FINAL YEAR PROJECT LITERATURE

REVIEW

Towards a secure TTP based LBS system for

mobile user
Research and Development

Supervisor
Ms. Farzana Younas

Submitted By
FYP16IT-001
Tayyaba Javaid Info.tec-16021
Ayesha Rasool Info.tec-16025
Huma Afzal Info.tec-16008

Department of Computer Science

Government College Women University Sialkot
Nov, 2019
Towards a secure TTP based LBS system
for mobile user
Introduction:
Position based service system presently fascinate a lot of cell phone customer. LBS is an
assistance which determine the position of a cell phone devices also use that position to provide
services and data which is particular to that position. Location based service system is also used
in numerous phases such as health, commercial work, emergency and personal life. LBS can be
used to discover the nearest restaurant hospital or desired destination from your location
according to shortest path.
LBS have become popular in recent years. Location based service system uses three ways to
provide privacy by using TTP (Trusted Third Party) and NTTP (Non Trusted Third Party) and
P2P (Peer To Peer). In Trusted Third Party (TTP) based LBS system service provider has no idea
of actual location and real identities of the mobile user. Non trusted third party also used to
provide privacy but no fully dependent on the third party for providing privacy. Between the
LBS user and LBS server the TTP (Trusted Third Party) is used. In peer-to-peer every user
forward its location precisely to an LS.
A secure LBS system require to protect three fundamental matrices such as “Temporal
information”, “Spatial information” and the “user identity”. Spatial information includes user
position which must be protected. Temporal information contain user position and time
information. User identity include user name i.e. phone number, address etc.
Protecting privacy is an essential aim in designing location based service. However, user wants
to preserve the privacy and prevent tracking from unauthorized access. User ID, position
information (spatial) and the timing information (temporal) are the attributes which must be
protected. User’s issued information can be represented as a tuple (id, position, time). Goals for
protection state which attribute can be disclosed and which should be protected.
Background:
In the early 1970s, telecom operators developed E911 system in association with the US
Governments Federal Communications Commissions. This system was of the LBS’s emergency
calls assuring at some states in US were allowed to be expel to the suitable emergency call
room’s with the help of systems. This is just an instance of a location based system (LBS) having
small granularity of location data, but with the passage of time the same services was unable to
adjust with additional regulations and advanced technologies i.e. cell phones. As a result, not
only the granularity of the location data was further developed but also the services functionality
with the help of maps showing data [1].
Olivetti Research Ltd developed home of the first LBS as separate systems from E911 under the
vision of context-aware computing. In 1992, ORL developed a LBS to use Active Badge system
that would give information to receptionist about where the phone calls should be forwarded and
also enabling them forward call’s to nearest recipient [2].
The research in LBS was enhanced with the development of Active Badge system in Cambridge
which basically used indoor localisation systems and users adopting a small localisation device.
Until 1999, there was not any major development in the particular filed when AT and T
developed the Active Bat system. Later cricket system [3] was developed which went successful
in 2000, there were significant researchers in localisation techniques and other issues related to
LBS which focused on indoor systems. The basic of these researchers, a new research was led by
Microsoft with a paper giving description of a member of process performing localisation
through wireless LAN and which was called RADAR [4].A revival of LBS research and
development was resulted from an increased availability of cell phones having GPS, 3G
networks and the arrival of web 2.0 technologies in 2005. The fusion of cell phones with location
awareness along with booming social networking sites and online GIS mapping system has
emerged in a surge of activity in the areas of LBS.
In Sweden (Friend Finder, yellow pages, office location, emergency call location etc.) the initial
LBS services were started during 2001 by TeliaSonera and in Estonia (emergency call location,
friend finder, and TV game) by EMT. TeliaSonera and EMT based their services on the Ericsson
Mobile Positioning System (MPS).
The basic requirement of a LBS are five primary elements: service giver's program application, a
cell phone network for moving information and demand for new service, a content giver to
deliver these services to consumer with geo-distinct data, the customer cell phone device and a
positioning element (GPS).
In spite from being around since 2000 location based services have been adopt in buying and
selling along a subscription-based business design. Android operating system was enabled
delivery of Apple’s 3G iPhone and Google’s (LBS). With the help of this developers were
enabled to propose millions of new consumers to LBS [5]. Location based services accounting
for 58% overall for cell phones are reported from Nielson Mobile company in in North American
state.
Related work
Many techniques has been proposed by many authors that handle the privacy issues in TTP
Based LBS system. These techniques has protecting the privacy of the mobile user in its own
way. These approaches are as described in the below diagram:

Figure 1: Overview of TTP Based Techniques

Policy based scheme:
Policy-based schemes proposed by Jiang et al. [6] in which policies are created to assure the
privacy of customer when customer use the LBS structure. These policies are statements that
identify at what extent service provider can do with the mobile user private data. Service
provider issued the privacy policies. Decisions are made by users whether to accept these
policies or not. The statements of policies are based on many highly used language and concept.
User agreement with the service provider to make sure that what happened with the data that is
collected by them. With the help of agreement user come to know that what data is collected
with when it will share and how data can be distribute to third parties? In policies based scheme
control of protected data is in the user hand. User decide what when and how information about
him is reveal to the unknown person. The mobile user has a number of policies. They can choose
the policy carefully that satisfy his privacy concern.
The user can save some amount of money by relaying on the selected policy but the service
provider can hand over the user protected data to any one in exchange for money. So, the
proposed scheme is not better in order to save some amount of money.

Location cloaking:
Location cloaking [7, 8, 9] approach use a trusted location anonymizer in which cloaking region
is created and the cloaking region contains the position of the users and other k-1 neighbors.
Location cloaking approach protects the identity and spatial information. For example to know
the nearest hotel the user make request and pass the request to the middleware through the
mobile network. Then the trusted anonymizer which knows the real position of all users that use
the LBS system, firstly do the authentication so as to authenticate the requester and them create a
cloaking region (CR). Cloaking region containing the user actual location and its neighbor’s
location. Then, the location server receives that cloaking region which behaves as a trusted
Anonymizer. Location server (LS) is response to the whole CR. This approach is just deal with
the user identity and location. This approach is a 3-tier architecture as shown in figure below:
Anonymizer
LBS Client (Trusted Third LBS Server
Party)

Figure 2: Location Cloaking Scenario

Permanent conversation and remote checking of the user is compulsory to allow the Anonymizer
regularly renew the actual location of entire users of LBS system, that clearly violate the user
privacy. In the location cloaking the Anonymizer needs to protect the query time of user along
with his identity and positions.
Pseudonyms:
This technique proposed by Jiang et al. [10, 11] which used the pseudonyms to preserve the
position privacy in wireless interconnection domain. Between service providers and users
Pseudonymisers is a TTP. To receive the request of user and then pass toward service giver is
the basic purpose of this approach. It also replace customer true identity with fake one.
Therefore, the service provider is unaware of user real identity. It just stores the user true identity
with matched pseudonyms so that it response to the mobile user with a set of answers. Mostly,
LBS user can rely on this approach and can fully trust that their personal information is not
exposing along others. On every communication the mobile users use different pseudonyms.
Users use changing pseudonyms to stop an attacker from tracking. The limitation of pseudonyms
is that it increases the cost of providing the privacy. For the reason of increased cost user cannot
use this approach more.

P-sensitivity:
The concept of p-sensitivity [12] presented by Domingo-Ferrer et al. In this approach, 1/p is the
probability of the disclosed sensitive information of an individual user and1/k is the probability
of authentically recognize an individual user. Information loss is greater when p- sensitivity
impose on a dataset contrast to when the dataset is hided according to k-anonymity only. De-
linked each user request from its creator to distract attacker with the presence of more users in
cloaking region (CR) is a method to protect each user from location attack.
This approach describe a Greedy Algorithm that protects both identity exposure and attribute
exposure.

Route server:
The Route Server [13, 14] approach handover the actual and effective results for location
queries. To post a route query there are queries of P set {p1, p2, p3 ….. Pn} and here each query
(p) belongs to set P, it allows an attacker to create some incorrect data by recognizing the user’s
actual position information. In Route Server (RS) algorithm to enhance the privacy, have
presented a new precise approach which is AES-RS architecture. To increase the system
efficiency with respect to query reply time by reducing the amount of question requests was the
main goal of Route Server. The capability of RS was to keep accuracy although ignoring the
replicated calling to server and connected route API.

AES-RS Architecture:
This technique [13] is upgrade model that based on Route Server. It is based on the concept of
position dummy approach in which a number of dummy (fake) positions are created along with a
single user request. This architecture mainly conserve the LBS users’ true position from the
attacker. It dictate Lower limit (L) and Upper Limit (U) coordinates which makes the division of
the Grid (G) into the equal numbers of cells before sending a query to Location-based Services
(LBS) system. Here, each single cell (E, V) ∈ C presenting that an equal number of cells belongs
to the collection of Edges (E) also Vertices (V). In order toward make position dummies (fake
positions), vertices are computed far away from each cell and LBS users’ real position is
attached to one cell. AES-RS system performance increase and minimize after a specific time
interval. This changes raises the usage of LBS system on a server side. In the end, dummy (fake)
positions of k users are kept in an array along with an index of mobile users’ true position.

Mix Zone:
Mix Zone proposed by Beresford et al. Mix zone introduces an area in which user modify their
pseudonyms externally existence observed by attacker. User location does not expose
continuously for a long time alike that user upcoming location could be protected. For example,
in Fig. 3 A, B, C, D and E user enter the mix zone with pseudonyms from changed entrances and
same time exit with different pseudonyms F-J. Outsiders are not able to observe the connection
between previous and current pseudonyms.

Figure 3: An Example of Mix zone

For the protection of customer on road networks many available mix-zone scheme are unable to
give impressive mix-zone innovation.

Mobimix:
Palanisamy and Liu proposed the Mobimix technique [16] is the enhancement mix zone which
provides privacy in road networks by using the mix zone concept. They pay attention toward
information such as temporal and identity constraint that an adversary could use to derive route.
Mobile user’s timing information when they enter and exit in mix zone and non-uniformly
transformation take at road junction that information help the adversary to easily distinguish
between new and old pseudonyms. But when user spends random time in mix zone it guarantee
that there is no link between new and old pseudonyms. However, mix zone usually exposes
user’s information; for its users it does not ensure random duration.
Cryptography-based approaches:
Cryptography techniques [17] are used by many researchers for position traceable problem
prevention. The main concept of cryptography based technique is to use encryption and
decryption concept for personal information that must be deliver over a network. A query post
over the internet by mobile user having his personal data, encrypted at mobile user’s end by
implementation of particular algorithm. The identical algorithm is used for decryption at the
server side. The disadvantage of cryptography based approach is that it takes more time than the
system required during encryption and decryption. Time is very important factor in LBS system
to provide efficient results.

Private Information Retrieval (PIR):

Private information retrieval is used to further increase the user privacy. Cryptography based
approaches utilize the private information retrieval (PIR) to add and further increase the more
mobile users privacy [18]. This strategy assured that rather than defining their actual position,
user can define an area through service provider. In PIR a negotiate location server (LS) cannot
expose information about user’s personal location. Major drawback of PIR technique, however
computations on the shares, particularly range queries cannot be executed by the location server.

Position sharing:
Du¨rr et al. [19] introduced the concept of position sharing to achieve location based queries as
well as nearest- neighbor while preserving user location based private information. Position
sharing is a secure management to protect position based user information in non-trusted system.
The concept of position sharing location-based private information detach complicated position
information into positions shares, where each position share is restricted to describe position of
unconstrained precision. Another author Wernke et al. [20]. M., Durr [20] proposed position
sharing approach that further extends the framework to position sharing to reduce an adversary
from increasing the unconstrained rigor of location-based.

Dummy position:
The concept of dummy position proposed by Kido et al. [21, 22]. Dummy position is used to
defend the user real positions by dispatching different fake points of position to Location server
(LS) as well as the accurate positions of the user. On the other hand, in contrast, it is big
challenge to create a contra-distinguish dummies from the real positions of the users. Especially,
if an adversary has supplementary information map can track the user actual position for the long
time. The working of Figure2 illustrate that When a user post a query of asking most nearby
restaurant from point A to B then this proposed technique sends the user’s actual position with
multiple fake positions relevant to the new place. Then the LBS provider sends the lists of
restaurants to mobile user, which are nearest from point A to B. By simply, filtering out
unnecessary information on restaurants related to the fake (dummies) locations mobile users can
easily get the correct position.
 Figure 4: Example of dummy-based Technique
Enhanced technique to create dummies is also introduced by Shankar et al. [23]. In this user has
database about his consequential traffic which can allow user to generate further position which
cannot be differentiate from the actual position.

K-Anonymity:
Gruster and Grunwald [24] first time present the K-Anonymity approach to location based user
privacy preserving. K-Anonymity technique provide a wide range of common concept of
location privacy. The basic principal of K-Anonymity is that help the user to retain the integrity
of the user actual information. The essential view of K-Anonymity introduced by distinct
mechanism is to enhance the adaptability of K-Anonymity. For Example, historical K-
Anonymity [25] and I-diversity [26].In this techniques, an obfuscation region is used. This
region determined by the users that hold user’s true position and other k-1 users rather than
containing the user’s actual position. Due to delay, may be this proposed technique not
applicable for those services that require quick response. So there, location server in this
approach work as trustfulness entity. Moreover, re-description and user location tracking level of
risk can be minimized in this mechanism.

Figure 5: K-anonymity Scenario

In figure 3: we suppose mobile user Bob. Bob in his office and post a query to Location based
services system for the nearest restaurant. Bob meets nearest employ in LBS. Bob further
forward query Q to the Anonymizer. Anonymizer has the information about user’s real location.
Subsequently, rather than dispatching Bob’s current position to the location based service (LBS)
provider, then anonymizer mails current location to region R as defined in figure5. As well as,
the LBS service provider obtain region R then calculate over all employs that can be the nearest
neighbor of any point in region R. formerly, it is necessary to notify that service provider is
retained to the user that Bob is located internal a region R then there are no means to highlight
the mobile user (Bob) actual location as you can see in figure (B1, B2, B3, B4) and send toward
Anonymizer. The anonymizer use real position of Bob internal region R to filter out all the fake
points also then onward the current nearest neighbor (in this case B1) to Bob. In this point,
conclude that LBS preserve user privacy in very well way but it does not provide user
appropriate security against disclosure entities.
The basic concept of k-anonymity further enhanced the different techniques to increase a certain
level of user private information. The highlighted mechanism are strong k-anonymity, I-
diversity, t-closeness, p-sensitivity and historical k-anonymity.

Strong K-anonymity:
Zhang et al. [27] was proposed this approach. k-anonymity can be achieved by using the idea of
generalization and suppression. In generalization, there is a change in semantically dependable
value but it is less specific. In suppression, the tuples allow reducing the generalization amount
to achieve k-anonymity. This technique assurance of strong k-anonymity with less distorted
results. A value is exchanged by a trustworthy that is more general, less specific to the original
value. For example, the authenticate ZIP codes {05236, 05237} it can be notion to 0523*. It
indicates a semantically larger geographical area when banding the rightmost digit. So, strong k-
anonymity is not always satisfied by generalization even though all Data fly generalizations do
satisfy k-anonymity. For making this heuristic-based approach more work is required.

Historical k- anonymity:
Mascetti et al. identified this approach called a “historical k-anonymity” [28]. Main fundamental
of historical k-anonymity is that system contains the record of each user track movement and
when user requests, system efficiently use this record of user information to confect the
anonymity region. Historical k-anonymity defines an area that is mostly visited by a mobile user.
If they visit on daily base, user privacy can be violated. When a mobile user’s posts a query to
location based system (LBS) user sensitive information can easily traced in the system. For this
reason, security of a user privacy as well as user query content require an applicable and best
mechanism regarding k-anonymity framework. The following Figure: 4 descried operations
historical k-anonymity when a mobile user requests LBS as well as this request can easily reveal
the user’s sensitive information that based on his/her computed base trajectory.
 Figure 6: Historical K-anonymity

I-diversity:
This mechanism was assured to overthrow the boundaries of k-anonymity approach. This
technique was proposed by Bamba et al. [29]. This mechanism is an enhancement of k-
anonymity by using the k- anonymity principles. Hence this technique provides a maximum level
of distribution inside the group of data distributions attributes about sensitive values. Moreover,
this approach scares to avert the exposure attributes by the cause of certain relationship between
sensitive attributes. This mechanism requires a maximum level of privacy to secure the user
sensitive information.

t-closeness:
Machanavajjhala et al. [30] guarantees that t-closeness is a further improvement of I-diversity
approach. t-closeness is a diversity group which is used to protect user's information in data
collection by saving the grossness of a data based on anonymization. In this parameter t
represents the distance between particular disposal circulation inside the define cluster of all k-
users over all the sets of k-users. Hence, the define area should not be more than a secure
threshold t. The distance amongst the distributions is configured using Earth Mover Distance
(EMD). EMD is used to configure the define area between attributes in hierarchy domain
according to the sequence of the smallest value of generalization. Through EMD it is very
difficult to highlight closeness between attributes. Moreover, the basic prone about this approach
is the protection against homogeneity and background knowledge.
 Comparative Analysis:
We have read all previous approaches, now we are going to critically analyze these approaches
that are used to provide privacy in TTP based LBS system. The below table describe the short
description, strength and weakness of the given approaches.
Table1: Approaches for TTP based LBS system
Sr. Approaches Description Pros Cons
No
In policy based scheme In policies based scheme The user can save some
policies are created to control of protected data is in amount of money by
1. Policy based the user hand. User decide relaying on the selected
assure the privacy of
scheme what when and how policy but the service
customer when customer
information about him is provider can hand over the
use the LBS structure.
reveal to the unknown person. user protected data to any
These policies identify at
one in exchange for money.
what extent service provider
can do with the mobile user
private data.

Location cloaking approach Location server (LS) is Permanent conversation and

use as a trusted location response to the whole CR. remote checking of the user
2. Location anonymizer in which Location server is unaware is compulsory to allow the
Cloaking cloaking region is created and about the actual position of the Anonymizer regularly
the cloaking region contains user. update the actual location
the position of the users and of all the users of LBS
other k-1 neighbors. It protect system, that clearly violate
the user’s identity and
the user privacy.
location.

To receive the request of
user and then pass toward
3. Pseudonyms
the service giver is the
basic purpose of this
approach. It also replaces
mobile user true identity
along the fake one.
In p-sensitivity, 1/k is the
probability of authentically
4. P-sensitivity recognize an individual user
and 1/p is the probability of
the disclosed sensitive
information of an individual
user.
LBS user can rely on this
approach and can fully trust
that their private data is not
exposing along others.
De-linked each user request
from its creator to distract
attacker with the presence
of more users inside the
(CR) is a method to protect
each user from location
The limitation of
pseudonyms is that it
increases the cost of
providing the privacy.
This approach present a
greedy algorithm against the
both identity expose and
attribute expose.
 attack.

The Route Server approach The capability of RS was to In Route Server (RS)
handover the actual and keep accuracy although algorithm to enhance the
effective results for location ignoring the replicated privacy, have presented a
Route server queries. calling to server and new precise technique which
5.
is AES-RS architecture.
connected route API.
This technique is upgrade This architecture mainly AES-RS system
model that based on Route conserve the LBS users’ true performance increase and
AES-RS minimize after a specific
Server. It is based on the position from the attacker.
Architecture time interval. This changes
6. concept of position dummy
raises the usage of LBS
approach in which a
system on a server side.
number of dummy (fake)
positions are created along
with an index of mobile
users’ true position.
Mix zone introduces an This technique provide For the protection of users
area in which without protection on identity and on road networks many
7. Mix Zone
being observed by attacker spatial constraints. available mix-zone
user modify their proposals are unable to
pseudonyms give impressive mix-zone
algorithms.
Mobimix is the Mobimix applies the concept When user enter and exit in
enhancement mix zone of mix zone to road networks mix zone and non-uniformly
8. Mobimix transformation take at road
which provides privacy in for.
road networks by using the junction that information
help the adversary to easily
mix zone concept.
distinguish between new and
old pseudonyms.

The main concept of Cryptography techniques are The disadvantage of

cryptography based used by many researchers for cryptography based
9. Cryptograph position traceable problem approach is that it use
technique is to use
y-based prevention. greater time than the system
encryption and decryption
approach need during encryption and
concept for personal
decryption.
information that must be
deliver over a network.
 Cryptography based Provide suitable privacy Provide low LBS server
10. Private approach utilize the most against the optimal and efficiency and also very
Information personal information consideration/background- difficult to implement on
Retrieval retrieval (PIR) and further linking attacks and also portable devices.
(PIR) increase the level of more Supports spatial based
mobile users privacy. information queries.

Position sharing location- Position shares are delivered Position sharing Location
11. Position based splits up obfuscated inside a collection of non- server has a limited
sharing real location data toward trusted third party system. information of precision.
position shares.

Dummy position defend Dummy positions protect In dummy positions, a big

12. Dummy the user real position by the user Id’s and spatial challenge is to create a
positions dispatching different fake information. contra-distinguish
positions to Location based dummies from the real
server (LBS) as well as the positions of the users.
accurate positions of the Especially, if an adversary
user. has supplementary
information.

K-Anonymity helps the Provide a wide range It protect against user

13. K- user to retain the integrity common concept of location identity exposure. But not
Anonymity of the user actual privacy and increase the protect other attributes
information. efficiency of K- anonymity. information.

K-anonymity can be This mechanism assure By using generalization

14. Strong K- achieved using strong K- anonymity with and suppression, less its
anonymity generalization and minimize distorted computational efficiency.
suppression. This computational results.
technique assurance of
strong k- anonymity with
less distorted results.
 Historical k- anonymity In this approach, maintain In historical k- anonymity
15. Historical k- contain the record of each the record of each track user privacy can be easy
anonymity user movement and movement and system also violate if user visit daily
represent an area that is used this record efficiently base same area.
mostly hit (visited) by a to confect the anonymity
mobile user. based region.

This technique provides a Increase the data protection I-diversity may be

16. I-diversity maximum level of through providing a better unimportant to obtain. I-
distribution about sensitive distribution of sensitive diversity mechanism is
values inside the group of attributes within define incompetent to secure
data distributions attributes index. discloser attributes.

An enhancement of I- t-closeness reduce Earth Mover’s Distance

17. t-closeness diversity approach is I-
diversity. I-diversity. This
mechanism minimize the
granularity of interpreted
data.
interrelation inside the (EMD) is not suitable to
Quasi-identifier and most highlight closeness
sensitive attributes. between t- attributes.
References
[1] Woody, L.A., Acker, L., Curran, W., Susi, S., Velazquez, M.: The Impact of the FCC's
Position on Wireless E911.
[2] Hightower, J., Borriello, G.: A Survey and Taxonomy of Location Systems for Ubiquitous
Computing. (2001) 57—66
[3] Priyantha, N.B., Chakraborty, A., Balakrishnan, H.: The Cricket location-support system.
Mobile computing and networking. ACM, Boston, Massachusetts, United States (2000)
[4] Bahl, P., Padmanabhan, V.N.: RADAR: an in-building RF-based user location and tracking
system. (2000)
[5] Anind Dey; Jeffrey Hightower; Eyal de Lara; Nigel Davies (2010). "Location-Based
Services". Pervasive Computing. 9: 11–12.
[6] Agusti Solanas, J. D.-F.-B. (n.d.). Location Privacy in Location-Based Services: Beyond
TTP-based Schemes
[7] Neeta B. Bhongade, G. P. (2015). A Review of Privacy Preserving LBS: Study of Well-
Suited Approaches. International Journal of Engineering Trends and Technology (IJETT), 62-65.
[8] M. Gruteser and D. Grunwald, “Anonymous Usage of Location Based Services through
Spatial and Temporal Cloaking,” Proceedings of the 1st International Conference on Mobile
Systems, Applications and Services, San Francisco, 5-8 May 2003, pp. 31-42.
[9] Muhammad Usman Ashraf, Rida Qayyum, And Ejaz, H, “STATE-OF THE ART,
CHALLENGES; PRIVACY PROVISIONING IN TTP BASED SERVICES SYSTEM”,
International Journal of Advance Research in Computer Science, Volume 10, No.2, pp. 68-75,
2019.
[10] Agusti Solanas, J. D.-F.-B. (n.d.). Location Privacy in Location-Based Services: Beyond
TTP-based Schemes.
[11] Jiang T, Wang HJ, Hu YC. Preserving location privacy in wireless lans. In Proceedings of
the 5th International Conference on Mobile Systems. Applications and Services. 2007;246–257.
[12] Solanas, A., Seb´e, F., Domingo-Ferrer, J.: Micro-aggregationbased heuristics for p
sensitive k-anonymity: one step beyond. In: Proceedings of the 2008 international workshop on
Privacy and anonymity in information society (PAIS ’08), New York, NY, USA, ACM (2008)
61–69
[13] Mohamad Shady Alrahhal, A. A., & Muhammad Usman Ashraf, S.A. (17). AES-Route
Server Model for Location based services in Road Network. (IJACSA) International Journal of
Advanced Computer Science and Applications, 361-368. DOI: 10.12569/IJCSA.2007.080847.
[14] A. Civilis, C.S. Jensen, and S. Pakalnis. “Techniques for efficient road network-based
tracking of moving objects.”Knowledge and Data Engineering, IEEE Transactions on 17.5
(2005): 698-712.
[15] Muhammad Usman Ashraf, Rida Qayyum, And Ejaz, H, “STATE-OF THE ART,
CHALLENGES; PRIVACY PROVISIONING IN TTP BASED SERVICES SYSTEM”,
International Journal of Advance Research in Computer Science, Volume 10, No.2, pp. 68-75,
2019.
[16] Palanisamy, B., Liu, L.: Mobimix: Protecting location privacy with mix-zones over road
networks. In: Proceedings of the 2011 IEEE 27th International Conference on Data Engineering.
ICDE ’11, Washington, DC, USA, IEEE Computer Society (2011) 494–505
[17] D. Zhang, C.-Y. Chow, Q. Li, X. Zhang, and Y. Xu, “SMashQ: Spatial mashup framework
for k-NN queries in time-dependent road networks,”Distrib. Parallel Databases, vol. 31, pp. 259–
287, 2012.
[18] Ghinita, G., Kalnis, P., Khoshgozaran, A., Shahabi, C., & Tan, K. L. (2008). Private queries
in location based services: anonymizer are not necessary. Proceedings of the 2008 ACM
SIGMOD International Conference on Management of Data (pp. 121–132).

[19] Du¨rr, F., Skvortsov, P., Rothermel, K.: Position sharing for location privacy in non- trusted
systems. In: Proceedings of the 9th IEEE International Conference on Pervasive Computing and
Communications (PerCom 2011), Seattle, USA (March 2011)
[20] Wernke, M., Du¨rr, F., Rothermel, K.: PShare: position sharing for location privacy based
on Multi-Secret sharing. In: Proceedings of the 10th IEEE International Conference on Pervasive
Computing and Communications (PerCom 2012), Lugano, Switzerland (March 2012)
[21] Kido, H., Yanagisawa, Y., Satoh, T.: An anonymous communication technique using
dummies for location-based services. In: Proceedings of the International Conference on
Pervasive Services (ICPS ’05). (July 11–14, 2005) 88–97.
[22] H. Lu, C. S. Jensen, and M. L. Yiu, ‘‘PAD: Privacy-area aware, dummy based location
privacy in mobile services,’’ in Proc. 7th ACM Int. Workshop Data Eng. Wireless Mobile
Access, 2008, pp. 16–23
[23] Shankar, P., and Ganapathy, V., Iftode, L.: Privately querying location-based services with
sybilquery. In: International Conference on Ubiquitous Computing (UbiComp 2009). (2009) 31–
40
[24] Gruteser, M., Grunwald, D.: Anonymous usage of location- based services through spatial
and temporal cloaking. In: Proceedings of the 1st international conference on Mobile systems,
applications and services (MobiSys ’03), New York, NY, USA, ACM (2003) 31–42.
[25] Bettini, C., Mascetti, S., Wang, X. S., Freni, D., & Jajodia, S. (2009). Anonymity and
historical-anonymity in location-based services. Privacy in Location-Based Applications, 1–30.
[26] Machanavajjhala, A., Kifer, D., Gehrke, J., & Venkitasubramaniam, M. (2007). I-diversity:
Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data, 1(1), 3.
[27] Zhang, C., Huang, Y: Cloaking locations for anonymous location based services: a hybrid
approach. Geoinformatica 13(2) (June 2009) 159–182
[28] Mascetti, S., Bettini, C., Wang, X.S., Freni, D., Jajodia, S.: Providenthider: An algorithm to
preserve historical k-anonymity in lbs. In: IEEE International Conference on Mobile Data
Management (MDM 2009). Volume 0. Los Alamitos, CA, USA, IEEE Computer Society (2009)
172–181
[29] Bamba, B., Liu, L., Pesti, P., Wang, T.: Supporting anonymous location queries in mobile
environments with privacygrid. In: Proceeding of the 17th international conference on World
Wide Web (WWW ’08), New York, NY, USA, ACM (2008) 237–246
[30] Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-
diversity. In: Proceedings of the IEEE 23rd International Conference on Data Engineering (ICDE
2007). (April 15–20, 2007) 106–115