CN115200603B - Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage - Google Patents

Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage Download PDF

Info

Publication number
CN115200603B
CN115200603B CN202211106644.XA CN202211106644A CN115200603B CN 115200603 B CN115200603 B CN 115200603B CN 202211106644 A CN202211106644 A CN 202211106644A CN 115200603 B CN115200603 B CN 115200603B
Authority
CN
China
Prior art keywords
anonymous
route
service provider
camouflage
lbs
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211106644.XA
Other languages
Chinese (zh)
Other versions
CN115200603A (en
Inventor
王轩
金磊
蒋琳
刘洋
漆舒汉
姚霖
罗文坚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Graduate School Harbin Institute of Technology
Original Assignee
Shenzhen Graduate School Harbin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Graduate School Harbin Institute of Technology filed Critical Shenzhen Graduate School Harbin Institute of Technology
Priority to CN202211106644.XA priority Critical patent/CN115200603B/en
Publication of CN115200603A publication Critical patent/CN115200603A/en
Application granted granted Critical
Publication of CN115200603B publication Critical patent/CN115200603B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01CMEASURING DISTANCES, LEVELS OR BEARINGS; SURVEYING; NAVIGATION; GYROSCOPIC INSTRUMENTS; PHOTOGRAMMETRY OR VIDEOGRAMMETRY
    • G01C21/00Navigation; Navigational instruments not provided for in groups G01C1/00 - G01C19/00
    • G01C21/26Navigation; Navigational instruments not provided for in groups G01C1/00 - G01C19/00 specially adapted for navigation in a road network
    • G01C21/34Route searching; Route guidance
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01CMEASURING DISTANCES, LEVELS OR BEARINGS; SURVEYING; NAVIGATION; GYROSCOPIC INSTRUMENTS; PHOTOGRAMMETRY OR VIDEOGRAMMETRY
    • G01C21/00Navigation; Navigational instruments not provided for in groups G01C1/00 - G01C19/00
    • G01C21/26Navigation; Navigational instruments not provided for in groups G01C1/00 - G01C19/00 specially adapted for navigation in a road network
    • G01C21/34Route searching; Route guidance
    • G01C21/3453Special cost functions, i.e. other than distance or default speed limit of road segments
    • G01C21/3492Special cost functions, i.e. other than distance or default speed limit of road segments employing speed data or traffic data, e.g. real-time or historical
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Abstract

The invention discloses a navigation service privacy protection method and a device based on homomorphic encryption and anonymous camouflage, wherein the method comprises the following steps: the LBS service provider initializes a homomorphic encryption scheme; the users respectively generate anonymous disguise areas by using an anonymous disguise algorithm; the user randomly selects a departure place pseudo-assembly point and a destination pseudo-assembly point which are close to a departure point and meet the camouflage distance L according to the road network information of the anonymous camouflage area, and synchronously plans a route from the real departure place to the camouflage departure place; the cloud service provider plans a group of candidate routes and requests the LBS service provider for real-time road condition information; the cloud service provider further calculates the cost of the candidate route group, and transmits a ciphertext comparison result to the LBS service provider by using comparison operation of full homomorphic encryption; and selecting an optimal route from the candidate route group, and locally connecting the optimal route with the route in the disguised area to generate a final travel route. The invention adopts the fully homomorphic encryption and the anonymous camouflage technology to realize the high-quality navigation service privacy protection.

Description

Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage
Technical Field
The invention belongs to the technical field of navigation services, and particularly relates to a navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage.
Background
In order to achieve privacy protection for navigation services, the predecessors have proposed many solutions that are robust to privacy inference of origin, destination, and navigation routes. These schemes achieve the required robustness by employing existing techniques (such as data encryption) or taking advantage of the specific structure of the routing problem. The following privacy protection schemes are common in the navigation service in the prior art:
(1) Private information search (PIR): the PIR ensures that a query user submits a query request to a database on the server and completes the query under the condition that the private information queried by the user is not leaked, namely the server does not know the specific query information of the user and the retrieved data items in the process. By using the technology, a structure diagram of a road network is required on a client of a user, and a navigation route is generated on a local client through the PIR access path weight. However, this approach requires sufficient cooperation of the service provider to support the protocol. The navigation service privacy scheme based on the privacy information retrieval mainly has the following two disadvantages: 1. the private information retrieval technology consumes a lot of time, and LBS (Location-Based Service) Service providers need to spend a lot of energy to maintain the database along with updating of road conditions; 2. the scheme requires the high cooperation of the LBS service provider to construct a universal privacy protection query framework, and the cooperation degree of the LBS service provider is higher; 3. according to the scheme, a user needs to do path planning calculation at a local client, and large map frame data needs to be borne.
(2) The distributed scheme comprises the following steps: the scheme is based on the idea of carrying out segmentation request on a complete route, a whole route is segmented, the starting place and the destination of different segments are respectively delivered to different LBS service providers for request, finally, the request results are respectively returned to a user, and the user aggregates all routes to generate a final navigation route. The distributed navigation service privacy protection mainly has the following two disadvantages: 1. a plurality of independent LBS service providers which are not colluded mutually are required to perform distributed calculation on the multi-section route request, and the conditions are severe; 2. each LBS server only processes the request obtained by the LBS server, each segment is only a local optimal route, and the route obtained after the local aggregation of the user is not a global optimal route, so that part of service quality is sacrificed.
Disclosure of Invention
The invention mainly aims to overcome the defects of the prior art and provide a navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage, so that the real-time road condition data of an LBS service provider can be utilized to improve the service quality and generate a safe and high-quality navigation route for a user while the privacy protection of the navigation service is realized.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, the invention provides a navigation service privacy protection method based on homomorphic encryption and anonymous camouflage, which comprises the following steps:
initializing a homomorphic encryption scheme by an LBS server, generating a public key pk, a private key sk and an evaluation key evk, and then sending an initialization parameter params, the public key pk and the evaluation key evk to the cloud server for initialization;
the method comprises the steps that users respectively generate anonymous disguised regions by using an anonymous disguising algorithm, the anonymous disguised regions are requested from a cloud service provider, and the cloud service provider transmits road network information of the anonymous disguised regions to the users after receiving the anonymous disguising region requests; the anonymous disguised area comprises a departure place anonymous disguised area and a destination anonymous disguised area; the anonymous camouflage algorithm is modified based on a K-anonymous algorithm, and K online users meeting the precondition of the K-anonymous algorithm are changed into K coordinates generated randomly;
the user randomly selects a starting place pseudo-assembly point and a destination pseudo-assembly point which are close to a starting point and meet the pseudo-assembly distance L according to the road network information of the anonymous pseudo-assembly area, and sends the starting place pseudo-assembly point and the destination pseudo-assembly point to a cloud service provider; synchronously planning a route from a real departure place to a camouflage departure place according to the road network information of the anonymous camouflage area;
after receiving the pseudo-erection point of the departure place and the pseudo-erection point of the destination, the cloud service provider plans a group of candidate routesw 1 ,…,w n Therein ofw 1 ,…,w n Respectively representing a candidate route, simultaneously requesting real-time road condition information of the candidate route related to a road network region R from an LBS service provider, encrypting the real-time road condition information of the road network region R by the LBS service provider by using a fully homomorphic public key, and transmitting the encrypted information to a cloud service provider;
the cloud service provider receives the encrypted real-time road condition information of the road network region R, further calculates the cost of the previous candidate route group according to the real-time road condition information to obtain the cost of the route after the ciphertext, compares each route by using comparison operation of the homomorphic encryption, and transmits the ciphertext comparison result to the LBS service provider;
the LBS facilitator receives the ciphertext comparison result, decrypts by using the private key sk, sorts the comparison result, obtains the sequence number of the optimal path, and transmits the sequence number to the user; the user receiving the serial number will check from the candidate route groupw 1 ,…,w n And connecting the selected optimal route in the local area with the route in the camouflage area to generate a final travel route.
As a preferred technical solution, the anonymous disguising algorithm specifically includes:
the user has a starting place longitude and latitude coordinate S and a destination longitude and latitude coordinate D, and sets a camouflage distance L and a camouflage level K;
the user generates K-1 random coordinates at radius L based on the camouflage distance L and the camouflage level K.
As a preferred technical scheme, the synchronously planning a route from a real departure place to a disguised departure place according to the road network information of the anonymous disguised area specifically comprises:
after the map is loaded locally, a conventional path planning algorithm in a user system is called to respectively generate two navigation routes from a real departure place to a disguised departure place and from a disguised destination to a real destination.
As a preferred technical solution, the candidate route is planned by the following method:
generating a route with the shortest distance according to the policy requirement of path planning, and generating a route with the shortest time according to the speed limit of a road, wherein the route is two basic routes;
adding a customized strategy, wherein the strategy comprises avoiding charging, minimizing cost, and not walking an expressway or an expressway, and further generating a plurality of customized routes;
on the premise that the user allows, the cloud service provider optimizes the route after the service is finished, and the specific flow is as follows:
when the user allows, collecting and storing all requested path planning { camouflage starting place S, camouflage destination D and initiation time T } triple sets;
at the same time T on the next day, the cloud service provider requests the LBS service provider to plan a path of the (disguised starting place S and disguised destination D) and generate a navigation route;
after receiving the route of the LBS service provider, comparing the route selected by the LBS service provider according to the strategy, finding out the difference, finding out the map node with the first bifurcation, and marking the map node as a relay point;
and when the next route in the range is related, adding the relay point into the path planning, and generating a plurality of groups of navigation routes passing through the relay point, wherein the navigation routes comprise a camouflage starting place, a relay point 1 and a camouflage destination, … and a camouflage starting point, a relay point n and a camouflage destination.
As a preferred technical solution, the LBS service provider encrypts and transmits the real-time traffic information of the road network region R to the cloud service provider by using a fully homomorphic public key, specifically:
the LBS facilitator receives a live map information request of a road network region R from the cloud facilitator, and the LBS facilitator corresponds to each edge in the map data structureedgeThe road condition weight is encrypted, other data structures of the whole map cannot be encrypted, and then the real-time road condition map data structure of the road network region R is transmitted to the cloud service provider and is analyzed and used by the cloud service provider.
As a preferred technical scheme, the method further calculates the cost of the previous candidate route group according to the real-time traffic information to obtain the route cost after the ciphertext, and specifically comprises the following steps:
after receiving the weight information from the LBS facilitator, the cloud facilitator makes the candidate route group generated by the cloud facilitatorw 1 ,…,w n Performing overhead calculation on each route, wherein the overhead calculation specifically comprises the following steps: each candidate route is composed of multiple edgesedgeAre connected together toiEdge of stripedge i The distance length is encrypted into ciphertext length information by using a public keyenc(edge i .len) Then, the edge in the map data from the LBS facilitator is acquirededge i Ciphertext weight information ofenc(edge i .weight) Will beenc(edge i .len) Andenc(edge i .weight) Performing ciphertext multiplication to obtain the edgeedge i The ciphertext multiplication results of each edge are accumulated to obtain the candidate route;
and after all the routes are calculated, the final overhead result of each route is obtained.
As a preferred technical scheme, the LBS service provider receives the ciphertext comparison result, decrypts by using the private key sk, and sorts the comparison result to obtain the sequence number of the best path, which specifically comprises:
according to different privacy requirements, when the privacy level is K, and the number N of the current candidate routes is greater than 2K, adopting 'elimination':
(1) Every two candidate routes in the candidate route groups adopt a ciphertext comparison algorithm to perform ciphertext comparison operation to obtain N/2 comparison result ciphertexts, and the comparison result ciphertexts are transmitted to an LBS service provider for decryption;
(2) The LBS service provider decrypts the data to obtain N/2 comparison result plaintexts, transmits the comparison result plaintexts to the cloud service provider, and eliminates the route with excessive cost;
(3) Making N = N/2, if N >2K, repeating the process of the steps (1) - (2), if N < =2K, executing the step (4);
(4) Comparing the cost of the candidate routes in the candidate route group with other candidate routes once in turn to obtain the cost of the candidate routes in the candidate route group
Figure 399731DEST_PATH_IMAGE001
Constructing a comparison result sequence of the overhead by using the comparison result ciphertext;
(5) LBS facilitator is decrypting
Figure 877723DEST_PATH_IMAGE001
After the comparison result sequence of the cost, the N candidate routes are sequenced according to the comparison result of the plaintext, and the serial number of the candidate route with the minimum cost is obtained.
In a second aspect, the invention also provides a navigation service privacy protection system based on homomorphic encryption and anonymous camouflage, which comprises a preprocessing module, a camouflage area generating module, a fake mounting point selecting module, a path planning module, a route expense calculating module and a path generating module;
the preprocessing module is used for initializing a homomorphic encryption scheme by an LBS facilitator, generating a public key pk, a private key sk and an evaluation key evk, and then sending an initialization parameter params, the public key pk and the evaluation key evk to the cloud facilitator for initialization;
the disguise region generating module is used for generating anonymous disguise regions by a user respectively by using an anonymous disguise algorithm, requesting the anonymous disguise regions from a cloud service provider, and transmitting road network information of the anonymous disguise regions to the user after the cloud service provider receives the request of the anonymous disguise regions; the anonymous disguised area comprises a departure place anonymous disguised area and a destination anonymous disguised area; the anonymous camouflage algorithm is reconstructed based on a K-anonymous algorithm, and K online users meeting the precondition of the K-anonymous algorithm are changed into K coordinates generated randomly;
the pseudo-mounting point selecting module is used for the user to randomly select a starting place pseudo-mounting point and a destination pseudo-mounting point which are close to the starting point and meet the pseudo-mounting distance L according to the road network information of the anonymous pseudo-mounting area, and the starting place pseudo-mounting point and the destination pseudo-mounting point are sent to a cloud service provider; synchronously planning a route from a real departure place to a disguised departure place according to the road network information of the anonymous disguised area;
the path planning module is used for planning a group of candidate routes for last department after the cloud service provider receives the origin pseudo-erection point and the destination pseudo-erection pointw 1 ,…,w n Therein ofw 1 ,…,w n Respectively representing a candidate route, simultaneously requesting real-time road condition information of the candidate route related to a road network region R from an LBS service provider, encrypting the real-time road condition information of the road network region R by the LBS service provider by using a fully homomorphic public key, and transmitting the encrypted information to a cloud service provider;
the route overhead calculation module is used for the cloud service provider to receive the encrypted real-time road condition information of the road network region R, further calculate the overhead of the previous candidate route group according to the real-time road condition information to obtain the route overhead after the ciphertext, compare each route with each other by using comparison operation of the homomorphic encryption, and transmit the ciphertext comparison result to the LBS service provider;
the path generation module is used for the LBS service provider to receive the ciphertext comparison result, decrypt the ciphertext comparison result by using a private key sk, sort the comparison result to obtain the sequence number of the optimal path, and transmit the sequence number to the user; the user receiving the serial number will check from the candidate route groupw 1 ,…,w n And connecting the selected optimal route with the route in the local camouflage area to generate a final travel route.
In a third aspect, the present invention also provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores computer program instructions executable by the at least one processor to cause the at least one processor to perform the method for navigation service privacy protection based on homomorphic encryption and anonymous masquerading.
In a fourth aspect, the present invention further provides a computer-readable storage medium, which stores a program, and when the program is executed by a processor, the navigation service privacy protection method based on homomorphic encryption and anonymous camouflage is implemented.
Compared with the prior art, the invention has the following advantages and beneficial effects:
LBS service providers need high adaptability in previous schemes, and now only need to encrypt own commercial data by using fully homomorphic encryption and decrypt ciphertext comparison results sent by cloud service providers, so that the LBS service providers can be improved more conveniently.
2. In the prior distributed technical scheme, the route returned to the user is a non-global optimal route (non-real-time road condition), and a group of candidate routes can be obtained based on the road network graph in the cloud service provider, wherein the group of candidate routes comprises the global optimal route under the non-real-time road condition, and the route scheme with low cost under the real-time road condition is obtained by utilizing the real-time road condition data for further optimization.
3. The safety is high. The method and the system have the advantages that collusion among LBS service providers needs to be resisted, even if the LBS service providers collude with a cloud computing platform, the disguised starting place brings great difficulty to derivation of the LBS service providers, and meanwhile, because the navigation service is extremely high in timeliness, even if the navigation service is exhausted, significance is lost due to overlong time calculation.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a flowchart of a navigation service privacy protection method based on homomorphic encryption and anonymous camouflage according to an embodiment of the present invention;
fig. 2 is a block diagram of a navigation service privacy protection system based on homomorphic encryption and anonymous camouflage according to an embodiment of the present invention.
Fig. 3 is a block diagram of an electronic device according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
Homomorphic encryption: the homomorphic encryption is an encryption algorithm, and after a ciphertext is allowed to perform algebraic operation in a specific form, a result ciphertext is decrypted, so that a result of performing the same operation on the plaintext can be obtained, and by virtue of the homomorphic encryption, the data can be operated while the privacy is protected and not leaked.
Anonymous camouflage: anonymous masquerading refers to anonymity of identity and masquerading of location to achieve the purpose of obfuscating the requester and the location.
Navigation service: the patent is particularly used for searching a series of effective paths for transferring an object from a starting point to a destination point, and the patent refers to the navigation problem of urban road network planning.
The navigation service privacy protection scheme is realized by applying a privacy protection technology to the navigation service, so that the efficiency, effect, safety and the like of path planning are closely related to the adopted privacy protection scheme. The privacy protection schemes of the common navigation service such as the privacy information retrieval and the distributed computation have defects in computation time overhead and generated navigation route quality, and the participation of the most important real-time road condition data in the navigation service is not described. Real-time road condition data of an LBS service provider is taken as important business data, and is encrypted when being calculated by a platform of a third party, so that the business data is prevented from being leaked, and the unique business position of the LBS service provider caused by the data service is lost. The invention hopes to realize the privacy protection of the navigation service, and simultaneously can utilize the real-time road condition data of the LBS service provider, improve the service quality and generate a safe and high-quality navigation route for the user.
The method introduces the third-party semi-honest cloud service, and the third-party semi-honest cloud service has city road network data including distance information between road network nodes. The method comprises the steps of carrying out full homomorphic encryption on road condition data of an LBS service provider and carrying out anonymous camouflage on a position request of a user, and then calculating an optimal route by utilizing a third-party semi-honest cloud service, so that travel privacy protection is provided for the user. The homomorphic encryption technology can perform specific arithmetic operation on the ciphertext under extremely high security, and is very suitable for encrypting the commercial road condition data of the LBS service provider.
The fully homomorphic encryption scheme used in the present invention is the CKKS scheme. The CKKS scheme is proposed by Cheon et al in 2017, supports encryption of floating point numbers and complex numbers, and is very suitable for operation scenes of road condition data. The CKKS homomorphic encryption scheme contains 8 major functions, the detailed definition of which is as follows:
1. KeyGen (λ): inputting security parameter lambda to generate cipher text modulusq L Then from λ andq L generating integers h, P and real numbersσ. Then h is taken as HanThe light weight is from { -1,0,1} N Selecting a vector as s fromR qL Is selected fromR P·qL Wherein a' is selected toσ 2 Generating two random numbers e and e' for the variance of the gaussian distribution; according to the parameters, generating a private key sk, a public key pk and an evaluation key evk:
Figure 454198DEST_PATH_IMAGE002
Figure 911724DEST_PATH_IMAGE003
Figure 522834DEST_PATH_IMAGE004
2. ecd (z, Δ): inputting a message vector
Figure 440237DEST_PATH_IMAGE005
And a scale factor delta, outputting a corresponding plaintext polynomialmR
3. Dcd (m, Δ): inputting a plaintext polynomialmRAnd a scale factor delta, output corresponding
Figure 300746DEST_PATH_IMAGE006
4. Enc (m, pk): inputting a plaintext polynomial m and a public key pk, firstly, from { -1,0,1} N In selecting a vectorvThen is made toσ 2 Generating two random numbers e for the variance of a Gaussian distribution 1 And e 2 And outputting a ciphertext:
Figure 827542DEST_PATH_IMAGE007
5. dec (c, sk): inputting cipher textc=(b,a) And a private key sk, outputting a plaintext m':
Figure 57273DEST_PATH_IMAGE008
6、Add(c 1 ,c 2 ): inputting two ciphertexts c 1 And c 2 Outputting the sum of the ciphertexts c add
Figure 378533DEST_PATH_IMAGE009
7、Mult(c 1 ,c 2 Evk): inputting two ciphertextsc 1 =(b 1 ,a 1 ) Andc 2 =(b 2 ,a 2 ) Let d =: (d 0 ,d 1 ,d 2 )=(b 1 b 2 ,a 1 b 2 +a 2 b 1 ,a 1 a 2 )modq l D represents the product of two ciphertexts, and outputs a re-linearized form of d:
Figure 726337DEST_PATH_IMAGE010
wherein
Figure 292710DEST_PATH_IMAGE011
The operator represents rounding to the nearest integer.
8、
Figure 143991DEST_PATH_IMAGE012
: inputting a ciphertext c, modulo its ciphertextq l Become into
Figure 901732DEST_PATH_IMAGE013
Typically used in the linearization step after ciphertext multiplication:
Figure 205674DEST_PATH_IMAGE014
in the invention, after a group of routes is calculated, the third party semi-honest cloud service performs aggregation operation with the fully homomorphic encrypted commercial road condition data to generate the route cost under the ciphertext of the group of routes. And then carrying out full homomorphic comparison operation on the different cipher text route overheads to select the optimal route. If the ciphertext is directly subtracted and the LBS service provider decrypts the ciphertext and determines the comparison result according to the difference, the LBS service provider may calculate the route by using the difference. Therefore, a fully homomorphic comparison operation must be implemented, and the comparison result in the final ciphertext is only 1 or 0 or-1, i.e., greater than, equal to or less than, so that the LBS service provider cannot deduce the route.
CKKS is fully homomorphic in supporting addition, multiplication operations in ciphertext, so it is better at polynomial computations than logical operations including comparisons. The weakness in this respect can be complemented by implementing a comparison operation by polynomial approximation. Since the sign function and the compare function are actually computationally equivalent, i.e.
Figure 41650DEST_PATH_IMAGE015
. The invention realizes comparison operation by using composite polynomial approximation of symbolic function, and finds out proper rational functionfTo, forfMultiple compounding of (i.e.
Figure 747438DEST_PATH_IMAGE016
And approaching the symbolic function, thereby realizing the high-efficiency fully homomorphic comparison operation of CKKS. To pairfThe following core properties can be obtained from the analysis of (2): 1.f(-x)=- f(x);2、 f(1)=1;3、
Figure 144921DEST_PATH_IMAGE017
(ii) a Solving results in the following function of f:
Figure 670580DEST_PATH_IMAGE018
the sign function can be approximated by a suitable complex calculation.
Anonymous disguise algorithm: in the actual navigation process, the departure place and the destination sent by the user are often not nodes in the road network diagram, but are positioned according to the longitude and latitude of the departure place and the destination. And the LBS facilitator finds the nearest node in the road network graph according to the received longitude and latitude, thereby planning the path between the two nodes. According to the characteristic, the invention provides an anonymous camouflage algorithm: the algorithm is modified based on a K-anonymous algorithm, and essentially changes K online users with the algorithm precondition satisfied into randomly generated K coordinates:
1. the user has a departure place longitude and latitude coordinate S and a destination longitude and latitude coordinate D, and sets a camouflage distance L and a camouflage grade K.
2. The user generates K random locations at radius L based on the camouflage distance L and the camouflage level K.
3. For example, for a starting place, the user obtains four longitude and latitude coordinates of the anonymous camouflage rectangular area by using a K-anonymity algorithm f (S, K, L).
It can be understood that the user sends a request to the third-party cloud service by using the four longitude and latitude coordinates, and acquires the road network information in the rectangular area formed by the four coordinates. And the user acquires the anonymous disguised area and randomly constructs a disguised node. The disguised area generated by the algorithm has extremely high difficulty for a service provider to reversely derive the original longitude and latitude positioning information of the user even if the algorithm is open, and the navigation service has strong timeliness
Based on the fully homomorphic encryption scheme and the logical operation supplement, and an anonymous disguise technology, the specific contents of the LBS facilitator, the cloud facilitator and the user are as follows:
LBS service providers: the LBS service provider in the system has huge real-time road condition data and is responsible for generating a fully homomorphic encrypted key, and the real-time road condition data of the LBS service provider is encrypted and delivered to the cloud service provider for operation. And in addition, the system is also responsible for transmitting the sequence of the optimal path selection to the user after decrypting the ciphertext comparison result.
The cloud service provider: the third-party semi-honest cloud computing service platform has basic information of a map road network, is responsible for preliminarily generating a group of candidate routes, and further calculates the accurate cost of each route through encrypted road condition information transmitted by an LBS service provider. And then, respectively comparing the route overhead under the ciphertext by using comparison operation of full homomorphic encryption, and delivering each group of comparison results to an LBS service provider for decryption. And transmitting the generated candidate route to the user.
The user: the user is responsible for disguising the place, the disguised place initiates a request to the cloud service provider, receives the candidate route group generated by the cloud service provider, immediately receives the optimal route serial number provided by the LBS service provider, and automatically selects the optimal route.
As shown in fig. 1, the navigation service privacy protection method based on homomorphic encryption and anonymous camouflage in the present embodiment includes the following specific steps:
s1, initializing a homomorphic encryption scheme by an LBS server, generating a public key pk, a private key sk and an evaluation key evk, and then sending an initialization parameter params, the public key pk and the evaluation key evk to the cloud server for initialization.
Further, the cloud service provider adopts a CKKS fully homomorphic encryption scheme to initialize the relevant encryption parameters, and the process is as follows:
KeyGen (λ): inputting a security parameter lambda to generate a cipher text modulusq L Then from λ andq L generating integers h, P and real numbersσ. Then using h as Hamming weight, from-1,0,1 } N Selecting a vector as s fromR qL Is selected fromR P·qL Wherein a' is selected toσ 2 Generating two random numbers e and e' for the variance of the gaussian distribution; according to the parameters, generating a private key sk, a public key pk and an evaluation key evk:
Figure 47597DEST_PATH_IMAGE002
Figure 342312DEST_PATH_IMAGE003
Figure 176276DEST_PATH_IMAGE004
and S2, the user respectively generates a departure place anonymous disguised area and a destination anonymous disguised area by using an anonymous disguise algorithm, and requests the areas from the cloud service provider.
Further, the anonymous disguising algorithm specifically comprises:
the user has a starting place longitude and latitude coordinate S and a destination longitude and latitude coordinate D, and sets a camouflage distance L and a camouflage level K;
the user generates K-1 random coordinates at radius L based on the camouflage distance L and the camouflage level K.
Furthermore, in the present embodiment, an algorithm for creating an anonymous space area based on the K-anonymity concept was issued in a paper published in 07 by Kalnis, and even if a creation method is issued, it is difficult for an acquirer of the anonymous space to calculate a coordinate position of a creator.
And S3, the cloud service receives the anonymous disguise region request and transmits the road network information of the region to the user.
And S4, the user randomly selects a departure place destination pseudo-installation point which is close to the departure point and meets the pseudo-distance l according to the road network information of the anonymous pseudo-area, and sends the departure place destination pseudo-installation point to a cloud service provider. And synchronously planning a route from a real departure place to a disguised departure place according to the road network information of the anonymous disguised area.
Further, the step of synchronously planning a route from a real departure place to a disguised departure place according to the road network information of the anonymous disguised area specifically includes:
because the generated anonymous disguise area is stored at the user side and the map range is small, after the map is loaded locally, a conventional path planning algorithm in a user system is called to respectively generate two navigation routes from a real departure place to a disguise departure place and from a disguise destination to a real destination.
S5, the cloud service provider receives the disguised departure place and destination, plans a group of candidate routes for the request, andw 1 ,…,w n }; simultaneous to LBS serviceThe business request candidate route relates to real-time traffic information of the road network region R.
Further, the candidate route is planned by:
firstly, generating a route with the shortest distance according to the policy requirement of path planning, and then generating a route with the shortest time according to the speed limit of a road, wherein the route is two basic routes;
secondly, adding a customized strategy, wherein the strategy comprises avoiding charging, minimizing cost, and not walking a highway or not walking a highway, and further generating a plurality of routes;
in addition, on the premise that the user allows, the cloud service provider optimizes the route after the service is finished, and the specific flow is as follows:
when the user allows, collecting and storing all requested path planning { disguised starting place S, disguised destination D and initiation time T } triple sets;
at the same time T on the next day, the cloud service provider requests the LBS service provider to plan a path of the (disguised starting place S and disguised destination D) and generate a navigation route;
after receiving the route of the LBS service provider, comparing the route selected by the LBS service provider according to the strategy, finding out the difference, finding out the map node with the first bifurcation, and marking the map node as a relay point;
and when the next route in the range is related, adding the relay point into a path plan, such as { pseudo departure point, relay point 1, pseudo destination }, …, { pseudo departure point, relay point n, pseudo destination }, and generating a plurality of groups of navigation routes passing through the relay point.
And S6, the LBS service provider encrypts the real-time road condition information of the region R by using the fully homomorphic public key and transmits the information to the cloud service provider.
Further, the LBS service provider encrypts and transmits the real-time traffic information of the road network region R to the cloud service provider by using the fully homomorphic public key, specifically:
the LBS facilitator receives a live map information request of a road network region R from the cloud facilitator, encrypts the road condition weight of each edge in the corresponding map data structure, does not encrypt other data structures of the whole map, transmits the real-time road condition map data structure of the road network region R to the cloud facilitator, and the real-time road condition map data structure of the road network region R is analyzed and used by the cloud facilitator.
And S7, the cloud service provider receives the encrypted real-time road condition information of the road network region R, further calculates the cost of the previous candidate route group according to the real-time road condition information to obtain the route cost after the ciphertext, compares each route by using comparison operation of the homomorphic encryption, and transmits the ciphertext comparison result to the LBS service provider.
Further, after receiving the weight information from the LBS facilitator, the cloud facilitator creates a candidate route groupw 1 ,…,w n Performing overhead calculation on each candidate route, wherein the overhead calculation method comprises the following steps: take-out route in sequencew i (A route is composed of multiple edgesedgeConnected together) in turniEdgeedge i The distance length is encrypted into ciphertext length information by using a public keyenc(edge i .len) Then, the edge in the map data structure from the LBS facilitator is obtainededge i Ciphertext weight information ofenc(edge i .weight) The two are used for ciphertext multiplicationenc(edge i .len)*enc(edge i .weight) To obtain the segmentedge i The overhead of (c); then each edge is putedgeThe ciphertext multiplication results are accumulated to obtain the routew i Overhead of
Figure 923652DEST_PATH_IMAGE019
After all routes are calculated, the final overhead result (ciphertext state) of each route can be obtained later.
And S8, the LBS service provider receives the ciphertext comparison result, decrypts by using a private key, sequences the comparison result, obtains the sequence number of the optimal path, and transmits the sequence number to the user.
And (3) ciphertext comparison algorithm:
Figure 602895DEST_PATH_IMAGE020
respectively represents less than, equal to, greater than. The comparison must be made a second time after decryption.
Further, the LBS service provider receives the ciphertext comparison result, decrypts by using the private key sk, and sorts the comparison result to obtain the sequence number of the optimal path, which specifically includes:
according to different privacy requirements, when the privacy level is K, and the number N of the current candidate route groups is greater than 2K, adopting 'elimination':
(1) Performing ciphertext comparison operation on the candidate routes in the candidate route group pairwise by adopting a ciphertext comparison algorithm to obtain N/2 comparison result ciphertexts, and sequencing the comparison results
Figure 250652DEST_PATH_IMAGE021
Transmitting to LBS service provider for decryption;
(2) The LBS service provider decrypts the data to obtain N/2 comparison result plaintexts, transmits the comparison result plaintexts to the cloud service provider, and eliminates the route with excessive cost;
(3) Let N = N/2, if N >2K, repeat the process of steps (1) - (2); if N < =2K, executing the step (4);
(4) Comparing the route cost in the route group once for each route to obtain
Figure 989938DEST_PATH_IMAGE001
A ciphertext of the comparison result, constructing a result sequence
Figure 755769DEST_PATH_IMAGE022
(5) LBS facilitator is decrypting
Figure 504282DEST_PATH_IMAGE001
After comparing the result sequences, sequencing the N routes according to the plaintext comparison result to obtain the serial number of the route with the minimum overhead.
S9, receiving serial number by user, ready to be processed from candidate route groupw 1 ,…,w n And connecting the selected optimal route with the route in the local camouflage area to generate a final travel route.
The invention supports the characteristics of ciphertext addition and ciphertext multiplication by means of a fully homomorphic encryption technology, realizes further improvement of the service quality of route planning after integrating the encrypted data of the LBS service provider, and can also ensure the confidentiality of the commercial data of the LBS service provider. In addition, the travel place of the user is guaranteed to be disguised by the anonymous disguising algorithm, the disguising effect on the third-party semi-honest cloud service provider is achieved, and the difficulty of the third-party semi-honest cloud service back tracking is increased. Meanwhile, the cloud service provider is only used as a computing intermediate platform and is responsible for completing computing tasks in the whole system.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present invention is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present invention.
Based on the same idea as the navigation service privacy protection method based on homomorphic encryption and anonymous pretending in the embodiment, the invention also provides a navigation service privacy protection system based on homomorphic encryption and anonymous pretending, and the system can be used for executing the navigation service privacy protection method based on homomorphic encryption and anonymous pretending. For convenience of explanation, the schematic structural diagram of the navigation service privacy protection system based on homomorphic encryption and anonymous pretending in the embodiment of the present invention only shows the parts related to the embodiment of the present invention, and those skilled in the art will understand that the illustrated structure does not constitute a limitation to the device, and may include more or less components than those illustrated, or combine some components, or arrange different components.
Referring to fig. 2, in another embodiment of the present application, a navigation service privacy protection system 100 based on homomorphic encryption and anonymous masquerading is provided, and the system includes a preprocessing module 101, a masquerading area generating module 102, a masquerading point selecting module 103, a path planning module 104, a route cost calculating module 105, and a path generating module 106;
the preprocessing module 101 is configured to initialize a homomorphic encryption scheme by an LBS provider, generate a public key pk, a private key sk, and an evaluation key evk, and send an initialization parameter params, the public key pk, and the evaluation key evk to the cloud provider for initialization;
the disguise region generating module 102 is configured to respectively generate anonymous disguise regions by a user through an anonymous disguise algorithm, request the anonymous disguise regions from a cloud service provider, and transmit road network information of the anonymous disguise regions to the user after the cloud service provider receives the request of the anonymous disguise regions; the anonymous disguised area comprises a departure place anonymous disguised area and a destination anonymous disguised area; the anonymous camouflage algorithm is modified based on a K-anonymous algorithm, and K online users meeting the precondition of the K-anonymous algorithm are changed into K coordinates generated randomly;
the pseudo-mounting point selecting module 103 is configured to randomly select a starting place pseudo-mounting point and a destination pseudo-mounting point which meet a pseudo-mounting distance L near a starting point according to the road network information of the anonymous pseudo-mounting area, and send the starting place pseudo-mounting point and the destination pseudo-mounting point to a cloud service provider; synchronously planning a route from a real departure place to a camouflage departure place according to the road network information of the anonymous camouflage area;
the path planning module 104 is configured to plan a group of candidate routes for a start pseudo-erection point and a destination pseudo-erection point after the cloud service provider receives the start pseudo-erection point and the destination pseudo-erection pointw 1 ,…,w n Simultaneously requesting real-time road condition information of the candidate route related to a road network region R from an LBS service provider, encrypting the real-time road condition information of the road network region R by the LBS service provider by using a fully homomorphic public key, and transmitting the encrypted information to a cloud service provider;
the route overhead calculation module 105 is configured to receive the encrypted real-time road condition information in the road network region R by the cloud service provider, further calculate the overhead of the previous candidate route group according to the real-time road condition information to obtain the route overhead after the ciphertext, compare each route with each other by using comparison operation of homomorphic encryption, and transmit the ciphertext comparison result to the LBS service provider;
the path generation module 106 is configured to enable the LBS service provider to receive the ciphertext comparison result, decrypt the ciphertext comparison result by using the private key sk, sort the comparison result to obtain a sequence number of the optimal path, and transmit the sequence number to the user; the user receiving the serial number will check from the candidate route groupw 1 ,…,w n And connecting the selected optimal route with the route in the local camouflage area to generate a final travel route.
It should be noted that, the navigation service privacy protection system based on homomorphic encryption and anonymous pretending of the present invention corresponds to the navigation service privacy protection method based on homomorphic encryption and anonymous pretending of the present invention one to one, and the technical features and the beneficial effects thereof set forth in the above-mentioned navigation service privacy protection method based on homomorphic encryption and anonymous pretending are all applicable to the navigation service privacy protection embodiment based on homomorphic encryption and anonymous pretending, and specific contents thereof can be referred to the description in the method embodiment of the present invention, and are not described herein again, and thus it is stated that.
In addition, in the implementation of the navigation service privacy protection system based on homomorphic encryption and anonymous spoofing according to the above embodiment, the logical division of each program module is only an example, and in practical applications, the above function allocation may be completed by different program modules according to needs, for example, due to configuration requirements of corresponding hardware or due to convenience in implementation of software, that is, the internal structure of the navigation service privacy protection system based on homomorphic encryption and anonymous spoofing is divided into different program modules so as to complete all or part of the above described functions.
Referring to fig. 3, in an embodiment, an electronic device for implementing a navigation service privacy protection method based on homomorphic encryption and anonymous masquerading is provided, where the electronic device 200 may include a first processor 201, a first memory 202, and a bus, and may further include a computer program, such as a navigation service privacy protection program 203, stored in the first memory 202 and executable on the first processor 201.
The first memory 202 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The first memory 202 may in some embodiments be an internal storage unit of the electronic device 200, such as a removable hard disk of the electronic device 200. The first memory 202 may also be an external storage device of the electronic device 200 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 200. Further, the first memory 202 may also include both an internal storage unit and an external storage device of the electronic device 200. The first memory 202 may be used to store not only application software installed in the electronic device 200 and various types of data, such as codes of the navigation service privacy protection program 203, but also temporarily store data that has been output or will be output.
The first processor 201 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same function or different functions, and includes one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The first processor 201 is a Control Unit (Control Unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 200 by running or executing programs or modules stored in the first memory 202 and calling data stored in the first memory 202.
Fig. 3 shows only an electronic device having components, and those skilled in the art will appreciate that the structure shown in fig. 3 does not constitute a limitation of the electronic device 200, and may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
The navigation service privacy protection program 203 stored in the first memory 202 of the electronic device 200 is a combination of instructions that, when executed in the first processor 201, may implement:
initializing a homomorphic encryption scheme by an LBS server, generating a public key pk, a private key sk and an evaluation key evk, and then sending an initialization parameter params, the public key pk and the evaluation key evk to the cloud server for initialization;
the method comprises the steps that users respectively generate anonymous disguised regions by means of an anonymous disguising algorithm, the anonymous disguised regions are requested from a cloud service provider, and after the cloud service provider receives the anonymous disguised region requests, road network information of the anonymous disguised regions is transmitted to the users; the anonymous disguised area comprises a departure place anonymous disguised area and a destination anonymous disguised area; the anonymous camouflage algorithm is modified based on a K-anonymous algorithm, and K online users meeting the precondition of the K-anonymous algorithm are changed into K coordinates generated randomly;
the user randomly selects a starting place pseudo-assembly point and a destination pseudo-assembly point which are close to a starting point and meet the pseudo-assembly distance L according to the road network information of the anonymous pseudo-assembly area, and sends the starting place pseudo-assembly point and the destination pseudo-assembly point to a cloud service provider; synchronously planning a route from a real departure place to a disguised departure place according to the road network information of the anonymous disguised area;
after receiving the pseudo-erection point of the departure place and the pseudo-erection point of the destination, the cloud service provider plans a group of candidate routesw 1 ,…,w n Simultaneously requesting real-time road condition information of the candidate route related to a road network region R from an LBS service provider, encrypting the real-time road condition information of the road network region R by the LBS service provider by using a fully homomorphic public key, and transmitting the encrypted information to a cloud service provider;
the cloud service provider receives the encrypted real-time road condition information of the road network region R, further calculates the cost of the previous candidate route group according to the real-time road condition information to obtain the cost of the route after the ciphertext, compares each route by using comparison operation of the homomorphic encryption, and transmits the ciphertext comparison result to the LBS service provider;
LBS service provider receives the cipher text comparison result and uses the private key sk to perform decryptionEncrypting, and sequencing the comparison result to obtain the serial number of the optimal path, and transmitting the serial number to the user; the user receiving the serial number will check from the candidate route groupw 1 ,…,w n And connecting the selected optimal route in the local area with the route in the camouflage area to generate a final travel route.
Further, the modules/units integrated with the electronic device 200, if implemented in the form of software functional units and sold or used as independent products, may be stored in a non-volatile computer-readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM).
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (10)

1. The navigation service privacy protection method based on homomorphic encryption and anonymous camouflage is characterized by comprising the following steps:
initializing a homomorphic encryption scheme by an LBS server, generating a public key pk, a private key sk and an evaluation key evk, and then sending an initialization parameter params, the public key pk and the evaluation key evk to the cloud server for initialization;
the method comprises the steps that users respectively generate anonymous disguised regions by using an anonymous disguising algorithm, the anonymous disguised regions are requested from a cloud service provider, and the cloud service provider transmits road network information of the anonymous disguised regions to the users after receiving the anonymous disguising region requests; the anonymous disguised area comprises a departure place anonymous disguised area and a destination anonymous disguised area; the anonymous camouflage algorithm is reconstructed based on a K-anonymous algorithm, and K online users meeting the precondition of the K-anonymous algorithm are changed into K coordinates generated randomly;
the user randomly selects a departure place pseudo-assembly point and a destination pseudo-assembly point which are close to a departure point and meet the pseudo-assembly distance L according to the road network information of the anonymous pseudo-assembly area, and sends the departure place pseudo-assembly point and the destination pseudo-assembly point to a cloud service provider; synchronously planning a route from a real departure place to a camouflage departure place according to the road network information of the anonymous camouflage area;
after receiving the pseudo-erection point of the departure place and the pseudo-erection point of the destination, the cloud service provider plans a group of candidate routesw 1 ,…,w n Therein ofw 1 ,…,w n Respectively represent a candidate route and simultaneously go to LBS clothesThe service provider requests the candidate route to relate to the real-time road condition information of the road network region R, and the LBS service provider encrypts the real-time road condition information of the road network region R by using the fully homomorphic public key and transmits the encrypted information to the cloud service provider;
the cloud service provider receives the encrypted real-time road condition information of the road network region R, further calculates the cost of the previous candidate route group according to the real-time road condition information to obtain the cost of the route after the ciphertext, compares each route by using comparison operation of homomorphic encryption, and transmits a ciphertext comparison result to the LBS service provider;
the LBS facilitator receives the ciphertext comparison result, decrypts by using the private key sk, sequences the comparison result, obtains the sequence number of the optimal path, and transmits the sequence number to the user; the user receiving the serial number will check from the candidate route groupw 1 ,…,w n And connecting the selected optimal route in the local area with the route in the camouflage area to generate a final travel route.
2. The navigation service privacy protection method based on homomorphic encryption and anonymous camouflage according to claim 1, wherein the anonymous camouflage algorithm is specifically:
the user has a starting place longitude and latitude coordinate S and a destination longitude and latitude coordinate D, and sets a camouflage distance L and a camouflage level K;
the user generates K-1 random coordinates at radius L based on the camouflage distance L and the camouflage level K.
3. The navigation service privacy protection method based on homomorphic encryption and anonymous camouflage according to claim 1, wherein a route from a real departure place to a camouflage departure place is synchronously planned according to road network information of an anonymous camouflage area, and specifically comprises the following steps:
after the map is loaded locally, a conventional path planning algorithm in a user system is called to respectively generate two navigation routes from a real departure place to a camouflage departure place and from a camouflage destination to a real destination.
4. The navigation service privacy protection method based on homomorphic encryption and anonymous camouflage according to claim 1, wherein the candidate route is planned by the following method:
generating a route with the shortest distance according to the policy requirement of path planning, and generating a route with the shortest time according to the speed limit of a road, wherein the route is two basic routes;
adding a customized strategy, wherein the strategy comprises avoiding charging, minimizing cost, and not walking an expressway or an expressway, and further generating a plurality of customized routes;
on the premise that the user allows, the cloud service provider optimizes the route after the service is finished, and the specific flow is as follows:
when the user allows, collecting and storing all requested path planning { disguised starting place S, disguised destination D and initiation time T } triple sets;
at the same time T on the next day, the cloud service provider requests the LBS service provider to plan a path of the (disguised starting place S and disguised destination D) and generate a navigation route;
after receiving the route of the LBS service provider, comparing the route selected by the LBS service provider according to the strategy, finding out the difference, finding out the map node with the first bifurcation, and marking the map node as a relay point;
and when the next route in the anonymous disguised area is related, adding the relay point into the path planning to generate a plurality of groups of navigation routes passing through the relay point, wherein the navigation routes comprise a disguised starting place, a relay point 1 and a disguised destination, … and a disguised starting point, a relay point n and a disguised destination.
5. The navigation service privacy protection method based on homomorphic encryption and anonymous camouflage according to claim 1, wherein the LBS facilitator transmits the real-time road condition information of the road network region R to the cloud facilitator by using fully homomorphic public key encryption, and the method specifically comprises the following steps:
the LBS facilitator receives a live map information request of a road network region R from the cloud facilitator, and the LBS facilitator corresponds to each edge in the map data structureedgeThe road condition weight of the map is encrypted, and other data structures of the whole map are not addedAnd transmitting the real-time road condition map data structure of the road network region R to a cloud service provider, and analyzing and using by the cloud service provider.
6. The navigation service privacy protection method based on homomorphic encryption and anonymous camouflage according to claim 1, wherein the method further calculates the cost of the previous candidate route group according to the real-time road condition information to obtain the route cost after the ciphertext, and specifically comprises the following steps:
after receiving the weight information from the LBS facilitator, the cloud facilitator makes the candidate route group generated by the cloud facilitatorw 1 ,…,w n Performing overhead calculation on each route, wherein the overhead calculation specifically comprises the following steps: each candidate route is formed by a plurality of edgesedgeAre connected together toiEdgeedge i The distance length is encrypted into ciphertext length information by using a public keyenc(edge i .len) Then, the edge in the map data from the LBS facilitator is acquirededge i Ciphertext weight information ofenc(edge i .weight) Will beenc(edge i .len) Andenc(edge i .weight) Performing ciphertext multiplication to obtain the edgeedge i The ciphertext multiplication results of each edge are accumulated to obtain the candidate route;
and after all the routes are calculated, the final overhead result of each route is obtained.
7. The navigation service privacy protection method based on homomorphic encryption and anonymous camouflage according to claim 1, wherein the LBS facilitator receives the ciphertext comparison result, decrypts by using a private key sk, and sorts the comparison result to obtain the sequence number of the optimal path, specifically:
according to different privacy requirements, when the privacy level is K, and the number N of the current candidate routes is greater than 2K, adopting 'elimination':
(1) Every two candidate routes in the candidate route group adopt a ciphertext comparison algorithm to perform ciphertext comparison operation to obtain N/2 comparison result ciphertexts, and the comparison result ciphertexts are transmitted to an LBS service provider for decryption;
(2) The LBS service provider decrypts the data to obtain N/2 comparison result plaintexts, transmits the comparison result plaintexts to the cloud service provider, and eliminates the route with excessive cost;
(3) Making N = N/2, if N >2K, repeating the process of the steps (1) - (2), if N < =2K, executing the step (4);
(4) Comparing the cost of the candidate routes in the candidate route group with other candidate routes once in turn to obtain the cost of the candidate routes in the candidate route group
Figure 504424DEST_PATH_IMAGE001
Constructing a comparison result sequence of the overhead by using the comparison result ciphertext;
(5) LBS facilitator is decrypting
Figure 149032DEST_PATH_IMAGE001
After the comparison result sequence of the cost, the N candidate routes are sequenced according to the comparison result of the plaintext, and the serial number of the candidate route with the minimum cost is obtained.
8. The navigation service privacy protection system based on homomorphic encryption and anonymous camouflage is characterized by comprising a preprocessing module, a camouflage area generating module, a fake node selecting module, a path planning module, a route overhead calculating module and a path generating module;
the preprocessing module is used for initializing a homomorphic encryption scheme by an LBS (location based service) provider, generating a public key pk, a private key sk and an evaluation key evk, and then sending an initialization parameter params, the public key pk and the evaluation key evk to the cloud provider for initialization;
the disguise region generating module is used for generating anonymous disguise regions by a user respectively by using an anonymous disguise algorithm, requesting the anonymous disguise regions from a cloud service provider, and transmitting road network information of the anonymous disguise regions to the user after the cloud service provider receives the request of the anonymous disguise regions; the anonymous disguised area comprises a departure place anonymous disguised area and a destination anonymous disguised area; the anonymous camouflage algorithm is modified based on a K-anonymous algorithm, and K online users meeting the precondition of the K-anonymous algorithm are changed into K coordinates generated randomly;
the pseudo-mounting point selecting module is used for the user to randomly select a starting place pseudo-mounting point and a destination pseudo-mounting point which are close to the starting point and meet the pseudo-mounting distance L according to the road network information of the anonymous pseudo-mounting area, and the starting place pseudo-mounting point and the destination pseudo-mounting point are sent to a cloud service provider; synchronously planning a route from a real departure place to a camouflage departure place according to the road network information of the anonymous camouflage area;
the path planning module is used for planning a group of candidate routes, namely a hard start route, after the cloud facilitator receives the origin pseudo-assembly point and the destination pseudo-assembly pointw 1 ,…,w n Therein ofw 1 ,…,w n Respectively representing a candidate route, simultaneously requesting real-time road condition information of the candidate route related to a road network region R from an LBS service provider, encrypting the real-time road condition information of the road network region R by the LBS service provider by using a fully homomorphic public key, and transmitting the encrypted information to a cloud service provider;
the route overhead calculation module is used for the cloud service provider to receive the encrypted real-time road condition information of the road network region R, further calculate the overhead of the previous candidate route group according to the real-time road condition information to obtain the route overhead after the ciphertext, compare each route with each other by using comparison operation of the homomorphic encryption, and transmit the ciphertext comparison result to the LBS service provider;
the path generation module is used for the LBS service provider to receive the ciphertext comparison result, decrypt the ciphertext comparison result by using a private key sk, sort the comparison result to obtain the sequence number of the optimal path, and transmit the sequence number to the user; the user receiving the serial number will check from the candidate route groupw 1 ,…,w n And connecting the selected optimal route in the local area with the route in the camouflage area to generate a final travel route.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores computer program instructions executable by the at least one processor to cause the at least one processor to perform a navigation service privacy protection method based on homomorphic encryption and anonymous masquerading as recited in any one of claims 1-7.
10. A computer-readable storage medium storing a program, wherein the program, when executed by a processor, implements the navigation service privacy protection method based on homomorphic encryption and anonymous masquerading of any of claims 1-7.
CN202211106644.XA 2022-09-13 2022-09-13 Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage Active CN115200603B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211106644.XA CN115200603B (en) 2022-09-13 2022-09-13 Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211106644.XA CN115200603B (en) 2022-09-13 2022-09-13 Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage

Publications (2)

Publication Number Publication Date
CN115200603A CN115200603A (en) 2022-10-18
CN115200603B true CN115200603B (en) 2023-01-31

Family

ID=83573570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211106644.XA Active CN115200603B (en) 2022-09-13 2022-09-13 Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage

Country Status (1)

Country Link
CN (1) CN115200603B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4358057A1 (en) * 2022-10-20 2024-04-24 Industry-Academic Cooperation Foundation Dankook University System for providing autonomous driving safety map service

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6738808B1 (en) * 2000-06-30 2004-05-18 Bell South Intellectual Property Corporation Anonymous location service for wireless networks
CN105530609A (en) * 2015-12-16 2016-04-27 上海交通大学 Indoor positioning method for efficient privacy protection based on Wi-Fi fingerprint
WO2016201775A1 (en) * 2015-06-17 2016-12-22 中兴通讯股份有限公司 Method and device for protecting position information of mobile terminal
WO2017037151A1 (en) * 2015-09-03 2017-03-09 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method for confidentially querying a location-based service by homomorphic cryptography
WO2017193783A1 (en) * 2016-05-10 2017-11-16 北京京东尚科信息技术有限公司 Method and device for protecting user location information
CN107831512A (en) * 2017-10-30 2018-03-23 南京大学 A kind of location privacy protection method of MSB AGPS positioning
CN109740376A (en) * 2018-12-21 2019-05-10 哈尔滨工业大学(深圳) Location privacy protection method, system, equipment and medium based on NN Query
CN110557375A (en) * 2019-08-01 2019-12-10 上海电力大学 k anonymous location privacy protection incentive method based on block chain intelligent contract
EP3671281A1 (en) * 2018-12-21 2020-06-24 European Space Agency Method and system for processing a gnss signal using homomorphic encryption
WO2022007889A1 (en) * 2020-07-08 2022-01-13 浙江工商大学 Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
WO2022082893A1 (en) * 2020-10-22 2022-04-28 香港中文大学(深圳) Privacy blockchain-based internet of vehicles protection method, and mobile terminal
CN115035720A (en) * 2022-06-10 2022-09-09 翁敏 Traffic road condition data acquisition and processing method and management system based on satellite positioning

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170053282A1 (en) * 2015-08-21 2017-02-23 Pitney Bowes Inc. Fraud risk score using location information while preserving privacy of the location information
EP4096153A1 (en) * 2015-08-31 2022-11-30 Mitsubishi Electric Corporation Map information management system
US20220136857A1 (en) * 2020-11-03 2022-05-05 Rutgers, The State University Of New Jersey Safety-aware route recommendation system and method

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6738808B1 (en) * 2000-06-30 2004-05-18 Bell South Intellectual Property Corporation Anonymous location service for wireless networks
WO2016201775A1 (en) * 2015-06-17 2016-12-22 中兴通讯股份有限公司 Method and device for protecting position information of mobile terminal
WO2017037151A1 (en) * 2015-09-03 2017-03-09 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method for confidentially querying a location-based service by homomorphic cryptography
CN105530609A (en) * 2015-12-16 2016-04-27 上海交通大学 Indoor positioning method for efficient privacy protection based on Wi-Fi fingerprint
WO2017193783A1 (en) * 2016-05-10 2017-11-16 北京京东尚科信息技术有限公司 Method and device for protecting user location information
CN107831512A (en) * 2017-10-30 2018-03-23 南京大学 A kind of location privacy protection method of MSB AGPS positioning
CN109740376A (en) * 2018-12-21 2019-05-10 哈尔滨工业大学(深圳) Location privacy protection method, system, equipment and medium based on NN Query
EP3671281A1 (en) * 2018-12-21 2020-06-24 European Space Agency Method and system for processing a gnss signal using homomorphic encryption
CN110557375A (en) * 2019-08-01 2019-12-10 上海电力大学 k anonymous location privacy protection incentive method based on block chain intelligent contract
WO2022007889A1 (en) * 2020-07-08 2022-01-13 浙江工商大学 Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
WO2022082893A1 (en) * 2020-10-22 2022-04-28 香港中文大学(深圳) Privacy blockchain-based internet of vehicles protection method, and mobile terminal
CN115035720A (en) * 2022-06-10 2022-09-09 翁敏 Traffic road condition data acquisition and processing method and management system based on satellite positioning

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Efficient and Privacy-Preserving Logistic Regression Scheme based on Leveled Fully Homomorphic Encryption;Chengjin Liu等;《IEEE INFOCOM WKSHPS: BigSecurity 2022: International Workshop on Security and Privacy in Big Data》;20220620;第1-6 *
Efficient Privacy-Preserving Scheme for Location Based Services in VANET System;FIFI FAROUK等;《IEEE Access》;20200408;第8卷;第60101-60116页 *

Also Published As

Publication number Publication date
CN115200603A (en) 2022-10-18

Similar Documents

Publication Publication Date Title
Baza et al. A light blockchain-powered privacy-preserving organization scheme for ride sharing services
Aïvodji et al. Meeting points in ridesharing: A privacy-preserving approach
CN113194078B (en) Sequencing multi-keyword search encryption method with privacy protection supported by cloud
Šeděnka et al. Privacy-preserving distance computation and proximity testing on earth, done right
Wu et al. Privacy-preserving shortest path computation
WO2019104955A1 (en) Location privacy protection query method for vanets in fog computing architecture
Watson et al. Lost: location based storage
CN111083631A (en) Efficient query processing method for protecting location privacy and query privacy
Yu et al. PGRide: Privacy-preserving group ridesharing matching in online ride hailing services
CN115200603B (en) Navigation service privacy protection method and device based on homomorphic encryption and anonymous camouflage
Zhang et al. Privacy preserving in cloud environment for obstructed shortest path query
CN114826703B (en) Block chain-based data search fine granularity access control method and system
CN113761563B (en) Data intersection calculation method and device and electronic equipment
Badr et al. Blockchain-based ride-sharing system with accurate matching and privacy-preservation
Ni et al. Cloud-based privacy-preserving parking navigation through vehicular communications
CN115767722A (en) Indoor positioning privacy protection method based on inner product function encryption in cloud environment
CN116232579A (en) Privacy security intersection method and system based on random OT protocol
Ye et al. A trajectory privacy-preserving algorithm based on road networks in continuous location-based services
Patil et al. GeoSecure-R: Secure computation of geographical distance using region-anonymized GPS data
CN114710370B (en) Fine-grained access control method and system based on fog block chain and attribute encryption
Fu et al. Privacy-preserving vehicle assignment in the parking space sharing system
CN108141462B (en) Method and system for database query
CN113240145B (en) Order-preserving encryption-based network vehicle-restraining platform and method thereof
CN112671543B (en) Public verifiable outsourcing attribute-based encryption method based on block chain
CN116723511B (en) Position management method and system for realizing privacy protection in Internet of vehicles and Internet of vehicles

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant