CN113573234B - Position privacy protection method in large indoor position service scene - Google Patents
Position privacy protection method in large indoor position service scene Download PDFInfo
- Publication number
- CN113573234B CN113573234B CN202110883750.8A CN202110883750A CN113573234B CN 113573234 B CN113573234 B CN 113573234B CN 202110883750 A CN202110883750 A CN 202110883750A CN 113573234 B CN113573234 B CN 113573234B
- Authority
- CN
- China
- Prior art keywords
- privacy
- dimensional space
- noise
- discretization
- disturbance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
- H04W12/64—Location-dependent; Proximity-dependent using geofenced areas
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/025—Services making use of location information using location based information parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/33—Services specially adapted for particular environments, situations or purposes for indoor environments, e.g. buildings
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Processing Or Creating Images (AREA)
- Instructional Devices (AREA)
Abstract
A position privacy protection method in a large indoor position service scene belongs to the field of position service and information safety. The protection method comprises the steps that for position privacy leakage caused by an untrusted server or an eavesdropper in the three-dimensional space position service process, geographical position indistinguishability is adopted, X, Y and Z coordinates of a position are simultaneously disturbed based on a three-dimensional Laplace plus noise mechanism, the disturbed position is determined by a discretization and truncation method, the mathematical quantization relation of privacy budgets before and after discretization and truncation is analyzed, and privacy budget degradation caused by discretization is compensated by adding extra noise; the method and the device can deal with the leakage of the position privacy of the three-dimensional space position service environment, and improve the safety performance of the position data privacy of the position service system under the attack of position deduction. The advantages are that: the method and the device realize disturbance protection on three dimensions of the position simultaneously based on the geographical indistinguishability in the three-dimensional space of the differential privacy, and provide a strict measurement method and a realization mechanism for the three-dimensional space position privacy protection.
Description
Technical Field
The invention relates to the field of location service and information security, in particular to a location privacy protection method in a large-scale indoor location service scene.
Background
Due to the rapid development of the 5G intelligent communication technology and the increasing high population density in cities, the privacy protection technology research of location data [ D ]. halbin industrial university, 2020] has been widely applied to large indoor buildings, such as large hospitals and large shopping malls. By 2025, the global indoor LBS market size is expected to reach $ 187.4 billion. At the same time, the risk of privacy disclosure of the user location is also increasing. The federal communications commission in the united states proposed a fine of at least 2 billion dollars for four major mobile phone companies in 2020 because they divulged real-time location data for consumers. The problem of privacy protection of locations in three-dimensional spaces, such as various large indoor buildings, is of increasing interest to both academic and industrial circles. At present, most of location privacy protection schemes focus on location privacy protection of a two-dimensional space, and when location data of a user contains high information, the mechanisms cannot deal with location inference attacks performed by an untrusted location server or an eavesdropping attacker by using existing background knowledge.
In recent years, researchers at home and abroad pay much attention to the problem of position privacy disclosure in position service, and K-anonymity [2] Yujuan is adopted, and a privacy protection method based on the position service is used for researching [ D ]. northwest Master university, 2020], mix-zone, encryption, disturbance and other methods for protecting position privacy. However, the encryption-based location privacy protection mechanism completely hides the user location information, and is not suitable for the location service application scenario. In addition, a location privacy protection mechanism based on K-anonymity needs to rely on a trusted third party, and once a server is paralyzed or attacked, the privacy of a user has a leakage threat. The location privacy protection mechanism based on disturbance can be realized locally at the user end, and dependence on a credible and safe server can be avoided.
Two-dimensional Geo-location indistinguishability is an extension of traditional Differential privacy, used to protect the location privacy of a single user in two-dimensional planar space [ [3] M.Andre s, N.Bordenabe, K.Chatzikokolakis, and C.Palamimidesi, Geo-indentinguishability: Difference privacy for location-based systems [ C ]. ACM Conference Computer and Communications Security (CCS),2013: 901-. The mobile user can randomly generate a false position locally by using a perturbation mechanism based on the indistinguishability of the two-dimensional geographic position and distribute the false position to the position server for service request, and the true position is only known by the user. However, when a user is in a three-dimensional space such as a large hospital, the above location privacy protection mechanism for a two-dimensional space cannot effectively prevent a location inference attack due to the introduction of the height location information of the user. For example, if the floor information of a user is leaked, his/her state of illness is exposed to an attacker. Therefore, it is important to research the user location data protection mechanism in the three-dimensional spatial location service.
Disclosure of Invention
The invention aims to provide a position privacy protection method under a large-scale indoor position service scene, which can protect the position data privacy safety under the position service scene in a large-scale indoor three-dimensional space and the like.
The purpose of the invention is realized as follows: a position privacy protection method in a three-dimensional space aims at position privacy leakage caused by an untrusted server or an eavesdropper in the three-dimensional space position service process, geographical position indistinguishability is adopted, X, Y and Z coordinates of a position are simultaneously disturbed based on a three-dimensional Laplace noise mechanism, the disturbed position is determined by a discretization and truncation method, the mathematical quantization relation of privacy budgets before and after discretization and truncation is analyzed, and budget privacy degradation caused by discretization is compensated by adding extra noise; the method and the device can deal with the leakage of the position privacy of the three-dimensional space position service environment, and improve the safety performance of the position data privacy of the position service system under the attack of position deduction.
The method comprises the following specific steps:
step 1: defining a geographically indistinguishable mechanism in three-dimensional space; a strict and provable measurement method for position privacy in a three-dimensional space based on differential privacy, namely three-dimensional geographic indistinguishability, is provided, and is defined as follows:
wherein epsilon is privacy budget and perturbation mechanismAll in three-dimensional spaceSatisfies epsilon-geographic indistinguishability, whereinIs a possible set of real positions of the mobile terminal,to perturb the possible set of locations, x1As user position, x' as disturbance position, d3(x1,x2) Is given by x1The radius of the central spherical region;
in step 1, the three-dimensional geographic indistinguishability ensures that for any two geographically close locations in three-dimensional space, the probability distributions of the disturbance locations are similar, as measured by the privacy budget ε and the user location x1A radius of d as a center3(x1,x2) The true position in space is protected.
Step 2: simultaneously disturbing the X, Y and Z coordinates of the position in the three-dimensional space;
in the step 2, the concrete steps are as follows:
step 1), introducing a noise generation mechanism as a probability density function
Where ε is the privacy budget, x1True user position, x' disturbance position, d3(x1,x2) Is given by x1Radius of the spherical area as the center, A is a normalization coefficient;
step 2), replacing a Cartesian coordinate system with a spherical coordinate system to determine a disturbance position; the user real position is x1With perturbation position x', expressed as (r, θ, ψ), where ε is the privacy budget and r denotes x1And x', theta is the polar angle, psi is the azimuthal angle,the probability density function in the spherical coordinate system is:
defining three variables as radiiPolar angle θ, azimuth Ψ, and the edge distribution of the three variables:
step 3), sending the disturbance position x' to an LBS server according to the noise distribution function;
in the step 2), the method for obtaining the disturbance position x' includes:
step (1), selecting a random vector U (theta, psi) in a unit sphere;
in the step (2) and the formula (3)Namely a probability density function of gamma distribution gamma (3, 1/epsilon), a radius r is determined according to the gamma distribution gamma (3, 1/epsilon), and the disturbance position x' follows the distribution x1+Ur。
And step 3: cubic grid for approximating noise generated by Laplace mechanism under three-dimensional coordinatesIn the method, a discretization noise adding mechanism is designed, the relation of privacy budgets before and after discretization is deduced, and the discretization noise adding mechanism is ensured to still ensure the differential privacy characteristics;
in step 3, the user true position is x1Generating the disturbance position by the following two steps
Step 1) in the presence of x1In a spherical coordinate system as a center, a disturbance position is generated by utilizing a three-variable Laplace plus noise mechanism
The discretized privacy budget Epsilon' is composed of the privacy budget Epsilon and a cubic gridAnd the accuracy of the device, while the degraded privacy budget is compensated by adding extra noise;
and 4, step 4: designing a noise adding mechanism after cutting to ensure geographical indistinguishability in a three-dimensional space; the above mechanism cannot satisfy differential privacy in any three-dimensional space.
In step 4, the mechanism cannot meet the difference privacy in any three-dimensional space; the specific reasons are as follows:
1) the discretization noise adding mechanism can ensure the differential privacy only in a limited range;
2) the user access space is limited in an actual scene; in order to ensure the indistinguishable geography after dispersion and limit the position in a limited area, an unreasonable position is mapped into a limited range by a truncation method, and the indistinguishable attribute of the geography position in a three-dimensional space is ensured.
In step 3, the three-variable laplacian noise mechanism in the three-dimensional space simultaneously perturbs X, Y and the Z coordinate of the position to ensure geographical indistinguishability in the three-dimensional space.
In step 3, the noise is dispersed in a spherical coordinate system of the three-dimensional space, and the disturbance position is generated while the geographic indistinguishable parameters are kept unchanged.
In step 4, in order to ensure the geographical indistinguishability after the dispersion and to limit the position within a limited area, an unreasonable position is mapped into a limited range by using a truncation method, and the attributes of the geographical position indistinguishability are ensured to be unchanged. Based on the equipment precision, the limited space range and the discretization unit, the mathematical quantization relation of the privacy budgets before and after discretization and truncation is analyzed, and extra noise is added to compensate privacy budget degradation caused by discretization, so that a noise adding mechanism after discretization and truncation still strictly ensures geographical indistinguishability in a three-dimensional space.
The method has the advantages that by means of the scheme, aiming at the problem that the position privacy is leaked due to the fact that an untrusted server or an attacker eavesdrops in the process of large indoor three-dimensional space position service, strict measurement is carried out on the position privacy based on the geographical position indistinguishability in the three-dimensional space of the differential privacy, and the X, Y and Z coordinates of the position are simultaneously disturbed by the aid of the three-dimensional Laplace noise mechanism, so that the attacker cannot acquire accurate position information of a user. In addition, due to the limited precision of hardware equipment in practical application, the mobile equipment cannot generate any false position based on a continuous noise adding function; moreover, in practical scenarios, the user has limited access space. Therefore, the disturbance position is determined by using a discretization and truncation method, the mathematical quantization relation of the privacy budgets before and after discretization and truncation is analyzed, and the privacy budget degradation caused by discretization is compensated by adding extra noise, so that the noise adding mechanism after discretization and truncation still strictly ensures the differential privacy.
The problem of position privacy disclosure caused by an untrusted server or an eavesdropper in the position service process of a large indoor three-dimensional space is solved, and the purpose of position privacy protection in the position service scene of the large indoor three-dimensional space is achieved.
A geographical indistinguishable mechanism in three-dimensional space, namely that for any position in a given spherical region with radius R, the distribution of the inference result of the true position of the user is similar no matter how much prior knowledge the attacker knows; this means that although an attacker can determine that the user is within the spherical area of radius R, it cannot determine the exact location of the user, and for an attacker who already knows the area where the user is, no more information can be inferred from the location of the user's perturbations, no matter how a priori it has.
Ensuring that for any two geographically close locations in three-dimensional space, i.e. ε d3(x1,x2) Can be seen as a geographic indistinguishable metric: x is the number of1And x2The closer the distance is, the more the disturbance position distributionAndthe more similar.
Perturbing the X, Y and Z coordinates of the position in the three-dimensional space simultaneously, providing a three-dimensional Laplace noise mechanism to realize geographical indistinguishability in the three-dimensional space in a continuous space, sending a randomly generated perturbed position X' to a server of position service according to a noise distribution function, and when the true position is X1And x2,At most, the probability difference of any position in the transfer area is
Considering the limited accuracy of hardware devices in practice, the limited accuracy makes the mobile device unable to generate arbitrary false locations based on a continuous noise adding function.
The discretization noise adding mechanism can still ensure the geographic indistinguishability in the three-dimensional space, but can cause the degradation of privacy budget; the discretized privacy budget Epsilon' is composed of the privacy budget Epsilon and a cubic gridAnd the accuracy of the device, while the degraded privacy budget is compensated by adding extra noise.
Since most of the location privacy protection schemes focus on location privacy protection in a two-dimensional space, when the location data of a user contains high information, the mechanisms cannot cope with the location inference attack performed by an untrusted location server or an eavesdropping attacker by using existing background knowledge, and the encrypted location privacy protection mechanisms completely hide the location information of the user, so that the mechanisms are not suitable for location service application scenarios. In addition, some location privacy protection mechanisms, such as K-anonymity, need to rely on trusted third parties, and once a server is down or attacked, there is a threat of revealing user privacy. Therefore, the method adopts the indistinguishable geographic position, determines the disturbance position based on the three-dimensional Laplace noise mechanism, simultaneously considers the position disturbance scheme of the limited equipment precision and the limited user access space in the actual scene and designs the discretization and truncation, so that an attacker cannot acquire the accurate position information of the user, the position inference attack in the three-dimensional space position service environment is resisted, and the position data privacy safety performance in the position service system is improved.
The advantages are that: according to the method, the position height information is taken into consideration, a strict and provable measurement mode for protecting the position privacy of the three-dimensional space is provided, a three-dimensional Laplace noise mechanism is designed, and the position data privacy safety under the position service scene in the large-scale indoor three-dimensional space and the like is protected.
Drawings
FIG. 1 is a scene diagram of a three-dimensional spatial location service system of a large hospital and the like according to the present invention;
FIG. 2 is a flow chart of a location privacy protection method based on a three-dimensional geographic non-partitionable mechanism employed in the present invention;
Detailed Description
A position privacy protection method in a three-dimensional space aims at position privacy leakage caused by an untrusted server or an eavesdropper in the three-dimensional space position service process, geographical position indistinguishability is adopted, X, Y and Z coordinates of a position are simultaneously disturbed based on a three-dimensional Laplace noise mechanism, the disturbed position is determined by a discretization and truncation method, the mathematical quantization relation of privacy budgets before and after discretization and truncation is analyzed, and budget privacy degradation caused by discretization is compensated by adding extra noise; the method and the device can deal with the leakage of the position privacy of the three-dimensional space position service environment, and improve the safety performance of the position data privacy of the position service system under the attack of position deduction.
The method comprises the following specific steps:
step 1: defining a geographically indistinguishable mechanism in three-dimensional space; a strict and provable measurement method for position privacy in a three-dimensional space based on differential privacy, namely three-dimensional geographic indistinguishability, is provided, and is defined as follows:
wherein epsilon is privacy budget and perturbation mechanismAll in three-dimensional spaceSatisfies epsilon-geographic indistinguishability, whereinIs a possible set of real positions of the mobile terminal,to perturb the possible set of locations, x1As user position, x' as disturbance position, d3(x1,x2) Is given by x1The radius of the central spherical region;
in step 1, the three-dimensional geographic indistinguishability ensures that for any two geographically close locations in three-dimensional space, the probability distributions of the disturbance locations are similar, as measured by the privacy budget ε and the user location x1A radius of d as a center3(x1,x2) Determines the true position in spaceIs protected.
Step 2: simultaneously disturbing the X, Y and Z coordinates of the position in the three-dimensional space;
in the step 2, the concrete steps are as follows:
step 1), introducing a noise generation mechanism as a probability density function
Where ε is the privacy budget, x1True user position, x' disturbance position, d3(x1,x2) Is given by x1Radius of the spherical area as the center, A is a normalization coefficient;
step 2), replacing a Cartesian coordinate system with a spherical coordinate system to determine a disturbance position; the user real position is x1With perturbation position x', expressed as (r, θ, ψ), where ε is the privacy budget and r denotes x1And x', theta is the polar angle, psi is the azimuth angle, and the probability density function in the spherical coordinate system is:
defining three variables as radiiPolar angle θ, azimuth Ψ, and the edge distribution of the three variables:
step 3), sending the randomly generated disturbance position x' to an LBS server according to a noise distribution function;
in the step 2), the method for obtaining the disturbance position x' includes:
step (1), selecting a random vector U (theta, psi) in a unit sphere;
in the step (2) and the formula (3)Namely a probability density function of gamma distribution gamma (3, 1/epsilon), a radius r is determined according to the gamma distribution gamma (3, 1/epsilon), and the disturbance position x' follows the distribution x1+Ur。
And step 3: cubic grid for approximating noise generated by Laplace mechanism under three-dimensional coordinatesIn the method, a discretization noise adding mechanism is designed, the relation of privacy budgets before and after discretization is deduced, and the discretization noise adding mechanism is ensured to still ensure the differential privacy characteristics;
in step 3, the user true position is x1Generating the disturbance position by the following two steps
Step 1) in the presence of x1In a spherical coordinate system as a center, a disturbance position is generated by utilizing a three-variable Laplace plus noise mechanism
The discretized privacy budget Epsilon' is composed of the privacy budget Epsilon and a cubic gridStep size and accuracy of the equipment, and backThe normalized privacy budget is compensated by adding extra noise;
and 4, step 4: designing a noise adding mechanism after cutting to ensure geographical indistinguishability in a three-dimensional space; the above mechanism cannot satisfy differential privacy in any three-dimensional space.
In step 4, the mechanism cannot meet the difference privacy in any three-dimensional space; the specific reasons are as follows:
1) the discretization noise adding mechanism can ensure the differential privacy only in a limited range;
2) the user access space is limited in an actual scene; in order to ensure the indistinguishable geography after dispersion and limit the position in a limited area, an unreasonable position is mapped into a limited range by a truncation method, and the indistinguishable attribute of the geography position in a three-dimensional space is ensured.
In step 3, the three-variable laplacian noise mechanism in the three-dimensional space simultaneously perturbs X, Y and the Z coordinate of the position to ensure geographical indistinguishability in the three-dimensional space.
In step 3, the noise is dispersed in a spherical coordinate system of the three-dimensional space, and the disturbance position is generated while the geographic indistinguishable parameters are kept unchanged.
In step 4, in order to ensure the geographical indistinguishability after the dispersion and to limit the position within a limited area, an unreasonable position is mapped into a limited range by using a truncation method, and the attributes of the geographical position indistinguishability are ensured to be unchanged. Based on the equipment precision, the limited space range and the discretization unit, the mathematical quantization relation of the privacy budgets before and after discretization and truncation is analyzed, and extra noise is added to compensate privacy budget degradation caused by discretization, so that a noise adding mechanism after discretization and truncation still strictly ensures geographical indistinguishability in a three-dimensional space.
The technical solution of the present invention is further described below with reference to examples, but the scope of the claims is not limited thereto.
Example 1: a technical method for protecting position privacy in a three-dimensional space under a large indoor position service scene comprises the following specific implementation steps:
step 1: setting upAnd in a three-dimensional space environment, a position disturbance mechanism of three dimensions is considered at the same time, and a three-dimensional Laplacian noise mechanism is designed. As shown in FIG. 1, a three-dimensional spatial location service system scene diagram of a large hospital is assumed, the hospital is in a cubic map with a length and width of 600 meters and a height of 60 meters, the map is divided into cubic grids of 30 × 30 × 20, 18000 cubic grids with a length and width of 20 meters and a height of 3 meters are provided, different grids represent different location areas, and the area number is { c1,c2,c3,...}. When a user moves in a hospital, the user sends the current position of the user to a position server to request position service, and at the moment, an untrusted position server or an eavesdropping attacker can utilize the existing background knowledge to deduce and attack the position privacy of the user, and send junk mails or perform fraud and the like to the user. At the moment, by adopting the indistinguishability of the geographic position in the three-dimensional space, the user publishes a disturbed position to the position server, so that an attacker is prevented from stealing the position privacy of the user in a hospital, and the safety performance of the position data privacy of the position service system under the position inference attack is improved.
The position privacy protection method under the large indoor position service scene is mainly divided into four processes of defining a geographical indistinguishable mechanism in a three-dimensional space, generating a disturbed position based on the geographical indistinguishable mechanism in the three-dimensional space, designing a discretization noise mechanism and ensuring the geographical indistinguishable attributes of the three-dimensional space by utilizing a truncation method.
Step 2: defining a geographic indistinguishable mechanism in a three-dimensional space, and providing a strict and provable three-dimensional space position privacy measurement method based on differential privacy, wherein the geographic indistinguishable mechanism in the three-dimensional space is defined as follows:
in which the disturbance mechanismAll in three-dimensional spaceSatisfies epsilon-geographic indistinguishability, whereinIs a possible set of real positions of the mobile terminal,is a possible set of perturbation positions. This definition ensures that for any two geographically close locations in three-dimensional space, the probability distributions of their perturbed locations are similar, as measured by the privacy budget ε and by the user location x1A radius of d as a center3(x1,x2) Is determined by the spherical area of (a). I.e.. epsilon.d3(x1,x2) Can be seen as a geographic indistinguishable metric: x is the number of1And x2The closer the distance is, the more the disturbance position distributionAndthe more similar. Since all positions in the spherical space will generate an approximate distribution of the perturbed positions, the true position in the space is protected.
And step 3: a disturbance location is generated in three-dimensional space based on a three-dimensional geographically indistinguishable mechanism. In order to make the operation more convenient and efficient, the invention replaces a Cartesian coordinate system with a spherical coordinate system. The user real position is x1The perturbation position is x', which can be expressed as (r, theta, psi), where r represents x1And x', theta is a polar angle, psi is an azimuth angle, and the substitution formula is known for two:defining three variables, respectively radiiPolar angle θ, azimuth Ψ, and its edge distribution function:
finally, the perturbation position x' is obtained according to the following two steps: (1) selecting a random vector U (theta, psi) in a unit sphere (2), selecting a radius r according to gamma distribution gamma (3, 1/epsilon), and enabling a disturbance position x' to be subjected to distribution x1+Ur。
And 4, step 4: discretized laplacian mechanism. At the actual position x of the user1Generating the disturbance position by the following two steps For cubic grids, supposeHas a length of u, a width of v, a height of h, and u > v > h:
1) at x1Generating a disturbance position in a spherical coordinate system by using the Laplace mechanism of the 3 variables in the step 3
let the values dr, d θ,respectively, represent the values of r, theta,precision of the apparatus in three directions, B denotes the accuracy in step 1)The resulting set of discrete points. Each point beingIs formed from r, r + dr, theta + d theta,the probability of connected regions. Generated in step 1)Has a probability of NB(x')=N(x')∩B。
N (x') and cubeIs related to the step size of NB(x') is composed of cubesThe step size of (a) and the accuracy of the device affect together. The discretized privacy budget epsilon' is compared to the previous privacy budget epsilon,length u, width v, height h of the device are related to the accuracy of the device. Since the discretization reduces the privacy budget ε ', the noise that needs to be added is quantified according to the difference between ε' and ε, and the additional noise added compensates for the discretizationThe privacy budget of (1) is degraded, thereby ensuring that the discretized noise mechanism still guarantees the geographical non-partitionable characteristic in the three-dimensional space.
And 5: the geographical indistinguishability of the discrete laplace mechanism is ensured by means of truncation. Let alpha represent a finite area with a diameter Dα. Order toIs a noise adding mechanism after truncation. Is provided with The phase mechanism is similar to the discrete Laplace mechanism, except that the perturbation positions are remappedI.e. a location outside the space alpha is mapped to a point in space. The method also ensures that the truncated Laplace plus noise mechanism still meets the geographical indistinguishability in the three-dimensional space.
Claims (7)
1. A position privacy protection method under a large indoor position service scene is characterized by comprising the following steps: a position privacy protection method in a three-dimensional space aims at position privacy leakage caused by an untrusted server or an eavesdropper in the three-dimensional space position service process, geographical position indistinguishability is adopted, X, Y and Z coordinates of a position are simultaneously disturbed based on a three-dimensional Laplace noise mechanism, the disturbed position is determined by a discretization and truncation method, the mathematical quantization relation of privacy budgets before and after discretization and truncation is analyzed, and budget degradation caused by discretization is compensated by adding extra noise; the position privacy of the three-dimensional space position service environment is revealed, and the position data privacy security performance of the position service system under the position inference attack is improved;
step 1: defining a geographically indistinguishable mechanism in three-dimensional space; a strict and provable measurement method for position privacy in a three-dimensional space based on differential privacy, namely three-dimensional geographic indistinguishability, is provided, and is defined as follows:
wherein epsilon is privacy budget and perturbation mechanismSo that all real positions x in the three-dimensional space1,Location of disturbanceSatisfies epsilon-geographic indistinguishability, whereinIs a possible set of real positions of the mobile terminal,to perturb the possible set of locations, x1For the user's true position, x' is the disturbance position, d3(x1,x2) Is given by x1The radius of the central spherical region;
step 2: simultaneously disturbing the X, Y and Z coordinates of the position in the three-dimensional space;
and step 3: cubic grid for approximating noise generated by Laplace mechanism under three-dimensional coordinatesIn the method, a discretization noise adding mechanism is designed, the relation of privacy budgets before and after discretization is deduced, and the discretization noise adding mechanism is ensured to still ensure the differential privacy characteristics;
and 4, step 4: designing a noise adding mechanism after cutting to ensure geographical indistinguishability in a three-dimensional space; the above mechanism cannot satisfy differential privacy in any three-dimensional space;
in the step 2, the concrete steps are as follows:
step 1), introducing a noise generation mechanism as a probability density function
Where ε is the privacy budget, x1True user position, x' disturbance position, d3(x1X') is x1Radius of the spherical area as the center, A is a normalization coefficient; the formula is represented by x1A three-variable laplace function centered;
step 2), replacing a Cartesian coordinate system with a spherical coordinate system to determine a disturbance position; the user real position is x1The disturbance position is x' and is expressed asWhere ε is the privacy budget and r represents x1And x', theta is the polar angle,is the azimuth, in a spherical coordinate system, at a true position x1The probability density function of the centered three-variable laplace is:
defining three random variables as radiiThe polar angle Θ, the azimuth angle Φ, and the edge distribution of three random variables are:
step 3), sending the disturbance position x' to an LBS server according to the noise distribution function, wherein the LBS in the LBS server is Location Based Services, namely the position-Based service;
in step 3, the user true position is x1The perturbation position x' is generated by the following two steps:
step 1) in the presence of x1In a spherical coordinate system as a center, a disturbance position is generated by utilizing a three-variable Laplace plus noise mechanism
2. The method as claimed in claim 1, wherein the method for protecting location privacy in a large indoor location service scenario comprises: in step 1, the three-dimensional geographic indistinguishability ensures that for any two geographically close locations in three-dimensional space, the probability distributions of the disturbance locations are similar, as measured by the privacy budget ε and the user location x1A radius of d as a center3(x1,x2) The true position in space is protected.
3. The method as claimed in claim 1, wherein the method for protecting location privacy in a large indoor location service scenario comprises: in the step 2), which is a specific step, the method for obtaining the disturbance position x' includes:
4. The method as claimed in claim 1, wherein the method for protecting location privacy in a large indoor location service scenario comprises: in step 4, the mechanism cannot meet the difference privacy in any three-dimensional space; the specific reasons are as follows:
1) the discretization noise adding mechanism can ensure the differential privacy only in a limited range;
2) the user access space is limited in an actual scene; in order to ensure the indistinguishable geography after dispersion and limit the position in a limited area, an unreasonable position is mapped into a limited range by a truncation method, and the indistinguishable attribute of the geography position in a three-dimensional space is ensured.
5. The method as claimed in claim 1, wherein the method for protecting location privacy in a large indoor location service scenario comprises: in step 3, the three-variable laplacian noise mechanism in the three-dimensional space simultaneously perturbs X, Y and the Z coordinate of the position to ensure geographical indistinguishability in the three-dimensional space.
6. The method as claimed in claim 1, wherein the method for protecting location privacy in a large indoor location service scenario comprises: in step 3, the noise is dispersed in a spherical coordinate system of the three-dimensional space, and the disturbance position is generated while the geographic indistinguishable parameters are kept unchanged.
7. The method as claimed in claim 1, wherein the method for protecting location privacy in a large indoor location service scenario comprises: in step 4, in order to ensure the geographical indistinguishability after the dispersion and to limit the position in a limited area, an unreasonable position is mapped into a limited range by using a truncation method, and the indistinguishable attribute of the geographical position is ensured to be unchanged; based on the equipment precision, the limited space range and the discretization unit, the mathematical quantization relation of the privacy budgets before and after discretization and truncation is analyzed, and extra noise is added to compensate privacy budget degradation caused by discretization, so that a noise adding mechanism after discretization and truncation still strictly ensures geographical indistinguishability in a three-dimensional space.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110883750.8A CN113573234B (en) | 2021-08-03 | 2021-08-03 | Position privacy protection method in large indoor position service scene |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110883750.8A CN113573234B (en) | 2021-08-03 | 2021-08-03 | Position privacy protection method in large indoor position service scene |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113573234A CN113573234A (en) | 2021-10-29 |
CN113573234B true CN113573234B (en) | 2022-04-12 |
Family
ID=78170083
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110883750.8A Active CN113573234B (en) | 2021-08-03 | 2021-08-03 | Position privacy protection method in large indoor position service scene |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113573234B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114117536B (en) * | 2021-12-07 | 2022-07-01 | 中国矿业大学 | Location privacy protection method in three-dimensional space LBS (location based service) based on deep reinforcement learning |
CN114969824B (en) * | 2022-06-15 | 2023-03-07 | 中国矿业大学 | Personalized three-dimensional space position privacy protection method based on differential disturbance |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108563962A (en) * | 2018-05-03 | 2018-09-21 | 桂林电子科技大学 | A kind of difference method for secret protection based on spatial position service |
CN108595976A (en) * | 2018-03-27 | 2018-09-28 | 西安电子科技大学 | Android terminal sensor information guard method based on difference privacy |
CN108734022A (en) * | 2018-04-03 | 2018-11-02 | 安徽师范大学 | The secret protection track data dissemination method divided based on three-dimensional grid |
CN109444815A (en) * | 2018-10-12 | 2019-03-08 | 桂林电子科技大学 | Method for protecting track privacy and system based on the positioning of indoor sound |
CN110602631A (en) * | 2019-06-11 | 2019-12-20 | 东华大学 | Processing method and processing device for location data for resisting conjecture attack in LBS |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10904720B2 (en) * | 2018-04-27 | 2021-01-26 | safeXai, Inc. | Deriving signal location information and removing private information from it |
-
2021
- 2021-08-03 CN CN202110883750.8A patent/CN113573234B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108595976A (en) * | 2018-03-27 | 2018-09-28 | 西安电子科技大学 | Android terminal sensor information guard method based on difference privacy |
CN108734022A (en) * | 2018-04-03 | 2018-11-02 | 安徽师范大学 | The secret protection track data dissemination method divided based on three-dimensional grid |
CN108563962A (en) * | 2018-05-03 | 2018-09-21 | 桂林电子科技大学 | A kind of difference method for secret protection based on spatial position service |
CN109444815A (en) * | 2018-10-12 | 2019-03-08 | 桂林电子科技大学 | Method for protecting track privacy and system based on the positioning of indoor sound |
CN110602631A (en) * | 2019-06-11 | 2019-12-20 | 东华大学 | Processing method and processing device for location data for resisting conjecture attack in LBS |
Non-Patent Citations (2)
Title |
---|
"5G System (5GS) Location Services (LCS)";3GPP;《3GPP TS 23.273 V17.01.0》;20210608;全文 * |
基于多边形构建的差分隐私位置保护方法;张开宇;《信息与电脑(理论版)》;20200225(第04期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113573234A (en) | 2021-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113573234B (en) | Position privacy protection method in large indoor position service scene | |
CN108600304B (en) | Personalized position privacy protection method based on position k-anonymity | |
Alanwar et al. | PrOLoc: Resilient localization with private observers using partial homomorphic encryption | |
Peng et al. | Multidimensional privacy preservation in location-based services | |
Ngo et al. | Location privacy via differential private perturbation of cloaking area | |
Wang et al. | A differentially k-anonymity-based location privacy-preserving for mobile crowdsourcing systems | |
CN107770722B (en) | Privacy protection method of position service of double invisible areas based on side information constraint | |
Liu et al. | Accurate range query with privacy preservation for outsourced location-based service in IOT | |
CN114117536B (en) | Location privacy protection method in three-dimensional space LBS (location based service) based on deep reinforcement learning | |
Kachore et al. | Location obfuscation for location data privacy | |
Min et al. | 3D geo-indistinguishability for indoor location-based services | |
Wu et al. | A grid-based secure product data exchange for cloud-based collaborative design | |
CN117220865A (en) | Longitude and latitude encryption method, longitude and latitude verification device and readable storage medium | |
Li et al. | Location privacy protection scheme for LBS in IoT | |
CN114969824B (en) | Personalized three-dimensional space position privacy protection method based on differential disturbance | |
CN106713245A (en) | Safety transmission method for geographic data | |
Yin et al. | Location privacy protection based on improved-value method in augmented reality on mobile devices | |
Zhu et al. | Blockchain‐Enabled Privacy‐Preserving Location Sharing Scheme for LBSNs | |
Ling et al. | Decentralized location privacy protection method of offset grid | |
Zhang et al. | Mobile crowdsensing task allocation optimization with differentially private location privacy | |
Parmar et al. | Privacy‐preserving enhanced dummy‐generation technique for location‐based services | |
Yang et al. | Location privacy protection scheme based on location services | |
Zhang et al. | A privacy-preserving proximity testing using private set intersection for vehicular ad-hoc networks | |
CN109862507B (en) | Large-range vehicle density detection method and system | |
Merdassi et al. | Surveying and analyzing security issues in mobile cloud computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |