Privacy-Preserving Location-Based Query Using Location Indexes and Parallel Searching in Distributed Networks

An efficient location-based query algorithm of protecting the privacy of the user in the distributed networks is given. This algorithm utilizes the location indexes of the users and multiple parallel threads to search and select quickly all the candidate anonymous sets with more users and their location information with more uniform distribution to accelerate the execution of the temporal-spatial anonymous operations, and it allows the users to configure their custom-made privacy-preserving location query requests. The simulated experiment results show that the proposed algorithm can offer simultaneously the location query services for more users and improve the performance of the anonymous server and satisfy the anonymous location requests of the users.


Introduction
Recently, with the development of the mobile wireless communication location technology, the location-based service is emerged. The location information of the users is made of their identifiers and temporal and spatial information [1]. Another important problem related to the location information services is to preserve the location privacy of the user [2]. Using the anonymity on the location-based services [3] is a direct and effective method to prevent the quasi identifiers of the users. Gruteser et al. [4] introduced the k-anonymity model to investigate the problem of preserving the location privacy of the users. Kido et al. [5] used the dummies to study the anonymous communication technique for the locationbased services.
One of the key issues for the privacy-preserving locationbased services in the distributed networks is to balance the quality of query services and the privacy protection of the users. In this paper, we will propose an efficient privacypreserving location-based query algorithm using parallel searching to improve the efficiency of the anonymous server, which not only can protect the location privacy of the user but also obtain the location query services. The remainder of this paper is organized as follows. In Section 2, we give the related work about the privacy-preserving location-based techniques. In Section 3, we propose an efficient privacypreserving location-based query algorithm using location indexes and parallel searching in the distributed networks. Section 4 reports the simulated experimental results. Section 5 concludes the paper.

Related Work
By applying the personalized k-anonymity model, Gedik and Liu [6] proposed the architecture and the algorithms to protect the location privacy of the user. Chow et al. [7] proposed a distributed k-anonymity model and a peer-topeer spatial cloaking algorithm for the anonymous locationbased services. Ghinita et al. [8] investigated the anonymous location-based query method in the distributed mobile systems. By using the distributed hash table to select the anonymous set of the users, Ghinita et al. [9] implemented the anonymous location-based query services in the mobile P2P system. Zhong and Hengartner [10] used the secure multiparty computation protocol to design a distributed kanonymity protocol for protecting the location privacy. By using the obfuscation method and vague location information of the user, Duckham and Kulik [11] presented a privacy-preserving location query algorithm. Mokbel [12] proposed a location-obfuscation method which allows the 2 The Scientific World Journal server to record the real identifier of the user but decreases the precision of the location information to protect the location privacy. By introducing the trusted third party, Mokbel et al. [13] proposed a location service query method without compromising privacy.
By using the space transformation, Khoshgozaran and Shahabi [14] gave a blind evaluation of the nearest neighbor query to protect the location privacy. Ghinita et al. [15] studied the private query method in the location-based services by partitioning the space into several areas and mapping these areas into the points in Hilbert curve. Pietro and Viejo [16] developed a probabilistic and scalable protocol which guarantees the location privacy of the sensors replying to the query. Raj et al. [17] proposed a realistic semiglobal eavesdropping attack model and showed its effectiveness in compromising an existing source-location preserving technique and designed a new protocol which preservesangle anonymity by adapting the conventional function of data mules. Zhao et al. [18] developed the optimal solutions to some special cases through dynamic programming and several heuristics for the general case to the location privacy-preserving problem. Pingley et al. [19] implemented a context-aware privacy-preserving location-based services system with integrated protection for both data privacy and communication anonymity and integrated it with Google Maps. Tan [20] proposed a conditional privacy-preserving authentication and access control scheme for the pervasive computing environments, in which the registration servers and authentication servers do not need to maintain any sensitive verification tables. Xi et al. [21] showed that the privacy-preserving shortest path routing problem can be solved with the private information retrieval techniques without disclosing the origin or the destination.
By introducing local suppression to trajectory data anonymization to enhance the resulting data utility, Chen et al. [22] obtained a ( , ) -privacy model on trajectory data without paying extra utility and computation cost and proposed an anonymization framework that is independent of the underlying data utility metrics and is suitable for different trajectory data mining workloads. Based on extending the private equality primitive, Buchanan et al. [23] presented a novel encryption method for preserving the location and trajectory path of a user by privacy-enhancing technologies, which has significant improvement in the computation speed.
Cicek et al. [24] grouped the points of interest to create obfuscation areas around sensitive locations and used the map anonymization as a model to anonymize the trajectories and proposed a new privacy metric p-confidentiality that ensures location diversity by bounding the probability of a user visiting a sensitive location with the input parameters. Li and Jung [25] proposed a fine-grained privacy-preserving location query protocol (PLQL) to solve the privacy issues in existing LBS applications and provide various locationbased queries. The protocol PLQL can implement semifunctional encryption by novel distance computation and comparison protocol and support multilevel access control. Dewri and Thurimella [26] proposed a user-centric locationbased service architecture, that the users can observe the impact of location inaccuracy on the service accuracy, and · · · · · · · · · User 1 User 2 User 3 User n Figure 1: Location-based services system with the anonymous server.
constructed a local search application and demonstrated how the meaningful information can be exchanged between the user and the service provider to allow the inference of contours depicting the change in the query results across a geographic area.

Anonymous Location Query Services
System. The privacypreserving location-based services system in the distributed networks includes mobile users, communication services providers CS, and location service providers LS, in which the independent trusted third party will provide the anonymous servers AS [6], which is described in Figure 1.
The anonymous location-based query process is as follows.
Step 1. The users acquire their locations ( , , ) via the communication services provider, where and are the twodimensional location coordinates of the users, respectively, and represents the location precision.
Step 2. The users send the service request information (Uid, ( , , ), profile( min , max , , , , Pre), Cont) to the anonymous server, where Uid is the identifier of the user, ( , , ) is the current location information of the user, profile ( min , max , , , , Pre) represents the configuration file of the users, min and max denote the minimum and maximum requirements for anonymous areas, and are the temporal and spatial anonymous requests, respectively, is the service time demand, Pre represents the set to the anonymity priority or services priority, and Cont is the content of the query.
Step 3. The anonymous server receives the request from the user, generates the anonymous sets, and sends the information (( , , ), (zid 1 , Cont 1 ), . . . , (zid , Cont )) to the location service server, where ( , , ) is the anonymous area and zid is the th anonymous identifier of the user and Cont The Scientific World Journal 3 represents the content of the th request from the user, = 1 ∼ .
Step 4. The location service server receives the requests of the user and returns the processed results (zid 1 , result 1 ), . . . , (zid , result ) to the anonymous server, and the anonymous server sends the transformed ID result to the user.

Privacy-Preserving Location Query Algorithm.
Assume that the users want to request location-based query services and the ith anonymous request is , ≥ max{ }. If the users are evenly distributed in the space range, the probability that their request information can be guessed will be 1/ and the probability that the actual locations of the users can be guessed will be 1/( 2 ), respectively. We know the more the users in the space range, the more the anonymous requests and the larger the generated anonymous area, the better the anonymous effect. But the computational cost to search the anonymous space will increase, and the quality of obtained location-based services may be relatively poor. The multiple searching threads are executed in parallel to accelerate the generation of the candidate anonymous set for each request queue and compute the density = /( 2 ) of the user for all the candidate anonymous sets and the distribution of the users in the anonymous sets where is the number of the users in the th quadrant among the four partitioned quadrants, = 1 ∼ 4. When the location anonymous server has received the request from the user, it searches the location indexes in Btree and inserts the location information into the request queue. If it is necessary to establish a new request queue, the location indexes will be updated. The multiple threads search in parallel and select quickly the anonymous areas in the request queues. The anonymous server handles the selected anonymous areas and provides the appropriate location services for the users.
To establish the bidirectional indexes, each element in the request queues is arranged into the form (Uid, ⟨ , , ⟩, ⟨ min , max , , , , pre⟩, Cont, * next, * pre). The performance of the anonymous server is directly affected by the number of the request queues on the anonymous server. We assume that there are location query requests and request queues on the anonymous server; the location query requests are evenly distributed in the range with area and the maximum anonymous radius , and the number of the request queues is /( 2 ). B-tree is used to construct the location indexes with the directions and on the anonymous server. The two main algorithms running on the anonymous server are the Request Enqueue Algorithm and Anonymous Set Generation Algorithm, which are described as follows.
(2) B-tree indexes with the condition | − | < 2 max along the direction is searched.
(2.1) If the searching in the direction is unsuccessful, the request is inserted into the queue, the indexes in the direction are updated, and the indexes in the direction are added. (2.2) If the searching in the direction is successful, B-tree index with the condition | − | < 2 max along the direction is searched.
(2.2.1) If the searching in the direction is unsuccessful, the current request is inserted into the request queue and the indexes in the direction are updated. (2.2.2) If the searching in the direction is successful, the current request is inserted into the request queue in the chronological order. End.

Algorithm 2. Anonymous Set Generation Algorithm.
Begin (1) The temporal-spatial queue is constructed, which each element in links a request queue.
(2) The Request Enqueue Algorithm is executed to generate a new request queue (Uid, ⟨ , , ⟩, ⟨ min , max , , , , pre⟩, Content, * next, * pre) and this request queue is inserted into queue in the chronological order, where and represent the space and time respectively.
(3) Each element in queue is searched, and multiple threads are generated according to the condition | − | < , where is the time when the element in queue wants to generate the request queue, is the current time of the running system, and is the threshold. Each request queue is assigned to a thread.
(4) Multiple threads are run in parallel, and each thread is responsible for the following operations.
(4.1) If the number of the elements in the request queue is smaller than , the elements which satisfy the condition | − | < are searched and those elements with priority pre are deleted to form request queue set Ω. When Ω is not empty, the density of the user is queried by the communication service provider, anonymous area and radius with the minimum anonymous request are computed, and the anonymous request set is generated by the radius and the centroid of all elements in set Ω. The ID disturbing algorithm is executed to disturb the ID of the user and the anonymous request set is submitted to the location services server.

2) If
≤ min{ max }, a candidate anonymous area with circle center ( 0 , 0 ) and radius min{ max } is generated.   3) The ID disturbing algorithm is executed to disturb the ID of the user, set is submitted to the location service server, and queue is renewed by the elements which are not in set and the location indexes are updated. End.

Experiment
We used a multicore computer to simulate the anonymous server and the PC computers to simulate the users to request concurrently the location services. Redhat 5.1 and MySQL 5.5 are run on the anonymous server, respectively, and Ubuntu 10.04 is run on the clients. The presented algorithms are implemented by Java programming with JDK7.0 and socket communication. The Thomas Brinkhoff road network data generator is applied to produce the location service requests, and the OldenBurg urban communication network information is used as the input data of the road network data generator. The anonymous server deals with the location query and the anonymous requests from the users. The value of pre is set to service priority. The values of the relative experimental parameters are listed in Table 1.
We first test that the waiting time of the user and the average anonymous value of are how to impact the ratio of the temporal-spatial anonymity. The obtained simulation experimental result is given in Figure 2.
From Figure 2, we can see that the longer the waiting time of the user, the higher the ratio of the temporal-spatial anonymity and the smaller the average anonymous request, the higher the ratio of the temporal-spatial anonymity.
The result in Figure 3 shows that the larger the anonymous space request, the higher the ratio of the temporalspatial anonymity and the ratio of the temporal-spatial anonymity changes significantly along with the increase of the anonymous space request. This illustrates that the different anonymous space requests will affect remarkably the ratio of the temporal-spatial anonymity.
The required processing time and the anonymous area about our algorithm and the Bottom up algorithm [13] are shown in Figures 4 and 5, respectively, where the minimum anonymous range partitioned some small square areas with The Scientific World Journal 5  a length of 300 m of a side and 3 users are initially contained within the minimum anonymous range.
We can see form Figure 4 that the required processing time for the Bottom up algorithm is much less than the required time for our algorithm. This is because our algorithm wants to process more location service requests than the Bottom up algorithm in order to achieve better privacypreserving effect.
The results in Figure 5 show that along with the increase of the value of , the anonymous area for the Bottom up algorithm is increased, but the anonymous area for our algorithm is relatively stable; when the value of is larger than 5.5, the anonymous area for our algorithm is smaller and the quality of the anonymous location service is better; in other words, the degree of privacy protection for our algorithm is higher. Figure 6 gives the size of the processed anonymous data, in which our algorithm and the Bottom up algorithm are executed in 20 minutes.
We can see from Figure 6 that, if there are adequate location service requests, our presented algorithm executes multiple parallel threads to search quickly the candidate anonymous sets and it can process more location service requests than the Bottom up algorithm. That is to say, our algorithm can offer simultaneously services for more users.

Conclusion
The main contribution of this paper is to establish the location request queues according to the location indexes of the users such that the size of searching information can be remarkably reduced when the anonymous operations are executed and the selection of the anonymous sets on the anonymous server can be speeded up by executing multiple threads to search in parallel the candidate anonymous sets. The presented efficient privacy-preserving location-based query algorithm can obtain better location information services. The next work is to integrate the anonymous locations and the trajectory services into cartographic information and history data to develop the trajectory privacy-preserving method in the distributed networks.