CN105246072A - User position privacy protection method under road network environment and system thereof - Google Patents
User position privacy protection method under road network environment and system thereof Download PDFInfo
- Publication number
- CN105246072A CN105246072A CN201510550941.7A CN201510550941A CN105246072A CN 105246072 A CN105246072 A CN 105246072A CN 201510550941 A CN201510550941 A CN 201510550941A CN 105246072 A CN105246072 A CN 105246072A
- Authority
- CN
- China
- Prior art keywords
- section
- anonymous
- user
- district
- road network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a user position privacy protection method under the road network environment and a system thereof, and relates to mobile terminal position safety. According to method, position privacy and inquiring privacy of a mobile communication terminal are considered, road segment diversity is considered in the aspect of position privacy, and sensitive inquiring privacy is protected by setting the upper limit value of probability of sensitive inquiring. Voronoi graph partition is performed on a road network according to node dimension and the minimal road segment requirement of an anonymity set is formed. Average information entropy and probability of sensitive inquiring are calculated, and road segments are continuously added in an anonymous box if the requirement of average information entropy and probability of sensitive inquiring is not met. According to the method, two levels of security can be greatly protected for users, which is quite close to the real user privacy protection requirement. The user position privacy protection method under the road network environment and the system thereof can be applied to a mobile terminal privacy protection system under the road network environment.
Description
Technical field
The present invention relates to the method and system of road network secret protection in a kind of communication of mobile terminal security fields.
Background technology
The fast development of mobile communication and location technology, making to obtain personnel location information by wireless device becomes possibility, and location Based service (LocationBasedService, LBS) is occurred and develops.It is various convenient, fast that user can enjoy that LBS brings, and user needs the precise position information providing oneself to location server simultaneously, and this will directly cause the leakage of customer position information.In conjunction with the background knowledge of mobile subscriber, assailant can infer the personal information of mobile subscriber from the LBS query contents of mobile subscriber, as privacy informations such as personal lifestyle custom, political orientation, history of disease, location privacy and the inquiry privacy of mobile subscriber are all on the hazard.The development of Euclidean space upper/lower positions method for secret protection is very rapid, has formed a more complete system configuration of ratio.In daily life, no matter people's walking or use the various vehicles, always follows fixing road network and carries out activity, under the activity of people is constrained on certain regional environment.Under the target that location privacy protection is studied starts to turn to road network environment.
In secret protection, the various algorithms based on the anonymous thought of space k are constantly suggested, and because its anonymous effect is better, obtains and apply widely.K anonymity in space is the mode of a kind of collective anonymity, request anonymous is formed anonymous frame together with other k-1 user, spatially carries out obfuscation to the actual position of user, thus reach the protection to actual position.For road network environment; section diversity (l-diversity) in anonymous frame can be avoided all users in anonymous frame to be positioned at a section thus cause the risk of customer location privacy leakage; the anonymous anonymous methods such as honeycomb, Voronoi diagram root is taked to satisfy the need the means that web area divides by node dimension, can protect section diversity well.Inquiry secret protection aspect, if the user of same queries content is more in anonymous frame, once relate to sensitive information inquiry, this increases the risk of inquiry privacy leakage undoubtedly.Inquiry diversity (p-diversity) can effectively prevent sensitive queries information leakage; sensitive information probabilistic model is suggested; when forming accurate anonymous collection, calculating sensitive information inquiry probability, then continuing to add section to anonymity collection when sensitive queries protection can not be met to be required.
Voronoi diagram root method, before carrying out section search, by V district number of users and the comparison of user anonymity demand, just needs to carry out the expansion of V district once not reach number of users requirement; In addition in the search section stage, will continue to continue interpolation section to accurate anonymous collection if do not meet number of users demand behind accurate anonymous collection interpolation section.Be that increasing of resource consumption all can be caused in the expansion of V district or continuation interpolation section, particularly V district expansion, can cause the increase in anonymous region thus service quality is declined.In the interpolation section stage, unavoidably make anonymous region increase if the whole piece section in V district to be added anonymous set, thus reduce service quality.
Summary of the invention
The present invention is directed to traditional algorithm only consider the safety protection problem of location privacy protection or inquiry secret protection single aspect and anonymous region excessive, in road network customer location privacy and inquiry privacy leakage, the increase in anonymous region makes service quality decline problem.Customer location secret protection and querying method under a kind of road network environment are proposed.The method take into account location privacy and the inquiry privacy of mobile communication terminal, in location privacy, take into account section diversity; At query aspects, by arranging sensitive queries probability higher limit, sensitive queries privacy is protected.Utilize the method to carry out Voronoi diagram root according to node dimension to road network at pretreatment stage, so just can ensure the minimum section requirement forming anonymous collection; After forming anonymous frame, calculating average information entropy and sensitive queries probability, do not meet average information entropy and sensitive queries probability demands then continues to add section to anonymous frame; Adding to need after section to aim at anonymous collection number of users and maximum user anonymity demand is compared, if just lack little user, ensures the demand of number of users aspect by generating bogus subscriber; When selecting section to add accurate anonymous collection, the part only selecting section to be positioned at V district adds accurate anonymous collection, instead of whole piece section is added anonymous collection.The method can be good at the safety ensureing user's two aspects, and this is very close with the privacy of user protection demand in reality.The present invention can to apply under road network environment in mobile terminal intimacy protection system.The present invention with the addition of bogus subscriber's generation module, judges in needs V district expansion and adding before section, if number of users lack be not a lot of situation under, a small amount of bogus subscriber can be added, corresponding amount of calculation and unnecessary expense will be reduced like this; Before interpolation section, first carry out the calculating of sensitive information entropy, if be less than preset value, do not add this section, this overhead of comparing again after carrying out sequence of operations after just avoiding adding and producing; When adding section, the part only section being belonged to this V district adds accurate anonymous collection to, and this will effectively be avoided the problem causing anonymous frame excessive because part way is long, improve service quality.
Concrete technical scheme of the present invention is: the customer location intimacy protection system under a kind of road network environment, this system comprises: user side, center anonymous server, location-based service providing end, wherein, center anonymous server comprises: pretreatment module, secret protection module and result refinement module, user side proposes anonymous request to center anonymous server, the section at anonymous server pretreatment module Location Request user place, center and V district, road network figure is divided, form V figure, the section at Location Request user place and V district, secret protection module forms anonymous collection according to user side request, again anonymity collection is sent to location-based service providing end, location-based service providing end is inquired about neighbouring point of interest according to the query contents of user, and Query Result is sent to center anonymous server, and center anonymous server obtains exact position according to Query Result and result sent to user side to complete inquiry, propose in anonymous request process at user side, when number of users is not enough, center anonymous server secret protection module is carried out the expansion of V district or is generated bogus subscriber, utilizes average information entropy and sensitive information probability to realize anti-limit power and attacks and inquiry secret protection.
One of them embodiment of the present invention comprises further, and section and the V district at pretreatment module Location Request user place comprise further: obtain road network limit data Edges and road network point data Nodes; Be the index three groups of data NEdges comprising section numbering, two nodes by road network limit data processing, road network point data is treated to and comprises node serial number ID, latitude value, longitude three groups of data NNodes; Using NEdges, NNodes as input, the mobile object maker based on road network is utilized to generate user data User; Road network figure G (V, E) is divided into V figure; Calculate user to the distance in each section, section corresponding to minimum distance is the section at user place; Calculate the distance in each V district in user to V figure, V district corresponding to minimum distance is the V district at user place.
One of them embodiment of the present invention comprises further, and secret protection module forms anonymous collection according to user side request and comprises further: secret protection module polls database, section, consumer positioning place number and V area code; If request user does not exist existing anonymous frame, by the section LID at request user place
0add accurate anonymous set C
zhun, and according to the anonymous demand k of i-th user
iwith anonymous section number demand l
i, call formula: k
s=max (k
i), l
s=max (l
i) upgrade anonymous aggregate user demand and obtain maximum number of user demand k in anonymous frame
swith maximum section number demand l
s; Calculate the number of users e on Nei Meitiao section, V district
1, e
2, e
3..., e
pobtain section weights, the section that section weights are minimum generates requisite number object bogus subscriber; L is selected near request section, user place
s+ σ bar section forms Candidate Set, and the part way selecting request user section to be positioned at V district from Candidate Set adds accurate anonymous set C
zhun.
One of them embodiment of the present invention comprises further, described carry out the expansion of V district or generate bogus subscriber comprise further: the section that number of users is minimum in V district generates requisite number object bogus subscriber, when asking there is un-added V district near V district, user place, neighbouring un-added V district and V district, this request user place are merged, forms new V district;
One of them embodiment of the present invention comprises further, according to sensitive queries number n
m, total number of users N in anonymous collection, calls formula
calculate sensitive queries informational probability p
m, the limit power according to every bar limit attacks Probability p
ib, call formula
calculate average information entropy H
lbif, inequality H
lb> μ and
set up, export anonymous collection section number { LID
0, LID
1..., LID
s, more new database, the anonymous process of completing user, wherein, μ is the lower limit of anonymous ensemble average comentropy,
for the lower limit of anonymity collection sensitive queries probability.Be less than preset value λ when anonymity collects number of users difference in maximum anonymous demand and V district, enable bogus subscriber and generate submodule, the section that section weights are minimum in V district generates λ bogus subscriber.
The present invention also proposes the customer location method for secret protection under a kind of road network environment, user side proposes anonymous request to center anonymous server, the section at anonymous server pretreatment module Location Request user place, center and V district, road network figure is divided, form V figure, the section at Location Request user place and V district, secret protection module forms anonymous collection according to user side request, then anonymity collection is sent to location-based service providing end; Location-based service providing end is inquired about neighbouring point of interest according to the query contents of user, and Query Result is sent to center anonymous server, and center anonymous server obtains exact position according to Query Result and result sent to user side to complete inquiry; Propose in anonymous request process at user side, when number of users is not enough, center anonymous server secret protection module is carried out the expansion of V district or is generated bogus subscriber, utilizes average information entropy and sensitive information probability to realize anti-limit power and attacks and inquiry secret protection.
The present invention, by calculating the method for sensitive information probability and limit the number of sensitive information in algorithmic procedure, therefore can protect the privacy of the query contents of user, effectively prevent the leakage of query contents while protective position privacy.From candidate road section set, select section to add anonymous set, the part only selecting section to be positioned at V district adds, and can reduce the size of anonymous frame like this, can improve service quality.Carry out the expansion of V district at needs and to judge in anonymous frame whether user meets before anonymity requires the stage, judges, just lack several user and then generate several bogus subscriber, avoiding problems unnecessary calculating lacked number of users.Therefore the present invention in effective protective position privacy and can inquire about on the basis of privacy, reduces the complexity of calculating to a certain extent and improves service quality.Solve traditional algorithm and only consider the excessive problem of the safety protection problem of location privacy protection or inquiry secret protection single aspect and anonymous region; the time overhead in the Set-search of anonymous section can be reduced simultaneously, improve anonymous service quality to a certain extent.
Accompanying drawing explanation
Fig. 1: road network privacy of user system module figure;
Fig. 2: anonymous server pretreatment module detail flowchart;
Fig. 3: anonymous server anonymity algorithm detail flowchart.
Embodiment
For making object/technical scheme of the present invention and advantage clearly understand, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in more detail.The description that it should be noted that herein is only the main process of a specific embodiment, and should not be considered to be unique embodiment, wherein each step is not necessary, and whole flow process and concrete steps thereof are also not limited in figure and following description.Obviously; for those skilled in the art; after understanding content of the present invention and principle; all may when not deviating from the principle of the invention, structure; various correction in form and details and change are carried out to this system, but these are revised and change still within claims of the present invention.
Fig. 1 is road network privacy of user system architecture module map of the present invention, and native system module comprises three parts: user side, center anonymous server, location-based service providing end.User's request module, this module realizes in mobile terminal inside, the positional information (as utilized GPS, WIFI location, network based positioning etc.) of acquisition for mobile terminal oneself, and complete alternately by mobile network or WIFI network pretreatment module that is continuous and center anonymous server, complete the renewal of information, user's request module also realizes sending of anonymous request, can customize anonymous demand and section diversity requirement for anonymous request.Center anonymous server comprises: pretreatment module, secret protection module, result refinement module; pretreatment module realizes the spatial division of whole road network; the one_to_one corresponding in each user and V district, section in road network, the adding of user, location updating and exit and all need to upgrade corresponding V district and section.User's request module proposes anonymous request to secret protection module; mutual by with pretreatment module; orient V district and the section at request user place; and run anonymous main program; user is selected to add anonymous collection according to actual conditions from V district, user place or neighbouring V district; also be likely run bogus subscriber to generate subprogram and generate several bogus subscriber, after Successful construct anonymity collection need anonymous information to submit to query processing module.Result refinement module, in conjunction with the actual position information of user, carries out refinement process to the fuzzy information of position service providing end feedback, and the Query Result after refinement is fed back to user side.
The anonymity collection Query Information that in location-based service providing end, query processing module is submitted to according to the anonymous processing module of center anonymous server, this module completes the search to neighbouring point of interest, and the interest point information searched is fed back to center anonymous server.
Channel between user and center anonymous server is trusted channel, and new user arrives Xu center anonymous server and registers, and such as log-on message is { ID, Loc (x, y) }, user position update, then more new database, user leaves, then user profile deleted from database, anonymous quick-reading flow sheets is: (1) such as user proposes anonymous request <ID to center anonymous server, Loc (x, y), k, l, query>; (2) center anonymous server operation anonymity algorithm carries out anonymity, and obtaining anonymous set is <ID', [(x
1, y
1) (x
2, y
2)], query'>; (3) LBS server is inquired about according to query contents, and Query Result is turned back to center anonymous server; (4) center anonymous server is to Query Result refinement process, and result is returned to request user.Wherein, center anonymous server comprises pretreatment module, secret protection module.
Fig. 2 is anonymous server pretreatment module detail flowchart.
Obtain road network limit data (Edges) and road network point data (Nodes); Selvage data of satisfying the need and road network point data process, and the limit data after process are expressed as NEdges (comprising index three groups of data of section numbering, two nodes), node data is expressed as NNodes (comprising node ID, latitude value, longitude three groups of data); Using NEdges, NNodes as input, ThomasBrinkhoff mobile object maker is utilized to generate user data User (comprising user's latitude and longitude two groups of data); Division is carried out to road network figure G (V, E) and obtains V figure V (V, E); Calculate the user user distance to each section, section corresponding to minimum distance is the section at user place; Calculate the user user distance to each V district, V district corresponding to minimum distance is the V district at user place.
Below lift an example and be described further implementation step:
Step 201: obtain road network limit data (Edges) and road network point data (Nodes), choose the road net data in certain city, data comprise: road network limit data and road network point data, wherein section number and nodes use n respectively
e, n
orepresent;
Step 202: selvage data of satisfying the need and road-net node data process, the limit data NEdges after process represents (NEdges comprises index three groups of data of section numbering, two nodes), node data NNodes represents (NNodes comprises node ID, latitude value, longitude three groups of data);
Step 203: using NEdges, NNodes as input, utilizes ThomasBrinkhoff mobile object maker to generate user data User (comprising user's latitude and longitude two groups of data), setting number of users n
orepresent, general n
oget 5000;
Step 204: with G (V, E) (node that V represents the limit of road network, E represents road network) represents road network figure, with V (V', E') (node that V' represents the limit of road network, E' represents road network) represents Thiessen polygon figure (Thiessen polygon figure, have another name called Voronoi figure, be called for short V figure).Take Voronoi method to carry out division to road network figure and obtain V figure, represent that dimension is more than or equal to the node of 3 with Nodes_up3, this method adopts Nodes_up3 as generation V figure Centroid;
Step 205: the latitude and longitude coordinates of user user is (x, y), calculates user user to section [(x
f, y
f) (x'
f, y'
f)] (f gets 1,2,3 ..., n
e) distance, (x
f, y
f), (x'
f, y'
f) represent two end points in section respectively, wherein, x
f, x'
ffor latitude value, y
f, y'
ffor longitude, section corresponding to minimum distance is the section at user place, specifically can adopt and obtain with the following method:
Step 2051: make f=1;
Step 2052: computational discrimination factor cross=(x'
f-x
f) * (x'
f-x
f)+(y'
f-y
f) * (y'
f-y
f);
Step 2053: judge whether cross>0 sets up, no, then go to step 3054; Then go to step 3055;
Step 2054: user coordinates, section extreme coordinates are substituted into formula (1):
disl(f)=sqrt((x-x
f)*(x-x
f)+(y-y
f)*(y-y
f))(1)
Calculate the distance disl (f) of user to section, f=f+1;
Step 2055: calculate d
2=(x'
f-x
f) * (x'
f-x
f)+(y'
f-y
f) * (y'
f-y
f);
Step 2056: judge cross>=d
2whether set up, be, then go to step 20561; No, then go to step 20562;
Step 20561: user coordinates, section extreme coordinates are substituted into formula (2):
disl(f)=sqrt((x-x'
f)*(x-x'
f)+(y-y'
f)*(y-y'
f))(2)
Calculate the distance disl (f) of user to section, f=f+1;
Step 20562: calculate r=cross/d
2, p
x=x
f+ (x'
f-x
f) * r, p
y=y
f+ (y'
f-y
f) * r, user coordinates, section extreme coordinates are substituted into formula (3):
disl(f)=sqrt((x-p
x)*(x-p
x)+(p
y-y
y)*(p
y-y
y))(3)
Calculate the distance disl (f) of user to section, f=f+1;
Step 2057: judge f>n
ewhether set up, be, then go to step 2058; No, then go to step 2052;
Step 2058: get the section (LID making disl (f) minimum value corresponding
0section number for this section) as the section of current request user;
Step 206: calculate user user to each V district center point (x
v, y
v) distance, v gets 1,2 ..., M, V district corresponding to minimum range is the V district at user place, and concrete steps are as follows:
Step 2061: make v=1;
Step 2062: the latitude x of user, longitude y are substituted into formula (4):
disv(v)=sqrt((x-x
v)*(x-x
v)+(y-y
v)*(y-y
v))(4)
Step 2063: judge whether v>M sets up, and is, then go to step 2064; No, then v=v+1 go to step 2062;
Step 2064: get the V district as current request user of the V district that makes disv (v) corresponding to minimum value;
If Fig. 3 is anonymous server anonymity algorithm detail flowchart.User sends anonymous request to center anonymous server; Query Database, section, consumer positioning place number and V area code; If request user does not exist existing anonymous frame, by the section LID at request user place
0add accurate anonymous set C
zhun, and according to formula: k
s=max (k
i), l
s=max (l
i) upgrade anonymous aggregate user demand, wherein k
s, l
srepresent maximum number of user demand and maximum section number demand in anonymous frame respectively, k
i, l
ibe respectively anonymous demand and the anonymous section number demand of i-th user; Calculate the number of users e on Nei Meitiao section, V district
1, e
2, e
3..., e
p, wherein p is section sum in current V district, and to section in V district by section weights descending, section weights are the number of users on section; The section that number of users is less in V district generates requisite number object bogus subscriber; According to the sequence of section weights, near request section, user place, select l
s+ σ bar section forms Candidate Set, and from Candidate Set, select request user section to be positioned at the part LID in V district
1add accurate anonymous set C
zhun, enable and generate bogus subscriber's submodule, the section that number of users is less in V district generates requisite number object bogus subscriber; According to formula
calculate sensitive queries informational probability p
m, wherein, n
mfor sensitive queries number, N is total number of users in anonymous collection, and the limit power according to every bar limit attacks Probability p
ib, call formula
calculate average information entropy H
lbif, H
lb> μ and
whether set up simultaneously, export anonymous collection section number { LID
0, LID
1..., LID
s, more new database, the anonymous process of completing user.μ is as the lower limit of anonymous ensemble average comentropy, and value is higher, and user distributes more even on each section, and corresponding anti-limit power attacking ability is stronger, otherwise, illustrate that user distribution is uneven, weighed by limit and attack;
as the lower limit of anonymity collection sensitive queries probability, the higher corresponding anonymous sensitive queries quantity of concentrating of value is on the high side, and the ability of attacking inquiry is on the weak side, and the lower corresponding anonymous collection sensitive queries number of value is less, and the risk that user attacks by inquiry reduces.
Concrete example can adopt following steps to realize.
Step 301: user user sends LBS request to center anonymous server, request content is expressed as <ID, Loc (x, y), k, l, query>, wherein ID is user ID, Loc (x, y) represents customer location (i.e. customer location longitude and latitude data, x represents latitude, and y represents longitude), k, l be the anonymous demand of User Defined (k be number of users demand, l be section diversity requirements);
Step 302: Query Database, section, consumer positioning place number and V area code, the V district number index_k=0 added;
Step 303: judge whether request user exists existing anonymous frame, is then go to step 325; No, then go to step 304;
Step 304: by the section LID at request user place
0add accurate anonymous set C
zhun, and upgrade anonymous aggregate user demand k
s=max (k
i), l
s=max (l
i), wherein k
s, l
srepresent maximum number of user demand and maximum section number demand in anonymous frame respectively, k
i, l
i(i=1,2,3 ..., n; N is the total number of users in anonymous frame) be respectively anonymous demand and the anonymous section number demand of i-th user;
Step 305: calculate the number of users e on Nei Meitiao section, current V district
1, e
2, e
3..., e
p, wherein p is section sum in current V district, and to section in V district by section weights descending, section weights are the number of users on section;
Step 306: judge number of users v in V district
kwhether be greater than maximum user's request k in the collection of anonymous section
s, be then go to step 311; No, then go to step 307;
Step 307: judge the maximum anonymous demand k of anonymous collection
swith number of users v in V district
kwhether difference is less than preset value λ (λ gets 3), is then go to step 310; No, then go to step 308;
Step 308: the neighbouring V district number merged is index_k, the number of vertex in V district, user place is num (v_index) (v_index is V area code), judge whether index_k<num (v_index) sets up, and is then go to step 309; No, then go to step 320;
Step 309: neighbouring V district and this V district are merged, forms new V district, index_k=index_k+1;
Step 310: enable and generate bogus subscriber's submodule, the section that number of users is less in V district generates requisite number object bogus subscriber;
Step 311: judge number v in section in V district
lwhether be greater than the maximum anonymous section demand l of user in the collection of anonymous section
s, be then go to step 312; No, then go to step 308;
Step 312: make st=1, judges in V district, whether number of users λ is greater than l
s+ σ, σ are preset value, get σ=3, are, then go to step 313; No, then go to step 314;
Step 313: according to the sequence of step 305 section weights, selects l near request section, user place
s+ σ bar section forms Candidate Set, and from Candidate Set, select the section LID near the sequence of request user section
s(section is positioned at the part in V district) adds C
zhun;
Step 314: according to the sequence of step 305 section weights, selects the section LID near the sequence of request user section from V district
sadd anonymous set;
Step 315: upgrade C
zhunin maximum number of user demand k
swith maximum section number demand l
s;
Step 316: judge C
zhunin number of users n
kwhether be greater than k
s, be then go to step 322; No, then go to step 317;
Step 317: judge k
swith n
kdifference whether be less than λ (λ gets 3), be then go to step 321; No, then go to step 318;
Step 318: upgrade Candidate Set, the section of having added is deleted from Candidate Set;
Step 319: judge the section number n selected
yxwhether be less than the total section number n in candidate collection
hx, be, then st=st+1 go to step 312; No, then go to step 320;
Step 320: export anonymous failure, more new database;
Step 321: enable and generate bogus subscriber's submodule, the section that section number is less in V district generates requisite number object bogus subscriber, bogus subscriber's form of generation is <ID', Loc (x
u, y
u), k, l, query>, wherein ID' is the random user ID produced, k≤k
s, l≤l
s, query is non-sensitive inquiry;
Step 322: judge C
zhunroad hop count n
lwhether be greater than l
s, be then go to step 323; No, then go to step 318;
Step 323: count sensitive queries number n
m, calculating sensitive queries informational probability is
wherein N is total number of users in anonymous collection; The limit power on every bar limit attacks probability
calculate average information entropy
Step 324: judge H
lb> μ and
whether set up simultaneously, be, then go to step 325; No, then go to step 318;
Step 325: export anonymous collection section number { LID
0, LID
1..., LID
st, more new database, the anonymous process of completing user.
Road net data is described as follows: the data of road network comprise road network limit data and road network point data, and the mobile object maker (Network-basedGeneratorofMovingObjects) selecting ThomasBrinkhoff to propose generates user data.Data format is as follows: original road network limit data (Edges.txt) comprises four groups of data, is respectively: section numbering, first, section node index, second, section node index, highway character.Three groups of data above are only got when emulation.Original road network point data (Nodes.txt) comprises three groups of data, is respectively: user ID, latitude value, longitude.The user data (user.txt) generated by road network object generator comprises two groups of data, is respectively: latitude value, longitude.User data after pretreatment (User.txt) comprises four groups of data, is respectively: latitude value, longitude, section number, V district call number.
Voronoi diagram root is described as follows:
Voronoi figure is a kind of geometry being widely used in compartition, supposes to comprise a discrete point set P={P in plane domain A
1, P
2..., P
n, definition P
ivoronoi area (be called for short V district) V (P
i) for all to P in A
ithe set of distance smallest point: V (P
i)={ p|d (p, P
i)≤d (p, P
j), p ∈ A, j ≠ i, j=1,2,3 ..., n}.The Voronoi of definition P schemes V (P)={ V (P
1), V (P
2) ..., V (P
n), P
ibe called Voronoi figure generator.Each point in point set P and n point of surrounding are done line, and do perpendicular bisector to each line, then this n bar perpendicular bisector intersects the Voronoi polygon surrounding a n bar limit.
Voronoi figure has following character:
(1) same limit is shared in adjacent V district;
(2) each V district does not overlap mutually, the whole region of V map combining of composition;
(3) point in each V district is less than the distance of other generators to this V district generator distance.
The present invention adopts V diagram root mode to divide road network figure, and G (V, E) is a road net model net, makes V
p={ V
i| degree (V
i)>=d
m, V
i∈ V}, V
pcorresponding Voronoi figure is called that road network V schemes.V
ibe called road network V map generalization unit.
Limit power attacks probability and average information entropy is described as follows:
Limit power inference attack utilizes the feature of user's skewness on section to judge a kind of attack pattern in section residing for user.The user supposing to be positioned at same anonymous section set is equal by the probability attacked, and is 1/l, then due to the skewness of user on each section, and the probability every bar section victim being inferred and limit power inference attack Probability p
ibno longer 1/l, but i-th section number of users and the ratio gathering all numbers of users, namely limit power attacks probability
wherein n is section sum in set, w
iit is number of users on the i-th section.So average information entropy
h
lblarger, user is more even in the distribution of each section, and the possibility that user is subject to limit power attack is less.
The present invention, except can protective position privacy, also can protect inquiry privacy to a certain extent, also takes measure in addition in anti-limit power attack.By judging whether average information entropy and inquiry sensitive information probability satisfy the demands, thus reach the demand of inquiry secret protection and anti-limit power attack.In secret protection module, when number of users does not meet anonymous demand in V district, calculate k
s-v
kvalue, if be less than preset value, just enable bogus subscriber's generation module, otherwise just enable V district expansion module.Number of users n in accurate anonymous collection
kwhen not meeting anonymous demand, calculate k
s-n
kvalue, if be less than preset value, just can generate several bogus subscriber, otherwise just upgrade anonymous collection, again add section and add anonymous collection.When interpolation section adds anonymous frame, the part that an interpolation section is positioned at V district adds anonymous frame.
Claims (12)
1. the customer location intimacy protection system under a road network environment, it is characterized in that, this system comprises: user side, center anonymous server, location-based service providing end, wherein, center anonymous server comprises: pretreatment module, secret protection module and result refinement module, user side proposes anonymous request to center anonymous server, the section at anonymous server pretreatment module Location Request user place, center and V district, road network figure is divided, form V figure, the section at Location Request user place and V district, secret protection module forms anonymous collection according to user side request, again anonymity collection is sent to location-based service providing end, location-based service providing end is inquired about neighbouring point of interest according to the query contents of user, and Query Result is sent to center anonymous server, and center anonymous server obtains exact position according to Query Result and result sent to user side to complete inquiry, propose in anonymous request process at user side, when number of users is not enough, center anonymous server secret protection module is carried out the expansion of V district or is generated bogus subscriber, utilizes average information entropy and sensitive information probability to realize anti-limit power and attacks and inquiry secret protection.
2. system according to claim 1, is characterized in that, section and the V district at pretreatment module Location Request user place comprise further: obtain road network limit data Edges and road network point data Nodes; Be the index three groups of data NEdges comprising section numbering, two nodes by road network limit data processing, road network point data is treated to and comprises node serial number ID, latitude value, longitude three groups of data NNodes; Using NEdges, NNodes as input, the mobile object maker based on road network is utilized to generate user data User; Road network figure G (V, E) is divided into V figure; Calculate user to the distance in each section, section corresponding to minimum distance is the section at user place; Calculate the distance in each V district in user to V figure, V district corresponding to minimum distance is the V district at user place.
3. system according to claim 1, is characterized in that, secret protection module forms anonymous collection according to user side request and comprises further: secret protection module polls database, section, consumer positioning place number and V area code; If request user does not exist existing anonymous frame, by the section LID at request user place
0add accurate anonymous set C
zhun, and according to the anonymous demand k of i-th user
iwith anonymous section number demand l
i, call formula: k
s=max (k
i), l
s=max (l
i) upgrade anonymous aggregate user demand and obtain maximum number of user demand k in anonymous frame
swith maximum section number demand l
s; Calculate the number of users e on Nei Meitiao section, V district
1, e
2, e
3..., e
pobtain section weights, the section that section weights are minimum generates requisite number object bogus subscriber; L is selected near request section, user place
s+ σ bar section forms Candidate Set, and the part way selecting request user section to be positioned at V district from Candidate Set adds accurate anonymous set C
zhun.
4. system according to claim 1, it is characterized in that, described carry out the expansion of V district or generate bogus subscriber comprise further: the section that number of users is minimum in V district generates requisite number object bogus subscriber, when asking there is un-added V district near V district, user place, neighbouring un-added V district and V district, this request user place are merged, forms new V district.
5. system according to claim 1, is characterized in that, according to sensitive queries number n
m, total number of users N in anonymous collection, calls formula
calculate sensitive queries informational probability p
m, the limit power according to every bar limit attacks Probability p
ib, call formula
calculate average information entropy H
lbif, inequality H
lb> μ and
set up, export anonymous collection section number { LID
0, LID
1..., LID
s, more new database, the anonymous process of completing user, wherein, μ is the lower limit of anonymous ensemble average comentropy,
for the lower limit of anonymity collection sensitive queries probability.
6. system according to claim 3, is characterized in that, is less than preset value λ, enables bogus subscriber and generate submodule, the section that section weights are minimum in V district generates λ bogus subscriber when anonymity collects number of users difference in maximum anonymous demand and V district.
7. the customer location method for secret protection under a road network environment, it is characterized in that, user side proposes anonymous request to center anonymous server, the section at anonymous server pretreatment module Location Request user place, center and V district, road network figure is divided, forms V figure, the section at Location Request user place and V district, secret protection module forms anonymous collection according to user side request, then anonymity collection is sent to location-based service providing end; Location-based service providing end is inquired about neighbouring point of interest according to the query contents of user, and Query Result is sent to center anonymous server, and center anonymous server obtains exact position according to Query Result and result sent to user side to complete inquiry; Propose in anonymous request process at user side, when number of users is not enough, center anonymous server secret protection module is carried out the expansion of V district or is generated bogus subscriber, utilizes average information entropy and sensitive information probability to realize anti-limit power and attacks and inquiry secret protection.
8. method according to claim 7, is characterized in that, section and the V district at pretreatment module Location Request user place comprise further: obtain road network limit data Edges and road network point data Nodes; Be the index three groups of data NEdges comprising section numbering, two nodes by road network limit data processing, road network point data is treated to and comprises node serial number ID, latitude value, longitude three groups of data NNodes; Using NEdges, NNodes as input, the mobile object maker based on road network is utilized to generate user data User; Road network figure G (V, E) is divided into V figure; Calculate user to the distance in each section, section corresponding to minimum distance is the section at user place; Calculate the distance in each V district in user to V figure, V district corresponding to minimum distance is the V district at user place.
9. method according to claim 7, is characterized in that, secret protection module forms anonymous collection according to user side request and comprises further: secret protection module polls database, section, consumer positioning place number and V area code; If request user does not exist existing anonymous frame, by the section LID at request user place
0add accurate anonymous set C
zhun, and according to the anonymous demand k of i-th user
iwith anonymous section number demand l
i, call formula: k
s=max (k
i), l
s=max (l
i) upgrade anonymous aggregate user demand and obtain maximum number of user demand k in anonymous frame
swith maximum section number demand l
s; Calculate the number of users e on Nei Meitiao section, V district
1, e
2, e
3..., e
pobtain section weights, the section that section weights are minimum generates requisite number object bogus subscriber; L is selected near request section, user place
s+ σ bar section forms Candidate Set, and the part way selecting request user section to be positioned at V district from Candidate Set adds accurate anonymous set C
zhun.
10. method according to claim 7, it is characterized in that, described carry out the expansion of V district or generate bogus subscriber comprise further: the section that number of users is minimum in V district generates requisite number object bogus subscriber, when asking there is un-added V district near V district, user place, neighbouring un-added V district and V district, this request user place are merged, forms new V district.
11. methods according to claim 7, is characterized in that, according to sensitive queries number n
m, total number of users N in anonymous collection, calls formula
calculate sensitive queries informational probability p
m, the limit power according to every bar limit attacks Probability p
ib, call formula
calculate average information entropy H
lbif, inequality H
lb> μ and
set up, export anonymous collection section number { LID
0, LID
1..., LID
s, more new database, the anonymous process of completing user, wherein, μ is the lower limit of anonymous ensemble average comentropy,
for the lower limit of anonymity collection sensitive queries probability.
12. methods according to claim 9, is characterized in that, be less than preset value λ, enable bogus subscriber and generate submodule, the section that section weights are minimum in V district generates λ bogus subscriber when anonymity collects number of users difference in maximum anonymous demand and V district.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510550941.7A CN105246072B (en) | 2015-09-01 | 2015-09-01 | User location method for secret protection and system under a kind of road network environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510550941.7A CN105246072B (en) | 2015-09-01 | 2015-09-01 | User location method for secret protection and system under a kind of road network environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105246072A true CN105246072A (en) | 2016-01-13 |
| CN105246072B CN105246072B (en) | 2018-12-28 |
Family
ID=55043497
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510550941.7A Active CN105246072B (en) | 2015-09-01 | 2015-09-01 | User location method for secret protection and system under a kind of road network environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105246072B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106507312A (en) * | 2016-12-30 | 2017-03-15 | 华南理工大学 | One kind is based on personalized location privacy protection method under road network environment |
| CN106878312A (en) * | 2017-02-24 | 2017-06-20 | 华南理工大学 | A kind of semantic locations method for secret protection based on side cluster figure |
| CN106911670A (en) * | 2017-01-13 | 2017-06-30 | 重庆邮电大学 | Intimacy protection system and method in a kind of car networking |
| CN107172095A (en) * | 2017-07-05 | 2017-09-15 | 重庆邮电大学 | Customer location method for secret protection under a kind of road network environment based on longitude and latitude grid |
| CN107835241A (en) * | 2017-11-02 | 2018-03-23 | 辽宁工业大学 | A kind of secret protection region construction method in road network environment under Continuous Nearest Neighbors Inquiry |
| CN108040321A (en) * | 2017-12-20 | 2018-05-15 | 河海大学 | The position anonymous methods of preventing playback attack under a kind of road network environment |
| CN108573165A (en) * | 2017-03-09 | 2018-09-25 | 北京京东尚科信息技术有限公司 | Data processing method and device |
| CN109544900A (en) * | 2018-11-21 | 2019-03-29 | 长安大学 | A kind of route matching method that the privacy multiplying trip altogether towards passenger and driver retains |
| CN110300029A (en) * | 2019-07-06 | 2019-10-01 | 桂林电子科技大学 | A kind of location privacy protection method of anti-side right attack and position semantic attacks |
| CN110365679A (en) * | 2019-07-15 | 2019-10-22 | 华瑞新智科技(北京)有限公司 | Context aware cloud data-privacy guard method based on crowdsourcing assessment |
| CN112601194A (en) * | 2020-12-08 | 2021-04-02 | 兰州理工大学 | Internet of vehicles position privacy protection method and system under road network environment |
| CN114629722A (en) * | 2022-04-19 | 2022-06-14 | 湖南科技大学 | Cache-based double K-anonymous location privacy protection method in edge computing environment |
| CN117119444A (en) * | 2023-10-25 | 2023-11-24 | 成都信息工程大学 | Position privacy protection method based on mobile edge calculation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009089251A2 (en) * | 2008-01-08 | 2009-07-16 | Mobile Traffic Network, Inc. | Mobile alerting network |
| CN102970652A (en) * | 2012-10-16 | 2013-03-13 | 北京航空航天大学 | Query sensing position privacy protection system facing to road network |
| CN103249038A (en) * | 2013-04-09 | 2013-08-14 | 哈尔滨工程大学 | Privacy protection method based on location of moving object in road network space |
| CN103957523A (en) * | 2014-03-31 | 2014-07-30 | 西安电子科技大学 | Position privacy protection method based on probability forecasting in road network |
-
2015
- 2015-09-01 CN CN201510550941.7A patent/CN105246072B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009089251A2 (en) * | 2008-01-08 | 2009-07-16 | Mobile Traffic Network, Inc. | Mobile alerting network |
| CN102970652A (en) * | 2012-10-16 | 2013-03-13 | 北京航空航天大学 | Query sensing position privacy protection system facing to road network |
| CN103249038A (en) * | 2013-04-09 | 2013-08-14 | 哈尔滨工程大学 | Privacy protection method based on location of moving object in road network space |
| CN103957523A (en) * | 2014-03-31 | 2014-07-30 | 西安电子科技大学 | Position privacy protection method based on probability forecasting in road network |
Non-Patent Citations (2)
| Title |
|---|
| XINYUE FANJING TUCHAOLONG YEFEI ZHOU: "The research for protecting location privacy based on V-W algorithm", 《EURASIP JOURNAL ON WIRELESS COMMUNICATIONS AND NETWORKING》 * |
| 赵平,马春光,高训兵,朱蔚: "路网环境下基于Voronoi图的位置隐私保护方法", 《计算机科学》 * |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106507312A (en) * | 2016-12-30 | 2017-03-15 | 华南理工大学 | One kind is based on personalized location privacy protection method under road network environment |
| CN106507312B (en) * | 2016-12-30 | 2019-07-16 | 华南理工大学 | One kind is based on location privacy protection method personalized under road network environment |
| CN106911670A (en) * | 2017-01-13 | 2017-06-30 | 重庆邮电大学 | Intimacy protection system and method in a kind of car networking |
| CN106911670B (en) * | 2017-01-13 | 2020-09-29 | 重庆邮电大学 | Privacy protection system and method in Internet of vehicles |
| CN106878312A (en) * | 2017-02-24 | 2017-06-20 | 华南理工大学 | A kind of semantic locations method for secret protection based on side cluster figure |
| CN108573165A (en) * | 2017-03-09 | 2018-09-25 | 北京京东尚科信息技术有限公司 | Data processing method and device |
| CN107172095B (en) * | 2017-07-05 | 2020-04-28 | 重庆邮电大学 | Method for protecting user position privacy in road network environment based on graticule |
| CN107172095A (en) * | 2017-07-05 | 2017-09-15 | 重庆邮电大学 | Customer location method for secret protection under a kind of road network environment based on longitude and latitude grid |
| CN107835241A (en) * | 2017-11-02 | 2018-03-23 | 辽宁工业大学 | A kind of secret protection region construction method in road network environment under Continuous Nearest Neighbors Inquiry |
| CN107835241B (en) * | 2017-11-02 | 2021-05-07 | 辽宁工业大学 | Privacy protection area construction method under continuous neighbor query in road network environment |
| CN108040321A (en) * | 2017-12-20 | 2018-05-15 | 河海大学 | The position anonymous methods of preventing playback attack under a kind of road network environment |
| CN108040321B (en) * | 2017-12-20 | 2020-09-22 | 河海大学 | Position anonymization method for resisting replay attack in road network environment |
| CN109544900A (en) * | 2018-11-21 | 2019-03-29 | 长安大学 | A kind of route matching method that the privacy multiplying trip altogether towards passenger and driver retains |
| CN110300029A (en) * | 2019-07-06 | 2019-10-01 | 桂林电子科技大学 | A kind of location privacy protection method of anti-side right attack and position semantic attacks |
| CN110300029B (en) * | 2019-07-06 | 2021-11-30 | 桂林电子科技大学 | Position privacy protection method for preventing edge-weight attack and position semantic attack |
| CN110365679A (en) * | 2019-07-15 | 2019-10-22 | 华瑞新智科技(北京)有限公司 | Context aware cloud data-privacy guard method based on crowdsourcing assessment |
| CN112601194A (en) * | 2020-12-08 | 2021-04-02 | 兰州理工大学 | Internet of vehicles position privacy protection method and system under road network environment |
| CN112601194B (en) * | 2020-12-08 | 2022-04-29 | 兰州理工大学 | Internet of vehicles position privacy protection method and system under road network environment |
| CN114629722A (en) * | 2022-04-19 | 2022-06-14 | 湖南科技大学 | Cache-based double K-anonymous location privacy protection method in edge computing environment |
| CN114629722B (en) * | 2022-04-19 | 2023-11-17 | 湖南科技大学 | Dual K-anonymous location privacy protection method based on cache in edge computing environment |
| CN117119444A (en) * | 2023-10-25 | 2023-11-24 | 成都信息工程大学 | Position privacy protection method based on mobile edge calculation |
| CN117119444B (en) * | 2023-10-25 | 2024-01-16 | 成都信息工程大学 | Position privacy protection method based on mobile edge calculation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105246072B (en) | 2018-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105246072A (en) | User position privacy protection method under road network environment and system thereof | |
| Wang et al. | Consortium blockchain for secure resource sharing in vehicular edge computing: A contract-based approach | |
| Dong et al. | Novel privacy-preserving algorithm based on frequent path for trajectory data publishing | |
| Liao et al. | Location and trajectory privacy preservation in 5G-Enabled vehicle social network services | |
| CN105307111A (en) | Position privacy protection method based on incremental neighbour inquiry | |
| Wang et al. | Towards privacy-driven truthful incentives for mobile crowdsensing under untrusted platform | |
| CN102480727B (en) | Group authentication method in machine and machine communication and system | |
| Nabil et al. | Efficient and privacy-preserving ridesharing organization for transferable and non-transferable services | |
| CN110493182B (en) | Crowd sensing worker selection mechanism and system based on block chain position privacy protection | |
| CN110602145B (en) | Track privacy protection method based on location-based service | |
| CN107707566A (en) | A kind of method for protecting track privacy based on caching and position prediction mechanism | |
| CN111786970B (en) | Cache-based cooperative location obfuscation anonymous privacy protection method and system | |
| Zhang et al. | An efficient and secure data transmission mechanism for internet of vehicles considering privacy protection in fog computing environment | |
| CN115052286A (en) | User privacy protection and target query method and system based on location service | |
| Liao et al. | Towards location and trajectory privacy preservation in 5G vehicular social network | |
| Kalaiarasy et al. | An effective variant ring signature-based pseudonym changing mechanism for privacy preservation in mixed zones of vehicular networks | |
| Miura et al. | A hybrid method of user privacy protection for location based services | |
| Hossain et al. | H-star: Hilbert-order based star network expansion cloaking algorithm in road networks | |
| CN104486726B (en) | A kind of user of protection looks forward to the prospect the extensive method in road network environment position of location privacy | |
| Shao et al. | From Centralized Protection to Distributed Edge Collaboration: A Location Difference‐Based Privacy‐Preserving Framework for Mobile Crowdsensing | |
| Kaurav et al. | Blockchain for emergency vehicle routing in healthcare services: An integrated secure and trustworthy system | |
| Che et al. | SALS: semantics-aware location sharing based on cloaking zone in mobile social networks | |
| CN113766506B (en) | Hierarchical access control method for Internet of things | |
| Li et al. | A Dynamic Location Privacy Protection Scheme Based on Cloud Storage. | |
| CN112601194B (en) | Internet of vehicles position privacy protection method and system under road network environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |