A Hybrid Location Privacy Solution for Mobile LBS

The prevalent usage of location based services, where getting any service is solely based on the user’s current location, has raised an extreme concern over location privacy of the user. Generalized approaches dealing with location privacy, referred to as cloaking and obfuscation, are mainly based on a trusted third party, in which all the data remain available at a central server and thus complete knowledge of the query exists at the central node. This is the major limitation of such approaches; on the other hand, in trusted third-party-free framework clients collaborate with each other and freely communicate with the service provider without any third-party involvement. Measuring and evaluating trust among peers is a crucial aspect in trusted third-party-free framework. This paper exploits the merits and mitigating the shortcomings of both of these approaches. We propose a hybrid solution, HYB, to achieve location privacy for the mobile users who use location services frequently. The proposed HYB scheme is based on the collaborative preprocessing of location data and utilizes the benefits of homomorphic encryption technique. Location privacy is achieved at two levels, namely, at the proximity level and at distant level. The proposed HYB solution preserves the user’s location privacy effectively under specific, pull-based, sporadic query scenario.


Introduction
The intense development of location detection empowered devices and escalated availability of wireless interconnections almost everywhere results in emerging location based applications.In Location Based Services (LBS), we incline to use positioning technology to register mobile location movement.There are quite a lot of abstract approaches and real implementations of systems to resolve the place of a cell phone.The most outstanding example of such a positioning system is the GPS [1,2].Although LBS offer major openings for a large variety of markets and remarkable convenience to the end user, it also presents subtle privacy attacks at the same time.Privacy of the system is threatened due to the requirement of the current location of the user in order to provide related services.
As per the connotation, LBS (i.e., services based on location) needs user's exact location coordinates to supply accurate service support to the user.Centralized architecture and decentralized architecture, also referred to as trusted third party (TTP) based and TTP-free architectures, respectively, are two basic frameworks existing to preserve location privacy of the user in LBS.An adversary with the adequate accessibility to user's data may use the location information for a particular motive and may also keep it to perform the linkages with publicly available data for detailed profiling of the user [3].LBS may also use such data for business promotions through advertising.The series of submitted location with query from a specific place can disclose too much about a person.The scenario can become extremely unpleasant if the adversary gets access to the user's sequence of location data with attached timestamps.For example, first visit of Alice to an attorney's office speaks less about her but few days later, her subsequent visit to the court reveals altogether a different story.Location revelation by Alice to LBS provider discloses some extremely private affairs of her life through inference attacks which were not apparent otherwise [4].
The query "Find my nearest attorney's office" by Alice can directly be answered by a location server such as Google maps, bing maps, and map quest but the connection to these servers are not trusted.Therefore, instead in order to protect privacy, Alice sends her query via a TTP (also called anonymizer) that strips off her identification information, generates the blurred location data, and mediates the communication between her and LBS provider [5,6].However, the query submitted by Alice to TTP still has her actual location coordinates; hence malicious user having control over TTP can have complete information about the user.Thus it is always risky to use TTP based framework to connect to the LBS server.Trusting the third party is the prime downside of the TTP based mechanisms.If a user can trust a third party for small functionality then why not the service provider for bigger benefits, can always be argued.
In distributed peer approach, mobile clients are equipped to connect with other mobile users as and when required.This way the need to rely solely on the connection to the server is eliminated.In TTP-free architecture, all functions are supposed to be carried out at the user's handheld and thus make the communication heavier and more time consuming.Efficiency of decentralized architecture also depends upon the computing capability of used mobile device.However, peers' trust measure and evaluation is another big concern.Figure 1 presents the proposed architecture of hybrid model.Here, it is presumed that there are a substantial number of mobile users carrying handheld devices such as cell phones, PDAs, or the like which are equipped with positioning capabilities and use location services frequently.The handhelds have computation power, processing potential, memory, and required access to the wireless network.All the users are in the transmission range of the base station (or beacon node).
In the proposed hybrid model, we suggest that the mobile user querying LBS first forms an ad hoc congregation with other users exploiting the well-established principle of Kanonymity.Once the congregation is formed, centroid is calculated in such a way that participating users' locations are not revealed.The centroid coordinates are then secured using encryption and sent to the third party (TP).Query (Q) includes secured location coordinates, nearest base station information, anonymity parameter K, and the query string.TP strips off the encrypted data and without performing any changes forwards the rest of the query to the service provider.Service provider sends top K most relevant candidate result set (with reference to the beacon node) back to TP. TP then processes the inputs, performs homomorphic operation, and sends the result back to the congregation.The proposed HYB solution works well for specific queries in which queries are more personalized to the user specific needs.
Location queries can be categorized as generalized or specific queries.A generalized query can also be viewed as a general public query that fulfills the mass requirement, whereas specific query is the one that satisfies individual's need."Find my nearest retail banking branch of SBI Bank" is the example of specific query, while "Find my nearest bank" is the example of generalized query.In our work it is assumed that user uses the location services to retrieve specific information.The novelty of the proposed hybrid solution is that it exploits the merits of TP and peer group formation without trusting TP as coordinates are kept private by securing them using encryption.Neither query issuer nor TP is aware about the exact locations of the members involved yet it communicates the required results.The rest of the paper is organized as follows: Section 2 highlights the related work.Sections 3 and 4 exhibit the proposed congregation model and homomorphic encryption technique, respectively.The proposed HYB solution is described in Section 5. Section 6 presents performance metrics of HYB solution.Finally, Section 7 concludes the paper.

Related Work
A survey of literature in the field of location privacy pertaining to LBS has brought forth several frameworks, architectures, algorithms, and techniques given by numerous researchers and practitioners.Broadly, existing defense mechanisms are based on either of the two architectures: (1)  centralized architecture or (2) decentralized architecture.The setup of these architectures is shown in Figure 2.
In centralized architecture TTP acts as a proxy for service requests and responses between the user and service provider.The greater part of the previous work relies on TTP that mediates user and LBS server [6,7].Location anonymity is vastly discussed by [8,9] in the TTP based architecture.The technique is based on hiding the position data before passing them to the LBS provider.K-anonymity operates by hiding the position of the end user within a set of K members.Anonymizer includes additional K − 1 users and forwards the anonymized query to LBS provider.It is now difficult for the LBS provider to distinguish the correct user from a set of K anonymous users.Following are few major constraints due to which TTP based methodologies are losing their ubiquity: (a) The centralized trusted third party can be the system bottleneck, (b) single point of failure is present, (c) a serious privacy threat can occur if the third party is attacked by an adversary, and (d) trusting TP is an absolute vulnerability to the user privacy.Existing cloaking mechanisms are unable to successfully ensure the user's location privacy in a continuous location query scenario (e.g., on the fly route assistance) and can deduce the real location of the client by performing trajectory attacks and dummy continual queries attack [10,11].Authors in [12][13][14][15] suggest diverse new ideas of using mix zones to mitigate trajectory inference and other attacks.However, it is acceptable but not sufficient to use only technical solutions.
Decentralized architectures, on the other hand, do not consider any intermediate party between users and service provider [16].The first very basic method proposed to preserve location privacy is through the use of privacy policies [17].Due the presence of hidden clauses and unsaid policies, this method could not serve the objective of user privacy efficiently for long and as LBS users grew drastically over the years there was a need to have a better and foolproof mechanism.Authors in [18,19] propose the idea of distributed peerto-peer communication among mobile users that can freely talk to each other.In this framework, dependence on the third party is eliminated and mobile users are allowed to form an ad hoc network out of which one mobile client is randomly selected as the agent to carry out the communication between querier and LBS server [16].First, in the query issuer, let user A (refer to Figure 3) glance around and discover the rest of the collaborators to collaborate as a group.The four group members are the mobile users B, C, D, and E; out of them D is randomly chosen as an agent to mediate the communication.Trust among peers plays a profound role in such mechanisms.Evaluation and quantification of trust is another big challenge.
Another TTP-free approach given by [20] proposes a technique to preserve privacy using the concept of geoindistinguishability by adding Laplace noise to the user's Cartesian coordinates.The main objective is to protect issuer's location information while forwarding the aggregate data about the user's area.Differential privacy works on the principle that modifying one record should have a negligible impact on the outcome of the query.The basic privacy enhancing techniques are first discussed in [21] which protects user's privacy by reducing personal identifiable information without any compromise in system's functionality.Client side obfuscation is also used in which location is repositioned by a random distance and angle of rotation at user's end [22].The prime shortcoming with such approaches is that different users have different privacy requirement and utility thresholds.Private Information Retrieval (PIR) techniques are also proposed to safeguard the sensitive information like location of the user [23,24].These solutions have always been very expensive in terms of operations' computation time, communication cost, and resources needed [25].Author in [26] first proposed the distributed concept for achieving location privacy in LBS.In this microaggregation based scheme, the major standard of the methodology is to find out the centroid of at least K perturbed user locations by including zero-mean Gaussian noise and send directly to the LBS database server as shown in Figure 4.The principle issue with [26] is that the centroid of locations with zero-mean Gaussian noise perturbation can be used to deduce the real location if the centroid procedure is repeated several times with the locations of static users.To prevent this problem, authors [27] use a protocol based on privacy homomorphism to ensure that centroid is computed without any knowledge of the real location of the user.Later the similar concept of public key privacy homomorphism is proposed by [28] to achieve location privacy.This is a TTP-free approach in which locations are encrypted under LBS public key and LBS later decrypts them and divides the outcome by the number of users involved to compute centroid.Location decryption by LBS makes this scheme weak and vulnerable to attacks.
The proposed HYB model is dissimilar to these approaches in a way that our solution exploits the merits of both the approaches (TTP based and TTP-free) without disclosing real location of the user anywhere throughout the communication.As of our knowledge the proposed HYB model is the first of its kind that preserves the user's location privacy at two levels, namely, at proximity level, while forming congregation, and at distant level, while sending encrypted locations to TP and TP performs computation over encrypted input values thereafter.

Congregation Model
The model suggests that the query issuer congregates with other K − 1 users as a group and computes the aggregate without knowing the exact locations of the peers.The mobile user mu first broadcasts a congregate message to neighboring nodes and shows the intent to use location service.Upon receiving the congregate message, willing neighboring nodes send acknowledgment and an ad hoc congregation is formed.
Figure 5 presents the congregation model used in our system model.The mobile user A considers to be the query issuer node, the one who wants to use location related services.In order to keep the actual location coordinates unknown to others, locations are perturbed by adding a random split to the actual locations.Whole protocol goes as follows.
(1) The mobile user mu (the query issuer) adds the random noise to her actual location coordinate (, ) and generates a tweaked version of the real location, given as (2) mu broadcasts a congregate message to all neighboring nodes using her tweaked location coordinates to form an ad hoc congregation ∁.
(3) Willing nodes acknowledge and mu selects K neighbors to form ∁. If lesser than K neighbors acknowledge, step ( 2) is repeated until required ∁ is formed  which satisfies K.If K requirement is not fulfilled within a period of Δ, abort and reinitiate the process after T time interval.The paucity of enough K users may introduce unnecessary delay in the query.Therefore, it becomes critical to choose an appropriate value of K.For instance, why would a user feel protected for K = 10 but not the same when K = 9?In many cases K is demographic dependent, as specifying a larger K is acceptable for highly populated area, but choosing the same K value in a deserted area can cause delay in the requested service.(4) mu randomly selects a node as congregation executor,  ∁ .The responsibility of  ∁  is to facilitate the communication for a congregation ∁  .(5) Now,  ∁ chooses and splits two sufficiently large random shares S  and S  such that Splits are generated in such a way that (6)  ∁ sends splits to all the members of ∁.
In Figure 5 node A is the query issuer, while nodes B, C, D, E, F, and G are the peer members of ∁.Node D is randomly selected as  ∁ and K = 6 is assumed.

Protocol 2 (∁ to TP communication).
(a) mu encrypts ( ∁ ,  ∁ ) by her own public key (pk) and gets the encrypted value E( ∁ ,  ∁ ).(b) mu generates the query describes as Q: ⟨E ( ∁ ,  ∁ ) , BS ∁ , K, " specific search string " ⟩ , (6) where BS ∁ is the identifier of the base station under which umbrella ∁ is formed and K is the anonymity parameter specified by mu.

Homomorphic Encryption
An efficient and straightforward remedy to preserve user privacy in location (or any cloud based) services is to encrypt the information before sending to the service provider.Nonetheless, this straightforward arrangement has a critical downside in that if the information is scrambled utilizing a routine encryption method, the service provider (or cloud) can not process the information without decrypting it first.Obviously, sharing the secret decryption key with service provider again puts the same problem of privacy at stake.
In order to eliminate the mentioned problem of user privacy, a homomorphic encryption technique is used that permits some calculation to be performed specifically on encrypted information without any decryption [29].
Broadly, homomorphic encryption can be defined as follows: Suppose P represents the plain texts set, C represents corresponding set of cipher texts, and ENC denotes given encryption function; the cryptosystem is said to be homomorphic if it satisfies where ⊙ P in P and ⊙ C in C are some operators.We call such disposition an additive homomorphism if we use addition operators and a multiplicative homomorphism if we use multiplication operators.Homomorphism supports both types of encryption scheme: a symmetric key encryption and an asymmetric key encryption.There are three key elements required to specify a public key (or asymmetric) cryptosystem: an encryption algorithm ENC pk , a decryption algorithm DEC sk , and a key-pair generator algorithm that produces the public key and secret key (or private key) pair.The ENC pk algorithm takes the plain text and produces the encrypted text using public key pk.The output of ENC pk becomes input for DEC sk algorithm and encrypted text decrypts using the secret key sk.Homomorphic encryption permits calculations to be done on encrypted data (or cipher text).The computations are done in such a way that result when decrypted (using sk) matches the results of operations performed on the plain text.
Our proposed hybrid model takes the advantage of the homomorphic encryption property which allows the operations to be performed over encrypted data without decrypting it.Unlike existing addition and multiplication operations over encrypted data, we suggest difference (or subtraction) operation over encrypted data.However, existing cryptosystem that supports additive homomorphism [30,31] is used to perform the proposed operation.

Proposed Hybrid Model
Hybrid model is built upon the concept of collaborative congregation and use of third party to mediate the results in a more effective way.The hybrid scheme appears to be centralized (due to TP) yet decentralized as no user locations are disclosed even to TP during entire communication.TP is used to provide computational support that makes the overall communication faster and efficient.
Following are the phases of our proposed scheme.
Phase 1 (ad hoc congregation ∁).Mobile user mu, who wants to avail the location service, first broadcasts a congregate message to neighbors until required K users respond.This phase ends with a formation of ∁ and a computed pair of ( ∁ ,  ∁ ) at mu as per Protocol 1 of Section 3. mu encrypts the centroid coordinates ( ∁ ,  ∁ ) with her own public key (pk) and forwards the query Q to TP as per Protocol 2 of Section 3.
Phase 2 (communication from TP to LBS and back).Once TP receives Q, it strips off E( ∁ ,  ∁ ) and forwards remaining Q to LBS provider.According to  ∁ relevance, LBS look into the assisted database and returns top K candidate results to the TP given as where CR represents the candidate result.
Phase 3 (TP computation).TP preprocesses the data by multiplying all the items of candidate result set by a constant (−1) and encrypts this modified CR by mu's public key.

E (CR)
: TP now has encrypted centroid coordinates E( ∁ ,  ∁ ), and encrypted set of candidate results E(CR).The motive is to find the distance between the target point (centroid here) and the relevant points sent by the LBS provider so that the proximity of two can be measured.An additive homomorphic encryption is then applied to ( ∁ ,  ∁ ) and each item of encrypted candidate result set separately given as TP forwards the encrypted results and CR (in plain text) to mu.The purpose of having TP between mu and LBS is to perform certain computation such that the information retrieval becomes faster and relevant that too without losing any location privacy.
Phase 4 (decryption at mu).The mu has K encrypted values that can be viewed as the distances between the encrypted coordinates sent by ∁ and the candidate result points sent by the LBS provider.mu deciphers them using her own secret key (sk).Let decryption gives the set of distances D. Clearly, the minimum, min(D), among all distance values is the most relevant result.mu keeps the corresponding location (1) Function: Communication using Hybrid System Model (2) //Phase 1: Ad hoc Congregation ∁ (3) Let mobile user "" starts the query and K represents the number of users required to form ∁ (4) Let S be the set to count numbers of neighbors responded (5) Initially, ∁(K) = 0, S = 0,  = 0 (6) Let 's actual location coordinates = (, ) (7) (  ,   ) = ( +   ,  +   ) (8) while ( ≤ K) do (9)  broadcasts a CONGREGATE message to neighbors (10) Let coordinate against min(D) and sends remaining results to all the members of ∁.Algorithm Description.The algorithm, HYB solution, gives pseudocode for the overall communication of our proposed hybrid system model.A congregation is formed (lines ( 7)-( 15) in Algorithm 1), a pair of coordinates are computed (lines ( 16)- (19)

Empirical Evaluation
We develop the simulation scenario and implemented the same in Java.We run it on an Intel Core 3.20 GHz machine with 4 GB of RAM running Linux OS.We experimented the

Anonymity Parameter and Key Size Impact over TP
Computation-II.The first experiment explores the impact of anonymity parameter with different key sizes over the performance of the system in terms of the computation time.The algorithm TP Computation-II computes the homomorphic encryption.
Analysis.Figure 6 shows the average time taken by TP to perform operations over encrypted data.It can be seen that time taken is very less (less than a second) for those combinations where key size (N) and K are low.As we move left to right through -axis in the graph, the time increases beyond acceptable threshold and makes the framework costly in terms of time for higher values of N and K.

Anonymity Parameter and Key
Size Impact over Decryption Computation at mu.This evaluation shows the time taken to decrypt the encrypted results.Decryption is performed using mu's secret key which is secure and not shared with any other party.
Analysis.Figure 7 shows the average computation time for decryption.The effect of K and N is more or less similar as in the case discussed before.It is clear that computation time is lesser for smaller K and N values; on the other hand, computation cost becomes exorbitantly expensive for higher K, N values combination.

Effect of Size of ∁ over Miscellaneous Computation.
Min-Dist is used to calculate the minimum among all the values received after decryption.TP Computation-I preprocesses the input and Centroid Function computes the centroid of locations.These processes also contribute to the overall time of HYB solution.
Analysis.Figure 8 shows that, for lower K values, the computation time is lower.However, time taken for higher K (150 and 200) is much lesser compared to the time taken by TP Computation-II and becomes less significant when added to the overall computation cost.
The value of K specified by the mobile user mu and the key size used for encryption impacts the overall computation time to a large extent.The balanced combination of these two parameters produces the optimum results.Moreover, the public key encryption enabled the secure communication as no key distribution is now needed.As the location data is encrypted under mu's public key and decryption takes place at mu with the secret key she has, it makes the overall solution secure and reliable.

Conclusion
This paper first addressed the issues in TTP based and TTP-free frameworks and presented a hybrid solution that makes effective use of the advantages both the approaches possess, to preserve location privacy of the user through congregation and homomorphic encryption.The novelty of Enc (X c , Y c ), D 1 , D 2 , . . ., D k R 1 , R 2 , . . ., Base station transmission range Mobile user under base station range

Figure 5 :
Figure 5: An instance of ad hoc congregation.

( 7 )
Upon receiving the split, each neighbor (including mu) computes a new location (  ,   ) by adding the received split value to their actual location coordinates and send them back to  ∁ .( ,   ) = (  + S , ,   + S , ) .
(a) The utilized mobile devices are Location Based Services enabled and have the ability to determine their approximate location.(b) The TP possess required computation power and processing potential.(c) Location queries are sporadic, pull-based, and specific in nature.(d)Generation of ⟨Public-Private⟩ key pair at mu is implicit.

Figure 6 :
Figure 6: Anonymity parameter and key size impact over TP Computation-I.

Figure 7 :
Figure 7: Anonymity parameter and key size impact over decryption.

Figure 8 :
Figure 8: Miscellaneous computation time dependence over anonymity parameter K.