CN109617877A - The location privacy protection system and method for selection is added based on difference privacy noise - Google Patents

Abstract

The invention discloses a kind of location privacy protection system and method for adding selection based on difference privacy noise, system includes three mobile subscriber, trusted third party and position data analyst roles；Location information is sent to trusted third party by mobile subscriber's authorization；Trusted third party collects the geographical location information that mobile subscriber sends and constitutes data set, is handled using the noise addition selection algorithm based on difference privacy, and provide corresponding query service to position data analyst.The location privacy protection method for adding selection based on difference privacy noise of the invention includes the following steps: to be converted to geographical location information data collection into two-dimensional surface data, show in two-dimensional coordinate system；It executes region selection algorithm and Index selection algorithm selects important area；Laplace noise is added to the important area selected.There is the present invention lower time complexity to also ensure the availability of position data while protecting user location privacy.

Description

Location privacy protection system and method based on differential privacy noise addition selection

Technical Field

The invention relates to the field of Internet of things security, in particular to a position privacy protection system and method based on differential privacy noise addition selection.

Background

In the current internet age, a wide variety of communication and interconnection devices are rapidly evolving. With the development of the internet of things, communication between devices is more frequent. In order to provide better service for users, the devices often collect some privacy information, which causes privacy disclosure of the users. Therefore, the open internet environment poses a lot of threats to society, and people begin to face privacy problems with a serious attitude. Location-based services are hot topics of mobile terminal services on the current mobile application market. In a shopping application, using a location service to obtain a user's location not only omits the cumbersome process of manually inputting location information, but also provides a basis for delivering location information for a warehouse. When the navigation background is considered, the positioning service acquires the position information of the user and feeds the information back to the user, so that the road condition information is acquired and inquired more visually and simply; in addition, there are various social applications such as social, weather, taxi, group buying, and travel. The geographical location information provided by the location service enriches the functionality of the application and greatly increases the user experience.

However, when improving the user experience, the location service application needs to collect the user's geographical location information, which is however easily stared by lawbreakers or attackers. The location information summarizes a person's general characteristics from which the target person's address, work place, etc. can be analyzed. Meanwhile, researches show that the activities of people have strong regularity. Thus, not only does obtaining the location information of a person violate the privacy of the person at the present time, but also the future location can be predicted, which is also the goal of an attacker.

Researchers have proposed a large number of privacy protection techniques for the privacy disclosure risks that are constantly suffered during data application. Current privacy protection technologies can be divided into two types: syntactic privacy protection techniques and semantic privacy protection techniques. Under the classification of grammatical privacy protection technologies, the main objective of the privacy protection technologies is to satisfy a grammatical privacy requirement, that is, each record in a data set required to be published cannot be distinguished from other similar records by an attacker, so that the attack of the attacker is interfered. Under the category of semantic privacy preserving techniques, the main goal of data preserving techniques is to satisfy a specific requirement that the addition or deletion of a single record in a data set is imperceptible to an attacker, and is not sensitive.

The differential privacy method is a suitable method for realizing the protection of the position information in the environment of the Internet of things. Static querying and analysis in a private environment can ensure that whether a single individual appears in the dataset does not change the results of the query. In short, an attacker cannot judge the data of any individual from the statistical results. Differential privacy can address two drawbacks of traditional privacy protection models. First, the differential privacy preserving model assumes that an attacker can obtain information of all other records except the target record, and the sum of the information can be understood as the maximum background knowledge that the attacker can grasp. Under this maximum background knowledge assumption, differential privacy protection does not need to take into account any possible background knowledge possessed by the attacker, since such background knowledge cannot provide richer information than the maximum background knowledge. Secondly, the method is based on a solid mathematical basis, strictly defines privacy protection and provides a quantitative evaluation method, so that the privacy protection level provided by the data set under different parameter processing is comparable.

Disclosure of Invention

The invention aims to provide a position privacy protection system and a position privacy protection method based on differential privacy noise addition selection. The invention protects the geographical position information of the mobile user by adding noise to the original geographical position information data based on the difference privacy theory under the condition of not influencing the output result of any inquiry.

In order to achieve the purpose, the invention is realized by the following technical scheme:

a location privacy protection method based on differential privacy noise addition selection comprises the following steps:

s1, after the trusted third party is authorized by the mobile user, the trusted third party collects the geographic position information of the mobile user and constructs a geographic position information data set;

s2, converting the geographic position information data set into two-dimensional plane data by a trusted third party, and displaying the two-dimensional plane data in a two-dimensional coordinate system;

s3, selecting by the trusted third party by using a region selection algorithm to generate a region selection data set;

s4, the trusted third party generates an index selection data set by using an index selection algorithm based on differential privacy;

s5, adding Laplace noise to the selected index selection data set by using a Laplace noise publishing algorithm by the trusted third party, protecting the selected data area, restoring the data points in the coordinate system to an original storage form, and generating a Laplace noise addition data set; the selected data area refers to an index selection data set processed by an area selection algorithm and an index selection algorithm based on differential privacy;

and S6, the position data analyst inquires the geographical position information of the mobile user through the trusted third party.

Preferably, the step S3 further includes the following steps:

s3-1, setting coordinate values of the left lower corner of the small square with the area S as (0,0), and establishing an empty data set D_sFor storing data points satisfying a density condition;

s3-2, in a plane coordinate system, taking a coordinate point at the lower left corner of the small square as a traversal point, and traversing the target area in a mode that the small square is increased along a horizontal axis of the coordinate and then increased along a vertical axis of the coordinate; in the traversal process, calculating the number of points N in a small square block area, dividing the number of points in the current square block by the area of the small square block, calculating the density of the points in the small square block, and if the density of the points is greater than a set density threshold q, adding a data record C in the current square block into a data set D_sIn (3), after the traversal is completed, the data set D_sSelect a dataset D for the newly generated region_s'。

Preferably, the step S3 further includes the following steps:

the density threshold q and the area s respectively specify a minimum visit density and an area of a small square block for detection, and the density threshold q is specified based on an average density of the whole area, specifically as follows:

assuming that the number of points in the region is L and the area of the target region is S, the density of the entire region isSetting the value of q to at least reach the average density of the whole area; it is composed ofWherein q and s together determine the selected position data point, s ≧ 1 andand adoptTo set the value of the small square area s.

Preferably, the step S4 further includes the following steps:

s4-1, initializing region selection data set D_s' data recording, statistical region selection data set D_sThe number of data records n in';

s4-2, selecting data set D for region_s' Each data record C in_iScoring is performed, and a scoring function is shown as formula (1):

Score(D_s',C_i)＝E(C_i) (1)

in the formula, E (C)_i) Refers to the number of position points in each data record;

s4-3, Score according to each data record (D)_s',C_i) Computing differential privacy noise addition scoresThe value of (b) is as shown in formula (2);

wherein,

in the formula, Δ Score represents a region selection data set D_s' maximum value of difference between data points; i E (C)_i)-E(C_j)||₁Represents E (C)_i) And E (C)_j) 1 st order distance therebetween; epsilon₁A differential privacy budget representing an exponential selection algorithm; in thatIn the middle, subscript c represents a data record, and superscript DP represents that the calculation mode is based on a differential privacy method;

s4-4, calculating the probability of each data record, wherein the calculation formula is shown as a formula (4);

s4-5, sorting the data records according to the obtained probability descending order, and selecting the first p data records to construct an index selection data set D_s"; the size of p can be specified by itself as needed as long as it is not more than the total number.

Preferably, the step S5 further includes the following steps:

s5-1, initializing a position data set D_iLet D be_iContained in the index selection data set D_s", and initializes n_i，n_iRepresents D_iThe number of points in;

s5-2, for each D contained in_s"D of_iTo n thereof_iAdd Laplace noise to generate new points n_i', the calculation is shown in formula (5):

wherein,representing noise, ε, satisfying the Laplace distribution₂Representing a differential privacy budget for a Laplace noise publishing algorithm; delta F represents the differential privacy global sensitivity of the Laplace noise publishing algorithmSensitivity, global sensitivity representing the change in algorithm output when any data record in the data set is altered;

s5-3, updating the index selection data set D_s", a Laplace noise addition data set D' is generated.

Preferably, the step S6 further includes the following steps:

s6-1, the trusted third party generates a public key and a private key by using an RSA public key encryption algorithm and issues the generated public key;

s6-2, the location data analyst sends a location access request to the mobile user needing to be inquired;

s6-3, after receiving the position access request sent by the position data analyzer, the mobile user authorizes the corresponding position data analyzer according to the requirement; the mobile user packages a user name U1 of the mobile user, a user name U2 of a position data analyzer and Time constraint Time into a message body, encrypts the message body by using a public key issued by a trusted third party to generate an authorization code, and sends the authorization code to a corresponding position data analyzer;

s6-4, the position data analyst sends the position inquiry information to the credible third party, and when the position information corresponding to a single mobile user needs to be inquired, the authorization code sent by the mobile user is sent to the credible third party, and then the step S6-5 is carried out; when the position data analyst needs to perform statistical query on the position data, the statistical query function is sent to the trusted third party, and then the step S6-6 is skipped;

s6-5, after receiving the authorization code sent by the position data analyzer, the trusted third party decrypts the authorization code by using the private key of the trusted third party to obtain the original message body set by the mobile user, wherein the original message body comprises the user name U1 of the mobile user, the user name U2 of the position data analyzer and the Time constraint Time; the trusted third party verifies the identity of the position data analyzer according to the message body, and sends the current position information of the mobile user U1 to the corresponding position data analyzer after the verification is passed;

and S6-6, after receiving the statistical query function sent by the position data analyst, the trusted third party carries out statistical query on the Laplace noise addition data set D', and then sends the query result to the corresponding position data analyst.

The present invention also provides a location privacy protection system employing a location privacy protection method based on differential privacy noise addition selection as described above, the system comprising:

the mobile user holds mobile equipment with a self-positioning function, accesses the Internet of things by using the mobile equipment, authorizes to send own geographic position information to a trusted third party, and the geographic position information is personal privacy information of the mobile user;

a trusted third party that protects the geographic location information of the mobile user and prevents leakage of personal privacy information of the mobile user; the trusted third party receives the geographical position information sent by the mobile user and constructs the geographical position information of the mobile user into a geographical position information data set; the trusted third party processes the geographical position information data set by using a noise adding selection algorithm based on differential privacy and then issues a Laplace noise adding geographical position information data set; the trusted third party authorized position data analyst inquires the geographic position information of the mobile user on a Laplace noise added geographic position information data set and provides position information inquiry service;

and the position data analyzer inquires the geographical position information of the mobile user through a position information inquiry service provided by the credible third party and performs corresponding analysis to extract the geographical position information of the required mobile user.

Compared with the prior art, the invention has the beneficial effects that:

1) representing the geographical position information data by using a planar structure, and displaying an original geographical position information data set in a two-dimensional coordinate system;

2) a region selection algorithm based on a density threshold is provided, which has a lower time complexity than other partitioning algorithms;

3) the differential privacy theory is satisfied, so that privacy is not disclosed, errors caused by data distortion are reduced, and the usability of data is improved;

4) selecting a region meeting a density threshold by using a region selection algorithm, selecting an important region by using an index selection algorithm, and adding noise to the important region; the availability of location data is also ensured while protecting user sensitive data.

Drawings

FIG. 1 is an architectural diagram of a location privacy protection system selected based on differential privacy noise addition in accordance with the present invention;

FIG. 2 is a flow diagram of a method of location privacy protection based on differential privacy noise addition selection in accordance with the present invention;

FIG. 3 shows the distribution diagram of the Laplace noise function with different parameters b.

Detailed Description

In order that the invention may be more readily understood, reference will now be made to the following description taken in conjunction with the accompanying drawings.

The position privacy protection method based on the difference privacy noise addition selection mainly comprises the following steps: converting the geographic position information data set into two-dimensional plane data, and displaying the two-dimensional plane data in a two-dimensional coordinate system; executing a region selection algorithm and an index selection algorithm to select an important region; and adding Laplace noise to the selected important area.

As shown in fig. 1, the location privacy protection system based on differential privacy noise addition selection provided by the present invention includes three roles, namely, a mobile user, a trusted third party, and a location data analyst, where the mobile user authorizes sending of geographic location information to the trusted third party; and the trusted third party processes the geographical location information sent by the mobile user by using a noise addition selection algorithm based on differential privacy and authorizes a location data analyzer to inquire the corresponding geographical location information.

Specifically, the mobile user: the mobile device with the self-positioning function is held, the mobile device is used for accessing the Internet of things, the geographic position information is the personal privacy information of the mobile user, and the geographic position information of the mobile user is authorized to be sent to a trusted third party; the geographical location information is personal privacy information of the mobile user.

The trusted third party: the method protects the geographical position information of the mobile user and prevents the personal geographical position privacy information of the mobile user from being leaked; receiving geographical position information sent by a mobile user, and constructing the geographical position information of the mobile user into a geographical position information data set; processing the geographical position information data set by using a noise addition selection algorithm based on differential privacy, and then issuing a Laplace noise addition geographical position information data set; and authorizing a position data analyzer to inquire the geographical position information of the mobile user on the geographical position information data set and providing a position information inquiry service.

Location data analyst: and querying the geographical position information of the mobile user through a position information query service provided by a trusted third party, carrying out corresponding analysis, and extracting the geographical position information of the mobile user.

After the trusted third party is authorized by the mobile user, collecting the geographic position information of the mobile user and constructing a geographic position information data set; the original geographic position information is confused by using a Laplace noise issuing algorithm, and meanwhile, the usability of position data is also ensured; under the condition of protecting the position privacy information of the mobile user, corresponding query service needs to be provided for the position data analyzer, and the correctness of the query result of the position data analyzer is ensured.

As shown in fig. 2, the location privacy protection method based on differential privacy noise addition selection of the present invention comprises the following steps:

step S1, the trusted third party collects the geographical location information of the mobile user and constructs the geographical location information as a geographical location information data set D;

step S2, the trusted third party converts the data set D containing the geographic position information of the mobile user into two-dimensional plane data, and the two-dimensional plane data are displayed in a first quadrant of a two-dimensional coordinate system; the horizontal axis of the coordinates represents the latitude of the geographical location information of the mobile user, and the vertical axis represents the longitude; the location information of each mobile user is distributed in the form of points in the coordinate system.

Step S3, the trusted third party executes the region selection algorithm, in the coordinate system, the region selection is carried out by using the small square with the area S and moving from left to right and from bottom to top, and the region selection data set D is generated_s'。

Step S4, selecting data set D for region_s' the trusted third party executes an index selection algorithm based on differential privacy to generate an index selection data set D_s”。

The differential privacy is a privacy protection technology based on data distortion, achieves privacy protection effect by converting original data and the original data or adding noise to statistical results, ensures that the operation of inserting or deleting a record in a certain data set does not affect the output result of any query, and achieves the purpose of privacy protection.

Step S5, the trusted third party selects a data set D for the selected index_sAdding Laplace noise by using a Laplace noise publishing algorithm to protect the selected important area; and then restoring the data points in the coordinate system to the original storage form to generate a Laplace noise addition data set D'. The important area refers to the index selection data set processed by the area selection algorithm and the index selection algorithm based on the difference privacy, because the algorithm is in a two-dimensional coordinate systemThe selected data area is called an important area because the calculation is performed.

And step S6, the position data analyst inquires the geographical position information of the mobile user through the trusted third party.

Specifically, the region selection algorithm in step S3 includes the following steps:

s3-1, setting the coordinate value of the lower left corner of the small square with the area S as (0, 0); creating an empty data set D_sAnd storing the data points meeting the density condition (namely the data points with the density of the data points in the small square larger than the set threshold).

Step S3-2, in a plane coordinate system, taking a coordinate point at the lower left corner of the small square as a traversal point, and traversing the target area in a mode that the small square is increased along a horizontal axis of the coordinate and then increased along a vertical axis of the coordinate; in the traversal process, calculating the number N of points in the small square block area, and calculating the density of the middle point of the small square block by dividing the number of points in the current square block by the area of the small square block; if the density of the dots is greater than the set density threshold q, adding the data record C in the current block to the data set D_sPerforming the following steps; after traversal is complete, data set D_sSelect a dataset D for the newly generated region_s'。

In addition, two important parameters q and s are involved in the above region selection algorithm, which specify the minimum access density and the area of the small square for detection, respectively. The invention specifies the value of q based on the average density of the whole area, and if the number of points in the area is L and the area of the target area is S, the density of the whole area isThe value of q set by the present invention should at least reach an average density. Since q and s jointly determine the selected position data point, if the value of s is set to be too small, the time complexity is too high, and if it is too large, the accuracy is lost, and the points satisfying the condition are lost. Therefore, the method provides a restriction stripA piece: firstly, s is more than or equal to 1, secondly,in the case of satisfying the above conditions, the method employsTo set the value of the small square area s.

Specifically, the exponent selecting algorithm based on differential privacy in step S4 includes the following steps:

step S4-1, initializing region selection dataset D_s' of the data recording; statistical region selection data set D_sThe number of data records n in.

Step S4-2, selecting data set D for region_s' Each data record C in_iScoring is performed, and a scoring function is shown as formula (1):

Score(D_s',C_i)＝E(C_i)(1)

wherein, E (C)_i) Refers to the number of location points in each data record.

Step S4-3, calculating a differential privacy noise adding score S according to the score of each data record_c ^DPThe value of (b) is as shown in formula (2);

wherein,

in the formula, Δ Score represents a region selection data set D_s' maximum value of difference between data points; i E (C)_i)-E(C_j)||₁Represents E (C)_i) And E (C)_j) 1 st order distance therebetween; epsilon₁Means for selecting an indexDifferential privacy budgets of the law; in thatIn the following, the subscript c indicates a data record, and the superscript DP indicates that the calculation method is based on the differential privacy theory.

S4-4, calculating the probability of each data record, wherein the calculation formula is shown as a formula (4);

step S4-5, sorting the data records according to the obtained probability descending order, and selecting the first p data records to construct an index selection data set D_s”。

The Laplace noise issuing algorithm in the step S5 includes the following steps:

step S5-1, initializing a position data set D_i(the position data set is a subset of the index selection data set) such that D_iContained in the index selection data set D_s"; initializing n_i，n_iRepresents D_iThe number of points in.

Step S5-2, for each D contained in_s"D of_iTo n thereof_iAdd Laplace noise to generate new points n_i', the calculation is shown in formula (5):

wherein,representing noise, ε, satisfying the Laplace distribution₂Representing a differential privacy budget for a Laplace noise publishing algorithm; Δ F represents the differential privacy global sensitivity of the Laplace noise publishing algorithm, the global sensitivity represents any data in the modified data setThe change in algorithm output is recorded.

Fig. 3 is a Laplace noise function distribution diagram with different parameters b, showing the variation of different values of b to the Laplace noise function distribution. Where the abscissa represents the magnitude of the noise and the ordinate represents the differential privacy budget epsilon. As can be seen from fig. 3, the function profile is symmetric about 0, and the farther the noise is from 0, the smaller the value of the differential privacy budget epsilon and the higher the security protection level.

Step S5-3, updating index selection data set D_s", a Laplace noise addition data set D' is generated.

The process of the location data analyst querying the geographical location information of the mobile user through the trusted third party in step S6 further includes the following steps:

s6-1, the trusted third party generates a public key and a private key by using an RSA public key encryption algorithm and issues the generated public key; the RSA public key encryption algorithm was proposed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman together, with RSA being the initial alphabet of their three surnames pieced together.

And S6-2, the position data analyst sends a position access request to the mobile user needing to be inquired.

S6-3, after receiving the position access request sent by the position data analyzer, the mobile user authorizes the corresponding position data analyzer according to own needs; the mobile user packages the user name U1 of the mobile user, the user name U2 of the position data analyst and the Time constraint Time into a message body; and then, encrypting the message body by using a public key issued by a trusted third party to generate an authorization code, and sending the authorization code to a corresponding position data analyzer.

S6-4, the position data analyst sends the position inquiry information to the credible third party, and when the position information corresponding to a single mobile user needs to be inquired, the authorization code sent by the mobile user is sent to the credible third party, and then the step S6-5 is carried out; and when the position data analyst needs to perform the statistical query on the position data, sending the statistical query function to the trusted third party, and then jumping to the step S6-6.

S6-5, after receiving the authorization code sent by the position data analyzer, the trusted third party decrypts the authorization code by using the private key of the trusted third party to obtain the original message body set by the mobile user, wherein the original message body comprises the user name U1 of the mobile user, the user name U2 of the position data analyzer and the Time constraint Time; and the trusted third party verifies the identity of the position data analyst according to the message body, and sends the current position information of the mobile user U1 to the corresponding position data analyst after the verification is passed.

And S6-6, after receiving the statistical query function sent by the position data analyst, the trusted third party carries out statistical query on the Laplace noise addition data set D', and then sends the query result to the corresponding position data analyst.

In the invention, a trusted third party collects the geographical position information of the mobile user and constructs a geographical position information data set; converting the geographic position information data set into two-dimensional plane data, displaying the two-dimensional plane data in a two-dimensional coordinate system, and then selecting an important data area by using an area selection algorithm and an index selection algorithm; adding Laplace noise to the selected important area by using a Laplace noise issuing algorithm; the position privacy of the mobile user is ensured while the availability of the position data is ensured.

TABLE 1 privacy protection method comparisons

As can be seen from table 1, the location privacy protection method selected based on the differential privacy noise addition has higher privacy protection degree and good service quality compared with the methods such as Interval Cloak, Casper Cloak, Mix-zone, and the like, and has certain effectiveness.

The system architecture provided by the invention meets the requirement of position privacy protection in the current Internet of things environment, and the anonymity and confusion of the position privacy information of the mobile user are finished by using a trusted third party, so that the position privacy information of the mobile user is protected on the premise of not damaging the query result. The method provided by the invention meets the differential privacy theory, selects important areas by using an area selection and index selection algorithm, and has lower time complexity; and the Laplace noise publishing algorithm is used for adding noise, so that the usability of data is ensured under the condition of ensuring the privacy of the mobile user.

While the present invention has been described in detail with reference to the preferred embodiments, it should be understood that the above description should not be taken as limiting the invention. Various modifications and alterations to this invention will become apparent to those skilled in the art upon reading the foregoing description. Accordingly, the scope of the invention should be determined from the following claims.

Claims (7)

1. A location privacy protection method based on differential privacy noise addition selection is characterized by comprising the following steps:

s1, after the trusted third party is authorized by the mobile user, the trusted third party collects the geographic position information of the mobile user and constructs a geographic position information data set;

s2, converting the geographic position information data set into two-dimensional plane data by a trusted third party, and displaying the two-dimensional plane data in a two-dimensional coordinate system;

s3, selecting by the trusted third party by using a region selection algorithm to generate a region selection data set;

s4, the trusted third party generates an index selection data set by using an index selection algorithm based on differential privacy;

s5, adding Laplace noise to the selected index selection data set by using a Laplace noise publishing algorithm by the trusted third party, protecting the selected data area, restoring the data points in the coordinate system to an original storage form, and generating a Laplace noise addition data set; the selected data area refers to an index selection data set processed by an area selection algorithm and an index selection algorithm based on differential privacy;

and S6, the position data analyst inquires the geographical position information of the mobile user through the trusted third party.

2. The differential privacy noise addition selection-based location privacy protection method of claim 1,

the step S3 further includes the following steps:

s3-1, setting coordinate values of the left lower corner of the small square with the area S as (0,0), and establishing an empty data set D_sFor storing data points satisfying a density condition;

s3-2, in a plane coordinate system, taking a coordinate point at the lower left corner of the small square as a traversal point, and traversing the target area in a mode that the small square is increased along a horizontal axis of the coordinate and then increased along a vertical axis of the coordinate; in the traversal process, calculating the number of points N in a small square block area, dividing the number of points in the current square block by the area of the small square block, calculating the density of the points in the small square block, and if the density of the points is greater than a set density threshold q, adding a data record C in the current square block into a data set D_sIn (3), after the traversal is completed, the data set D_sSelect a dataset D for the newly generated region_s'。

3. The differential privacy noise addition selection-based location privacy protection method of claim 2,

the step S3 further includes the following steps:

the density threshold q and the area s respectively specify a minimum visit density and an area of a small square block for detection, and the density threshold q is specified based on an average density of the whole area, specifically as follows: assuming that the number of points in the region is L and the area of the target region is S, the density of the entire region isSetting the value of q to at least reach the average density of the whole area; wherein q and s together determine the selected position data point, s ≧ 1 andand adoptTo set the value of the small square area s.

4. The differential privacy noise addition selection-based location privacy protection method of claim 2,

the step S4 further includes the following steps:

s4-1, initializing region selection data set D_s' data recording, statistical region selection data set D_sThe number of data records n in';

s4-2, selecting data set D for region_s' Each data record C in_iScoring is performed, and a scoring function is shown as formula (1):

Score(D_s',C_i)＝E(C_i) (1)

in the formula, E (C)_i) Refers to the number of position points in each data record;

s4-3, Score according to each data record (D)_s',C_i) Computing differential privacy noise addition scoresValue of, formula (2)Shown;

wherein,

in the formula, Δ Score represents a region selection data set D_s' maximum value of difference between data points; i E (C)_i)-E(C_j)||₁Represents E (C)_i) And E (C)_j) 1 st order distance therebetween; epsilon₁A differential privacy budget representing an exponential selection algorithm; in thatIn the middle, subscript c represents a data record, and superscript DP represents that the calculation mode is based on a differential privacy method;

s4-4, calculating the probability of each data record, wherein the calculation formula is shown as a formula (4);

s4-5, sorting the data records according to the obtained probability descending order, and selecting the first p data records to construct an index selection data set D_s”。

5. The differential privacy noise addition selection-based location privacy protection method of claim 4,

the step S5 further includes the following steps:

s5-1, initializing a position data set D_iLet D be_iContained in the index selection data set D_s", and initializes n_i，n_iRepresents D_iThe number of points in;

s5-2, for each D contained in_s"D of_iTo n thereof_iAdd Laplace noise to generate new points n_i', calculatingIn a manner shown in formula (5):

wherein,representing noise, ε, satisfying the Laplace distribution₂Representing a differential privacy budget for a Laplace noise publishing algorithm; Δ F represents the differential privacy global sensitivity of the Laplace noise publishing algorithm, the global sensitivity represents the change of the algorithm output when any data record in the data set is changed;

s5-3, updating the index selection data set D_s", a Laplace noise addition data set D' is generated.

6. The differential privacy noise addition selection-based location privacy protection method of claim 5,

the step S6 further includes the following steps:

s6-1, the trusted third party generates a public key and a private key by using an RSA public key encryption algorithm and issues the generated public key;

s6-2, the location data analyst sends a location access request to the mobile user needing to be inquired;

s6-3, after receiving the position access request sent by the position data analyzer, the mobile user authorizes the corresponding position data analyzer according to the requirement; the mobile user packages a user name U1 of the mobile user, a user name U2 of a position data analyzer and Time constraint Time into a message body, encrypts the message body by using a public key issued by a trusted third party to generate an authorization code, and sends the authorization code to a corresponding position data analyzer;

s6-4, the position data analyst sends the position inquiry information to the credible third party, and when the position information corresponding to a single mobile user needs to be inquired, the authorization code sent by the mobile user is sent to the credible third party, and then the step S6-5 is carried out; when the position data analyst needs to perform statistical query on the position data, the statistical query function is sent to the trusted third party, and then the step S6-6 is skipped;

s6-5, after receiving the authorization code sent by the position data analyzer, the trusted third party decrypts the authorization code by using the private key of the trusted third party to obtain the original message body set by the mobile user, wherein the original message body comprises the user name U1 of the mobile user, the user name U2 of the position data analyzer and the Time constraint Time; the trusted third party verifies the identity of the position data analyzer according to the message body, and sends the current position information of the mobile user U1 to the corresponding position data analyzer after the verification is passed;

and S6-6, after receiving the statistical query function sent by the position data analyst, the trusted third party carries out statistical query on the Laplace noise addition data set D', and then sends the query result to the corresponding position data analyst.

7. A location privacy protection system using the location privacy protection method selected based on differential privacy noise addition according to any one of claims 1 to 6, the system comprising:

the mobile user holds mobile equipment with a self-positioning function, accesses the Internet of things by using the mobile equipment, authorizes to send own geographic position information to a trusted third party, and the geographic position information is personal privacy information of the mobile user;

a trusted third party that protects the geographic location information of the mobile user and prevents leakage of personal privacy information of the mobile user; the trusted third party receives the geographical position information sent by the mobile user and constructs the geographical position information of the mobile user into a geographical position information data set; the trusted third party processes the geographical position information data set by using a noise adding selection algorithm based on differential privacy and then issues a Laplace noise adding geographical position information data set; the trusted third party authorized position data analyst inquires the geographic position information of the mobile user on a Laplace noise added geographic position information data set and provides position information inquiry service;

and the position data analyzer inquires the geographical position information of the mobile user through a position information inquiry service provided by the credible third party and performs corresponding analysis to extract the geographical position information of the required mobile user.