Professional Documents
Culture Documents
Literature Review Last Last
Literature Review Last Last
REVIEW
Supervisor
Ms. Farzana Younas
Submitted By
FYP16IT-001
Tayyaba Javaid Info.tec-16021
Ayesha Rasool Info.tec-16025
Huma Afzal Info.tec-16008
Location cloaking:
Location cloaking [7, 8, 9] approach use a trusted location anonymizer in which cloaking region
is created and the cloaking region contains the position of the users and other k-1 neighbors.
Location cloaking approach protects the identity and spatial information. For example to know
the nearest hotel the user make request and pass the request to the middleware through the
mobile network. Then the trusted anonymizer which knows the real position of all users that use
the LBS system, firstly do the authentication so as to authenticate the requester and them create a
cloaking region (CR). Cloaking region containing the user actual location and its neighbor’s
location. Then, the location server receives that cloaking region which behaves as a trusted
Anonymizer. Location server (LS) is response to the whole CR. This approach is just deal with
the user identity and location. This approach is a 3-tier architecture as shown in figure below:
Anonymizer
LBS Client (Trusted Third LBS Server
Party)
Permanent conversation and remote checking of the user is compulsory to allow the Anonymizer
regularly renew the actual location of entire users of LBS system, that clearly violate the user
privacy. In the location cloaking the Anonymizer needs to protect the query time of user along
with his identity and positions.
Pseudonyms:
This technique proposed by Jiang et al. [10, 11] which used the pseudonyms to preserve the
position privacy in wireless interconnection domain. Between service providers and users
Pseudonymisers is a TTP. To receive the request of user and then pass toward service giver is
the basic purpose of this approach. It also replace customer true identity with fake one.
Therefore, the service provider is unaware of user real identity. It just stores the user true identity
with matched pseudonyms so that it response to the mobile user with a set of answers. Mostly,
LBS user can rely on this approach and can fully trust that their personal information is not
exposing along others. On every communication the mobile users use different pseudonyms.
Users use changing pseudonyms to stop an attacker from tracking. The limitation of pseudonyms
is that it increases the cost of providing the privacy. For the reason of increased cost user cannot
use this approach more.
P-sensitivity:
The concept of p-sensitivity [12] presented by Domingo-Ferrer et al. In this approach, 1/p is the
probability of the disclosed sensitive information of an individual user and1/k is the probability
of authentically recognize an individual user. Information loss is greater when p- sensitivity
impose on a dataset contrast to when the dataset is hided according to k-anonymity only. De-
linked each user request from its creator to distract attacker with the presence of more users in
cloaking region (CR) is a method to protect each user from location attack.
This approach describe a Greedy Algorithm that protects both identity exposure and attribute
exposure.
Route server:
The Route Server [13, 14] approach handover the actual and effective results for location
queries. To post a route query there are queries of P set {p1, p2, p3 ….. Pn} and here each query
(p) belongs to set P, it allows an attacker to create some incorrect data by recognizing the user’s
actual position information. In Route Server (RS) algorithm to enhance the privacy, have
presented a new precise approach which is AES-RS architecture. To increase the system
efficiency with respect to query reply time by reducing the amount of question requests was the
main goal of Route Server. The capability of RS was to keep accuracy although ignoring the
replicated calling to server and connected route API.
AES-RS Architecture:
This technique [13] is upgrade model that based on Route Server. It is based on the concept of
position dummy approach in which a number of dummy (fake) positions are created along with a
single user request. This architecture mainly conserve the LBS users’ true position from the
attacker. It dictate Lower limit (L) and Upper Limit (U) coordinates which makes the division of
the Grid (G) into the equal numbers of cells before sending a query to Location-based Services
(LBS) system. Here, each single cell (E, V) ∈ C presenting that an equal number of cells belongs
to the collection of Edges (E) also Vertices (V). In order toward make position dummies (fake
positions), vertices are computed far away from each cell and LBS users’ real position is
attached to one cell. AES-RS system performance increase and minimize after a specific time
interval. This changes raises the usage of LBS system on a server side. In the end, dummy (fake)
positions of k users are kept in an array along with an index of mobile users’ true position.
Mix Zone:
Mix Zone proposed by Beresford et al. Mix zone introduces an area in which user modify their
pseudonyms externally existence observed by attacker. User location does not expose
continuously for a long time alike that user upcoming location could be protected. For example,
in Fig. 3 A, B, C, D and E user enter the mix zone with pseudonyms from changed entrances and
same time exit with different pseudonyms F-J. Outsiders are not able to observe the connection
between previous and current pseudonyms.
Mobimix:
Palanisamy and Liu proposed the Mobimix technique [16] is the enhancement mix zone which
provides privacy in road networks by using the mix zone concept. They pay attention toward
information such as temporal and identity constraint that an adversary could use to derive route.
Mobile user’s timing information when they enter and exit in mix zone and non-uniformly
transformation take at road junction that information help the adversary to easily distinguish
between new and old pseudonyms. But when user spends random time in mix zone it guarantee
that there is no link between new and old pseudonyms. However, mix zone usually exposes
user’s information; for its users it does not ensure random duration.
Cryptography-based approaches:
Cryptography techniques [17] are used by many researchers for position traceable problem
prevention. The main concept of cryptography based technique is to use encryption and
decryption concept for personal information that must be deliver over a network. A query post
over the internet by mobile user having his personal data, encrypted at mobile user’s end by
implementation of particular algorithm. The identical algorithm is used for decryption at the
server side. The disadvantage of cryptography based approach is that it takes more time than the
system required during encryption and decryption. Time is very important factor in LBS system
to provide efficient results.
Position sharing:
Du¨rr et al. [19] introduced the concept of position sharing to achieve location based queries as
well as nearest- neighbor while preserving user location based private information. Position
sharing is a secure management to protect position based user information in non-trusted system.
The concept of position sharing location-based private information detach complicated position
information into positions shares, where each position share is restricted to describe position of
unconstrained precision. Another author Wernke et al. [20]. M., Durr [20] proposed position
sharing approach that further extends the framework to position sharing to reduce an adversary
from increasing the unconstrained rigor of location-based.
Dummy position:
The concept of dummy position proposed by Kido et al. [21, 22]. Dummy position is used to
defend the user real positions by dispatching different fake points of position to Location server
(LS) as well as the accurate positions of the user. On the other hand, in contrast, it is big
challenge to create a contra-distinguish dummies from the real positions of the users. Especially,
if an adversary has supplementary information map can track the user actual position for the long
time. The working of Figure2 illustrate that When a user post a query of asking most nearby
restaurant from point A to B then this proposed technique sends the user’s actual position with
multiple fake positions relevant to the new place. Then the LBS provider sends the lists of
restaurants to mobile user, which are nearest from point A to B. By simply, filtering out
unnecessary information on restaurants related to the fake (dummies) locations mobile users can
easily get the correct position.
Figure 4: Example of dummy-based Technique
Enhanced technique to create dummies is also introduced by Shankar et al. [23]. In this user has
database about his consequential traffic which can allow user to generate further position which
cannot be differentiate from the actual position.
K-Anonymity:
Gruster and Grunwald [24] first time present the K-Anonymity approach to location based user
privacy preserving. K-Anonymity technique provide a wide range of common concept of
location privacy. The basic principal of K-Anonymity is that help the user to retain the integrity
of the user actual information. The essential view of K-Anonymity introduced by distinct
mechanism is to enhance the adaptability of K-Anonymity. For Example, historical K-
Anonymity [25] and I-diversity [26].In this techniques, an obfuscation region is used. This
region determined by the users that hold user’s true position and other k-1 users rather than
containing the user’s actual position. Due to delay, may be this proposed technique not
applicable for those services that require quick response. So there, location server in this
approach work as trustfulness entity. Moreover, re-description and user location tracking level of
risk can be minimized in this mechanism.
Strong K-anonymity:
Zhang et al. [27] was proposed this approach. k-anonymity can be achieved by using the idea of
generalization and suppression. In generalization, there is a change in semantically dependable
value but it is less specific. In suppression, the tuples allow reducing the generalization amount
to achieve k-anonymity. This technique assurance of strong k-anonymity with less distorted
results. A value is exchanged by a trustworthy that is more general, less specific to the original
value. For example, the authenticate ZIP codes {05236, 05237} it can be notion to 0523*. It
indicates a semantically larger geographical area when banding the rightmost digit. So, strong k-
anonymity is not always satisfied by generalization even though all Data fly generalizations do
satisfy k-anonymity. For making this heuristic-based approach more work is required.
Historical k- anonymity:
Mascetti et al. identified this approach called a “historical k-anonymity” [28]. Main fundamental
of historical k-anonymity is that system contains the record of each user track movement and
when user requests, system efficiently use this record of user information to confect the
anonymity region. Historical k-anonymity defines an area that is mostly visited by a mobile user.
If they visit on daily base, user privacy can be violated. When a mobile user’s posts a query to
location based system (LBS) user sensitive information can easily traced in the system. For this
reason, security of a user privacy as well as user query content require an applicable and best
mechanism regarding k-anonymity framework. The following Figure: 4 descried operations
historical k-anonymity when a mobile user requests LBS as well as this request can easily reveal
the user’s sensitive information that based on his/her computed base trajectory.
Figure 6: Historical K-anonymity
I-diversity:
This mechanism was assured to overthrow the boundaries of k-anonymity approach. This
technique was proposed by Bamba et al. [29]. This mechanism is an enhancement of k-
anonymity by using the k- anonymity principles. Hence this technique provides a maximum level
of distribution inside the group of data distributions attributes about sensitive values. Moreover,
this approach scares to avert the exposure attributes by the cause of certain relationship between
sensitive attributes. This mechanism requires a maximum level of privacy to secure the user
sensitive information.
t-closeness:
Machanavajjhala et al. [30] guarantees that t-closeness is a further improvement of I-diversity
approach. t-closeness is a diversity group which is used to protect user's information in data
collection by saving the grossness of a data based on anonymization. In this parameter t
represents the distance between particular disposal circulation inside the define cluster of all k-
users over all the sets of k-users. Hence, the define area should not be more than a secure
threshold t. The distance amongst the distributions is configured using Earth Mover Distance
(EMD). EMD is used to configure the define area between attributes in hierarchy domain
according to the sequence of the smallest value of generalization. Through EMD it is very
difficult to highlight closeness between attributes. Moreover, the basic prone about this approach
is the protection against homogeneity and background knowledge.
Comparative Analysis:
We have read all previous approaches, now we are going to critically analyze these approaches
that are used to provide privacy in TTP based LBS system. The below table describe the short
description, strength and weakness of the given approaches.
Table1: Approaches for TTP based LBS system
Sr. Approaches Description Pros Cons
No
In policy based scheme In policies based scheme The user can save some
policies are created to control of protected data is in amount of money by
1. Policy based the user hand. User decide relaying on the selected
assure the privacy of
scheme what when and how policy but the service
customer when customer
information about him is provider can hand over the
use the LBS structure.
reveal to the unknown person. user protected data to any
These policies identify at
one in exchange for money.
what extent service provider
can do with the mobile user
private data.
To receive the request of LBS user can rely on this The limitation of
user and then pass toward approach and can fully trust pseudonyms is that it
3. Pseudonyms
the service giver is the that their private data is not increases the cost of
basic purpose of this exposing along others. providing the privacy.
approach. It also replaces
mobile user true identity
along the fake one.
In p-sensitivity, 1/k is the De-linked each user request This approach present a
probability of authentically from its creator to distract greedy algorithm against the
4. P-sensitivity recognize an individual user both identity expose and
attacker with the presence
and 1/p is the probability of of more users inside the attribute expose.
the disclosed sensitive
(CR) is a method to protect
information of an individual
each user from location
user.
attack.
The Route Server approach The capability of RS was to In Route Server (RS)
handover the actual and keep accuracy although algorithm to enhance the
effective results for location ignoring the replicated privacy, have presented a
Route server queries. calling to server and new precise technique which
5.
is AES-RS architecture.
connected route API.
This technique is upgrade This architecture mainly AES-RS system
model that based on Route conserve the LBS users’ true performance increase and
AES-RS minimize after a specific
Server. It is based on the position from the attacker.
Architecture time interval. This changes
6. concept of position dummy
raises the usage of LBS
approach in which a
system on a server side.
number of dummy (fake)
positions are created along
with an index of mobile
users’ true position.
Mix zone introduces an This technique provide For the protection of users
area in which without protection on identity and on road networks many
7. Mix Zone
being observed by attacker spatial constraints. available mix-zone
user modify their proposals are unable to
pseudonyms give impressive mix-zone
algorithms.
Mobimix is the Mobimix applies the concept When user enter and exit in
enhancement mix zone of mix zone to road networks mix zone and non-uniformly
8. Mobimix transformation take at road
which provides privacy in for.
road networks by using the junction that information
help the adversary to easily
mix zone concept.
distinguish between new and
old pseudonyms.
Position sharing location- Position shares are delivered Position sharing Location
11. Position based splits up obfuscated inside a collection of non- server has a limited
sharing real location data toward trusted third party system. information of precision.
position shares.
[19] Du¨rr, F., Skvortsov, P., Rothermel, K.: Position sharing for location privacy in non- trusted
systems. In: Proceedings of the 9th IEEE International Conference on Pervasive Computing and
Communications (PerCom 2011), Seattle, USA (March 2011)
[20] Wernke, M., Du¨rr, F., Rothermel, K.: PShare: position sharing for location privacy based
on Multi-Secret sharing. In: Proceedings of the 10th IEEE International Conference on Pervasive
Computing and Communications (PerCom 2012), Lugano, Switzerland (March 2012)
[21] Kido, H., Yanagisawa, Y., Satoh, T.: An anonymous communication technique using
dummies for location-based services. In: Proceedings of the International Conference on
Pervasive Services (ICPS ’05). (July 11–14, 2005) 88–97.
[22] H. Lu, C. S. Jensen, and M. L. Yiu, ‘‘PAD: Privacy-area aware, dummy based location
privacy in mobile services,’’ in Proc. 7th ACM Int. Workshop Data Eng. Wireless Mobile
Access, 2008, pp. 16–23
[23] Shankar, P., and Ganapathy, V., Iftode, L.: Privately querying location-based services with
sybilquery. In: International Conference on Ubiquitous Computing (UbiComp 2009). (2009) 31–
40
[24] Gruteser, M., Grunwald, D.: Anonymous usage of location- based services through spatial
and temporal cloaking. In: Proceedings of the 1st international conference on Mobile systems,
applications and services (MobiSys ’03), New York, NY, USA, ACM (2003) 31–42.
[25] Bettini, C., Mascetti, S., Wang, X. S., Freni, D., & Jajodia, S. (2009). Anonymity and
historical-anonymity in location-based services. Privacy in Location-Based Applications, 1–30.
[26] Machanavajjhala, A., Kifer, D., Gehrke, J., & Venkitasubramaniam, M. (2007). I-diversity:
Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data, 1(1), 3.
[27] Zhang, C., Huang, Y: Cloaking locations for anonymous location based services: a hybrid
approach. Geoinformatica 13(2) (June 2009) 159–182
[28] Mascetti, S., Bettini, C., Wang, X.S., Freni, D., Jajodia, S.: Providenthider: An algorithm to
preserve historical k-anonymity in lbs. In: IEEE International Conference on Mobile Data
Management (MDM 2009). Volume 0. Los Alamitos, CA, USA, IEEE Computer Society (2009)
172–181
[29] Bamba, B., Liu, L., Pesti, P., Wang, T.: Supporting anonymous location queries in mobile
environments with privacygrid. In: Proceeding of the 17th international conference on World
Wide Web (WWW ’08), New York, NY, USA, ACM (2008) 237–246
[30] Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-
diversity. In: Proceedings of the IEEE 23rd International Conference on Data Engineering (ICDE
2007). (April 15–20, 2007) 106–115