CN110611667B (en) 2022-04-12

Family

ID=68892135

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910830093.3A Active CN110611667B (en) 2019-09-02 2019-09-02 Dynamic position privacy protection method and device in edge computing environment

Country Status (1)

Country Link
CN (1) CN110611667B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111241561A (en) * 2020-01-10 2020-06-05 福州大学 User authenticable outsourcing image denoising method based on privacy protection
CN111988845A (en) * 2020-09-03 2020-11-24 兰州交通大学 Indoor positioning method for fingerprint fusion of differential private multi-source wireless signals under edge computing architecture
CN112423027A (en) * 2020-10-22 2021-02-26 武汉理工大学 Mobile streaming media edge collaboration distribution device and method based on differential privacy
CN113407249A (en) * 2020-12-29 2021-09-17 重庆邮电大学 Task unloading method facing to position privacy protection
CN114025310A (en) * 2021-11-01 2022-02-08 湖南大学 Location service privacy protection method, device and medium based on edge computing environment
CN114065287A (en) * 2021-11-18 2022-02-18 南京航空航天大学 Track difference privacy protection method and system for resisting prediction attack

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050055430A1 (en) * 2000-12-22 2005-03-10 Microsoft Corporation Context-aware systems and methods, location-aware systems and methods, context-aware vehicles and methods of operating the same, and location-aware vehicles and methods of operating the same
CN102316412A (en) * 2011-09-28 2012-01-11 中兴通讯股份有限公司 Position information platform and service information obtaining method
CN105307111A (en) * 2014-07-07 2016-02-03 南京理工大学常熟研究院有限公司 Position privacy protection method based on incremental neighbour inquiry
US20160189251A1 (en) * 2011-12-08 2016-06-30 Technocom Corporation System and method for determining and acting upon a user's association to a zone of relevance
CN107172095A (en) * 2017-07-05 2017-09-15 重庆邮电大学 Customer location method for secret protection under a kind of road network environment based on longitude and latitude grid
CN108595976A (en) * 2018-03-27 2018-09-28 西安电子科技大学 Android terminal sensor information guard method based on difference privacy
CN109284449A (en) * 2018-10-23 2019-01-29 厦门大学 The recommended method and device of point of interest
CN110134879A (en) * 2019-03-06 2019-08-16 辽宁工业大学 A kind of point of interest proposed algorithm based on difference secret protection

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050055430A1 (en) * 2000-12-22 2005-03-10 Microsoft Corporation Context-aware systems and methods, location-aware systems and methods, context-aware vehicles and methods of operating the same, and location-aware vehicles and methods of operating the same
CN102316412A (en) * 2011-09-28 2012-01-11 中兴通讯股份有限公司 Position information platform and service information obtaining method
US20160189251A1 (en) * 2011-12-08 2016-06-30 Technocom Corporation System and method for determining and acting upon a user's association to a zone of relevance
CN105307111A (en) * 2014-07-07 2016-02-03 南京理工大学常熟研究院有限公司 Position privacy protection method based on incremental neighbour inquiry
CN107172095A (en) * 2017-07-05 2017-09-15 重庆邮电大学 Customer location method for secret protection under a kind of road network environment based on longitude and latitude grid
CN108595976A (en) * 2018-03-27 2018-09-28 西安电子科技大学 Android terminal sensor information guard method based on difference privacy
CN109284449A (en) * 2018-10-23 2019-01-29 厦门大学 The recommended method and device of point of interest
CN110134879A (en) * 2019-03-06 2019-08-16 辽宁工业大学 A kind of point of interest proposed algorithm based on difference secret protection

Non-Patent Citations (8)

* Cited by examiner, † Cited by third party
Title
D. KIM, B. JANG AND J. W. KIM: ""Privacy-Preserving Top-k Route Computation in Indoor Environments"", 《IEEE 》 *
M. YANG, T. ZHU, B. LIU, Y. XIANG AND W. ZHOU: ""Differential Private POI Queries via Johnson-Lindenstrauss "", 《IEEE ACCESS》 *
刘振鹏等: "结合锚点优选算法改进的SpaceTwist隐私保护方法", 《通信学报》 *
康海燕等: "位置服务隐私保护", 《山东大学学报(理学版)》 *
张学军等: "位置服务隐私保护研究综述", 《软件学报》 *
张辉等: "一种基于部分ID的新型RFID安全隐私相互认证协议", 《电子与信息学报》 *
胡德敏等: "差分扰动的均衡增量近邻查询位置隐私保护方法", 《小型微型计算机系统》 *
高喜龙等: "基于噪声匿名组的LBS位置隐私保护算法", 《软件导刊》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111241561A (en) * 2020-01-10 2020-06-05 福州大学 User authenticable outsourcing image denoising method based on privacy protection
CN111241561B (en) * 2020-01-10 2022-05-03 福州大学 User certifiable outsourcing image denoising method based on privacy protection
CN111988845A (en) * 2020-09-03 2020-11-24 兰州交通大学 Indoor positioning method for fingerprint fusion of differential private multi-source wireless signals under edge computing architecture
CN111988845B (en) * 2020-09-03 2022-02-22 兰州交通大学 Indoor positioning method for fingerprint fusion of differential private multi-source wireless signals under edge computing architecture
CN112423027A (en) * 2020-10-22 2021-02-26 武汉理工大学 Mobile streaming media edge collaboration distribution device and method based on differential privacy
CN112423027B (en) * 2020-10-22 2021-10-22 武汉理工大学 Mobile streaming media edge collaboration distribution device and method based on differential privacy
CN113407249A (en) * 2020-12-29 2021-09-17 重庆邮电大学 Task unloading method facing to position privacy protection
CN113407249B (en) * 2020-12-29 2022-03-22 重庆邮电大学 Task unloading method facing to position privacy protection
CN114025310A (en) * 2021-11-01 2022-02-08 湖南大学 Location service privacy protection method, device and medium based on edge computing environment
CN114025310B (en) * 2021-11-01 2022-08-12 湖南大学 Location service privacy protection method, device and medium based on edge computing environment
CN114065287A (en) * 2021-11-18 2022-02-18 南京航空航天大学 Track difference privacy protection method and system for resisting prediction attack
CN114065287B (en) * 2021-11-18 2024-05-07 南京航空航天大学 Track differential privacy protection method and system for resisting predictive attack

Also Published As

Publication number Publication date
CN110611667B (en) 2022-04-12

Similar Documents

Publication Publication Date Title
CN110611667B (en) Dynamic position privacy protection method and device in edge computing environment
Boutsis et al. Privacy preservation for participatory sensing data
To et al. A framework for protecting worker location privacy in spatial crowdsourcing
CN108600304B (en) Personalized position privacy protection method based on position k-anonymity
EP3162094B1 (en) Matching users in a location-based service
Kazemi et al. A privacy-aware framework for participatory sensing
Damiani Location privacy models in mobile applications: conceptual view and research directions
WO2015084678A1 (en) Systems and methods for geo-location based message streams
US20120124136A1 (en) Context information sharing apparatus and method for providing intelligent service by sharing context information between one or more terminals
Yang et al. Location privacy preservation mechanism for location-based service with incomplete location data
CN109583227B (en) Privacy information protection method, device and system
US20110084803A1 (en) Controlling location information
Jensen et al. Location privacy techniques in client-server architectures
CN112513848A (en) Privacy protected content classification
Miao et al. Differential privacy–based location privacy enhancing in edge computing
US11818622B1 (en) System and method of using spatial and temporal signals to identify and prevent attacks
US10171606B2 (en) System and method for providing data as a service (DaaS) in real-time
CN107135197B (en) Chain k-anonymous location privacy protection method based on grey prediction
Zhang et al. A differential privacy based probabilistic mechanism for mobility datasets releasing
Yin et al. Location privacy protection based on improved-value method in augmented reality on mobile devices
EP3586552B1 (en) Evaluating ip location accuracy on a mobile device
Zhao et al. EPLA: efficient personal location anonymity
Jia et al. Nonexposure Accurate Location-Anonymity Algorithm in LBS
Gupta et al. Mobility-aware prefetching and replacement Scheme for location-based services: MOPAR
CN110138751B (en) Internet of vehicles location data processing method and device for resisting location data poisoning attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 518000 706, building 3b, hongrongyuan Shangjun phase II, Longping community, Dalang street, Longhua District, Shenzhen City, Guangdong Province

Applicant after: Jintu computing technology (Shenzhen) Co.,Ltd.

Address before: 518000 area a, 18 / F, building 1, creative park, broadcasting group, No.1 Qingqing Road, Qinghu community, Longhua sub district office, Longhua District, Shenzhen City, Guangdong Province

Applicant before: SHENZHEN SEMISKY TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder

Address after: 518000 room 1203, block a, building 7, Shenzhen International Innovation Valley, Dashi Road, Xili community, Xili street, Nanshan District, Shenzhen City, Guangdong Province

Patentee after: Jintu computing technology (Shenzhen) Co.,Ltd.

Address before: 518000 706, building 3b, hongrongyuan Shangjun phase II, Longping community, Dalang street, Longhua District, Shenzhen City, Guangdong Province

Patentee before: Jintu computing technology (Shenzhen) Co.,Ltd.

CP02 Change in the address of a patent holder