CN115913670A - Distributed K anonymous location privacy protection method, system, device and terminal - Google Patents
Distributed K anonymous location privacy protection method, system, device and terminal Download PDFInfo
- Publication number
- CN115913670A CN115913670A CN202211363785.XA CN202211363785A CN115913670A CN 115913670 A CN115913670 A CN 115913670A CN 202211363785 A CN202211363785 A CN 202211363785A CN 115913670 A CN115913670 A CN 115913670A
- Authority
- CN
- China
- Prior art keywords
- anonymous
- user
- cooperative
- construction
- credential
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention belongs to the technical field of position privacy protection, and discloses a distributed K anonymous position privacy protection method, a system, equipment and a terminal, wherein anonymous area cooperative construction credentials are designed to record position information provided when cooperative users participate in anonymous area cooperative construction, and the cooperative users are allowed to serve as requesters and send the credentials to other users; once it is verified that the collaborating user has provided a false location to participate in the anonymous region collaborative construct, no remaining users will participate in the anonymous region collaborative construct when the collaborating user is acting as a requester. The invention records the position information provided by the cooperative users by constructing the anonymous area cooperative construction evidence, and provides a distributed K anonymous position privacy protection scheme to stimulate the cooperative users to provide real positions to participate in the anonymous area cooperative construction, so that the requesting users can successfully construct the anonymous areas, thereby effectively protecting the position privacy of the requesting users. Theoretical analysis and a large number of experiments show that the method can efficiently help the requesting user to construct the anonymous area.
Description
Technical Field
The invention belongs to the technical field of location privacy protection, and particularly relates to a distributed K-anonymous location privacy protection method, system, device and terminal.
Background
At present, distributed K anonymity is the most commonly used location privacy protection method, and the basic idea is to enable a requesting user to acquire the real location of a cooperative user to construct an anonymous area, and to achieve location privacy protection by submitting the anonymous area to a service provider instead of the real location of the requesting user. However, if the requesting user uses the existing distributed K anonymous location privacy protection scheme, the collaborating user may provide a false location to the requesting user when participating in the collaborative construction of the anonymous area, so that the anonymous area constructed by the requesting user cannot meet the location privacy protection requirement of the requesting user; even the extreme case arises where the true location of the requesting user can be inferred directly from the anonymous zone. Therefore, the existing distributed K-anonymous location privacy protection scheme cannot effectively protect the location privacy of the requesting user. To solve this problem, many novel LBS location privacy protection methods are continuously proposed by researchers at home and abroad. In the existing LBS position privacy protection method, the distributed K anonymity method does not depend on a third party, does not need a complex password technology, and can enable a user to obtain an accurate query result, so that the distributed K anonymity method is widely used. The basic idea of the method is as follows: when a user (called a requesting user) is enjoying LBS, an anonymous area is constructed by sending a cooperation request to acquire the true positions of K-1 other users (called cooperative users), and the constructed anonymous area is sent to the LSP so that the LSP correctly identifies its true position at most with a probability of 1/K. Where K represents the location privacy protection requirement of the requesting user.
However, if the anonymous zones are constructed directly using existing distributed K anonymous location privacy protection schemes, the LSP may still infer its personal privacy from the anonymous zones submitted by the requesting user. The root causes of the above problems are: when receiving a collaboration request, the collaboration user may not provide the real location of the collaboration user, but randomly generate a false location, such as a location at the center of a lake, on the top of a mountain, or at the center of a traffic intersection, to provide to the requesting user. When the requesting user constructs the anonymous region using these false locations, the LSP can use its own background knowledge (e.g., city map) or area monitoring techniques to narrow the anonymous region, or even directly infer the user's true location. For example, when receiving a collaboration request sent by a requesting user Alice, a collaborating user Bob is entertaining at a bar, as shown in fig. 2 (a); at this time, in order to avoid exposing bad taste of heavy drinking, bob does not provide his real position, but randomly generates a false position in the lake to provide to Alice. Upon receiving the dummy location provided by Bob, alice generates an anonymous region using the dummy location and submits the anonymous region to the LSP, as shown in fig. 2 (b). After receiving the anonymous area submitted by the requesting user Alice, the LSP narrows down the anonymous area using the city map, finding that the narrowed anonymous area is mainly located in the hospital area, so the LSP can infer the health condition of Alice with a higher probability, as shown in fig. 2 (c).
The research of the existing distributed K anonymous location privacy protection method can be roughly divided into two types, which are respectively: anonymous zones are cooperatively structured and incentivized in a distributed environment.
(1) Anonymous area collaborative construct
In traditional centralized K-anonymous location privacy preservation methods, a trusted third party is required to act as an anonymity server to help requesting users construct anonymity zones. In real-world applications, however, a fully trusted third party is difficult to find; and the introduction of the anonymous server also brings communication bottleneck between the user and the anonymous server. To solve the problem, chow and the like firstly propose a distributed K anonymous location privacy protection scheme by a method of constructing an anonymous area by enabling a requesting user to acquire the real location of a surrounding cooperative user. However, when the cooperative users providing help are concentrated in a certain area, the anonymous area constructed by using the above scheme cannot effectively protect the location privacy of the requesting user. Therefore, ghinita and the like measure the dispersion degree between the positions of the cooperative user and the position of the requesting user by using a Hilbert curve, and introduce information entropy into the structure of the anonymous area to ensure that the constructed anonymous area can meet the position privacy protection requirement of the user. Subsequently, research by Chow et al found that, in addition to taking into account the dispersion between locations, the requesting user should be prevented from being located on the same road segment as the collaborating user. Otherwise, the LSP can still use the city map to infer the location privacy of the requesting user. Sun et al indicate that when a user is enjoying LBS, the user's location privacy protection needs may vary due to the different sensitivity of the location. In their solutions, the user location is divided into a sensitive location and a general location, and when the user is located in the sensitive location and enjoys LBS, the user identity information is protected by using a pseudonym; when the user is located at a common position, besides the position information provided by the cooperative user is obtained to construct an anonymous area, a false query is constructed and an LSP is transmitted together with a real query. In the above scheme, the construction of the anonymous area is independently completed by the requesting user. In order to further reduce the calculation cost required by the request user for constructing an anonymous area, fei and the like firstly divide the request user and the cooperative user into different groups according to the area to which the user belongs; then constructing an anonymous area for each group by selecting an agent in each group; and finally, combining the anonymous areas constructed by different groups according to the principle of maximizing the query entropy of the anonymous areas.
In addition to researching the cooperative construction method of the anonymous area during single discrete LBS query, domestic and foreign scholars also research the cooperative construction method of the anonymous area suitable for continuous query. Kim and the like firstly divide the cooperative users into different clusters, and appoint an aggregation node for each different cluster to be used for calculating a transfer state matrix of the users in the clusters during continuous query, so that the calculation cost required by requesting the users to construct an anonymous area is reduced. However, as the number of times that the requesting user continuously sends LBS queries increases, the area of the constructed anonymous area may increase sharply, resulting in that the requesting user receives useless query results returned by the LSP and thus increasing the communication overhead and the calculation overhead of the requesting user. To solve this problem, peng et al propose that when a requesting user continuously transmits LBS queries, an anonymous zone can be constructed by acquiring the true location of the collaborating user and the historical location information of the remaining users stored in its cache. And they also prevent LSPs from inferring the true location of the requesting user from the anonymous region by exploiting the spatiotemporal correlation between successive query time locations by disrupting the method of sending the query time and translating the anonymous region. However, when the time interval for sending the continuous query by the user is short, the anonymous area constructed by using the above scheme may have an overlapping area, so that the LSP can directly presume that the requesting user is located in the overlapping area of the anonymous area. To solve the problem, tian et al propose that the area size of the constructed anonymous region should be dynamically adjusted according to the sensitivity of the user's real position during continuous query, thereby avoiding the constructed anonymous regions from overlapping each other during continuous query.
(2) Incentive mechanism in distributed environment
Since constructing anonymous zones in a distributed environment requires the participation of collaborating users, there is also extensive research on how to incentivize the collaborating users to participate in the construction of anonymous zones.
Yang et al introduced the auction mechanism into the anonymous zone collaboration construct for the first time. The positions of the cooperative users are used as special commodities, and the cooperative users obtain extra benefits by enabling a plurality of requesting users to adopt an auction mode, so that the cooperative users are encouraged to actively participate in the cooperative construction of the anonymous area. However, when the benefit of the requesting user obtaining the collaborative user through the auction to successfully construct the anonymous area is low, if the auction mechanism is directly used, a "streaming" situation may occur, so that no requesting user can successfully construct the anonymous area. In order to solve the problem, zhang and the like design a bid-winning rule based on a greedy idea to ensure that as many requesting users as possible successfully acquire the positions of the cooperative users. Wu et al indicate that the auction cost split should be more focused on in the location auction, not for profit. Therefore, they design a Bayesian incentive-compatible location auction mechanism by analyzing the buyer's payment function in the location auction, ensuring that the requesting user can eventually successfully construct an anonymous region.
In addition to using auction mechanisms to encourage collaborating users to participate in anonymous area collaborating structures, li et al believe that in the special social activities of anonymous area collaborating structures, each user may be both a requesting user and a collaborating user. Therefore, the users can store the times of participating in the anonymous area collaborative construction as collaborative users by using the trust certificates, so that the collaboration of the rest users can be obtained more easily when the users with more times of helping others are used as the request users. Gao et al analyze strategy selection of users participating in anonymous area cooperative construction by using a repeated game model, and motivate users to provide own position information by a mode that users providing cooperation can successfully construct anonymous areas without providing own real positions in two rounds of anonymous area cooperative constructions in the future. Luo et al point out that when the requesting user is not trusted, the collaborating users may not participate in the collaborative construction of the anonymous zone even through reward and punishment incentives. In order to solve the problem, the historical behaviors and the current behaviors of the requesting user are comprehensively considered, and a reliability evaluation method of the requesting user is provided by combining a Dirichlet distribution function, so that a cooperative user only provides position information for the reliable requesting user. Yang and the like introduce the credit into the anonymous area cooperative structure and stimulate the user to actively provide own position information by improving the credit of the user participating in the anonymous area cooperative structure.
The above schemes all assume that the users are self-benefited and always seek to maximize the benefits of the users. Gong et al believe that a collaborating user is not self-benefitting, but is benefitting when collaborating with friends in a social network to construct an anonymous zone. Thus, they incentivize friends in the requesting user's social network to participate in the collaborative construction of anonymous zones by maximizing the revenue of the group consisting of the requesting user and collaborating users.
However, when participating in the collaborative construction of anonymous zones, the assisting user may not provide his/her own true location, but may randomly generate a false location, such as one located at the center of a lake, on the top of a mountain, or at the center of a traffic intersection, to provide to the requesting user. At this time, if the anonymous area is constructed by directly using the existing distributed K anonymous location privacy protection scheme, the LSP may still effectively narrow the anonymous area, even directly obtain the real location of the requesting user. Therefore, the existing distributed K-anonymous location privacy protection scheme cannot completely protect the location privacy of the requesting user. Therefore, it is highly desirable to design a new distributed K-anonymous location privacy protection method.
Through the above analysis, the problems and defects of the prior art are as follows: the existing distributed K anonymous location privacy protection scheme does not consider the cheating behavior of cooperative users, so that the cooperative users can participate in the cooperative construction of anonymous areas by providing false locations. If the requesting user constructs anonymous regions using these false locations, the constructed anonymous regions do not effectively protect the user's true location. This results in the requesting user being able to infer the requesting user's personal privacy, such as work/home address, interest preferences, health status, etc., from the anonymous zones submitted by the requesting user after sending LBS queries.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a distributed K anonymous location privacy protection method, a system, equipment and a terminal.
The invention is realized in this way, a distributed K anonymous location privacy protection method, the distributed K anonymous location privacy protection method comprising: recording position information provided when a cooperative user participates in the anonymous area cooperative construction by designing anonymous area cooperative construction credentials, and sending the credentials to other users when the cooperative user serves as a requester; once it is verified that the collaborating user has provided a false location to participate in the anonymous region collaborative construct, no remaining users will participate in the anonymous region collaborative construct when the collaborating user is acting as a requester.
Further, the distributed K anonymous location privacy protection method comprises the following steps:
step one, when a user P is requested 0 When LBS inquiry is to be sent, sending a credential set which once participates in anonymous region collaborative construction as a collaborator and an anonymous region collaborative construction request to other users;
step two, when the cooperative user P i Receipt of anonymous zone collaborative construction credential setsAfter the cooperative construction request, verifying the correctness of the signature information in the cooperative construction certificate of each anonymous area; when the signature information in all the certificates passes the correctness verification, the anonymous area is cooperatively constructed into a certificate set based on the position availability>Screening is carried out such that the collection obtained after screening is->Satisfy +>If/or>Then->If true; according to collectionsThe number of the elements in (1) determines whether to participate in the anonymous area cooperative construction;
step three, when requesting user P 0 Receipt of anonymous area collaborative construction credentialsThen, the signature is calculated by utilizing the private key of the userUpdating the anonymous area collaborative construction credential; collaboratively constructing credentials based on the updated anonymous zone>Sending to cooperative user P i And calculates the cooperation position Loc i Is available degree->
Step four, the cooperative user P i Receiving the requesting user P 0 Returned credentialsThen, verifying the signature information in the certificate;
step five, if the user P is requested 0 Discovering cooperative users P i Broadcast information T maliciously, and then the user P and the cooperative user P are connected i The anonymous area is coordinated with the construction credential to be broadcast to other users; otherwise, continuously waiting for the other cooperative users to send the cooperative construction credential of the anonymous area;
step six, when requesting user P 0 Receiving M cooperative locations Loc 1 ,Loc 2 ,…,Loc M Then, K-1 positions Loc with the highest availability are selected from the obtained data 1′ ,Loc 2′ …,Loc (K-1)′ Construct anonymous region ACR = Gen (Loc) 0 ,Loc 1′ ,Loc 2′ …,Loc (K-1)′ ) (ii) a And sending the constructed anonymous area ACR together with the query content of the ACR to the LSP.
Further, the credential set in the first step is:
wherein, the first and the second end of the pipe are connected with each other,indicating the requesting user P 0 A credential that once acted as a collaborator to participate in the cooperative construction of the jth anonymous area; j is more than or equal to 1 and less than or equal to N; n is a positive integer.
Further, the verifying the correctness of the signature information in the collaborative construction credential for each anonymous area in the second step includes:
(2) Otherwise, broadcast the information ″) t.
The set of basisThe determining whether to participate in the anonymous area collaborative construction according to the number of the elements in (1) comprises the following steps:
(2) Otherwise, sending the credential to the requesting user P 0 :
Wherein the content of the first and second substances,representing a user P 0 A requesting user who participates in the jth anonymous area collaborative construction as a collaborator; />Representing user P 0 Participating as a collaborator in the jth anonymous zonePosition information provided during cooperative construction; sign (-) and Ver (-) are secure signature function and signature verification function, respectively; />Is using user P 0 Is coupled to the signature information ≥ is present>Verifying; />Is to use the user->Public key pair signature informationVerifying; "t" indicates that spoofing is suffered, suggesting termination of collaboration; j' is a natural number; sign (·) is a secure signature function; />Is a positive integer, representing a cooperative user P i And determining whether to send a judgment threshold value of the anonymous area collaborative construction credential.
Further, the user P when requesting in the third step 0 Receipt of anonymous area collaborative construction credentialsThen, the signature is calculated by utilizing the private key of the user>And updating the anonymous region collaborative build credential comprises:
cooperative user P in the fourth step i Receiving the requesting user P 0 Returned credentialsThen, the signature information in the verification certificate comprises:
(2) Otherwise, the cooperative user P i Broadcast information, ") j.
In the sixth step, in the step III,l 'is more than or equal to 1 and less than or equal to (K-1)'; k is the requesting user P 0 Location privacy protection requirements of (1); gen (-) is a secure anonymous region constructor.
Further, the distributed K-anonymous location privacy protection method further includes:
when the cooperative user P i Receiving the requesting user P 0 Transmitted credentialsThen, the signature information is judged to be greater or less>Andmaking a validation warrant->Authenticity of the requesting user P 0 Tampering with location information ≧ provided by oneself as a collaborator participating in a jth anonymous collaboration construct>
For requestingFamily P 0 Preferentially selecting a cooperation position with high availability to construct an anonymous area; and as long as the cooperative user P i Providing anonymous area collaborative construction credentialsRequesting user P 0 Updating credentials with its own private key such that:
wherein, the requesting user P is represented 0 Validating user P i Participating in anonymous area collaboration construction, when requesting user P 0 Not verifying signature informationCorrectness; when requesting user P 0 To (X)>After signing, user P i Verifying signature informationThe correctness of the received signal; if P i If the message T is not broadcast, the correctness of the signature information is confirmed; when user P i When the credential is sent to other users as a requester, if the signature information in the credential is not verified correctly, the credential represents the user P i With fraudulent activity.
Another object of the present invention is to provide a distributed K-anonymous location privacy protecting system using the distributed K-anonymous location privacy protecting method, where the distributed K-anonymous location privacy protecting system includes:
the information sending module is used for sending a credential set which is used as a collaborator to participate in anonymous region collaborative construction and an anonymous region collaborative construction request to other users when a requesting user needs to send LBS inquiry;
the correctness verification module is used for verifying the correctness of the signature information in each anonymous area cooperative construction credential after the cooperative user receives the anonymous area cooperative construction credential set and the cooperative construction request;
the collaborative construction credential updating module is used for calculating a signature by using a private key of a requesting user after the requesting user receives the anonymous area collaborative construction credential and updating the anonymous area collaborative construction credential;
the position availability calculation module is used for sending the updated anonymous area collaborative construction credential to the collaborative user and calculating the availability of the collaborative position;
the signature information verification module is used for verifying the signature information in the credential after the cooperative user receives the credential returned by the request user;
the anonymous area construction module is used for selecting a position with the highest availability from the request users to construct an anonymous area after the request users receive the personal cooperation position; and sending the constructed anonymous area ACR together with the query content to the LSP.
It is a further object of the invention to provide a computer arrangement comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of the distributed K-anonymous location privacy preserving method.
It is a further object of the invention to provide a computer readable storage medium, storing a computer program which, when executed by a processor, causes the processor to perform the steps of the distributed K-anonymous location privacy preserving method.
Another object of the present invention is to provide an information data processing terminal for implementing the distributed K-anonymous location privacy protection system.
By combining the technical scheme and the technical problem to be solved, the technical scheme to be protected by the invention has the advantages and positive effects that:
first, aiming at the technical problems existing in the prior art and the difficulty in solving the problems, the technical problems to be solved by the technical scheme of the present invention are closely combined with the technical scheme to be protected and the results and data in the research and development process, and some creative technical effects brought after the problems are solved are analyzed in detail and deeply. The specific description is as follows:
the invention records the position information provided when the cooperative user participates in the anonymous area cooperative construction by designing the anonymous area cooperative construction evidence, and provides a distributed K anonymous position privacy protection scheme. Theoretical analysis proves that the method not only can restrict the self-profit behavior of the user participating in the anonymous region collaborative construction, but also can help the requesting user to avoid selecting the false position provided by the collaborative user to construct the anonymous region. In addition, a large number of experiments show that the invention can efficiently construct anonymous regions.
The invention designs a distributed K-anonymous location privacy protection scheme to stimulate cooperative users to provide real locations to participate in the cooperative construction of anonymous areas. In the scheme, the anonymous area collaborative construction credential is designed to record the position information provided when the collaborative user participates in the anonymous area collaborative construction, and the collaborative user is allowed to send the credential to other users when being used as a requester. Once it is verified that the collaborating user has provided a false location to participate in the anonymous region collaborative construct, it will not have the rest of the users participate in the anonymous region collaborative construct when acting as a requester. In addition, the invention discloses a first distributed K-anonymous location privacy protection scheme.
The existing distributed K anonymous location privacy protection scheme does not fully consider the behavior of cooperative users participating in anonymous area cooperative construction, so that the cooperative users can provide false locations to requesting users after receiving anonymous cooperative construction requests. If the requesting user constructs an anonymous region using a false location provided by the collaborating user, this will result in the LSP effectively shrinking the anonymous region and even directly inferring the true location of the requesting user. Therefore, the existing distributed K-anonymous location privacy protection scheme cannot effectively protect the location privacy of the requesting user. In order to solve the problem, the invention records the position information provided by the cooperative users by constructing the anonymous area cooperative construction credential, and provides a distributed K anonymous position privacy protection scheme based on position available measurement to stimulate the cooperative users to provide real positions to participate in the anonymous area cooperative construction, so that the requesting users can successfully construct the anonymous areas, thereby effectively protecting the position privacy of the requesting users. Theoretical analysis and a large number of experiments show that the method can efficiently help the requesting user successfully construct an anonymous area capable of effectively protecting the position privacy of the requesting user.
Secondly, considering the technical scheme as a whole or from the perspective of products, the technical effect and advantages of the technical scheme to be protected by the invention are specifically described as follows:
the main contributions of the present invention are as follows: 1) The invention designs a distributed K anonymous location privacy protection scheme, which effectively stimulates cooperative users to provide real locations to participate in the cooperative construction of anonymous areas, thereby helping requesting users to successfully construct anonymous areas. 2) Theoretical analysis and a large number of experiments show that the calculation time delay and the communication overhead required by the method are extremely limited, and the method can efficiently help the requesting user to construct an anonymous area.
Third, as an inventive supplementary proof of the claims of the present invention, there are also presented several important aspects:
(1) The expected income and commercial value after the technical scheme of the invention is converted are as follows:
LBS is currently the most commonly used class of mobile internet services in people's daily life. According to the newly published white paper for the development of 2022 Chinese satellite navigation and location service industry, the following results are obtained: from 2020 to 2021, the total value of satellite navigation and location services industry in China is increased from 810 billion yuan to 4690 billion yuan. However, with the promulgation and implementation of the "personal information protection laws", the "data security laws", and the "regulations on security protection of key information infrastructure", awareness and demand for personal privacy protection are increasing. Therefore, the LBS location privacy disclosure problem receives a great deal of attention from people. The problem is one of the key problems restricting the healthy and vigorous development of the LBS. The method can effectively protect the position privacy when the user sends the LBS query, can be widely applied to various LBS applications, and has higher expected income and commercial value.
(2) The technical scheme of the invention fills the technical blank in the industry at home and abroad:
the technology of the invention breaks through the defects and shortcomings of the existing location privacy protection scheme based on distributed K anonymity, and provides an effective solution for providing deception behavior of a false location participating in anonymous area cooperative construction for cooperative users. The invention records the position information provided when the cooperative user participates in the anonymous area cooperative construction by designing the anonymous area cooperative construction credential; and the cooperative user is allowed to send the evidence to other users when being used as a requester, so that the other users can judge the authenticity of the position provided when the cooperative user historically participates in the anonymous area cooperative construction, and once the false position is confirmed to be provided, no other users participate in the anonymous area cooperative construction when the cooperative user is used as the requester. By the method, deception behaviors of the cooperative users participating in the anonymous area cooperative construction are effectively restrained, so that the cooperative users only provide real positions to participate in the anonymous area cooperative construction, and the requesting users are helped to successfully construct the anonymous areas capable of effectively protecting the position privacy of the requesting users.
(3) The technical scheme of the invention solves the technical problems which are always desired to be solved but are not successful:
because the method does not depend on a third party and a complex password technology and can enable a user to obtain an accurate query result, the location privacy protection method based on distributed K anonymity is the most commonly used location privacy protection method at present. However, when the existing distributed K anonymous location privacy protection scheme is used, since the fraudulent behavior of the cooperative user when participating in the cooperative construction of the anonymous region is not considered, the cooperative user can provide false locations to the requesting user, so that the anonymous region constructed by the requesting user using these false locations cannot effectively protect the own location privacy. Firstly, recording position information provided when a cooperative user participates in anonymous area cooperative construction by designing an anonymous area cooperative construction credential; and the cooperative user is allowed to send the evidence to other users when being used as a requester, so that the other users can judge the authenticity of the position provided when the cooperative user historically participates in the anonymous area cooperative construction; once it is confirmed that a false location has been provided, the collaborating user will not have the remaining users participate in the anonymous zone collaboration formation as a requester. According to the method, the deception behavior of the cooperative user participating in the anonymous area cooperative construction is effectively restrained, and the anonymous area constructed by the requesting user can effectively protect the position privacy of the anonymous area.
(4) The technical scheme of the invention overcomes the technical prejudice that:
the existing distributed K anonymous location privacy protection schemes all assume that cooperative users are honest, namely, the cooperative users can provide real locations of the cooperative users to requesting users after receiving anonymous area cooperative construction requests sent by the requesting users. However, in real-world applications, when a collaborating user participates in the collaborative construction of the anonymous region, false locations may be provided for a requesting user, so that the anonymous region constructed by using the false locations by the requesting user cannot effectively protect the privacy of the location. Firstly, recording position information provided when a cooperative user participates in anonymous area cooperative construction by designing an anonymous area cooperative construction credential; and the cooperative user is allowed to send the evidence to other users when being used as a requester, so that the other users can judge the authenticity of the position provided when the cooperative user historically participates in the anonymous area cooperative construction; once confirmed to have provided a false location, the collaborating user will not have the remaining users participating in the anonymous area collaboration construct as a requester. According to the method, the deception behavior of the cooperative user participating in the anonymous area cooperative construction is effectively restrained, and the anonymous area constructed by the requesting user can effectively protect the position privacy of the anonymous area.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a distributed K-anonymous location privacy protection method provided by an embodiment of the invention;
FIG. 2 is a schematic diagram of providing a fake location structure anonymous zone provided by an embodiment of the present invention;
FIG. 3 is a schematic diagram of a system architecture provided by an embodiment of the present invention;
fig. 4 is a schematic diagram of credential computation delay and communication overhead required for cooperative construction of an anonymous region according to an embodiment of the present invention; wherein, (a) is average calculated time delay, and (b) is average communication overhead;
FIG. 5 is a schematic diagram illustrating the effect of the number of cooperative credential for anonymous zone configuration provided by the embodiment of the present invention on the present invention; wherein, (a) is average calculated time delay, and (b) is average communication overhead;
FIG. 6 is a diagram illustrating the influence of the number of collaborating users provided by the embodiment of the present invention on the present invention; wherein, (a) is average calculated time delay, and (b) is average communication overhead;
fig. 7 is a schematic diagram illustrating an influence of a location available metric threshold on an average computed delay according to an embodiment of the present invention; wherein, (a) is a time screening threshold, and (b) is a distance comparison threshold.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides a distributed K anonymous location privacy protection method, a system, equipment and a terminal, and the invention is described in detail below with reference to the attached drawings.
1. Illustrative embodiments are explained. This section is an illustrative example developed to explain the claims in order to enable those skilled in the art to fully understand how to implement the present invention.
As shown in fig. 1, a distributed K-anonymous location privacy protection method provided in an embodiment of the present invention includes the following steps:
s101, when a requesting user needs to send LBS inquiry, sending a credential set which is used as a collaborator to participate in anonymous area collaborative construction and an anonymous area collaborative construction request to other users;
s102, after receiving the anonymous area cooperative construction credential set and the cooperative construction request, the cooperative user verifies the correctness of the signature information in each anonymous area cooperative construction credential, so as to determine whether to send the anonymous area cooperative construction credential to the requesting user;
s103, when the requesting user receives the anonymous area collaborative construction credential, calculating a signature by using a private key of the requesting user, and updating the anonymous area collaborative construction credential; sending the updated anonymous region collaborative construction credential to a collaborative user, and calculating the availability of a collaborative position;
s104, after the cooperative user receives the credential returned by the request user, verifying the signature information in the credential;
s105, after the requesting user receives the position information provided by all the cooperative users, selecting the position with the highest availability to construct an anonymous area, and sending the constructed anonymous area ACR together with the query content to the LSP.
Preferably, the distributed K-anonymous location privacy protection method provided in the embodiment of the present invention specifically includes:
1. preliminary knowledge
1.1 System architecture
The present invention adopts a distributed structure without a third party, and mainly comprises a requesting user, a cooperative user and an LSP, as shown in fig. 3. Wherein, a safe communication link exists between the requesting user and the cooperative user and between the requesting user and the LSP.
Requesting user P when LBS query is to be sent 0 First, an anonymous zone co-construction request is sent to surrounding users, desiring to obtain their true location. Upon receipt of a cooperative user P 1 ,P 2 ,…,P K-1 Provided location information Loc 1 ,Loc 2 ,…,Loc K-1 Then, user P is requested 0 Construct anonymous region ACR = Gen (Loc) 0 ,Loc 1 ,…,Loc K-1 ) And sent to the LSP together with its own query content. Wherein the content of the first and second substances,requesting user P denoted by K 0 Location privacy protection requirements of (1); loc 0 Indicates that the requesting user P 0 The position of (a); loc i Representing a cooperative user P i The location of the provision; i is more than or equal to 1 and less than or equal to K-1; gen (. Cndot.) is the anonymous region generation function.
Upon receipt of the requesting user P 0 After the sent anonymous area ACR and the query content, the LSP searches in the database and sends all the search results to the requesting user P 0 . When receiving the search result sent by LSP, requesting user P 0 According to its own location Loc 0 And simplifying the retrieval result so as to obtain an accurate query result.
Furthermore, the present invention assumes that the LSP is semi-trusted. I.e. the LSP will honestly be based on the requesting user P 0 The submitted anonymous area ACR and the query content are searched in the database, and the search result is correctly sent to the requesting user P 0 (ii) a But the LSP will try to deduce the requesting user P from the anonymous area ACR 0 True position of (Loc) 0 . Moreover, the present invention also assumes that the LSP can completely grasp the requesting user P 0 Location privacy protection mechanisms are used.
1.2 anonymous region collaborative construction credentials
The anonymous area collaborative structure is regarded as a special social activity, and the anonymous area collaborative structure credential Evi is used for recording the position information provided by the collaborative user for the requesting user.
Anonymous zone collaborative construction credential Evi = { P, LOC i S is a triplet, specifically explained as follows:
(1)P={P 0 ,P i is the set of users participating in the cooperative construction of the anonymous zone. Wherein, P 0 Representing a requesting user; p i Representing the ith cooperative user; i is a positive integer.
(2)LOC i ={Loc i ,Time i Is cooperative user P i The location information provided. Wherein, loc i Representing collaborating users P i The location of the provision; time i Representing collaborating users P i Location of provision Loc i The time of day.
(3)Is a set of user signatures. Wherein Sign (·) is a secure signature function; />Is a cooperative user P i Utilize its own private key to the location information LOC i The signature of (2); />Is a requesting user P 0 Signature information on cooperative user based on own private key>Signature again.
In the anonymous area collaborative construction credential, the main role of the signature set S is to ensure the validity of the anonymous area collaborative construction credential. Wherein the signatureBoth prevention of cooperative user P i To the provided location information LOC i Also, the remaining users (including user P) can be prevented from being denied 0 ) Tampering with a cooperative user P i Provided location information LOC i ={Loc i ,Time i }; signature->Is mainly used for indicating the requesting user P 0 For cooperative user P i And participating in confirmation of cooperative construction behaviors in the anonymous area.
2. Distributed K-anonymous location privacy protection scheme
A distributed K anonymous location privacy protection scheme based on location availability is provided by combining anonymous area collaborative construction credentials.
Step1. When requesting a user P 0 When sending LBS inquiry, firstly taking the evidence set which once participates in anonymous area cooperative construction as a collaboratorThe request is sent to the remaining users in conjunction with the anonymous zone co-construction request. Wherein +>Indicating the requesting user P 0 A credential that once acted as a collaborator to participate in the cooperative construction of the jth anonymous area; j is more than or equal to 1 and less than or equal to N; n is a positive integer.
Step2. When the cooperative user P i Receipt of anonymous zone collaborative construction credential setsAnd after the cooperative construction request, firstly verifying the correctness of the signature information in each anonymous area cooperative construction certificate:
(2) Otherwise, broadcast the information ″) t.
After the signature information in all the certificates passes the correctness verification, the anonymous area is collaboratively constructed into a certificate set according to the position availabilityScreening is carried out such that the collection obtained after screening is->Satisfies the following conditions: />If it isHas->This is true. Finally, according to the set +>The number of elements in (2) determines whether to participate in anonymous area cooperative construction:
(2) Otherwise, the credential is sent to the requesting user P 0 :
Wherein the content of the first and second substances,representing user P 0 A requesting user who participates in the jth anonymous area collaborative construction as a collaborator; />Representing a user P 0 Position information provided when the collaborator participates in the j-th anonymous area collaborative construction; sign (-) and Ver (-) are secure signature function and signature verification function, respectively; />Is using user P 0 Is coupled to the signature information ≥ is present>Verifying; />Is to use the user->Public key pair signature informationVerifying; "t" indicates that spoofing is suffered, suggesting termination of collaboration; j' is a natural number; sign (·) is a secure signature function; />Is a positive integer, representing a cooperative user P i And determining whether to send a judgment threshold value of the anonymous area collaborative construction credential.
Step3. When requesting user P 0 Receipt of anonymous area collaborative construction credentialsAfterwards, a signature is first calculated with its own private key +>And updating the anonymous area collaborative construction credential: />
Then, the updated anonymous areas are collaboratively constructed into the credentialSending to cooperative user P i . Finally, the cooperation position Loc is calculated i Is available degree->
Step4. Cooperative user P i Receiving the requesting user P 0 Returned credentialsThen, verifying the signature information in the certificate:
(2) Otherwise, cooperative user P i Broadcast information ″) t.
Step5. If requesting user P 0 Discovering cooperative users P i Broadcast information T maliciously, and can make oneself and cooperative user P i The anonymous area between the users is collaboratively constructed to construct a credential to be broadcast and sent to other users; otherwise, continuously waiting for the rest collaboration users to send the anonymous area collaboration configuration credential.
Step6. When requesting user P 0 Receiving M cooperation positions Loc 1 ,Loc 2 ,…,Loc M Then, K-1 positions Loc with the highest availability are selected from the obtained data 1′ ,Loc 2′ …,Loc (K-1)′ Construct anonymous region ACR = Gen (Loc) 0 ,Loc 1′ ,Loc 2′ …,Loc (K-1)′ ) (ii) a And then sending the constructed anonymous area ACR to the LSP together with the self query content. Wherein, the first and the second end of the pipe are connected with each other, l 'is more than or equal to 1 and less than or equal to (K-1)'; k is the requesting user P 0 Location privacy protection requirements of (1); gen (-) is safeThe anonymous region of (a) is constructed as a function.
In the above scheme, when the cooperative user P i Receiving the requesting user P 0 Document of transmissionThen, the signature information is checkedAnd &>The main purpose of making the verification is to ensure that credentials +>Authenticity of, i.e. prevention of, requesting user P 0 Tampering with location information ≧ provided by oneself as a collaborator participating in a jth anonymous collaboration construct>
Also, since in practical applications, the location data sets owned by users may be different, their judgment threshold σ for the location availability is T And σ D And also different from each other, so that the available measurement results of different users for the same location are different. In addition, even if the result of the calculation of the availability of the location Loc provided by a certain user is 0, it cannot be completely determined that the location Loc is a false location (since the location may be located in a certain sparse region). Therefore, in the above-described distributed K-anonymous location privacy protection scheme based on location availability metrics, the requesting user P 0 Preferentially selecting a cooperation position with high availability to construct an anonymous area; and as long as the collaborating users P i Providing anonymous area collaborative construction credentialsRequesting user P 0 The credential is updated with its own private key such that:
i.e. representing the requesting user P 0 Validating user P i Participate in anonymous zone collaborative construction. At this time, the requesting user P 0 Not verifying signature informationThe reasons for the correctness are: when requesting user P 0 Is paired and/or matched>After signing, user P is required i Verifying signature information +>The correctness of the operation. If P i And if the sender message is not broadcasted, the sender message is signed up, and the correctness of the signature information is confirmed. Therefore, when the user P i When the credential is sent to other users as a requester, if the signature information in the credential is not verified correctly, it indicates that the user P is a user P i With fraudulent activity.
3. Protocol analysis
3.1 safety
In the invention, when receiving a request for constructing a cooperative structure of an anonymous area, a cooperative user P i According to the times that the requesting user historically and effectively participates in the anonymous area collaborative construction as a collaborator (namely the screened anonymous area collaborative construction credential set)Number of elements in>) To determine whether to provide a collaborative location. Then, as a cooperative user, after receiving the request of the anonymous area cooperative construction, the cooperative user actively participates in the anonymous area cooperative construction, so as to increase the number of credentials of the anonymous area cooperative construction obtained by the cooperative user, and the cooperative user can obtain the help of a larger number of collaborators when the cooperative user serves as a requester. Thus, the present invention assumes that the requesting user P 0 Enough collaboration locations can be received, and, assume also that the requesting user P 0 Use is made of a secure anonymous region construction function Gen (-) for constructing an anonymous region ACR, i.e. when requesting a user P 0 Selecting K-1 positions Loc with highest availability from received cooperation positions 1′ ,Loc 2′ …,Loc (K-1)′ When constructing the anonymous zone ACR, the following holds:
in addition, since the secure and verifiable signature function Sign () is used in the anonymous area collaborative configuration credential, the credential can not only effectively prevent the information from being tampered. Thus, the present invention only proves the security of the scheme from the perspective of the cooperative construction of anonymous areas.
The method of proving and defusing.
Suppose requesting user P 0 Failure to correctly identify a cooperative user P i Provided dummy locationI.e. requesting user P 0 Screening threshold value at utilization time>When the location DATA set LOC _ DATA is filtered, there are at least 1 access times Time of the historical locations LOC such that:
wherein the content of the first and second substances,is that the collaborating user provides a false location->The time of day.
And for the cooperative user P i Said, due to the positionIs a false location, meaning that the time-of-use screening threshold is usedWhen the position DATA set LOC _ DATA is filtered, the following is caused:
therefore, the first and second electrodes are formed on the substrate,this is in accordance with the known condition->Contradictory, so the theorem holds.
After the syndrome is confirmed.
Also by using the inverse method, the following reasoning can be obtained:
The following theorem can be obtained by theorem 1 and theorem 2:
3.2 fairness
It is demonstrated below that when requesting a user P 0 With collaborating users P i When the user is a self-benefited user, the method and the system can not only stimulate the cooperative user to provide the real position of the user to participate in the anonymous area cooperative construction, but also ensure that the requesting user can send the updated anonymous area cooperative construction credential to the cooperative user.
Certification, do not set up cooperative usersP i Sending credentialsTo requesting user P 0 . Due to requesting user P 0 Is self-benefitting, then it first hopes to succeed in constructing an anonymous zone on its own; second, it is desirable to transmit updated credentials as little as possible. Therefore, make->Indicating the requesting user P 0 Not sending the updated credential and successfully constructing the benefit in the anonymous zone; w 0 Indicating the requesting user P 0 Sending the updated credentials and successfully constructing the income in the anonymous zone; />Representing requesting user P 0 Revenue when the anonymous zone is not constructed successfully without sending updated credentials; />Indicating the requesting user P 0 Sending updated credentials and not successfully constructing revenue in the anonymous zone. Obviously, is present in>
Order strategyIndicating the requesting user P 0 Upon receipt of the credential->Then correctly calculating a signature->And updates the signature to credential->Then, the updated credential is->Sending to cooperative user P i (ii) a Make the strategy->Indicating the requesting user P 0 Upon receipt of the credential->Thereafter, the updated credential is pick>Sent to user P i 。
When requesting user P 0 Receiving user P i Document of transmissionLater, the benefit obtained by its selection policy is the same as the benefit received by other users before that (it is not assumed that user P is 1 ,P 2 ,…,P i-1 ) The number of credentials transmitted.
(1) If i < K-1, requesting user P 0 The number of credentials received in total (including the number of received users P) i Transmitted credentials) are less than K-1.
When requesting user P 0 Selection policyAt that time, user P i A broadcast message, ") will be sent telling surrounding users that they are deceived. At this time, the rest users will not send the anonymous area cooperative construction certificate to the requesting user P 0 . Since the updated credentials have been sent to user P 1 ,P 2 ,…,P i-1 Therefore, requesting user P 0 The gains of (2) are as follows:
when requesting user P 0 Selection policyAt that time, user P i No broadcast message, ") is sent. Therefore requesting user P 0 The anonymous area collaborative construction evidence sent by the rest collaborative users can be continuously received, so that the anonymous area is successfully constructed. Thus, the requesting user P 0 Selection strategy>The benefits of (1) are:
(2) If i is more than or equal to K-1, requesting the user P 0 The number of credentials received in total (including the number of received users P) i The transmitted credentials) are not less than K-1.
When requesting user P 0 Selection policyAt the time, the anonymous region has been successfully constructed since it already has at least K-1 of the collaborative locations provided by the remaining users. Likewise, since requesting user P 0 Having sent the updated credentials to user P 1 ,P 2 ,…,P i-1 Thus the yield is:
when requesting user P 0 Selection policyAnd then the user can continue to receive the anonymous area collaborative construction credential sent by the rest users. However, since at least K-1 of the remaining user-provided collaboration locations are already in possession, the anonymous region has been successfully constructed. At this time, the requesting user P 0 Selection strategy->The benefits of (1) are:
in summary, when requesting a user P 0 Receiving user P i Document of transmissionThen, the selection strategy->The gains obtained were:
it is clear that,thus, when requesting user P 0 When the user is a self-benefited user, the invention can effectively stimulate the requesting user to send the updated anonymous area cooperative construction credential to the requesting user.
Similar to the above proof, the following reasoning can be obtained.
The following theorem can be obtained by theorem 3 and theorem 4.
3.3 computational complexity
The invention regards the verification calculation of the signature information as the inverse operation of the signature calculation, so the invention uses O (Sign) to represent the calculation complexity required for signature calculation and signature verification calculation.
In the invention, for cooperative user P i In particular, upon receipt of a requesting user P 0 Transmitted anonymous region co-constructed credential setThen, first of all, each credential needs to be based on>Is signed by the signature information->Andand (6) carrying out verification. Wherein j is more than or equal to 1 and less than or equal to N. At this point, a total of 2 authentications are performed, then, the cooperative user P i Completion credential set pick>The worst time complexity required for correctness verification of medium signature information is O (2 NSign). If the correctness of all the signature information is verified, the cooperative user P i The requesting user P needs to be calculated 0 Historically, as collaborators, provide availability of collaboration locations. In calculating each position->When availability of (2) is reached, collaborating with user P i Determination of time requiredThreshold value->And a distance comparison threshold value>Screening the owned historical data set, and calculating the position/position according to the number of the elements left after screening>Is available degree->In this case, the comparison operation needs to be performed at most 2M times. Therefore, the cooperative user P i Computing requesting user P 0 Historically, the availability of collaborators to provide collaborative locations has required up to 2MN comparisons. Wherein M represents user P i Number of elements in the owned position dataset. Finally, the cooperative user P i Based on a credential whose location availability is 0>Removing the certificate and judging the threshold value according to the number of the certificates left after the removing operation is finished>After the comparison, whether the user participates in the anonymous area collaborative construction at the moment is determined. At this time, 1 comparison operation is required. Thus, for the cooperative user P i In other words, the worst time complexity required to complete the above calculation is O (2 NSign) + O (2NM + 1).
Furthermore, for the cooperative user P i In other words, after the cooperative structure of the anonymous area is determined to participate, the signature needs to be calculated firstGenerates the constructed credential pick>Then, the requesting user P needs to be provided with 0 Updated constructed credential pick>Is signed by the signature information->And &>And carrying out correctness verification. At this time, the cooperative user P 0 The required computational complexity is O (3 Sign).
In summary, the cooperative user P i The worst time complexity required to implement the present invention is:
for requesting user P 0 In other words, each time a cooperative user P is received i Transmitted anonymous area collaborative construction credentialThen, first of all, a signature has to be calculated>For credential->Updating of (1); then computing cooperative user P i Location of supply Loc i Is available degree->At this time, the requesting user P 0 1 signature calculation and 2M' comparison operations are required. Wherein M' represents user P i Number of elements in the owned position dataset. Then, after the requesting user receives the anonymous area cooperative construction credential sent by the L cooperative users, L signature operations are required to be completedTotal 2M' and L comparison operations are calculated. Finally, the requesting user P 0 The K-1 Loc positions with the highest availability are selected from the received L positions 1′ ,Loc 2′ …,Loc (K-1)′ Construct anonymous region ACR = Gen (Loc) 0 ,Loc 1′ ,Loc 2′ …,Loc (K-1)′ ). In the above process, in order to select the K-1 positions with the highest availability, only L received positions need to be sorted according to the availability, so the required worst time complexity is O (LlogL); and the worst-time complexity required to construct anonymous regions is O (Gen).
Obviously, in real-world applications, L < M'. Thus, the requesting user P 0 The worst time complexity required to successfully construct an anonymous region for implementing the present invention is:
3.4 protocol comparison
In the distributed K anonymous location privacy protection method, when a requesting user needs to send LBS inquiry, a third party does not need to be used as an anonymous server to help the requesting user to construct an anonymous area, but the requesting user sends an anonymous area cooperative construction request to surrounding users, and the anonymous area is constructed through cooperative locations provided by the surrounding cooperative users. However, in the existing scheme, surrounding cooperative users are encouraged to actively participate in the anonymous area cooperative structure or behaviors of a requesting user and a cooperative user in participating in the anonymous area cooperative structure are restricted, and third party participants are introduced in a dispute. For example, the existing solution requires a trusted third party to act as a "seller" responsible for confirming "winning bidders" and thus incentivizes the collaborative users to participate in anonymous zone collaborative construction; in the existing scheme, a semi-trusted cloud service is used as a verifier and a block chain, so that the correctness of interactive information is verified when a requesting user and a cooperative user participate in anonymous area cooperative construction, and mutual cheating between the requesting user and the cooperative user is avoided; the conventional scheme is to regard the anonymous area cooperative structure as a special social activity, and prevent mutual cheating by recording behaviors of a requesting user and a cooperative user when the requesting user and the cooperative user participate in the anonymous area cooperative structure by utilizing a block chain. However, the maintenance of the blockchain needs to be performed by other users who do not participate in the cooperative construction of the anonymous area. In addition, when the number of the obtained collaboration locations does not meet the requirement of privacy protection of the requesting user, the existing scheme is to ensure that the requesting user can successfully construct an anonymous area by increasing the number of times of point-to-point communication forwarding in the network. However, when the requesting user is located in a sparse crowd area, if the above scheme is directly used, a situation that the request for constructing the anonymous area is difficult to forward successfully may occur, so that the requesting user cannot construct the anonymous area meeting the location privacy protection requirement of the requesting user.
Furthermore, in real-world applications, a requesting user may also enjoy LBS continuously, in addition to sending a single discrete LBS query. At this time, if the existing distributed K-anonymous location privacy protection scheme is directly used, since it cannot be ensured that the same cooperative user continuously participates in the anonymous area cooperative structure, the LSP may search the same user in multiple anonymous areas submitted by the requesting user by using a query tracking method, thereby inferring the location privacy of the requesting user.
According to the method, a third party is not required to participate, and the cooperative construction credential of the anonymous area is respectively stored by the requesting user and the cooperative user. When the requesting user is located in the crowd sparse area and cannot acquire enough collaboration positions, the requesting user can send the anonymous area collaborative construction request again to the collaborative user who provides help once according to the stored anonymous area collaborative construction credential, so that the anonymous area is successfully constructed. In addition, when the method and the device are adopted to protect the position privacy of the requesting user during continuous inquiry, the requesting user can send the anonymous area cooperative construction request again to the user providing the cooperative position at the initial moment of continuous inquiry by inquiring the stored anonymous area cooperative construction credential, so that the generated anonymous area always has the same user, and the inquiry tracking is effectively resisted.
The distributed K anonymous location privacy protection system provided by the embodiment of the invention comprises:
the information sending module is used for sending a credential set which is used as a collaborator to participate in anonymous area collaborative construction and an anonymous area collaborative construction request to other users when a requesting user wants to send LBS query;
the correctness verification module is used for verifying the correctness of the signature information in each anonymous area collaborative construction credential after the collaborative user receives the anonymous area collaborative construction credential set and the collaborative construction request;
the collaborative construction credential updating module is used for calculating a signature by using a private key of a requesting user after the requesting user receives the anonymous area collaborative construction credential and updating the anonymous area collaborative construction credential;
the position availability calculation module is used for sending the updated anonymous area collaborative construction credential to the collaborative user and calculating the availability of the collaborative position;
the signature information verification module is used for verifying the signature information in the credential after the cooperative user receives the credential returned by the requesting user;
the anonymous area construction module is used for selecting a position with the highest availability from the request users to construct an anonymous area after the request users receive the personal cooperation position; and sending the constructed anonymous area ACR together with the query content to the LSP.
2. Application examples. In order to prove the creativity and the technical value of the technical scheme of the invention, the part is the application example of the technical scheme of the claims on specific products or related technologies.
LBS is one of the most commonly used mobile internet services, and its typical applications mainly include: information, route planning, target tracking, social entertainment, advertisement delivery. While the user enjoys a convenient life brought by LBS, the user needs to provide the user's own true location to the LSP. This allows the LSP to infer its personal privacy from the true location provided by the user. For example, taking an information consultation application as an example, when a user inquires about a meal delivery telephone of a nearby restaurant in a special hospital, the LSP can estimate the physical health condition of the user with a high probability; when the user inquires weather conditions in a certain bar during working hours, the LSP can estimate the occupation and the working address with higher probability. At this time, the invention can be used to construct an anonymous area by acquiring the real positions of other surrounding users, and submit the constructed anonymous area to the LSP. This makes it difficult for the LSP to deduce the true location of the user through the anonymous area, thereby effectively protecting the personal privacy of the user.
3. Evidence of the relevant effects of the examples. The embodiment of the invention has some positive effects in the process of research and development or use, and indeed has great advantages compared with the prior art, and the following contents are described by combining data, charts and the like in the test process.
In order to verify the effectiveness of the scheme provided by the invention, the invention selects a public Foursquare data set as experimental data. Foursquare is a well-known LBS social software, and encourages users to share information such as the current geographic position with others in a check-in mode. This data set is one of the most commonly used public data sets in current LBS location privacy protection research. The data set consists of 2 data subsets, and records more than 90 ten thousand pieces of check-in position information about 10 months for Foursquare users in new york and tokyo cities respectively. The position information comprises information such as user numbers, longitude and latitude of check-in places, check-in time and the like. The method and the device respectively use a data subset (called New York data set for short) for recording the historical check-in position information of the New York user and a data subset (called Tokyo data set for short) for recording the historical check-in position information of the Tokyo user to carry out experiments.
In addition, the experiment also selects an Elliptic curve public key cryptography (ECC) algorithm recommended by the national code administration to meet the requirement of the electronic authentication service to the requesting user P 0 And cooperative user P i About location information LOC i The ECC algorithm is one of the most commonly used encryption and signature algorithms for mobile terminals. Compared with other public key cryptographic algorithms, such as the RSA algorithm, the method not only can effectively reduce the calculation overhead required by the mobile user during encryption and signature operation, but also can provide higher security strength. For example, the security strength of the ECC algorithm with a key length of 256 bits is equal to that of the RSA algorithm with a key length of 3072 bits.
The experiment relates to the distributed K anonymous location privacy protection scheme provided by the invention, and aims to ensure that the calculation overhead and the communication overhead required by the scheme are relatively limited and have certain practicability. All algorithms related to the experiment are realized by adopting Python 3.7 language programming and adopting a Pycrypto cryptography library. It is one of the most commonly used cryptography libraries at present, is suitable for Python programming environment, and predefines a large number of basic operations involved in cryptography, such as generation of random numbers, generation of finite fields, and the like. The experimental environment is as follows: intel Core i5-5200U CPU, DDR4-2666Hz 8GB RAM and Windows 10-bit operating system.
Firstly, the accuracy of the position availability measurement method provided by the invention is tested, so that the method can effectively help the requesting user to avoid selecting a false position provided by a cooperative user to construct an anonymous region.
In this part of the experiment, the new york city dataset and tokyo city dataset were randomly split according to the ratio of 1:4, 1:6 and 1:9, respectively, using a similar cross-validation method. And respectively taking the split data subsets as a tested data set (a data subset with a smaller proportion) and a position data set (a data set with a larger proportion) owned by a user. Experiments were performed with 10 random splits for different split ratios.
The calculation overhead and communication overhead required by the distributed K-anonymous location privacy protection scheme provided by the present invention are analyzed through experiments. In this part of the experiment, the Foursquare dataset was still used as the location dataset owned by each user. The following repeated experiments were performed using a randomly selected method in the two data sets, except that no special distinction was made between the new york data set and the tokyo data set.
(1) Anonymous region construction
In this part of the experiment, it is assumed that the requesting user has historically participated in 30 anonymous collaboration constructs as a collaborator, i.e., the requesting user has an anonymous region collaboration construct credential number N =30. Setting a time-screening threshold σ in a location-available metric T =30min and distance comparison threshold σ D =100m. Further, assume that a total of 30 collaborating users decide to participate in anonymous zone collaboration construction. Different privacy for requesting usersThe protection requirement, i.e.the K value, was varied from 2 to 20, and the experiments were repeated 50 times each. The average computation delay and average communication overhead required by the requesting user and the collaborating user in the collaborative construction of the anonymous area are shown in fig. 4.
When a requesting user constructs an anonymous area by using the distributed K anonymous location privacy protection scheme based on the location credibility measurement, for the requesting user and cooperative users participating in the cooperative construction of the anonymous area, the average calculation delay and communication overhead required by the requesting user and the cooperative users are irrelevant to the value of the location privacy protection requirement K of the requesting user. The reason is that: 1) For each collaborating user, when the user verifies the evidence provided by the requesting user and historically participates in the anonymous area collaborative construction as a collaboratorAfter the cooperative user decides to provide help for the requesting user, the cooperative user only needs to send the own position information and the signature related to the position information to the requesting user; and after receiving the anonymous area collaborative construction credential returned by the requesting user, verifying the correctness of the signature information in the credential. Therefore, when the method and the device are executed, the average calculation time delay and the communication overhead required by the cooperative user are irrelevant to the value of the position privacy protection requirement K of the requesting user. 2) For a requesting user, after receiving a collaboration position provided by each collaboration user, calculating the availability of the position; and then K-1 positions with the highest availability are selected from all the received cooperation positions to construct an anonymous area. Thus, regardless of the change in the requesting user's location privacy preserving requirements K, it calculates the availability of all received collaborative locations. The average computation delay and communication overhead required by the requesting user also does not change with changes in the value of K.
However, it can be found through the experiment that when the requesting user has historically participated in the anonymous collaborative construction 30 times as a collaborator, and 30 collaborating users decide to participate in the anonymous area collaborative construction, if the present invention is used, the average computation delay and communication overhead required by the requesting user are respectively: 1036.29ms and 17.18KB; the average calculation delay and the communication overhead required by the cooperative user are respectively as follows: 1385.14ms and 0.45KB. This shows that when the anonymous region is constructed by using the distributed K anonymous location privacy protection based on the location availability metric, the average computation delay and the communication overhead required by the user side are extremely limited, thereby showing that the method can efficiently help the requesting user to successfully construct the anonymous region, and has better practicability.
(2) Impact of anonymous area collaborative construction credential quantity on the present invention
The effect of the number of credentials N that the requesting user has historically participated in the cooperative construction of the anonymous zone as a collaborator on the present invention is analyzed experimentally below. In this experiment, it is assumed that the location privacy protection requirement of the requesting user, K =10; setting a time-screening threshold σ in a location-available metric T =30min and distance comparison threshold σ D =100m. On the premise of ensuring that the requesting user can successfully construct the anonymous area, a judgment threshold value N for determining whether to participate in the anonymous collaborative construction is generated for each user in a random number generation mode Pi . The experiment was repeated 50 times each with N varying from 10 to 100. The results of the experiment are shown in FIG. 5.
For the requesting user, as N increases, the number of the anonymous area collaborative configuration credentials that the requesting user needs to transmit increases, which increases the average communication overhead of the requesting user. And the larger the value of N is, the more the number of the collaboration users who decide to participate in the anonymous area collaboration structure is increased after the surrounding collaboration users receive the request of the anonymous collaboration structure. At this time, the number of the collaboration locations received by the requesting user also increases. Every time 1 more collaboration location is received, the requesting user needs to verify 1 more correctness of signature information about the collaboration location, calculate 1 more availability about the collaboration location, and send 1 more credential about the collaborative construction of the anonymous area. Therefore, when the distributed K-anonymous location privacy protection proposed by the present invention is used, as N increases, the average computation delay and communication overhead required by the requesting user also increases. For example, when N varies from 10 to 100, the average computational latency and communication overhead required by the requesting user increases from 409.94ms and 6.29KB to 1688.07ms and 42.49KB, respectively.
For the cooperative users, whether the cooperative users participate in the anonymous area cooperative construction or not, the authenticity of the anonymous area cooperative construction credential sent by the requesting user needs to be verified, and the congestion possibility of each position in the credential needs to be calculated. Therefore, as N increases, the average computation delay required by the collaborating users also increases. If the cooperative user decides not to participate in the cooperative construction of the anonymous area, no information needs to be sent to the requesting user, so that the required average communication overhead is 0; and if the cooperative user decides to participate in the cooperative construction credential of the anonymous area, only the position information of the cooperative user and the signature related to the position information need to be sent to the requesting user. Therefore, the average communication overhead required by the cooperative user is irrelevant to the value of N.
(3) Impact of the number of users participating in the cooperative construction of anonymous areas on the present invention
In this experiment, it is assumed that the number of anonymous zone co-constructed credentials owned by the requesting user N =30; the location privacy protection requirement K =10 of the requesting user. Setting the time screening threshold σ T =30min; distance comparison threshold σ D =100m. The impact of varying the number of users participating in the cooperative construction of anonymous areas on the average computational delay and communication overhead required for using the present invention is analyzed below. The experiment was repeated 50 times for different numbers of participating users.
The results of the experiment are shown in FIG. 6. As the number of collaborating users participating in the collaborative construct of the anonymous area increases, the number of collaborating locations received by the requesting user also increases. This results in an increase in the computational delay required by the requesting user for computing location availability, verifying signature information about collaborative locations, and updating anonymous zone collaborative build credentials; the amount of proof confirming that the collaborating users provide help in the current anonymous area collaboration configuration, which is required to be sent by the requesting user, is also increasing. Therefore, when the number of the cooperative users participating in the cooperative construction of the anonymous area increases in executing the present invention, the average calculation delay and communication overhead required by the requesting user also increase continuously. For the cooperative user, only the true position of the cooperative user and the signature information about the position need to be provided to the requesting user when the cooperative user executes the method; and after receiving the credential of the cooperative construction in the anonymous area sent by the requesting user, only the signature information in the credential needs to be verified, so that the average calculation delay and the communication overhead required by the cooperative user are irrelevant to the number of users participating in the cooperative construction in the anonymous area.
(4) Effect of location availability metric thresholds on the invention
In the present invention, the location available metric threshold (i.e., time-filtering threshold σ) is just an availability that helps the user calculate the location, since it is the location available metric threshold that is only available to the user T Sum distance comparison threshold σ D ) Only the average computation delay required to implement the present invention. Therefore, only the temporal screening threshold σ is briefly analyzed below T And the distance comparison threshold σ D The effect on the average computation delay required by the present invention.
In this experiment, it is assumed that the number of anonymous zone co-constructed credentials owned by the requesting user N =30; requesting a user's location privacy protection requirement K =10; there were 30 collaborating users who decided to participate in the anonymous zone collaboration construct. Respectively set threshold values sigma T =30min and σ D =100m for repeated experiments. The experiment was repeated 50 times for different threshold combinations.
It can be found through experiments that the threshold value sigma is screened over time T Sum distance comparison threshold σ D The average computing overhead required by the requesting user and the collaborating user is also slowly increasing, as shown in fig. 7. The reason is that: with threshold value sigma T And a threshold value sigma D The increasing of (2) increases the number of locations left in a location data set owned by a user after the data set is filtered, thereby increasing the time required for requesting users and collaborating users to calculate location availability. However, the screening threshold σ is selected regardless of time T Sum distance comparison threshold σ D How to increase, the average computation delay required to compute the availability of 1 location is extremely limited, such as when σ T =30min and σ D =100m, the average computation delay required to compute the availability of 1 position is only 3.75ms. Thus, over timeScreening threshold sigma T And the distance comparison threshold σ D The average computational overhead required by the requesting user and the collaborating users is slowly increasing.
It should be noted that embodiments of the present invention can be realized in hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A distributed K-anonymous location privacy protection method is characterized by comprising the following steps: recording position information provided when a cooperative user participates in the anonymous area cooperative construction by designing anonymous area cooperative construction credentials, and sending the credentials to other users when the cooperative user serves as a requester; once it is verified that the collaborating user has provided a false location to participate in the anonymous region collaborative construct, no remaining users will participate in the anonymous region collaborative construct when the collaborating user is acting as a requester.
2. The distributed K-anonymous location privacy preserving method of claim 1, wherein the distributed K-anonymous location privacy preserving method comprises the steps of:
step one, when a user P is requested 0 When LBS inquiry is to be sent, sending a credential set which once is taken as a collaborator to participate in anonymous area collaborative construction and an anonymous area collaborative construction request to other users;
step two, when the cooperative user P i Receipt of anonymous zone collaborative construction credential setsAfter the cooperative construction request, verifying the correctness of the signature information in the cooperative construction certificate of each anonymous area; when the signature information in all the certificates passes the correctness verification, an anonymous area is cooperatively constructed into a certificate set based on the position availability>Screening is carried out such that the collection obtained after screening is->Satisfy->If/or>Then->If true; according to the set>The number of elements in (1) determines whether to participate in anonymous area collaborationConstructing;
step three, when requesting user P 0 Receipt of anonymous area collaborative construction credentialsThen, the signature is calculated by utilizing the private key of the userUpdating the cooperative construction credential of the anonymous area; collaboratively constructing credential on updated anonymous zone>Sending to cooperative user P i And calculates the cooperation position Loc i Is available degree->
Step four, the cooperative user P i Receiving the requesting user P 0 Returned credentialsThen, verifying the signature information in the certificate;
step five, if the user P is requested 0 Discovering cooperative users P i Broadcast information T maliciously, and then the user P and the cooperative user P are connected i The anonymous area between the users is collaboratively constructed to construct a credential to be broadcast and sent to other users; otherwise, continuously waiting for the other cooperative users to send the anonymous area cooperative construction credential;
step six, when requesting user P 0 Receiving M cooperation positions Loc 1 ,Loc 2 ,…,Loc M Then, K-1 positions Loc with the highest availability are selected from the obtained data 1′ ,Loc 2′ …,Loc (K-1)′ Construct anonymous region ACR = Gen (Loc) 0 ,Loc 1′ ,Loc 2′ …,Loc (K-1)′ ) (ii) a And sending the constructed anonymous area ACR together with the query content of the ACR to the LSP.
3. The distributed K-anonymous location privacy preserving method of claim 2, wherein the credential set in the first step is:
4. The distributed K-anonymous location privacy protection method as set forth in claim 2, wherein the verifying the correctness of the signature information in the collaborative construction credential for each anonymous area in the second step comprises:
(2) Otherwise, broadcasting information T;
the set of basisThe determining whether to participate in the anonymous area collaborative construction according to the number of the elements in (1) comprises the following steps:
(2) Otherwise, sending the credential to the requesting user P 0 :
Wherein the content of the first and second substances,representing user P 0 A requesting user as a collaborator participating in the jth anonymous area collaborative construction; />Representing user P 0 Position information provided when the collaborator participates in the j-th anonymous area collaborative construction; sign (-) and Ver (-) are secure signature function and signature verification function, respectively; />Is to use a user P 0 Public key pair signature information &>Verifying; />Is to use the user->Is coupled to the signature information ≥ is present>Verifying; "t" indicates that spoofing is suffered, suggesting termination of collaboration; j' is a natural number; sign (·) is a secure signature function; />Is a positive integer, representing a cooperative user P i And determining whether to send a judgment threshold value of the anonymous area collaborative construction credential.
5. The distributed K-anonymous location privacy preserving method as set forth in claim 2, wherein the requesting user P in said step three is a user P 0 Receipt of anonymous area collaborative construction credentialsThen, the signature is calculated by utilizing the private key of the user>And updating the anonymous region collaborative construction credential includes:
cooperative user P in the fourth step i Receiving the requesting user P 0 Returned credentialsThen, the signature information in the verification certificate comprises:
(2) Otherwise, the cooperative user P i Broadcast information ″) t;
6. The distributed K-anonymous location privacy preserving method of claim 2, wherein the distributed K-anonymous location privacy preserving method further comprises:
when the cooperative user P i Receiving the requesting user P 0 Document of transmissionThen, the signature information is judged to be greater or less>Andmaking a validation warrant->Authenticity of, preventing requesting user P 0 Tampering with location information ≧ provided by oneself as a collaborator participating in a jth anonymous collaboration construct>
Requesting user P 0 Preferentially selecting a cooperation position with high availability to construct an anonymous area; and as long as the cooperative user P i Providing anonymous area collaborative construction credentialsRequesting user P 0 Updating credentials with its own private key such that:
wherein, the requesting user P is represented 0 Validating user P i Participating in anonymous area collaboration construction, when requesting user P 0 Not verifying signature informationCorrectness; when requesting user P 0 Is paired and/or matched>After signing, user P i Verifying signature informationThe correctness of the test; if P i If the message T is not broadcast, the correctness of the signature information is confirmed; when user P i When the credential is sent to other users as a requester, if the signature information in the credential is not verified correctly, the credential represents the user P i With fraudulent activity.
7. A distributed K-anonymous location privacy protection system applying the distributed K-anonymous location privacy protection method according to any one of claims 1 to 6, wherein the distributed K-anonymous location privacy protection system comprises:
the information sending module is used for sending a credential set which is used as a collaborator to participate in anonymous area collaborative construction and an anonymous area collaborative construction request to other users when a requesting user wants to send LBS query;
the correctness verification module is used for verifying the correctness of the signature information in each anonymous area cooperative construction credential after the cooperative user receives the anonymous area cooperative construction credential set and the cooperative construction request;
the collaborative construction credential updating module is used for calculating a signature by using a private key of a requesting user after the requesting user receives the anonymous area collaborative construction credential and updating the anonymous area collaborative construction credential;
the position availability calculation module is used for sending the updated anonymous area collaborative construction credential to the collaborative user and calculating the availability of the collaborative position;
the signature information verification module is used for verifying the signature information in the credential after the cooperative user receives the credential returned by the request user;
the anonymous area construction module is used for selecting a position with the highest availability from the request users to construct an anonymous area after the request users receive the personal cooperation position; and sending the constructed anonymous area ACR together with the query content to the LSP.
8. A computer arrangement, characterized in that the computer arrangement comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of the distributed K-anonymous location privacy protection method according to any one of claims 1-6.
9. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to carry out the steps of the distributed K-anonymous location privacy preserving method according to any one of claims 1 to 6.
10. An information data processing terminal for implementing the distributed K-anonymous location privacy protection system of claim 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211363785.XA CN115913670A (en) | 2022-11-02 | 2022-11-02 | Distributed K anonymous location privacy protection method, system, device and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211363785.XA CN115913670A (en) | 2022-11-02 | 2022-11-02 | Distributed K anonymous location privacy protection method, system, device and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115913670A true CN115913670A (en) | 2023-04-04 |
Family
ID=86490461
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211363785.XA Pending CN115913670A (en) | 2022-11-02 | 2022-11-02 | Distributed K anonymous location privacy protection method, system, device and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115913670A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117411730A (en) * | 2023-09-28 | 2024-01-16 | 贵州大学 | Distributed position cache cooperation method based on excitation mechanism |
-
2022
- 2022-11-02 CN CN202211363785.XA patent/CN115913670A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117411730A (en) * | 2023-09-28 | 2024-01-16 | 贵州大学 | Distributed position cache cooperation method based on excitation mechanism |
CN117411730B (en) * | 2023-09-28 | 2024-04-02 | 贵州大学 | Distributed position cache cooperation method based on excitation mechanism |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Baza et al. | B-ride: Ride sharing with privacy-preservation, trust and fair payment atop public blockchain | |
Shrestha et al. | A new type of blockchain for secure message exchange in VANET | |
Kudva et al. | Towards secure and practical consensus for blockchain based VANET | |
Luo et al. | Blockchain enabled trust-based location privacy protection scheme in VANET | |
Li et al. | Creditcoin: A privacy-preserving blockchain-based incentive announcement network for communications of smart vehicles | |
Badr et al. | Smart parking system with privacy preservation and reputation management using blockchain | |
Guo et al. | Proof-of-event recording system for autonomous vehicles: A blockchain-based solution | |
Hildebrand et al. | A comprehensive review on blockchains for Internet of Vehicles: Challenges and directions | |
CN113987080A (en) | Block chain excitation method and device based on reputation consensus and related products | |
Diallo et al. | A scalable blockchain-based scheme for traffic-related data sharing in VANETs | |
Miao et al. | An intelligent and privacy-enhanced data sharing strategy for blockchain-empowered Internet of Things | |
Wang et al. | A fast and secured vehicle-to-vehicle energy trading based on blockchain consensus in the internet of electric vehicles | |
CN110149379A (en) | A kind of more former chain handling capacity extended methods based on layer logic | |
CN115913670A (en) | Distributed K anonymous location privacy protection method, system, device and terminal | |
Dai et al. | Permissioned blockchain and deep reinforcement learning for content caching in vehicular edge computing and networks | |
Wang et al. | A hybrid blockchain-based identity authentication scheme for Mobile Crowd Sensing | |
Ye et al. | An anonymous and fair auction system based on blockchain | |
Lv et al. | Misbehavior detection in vehicular ad hoc networks based on privacy-preserving federated learning and blockchain | |
Jing et al. | An efficient anonymous batch authentication scheme based on priority and cooperation for VANETs | |
Shen et al. | Blockchain-enabled solution for secure and scalable V2V video content dissemination | |
Bai et al. | Blockchain-based Authentication and Proof-of-Reputation Mechanism for Trust Data Sharing in Internet of Vehicles. | |
CN115640305A (en) | Fair and credible federal learning method based on block chain | |
Baza et al. | Privacy-preserving Blockchain-assisted private-parking scheme with efficient matching | |
Hou et al. | MPoR: A modified consensus for blockchain-based internet of vehicles | |
Sun et al. | An efficient and secure trading framework for shared charging service based on multiple consortium blockchains |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |