Académique Documents
Professionnel Documents
Culture Documents
I.
INTRODUCTION
213
RELATED WORKS
III.
PRELIMINARIES
214
i+1
i+1
i+1
i+1
i+2
(1)
(2)
Figure 2. Example Privacy for Continuous Query. (a) Cloaking Set at ti;
(b) Cloaking Set at ti+1 (c) Cloaking Set at ti+2.
C. Cloaking Principle
The mobile client sends a new query in the form of (l, p,
Tq, Texp, Con). Where l =(x, y) is the latitude and longitude of
the clients location and their value can be determined by
GPS or other positioning components. p represents the
privacy parameters which will be discussed later. Tq is the
215
(3)
IV.
ALGORITHM
A. Algorithm Depiction
We propose the Velocity based Dynamic Cloaking
Algorithm (V-DCA) in this section. The velocity similarity
and acceleration similarity are considered for each snapshot
cloaking. V-DCA is a history-based cloaking strategy that
believes the queries cloaked together at time ti-1 have higher
likelihood staying together at ti. So when generating the
cloaking region Ri, the clients in the nearest m successfully
cloaking regions should be given prior consideration.
When a new query q comes, we search all the clients in
the pre-cloaked set Rset and check if they satisfy the
condition (1) in definition 3 while forming a cloaking
region. If so, q should be cloaked with the one causing the
lowest data distortion. Otherwise, the cloaking step will be
skipped to the next snapshot. These steps continue until
there are no clients to be cloaked together any more (step 414). Then the velocity similarity and acceleration similarity
will be calculated (step 15-18). After which, only the
cloaking region meeting the requirement of klocal and p is
treated as the qualified cloaking region (step 20-22).
For the subsequent snapshot i in the query lifetime, we
respectively check the satisfaction of the q by adding each
client in Ri-1, Ri-2,, Ri-m into Si. The client causing the
lowest data distortion is chosen into Si. The steps will be
repeated until the size of Si doesnt change (step 23-25). The
cloaking step continues if and only if the intersection size of
Si and all the previous cloaking sets is larger than kglobal. The
MBR ri covering Si can be a candidate cloaking region (step
26-27). For a continuous query, the privacy is depending on
kglobal and the klocal restriction in the following snapshot
should be ignored. Finally, the privacy model p is
calculated. If it is not satisfied, ri is expanded from all the
sides until it is equal to p and Ri=ri (step 28-30). When all
these conditions are achieved, V-DCA proceeds to issue the
snapshot query to the LBS with Ri (step 31). Otherwise, the
snapshot will be suppressed and the cloaking engine will
process the subsequent snapshots (step 32-33). The detailed
algorithm is depicted as follows:
D. Anonymizing Goal
Definition 2. (Privacy parameter) In our system, the user
can define its own privacy parameters as it may differ a lot
due to different clients and occasions which can be
delivered to the anonymizing server together with the query:
klocal: It shows that at least klocal-1 other users should be
cloaked with the query client in the first snapshot. So the
probability of discovering the exact location is less than
1/klocal.
kglobal: The size of intersection of the current cloaking set
with those generated previously should be larger than kglobal.
The requirement of kglobal can resist the query tracking
attack. Though the adversaries may own all of the cloaking
sets, they cant distinguish the query client from at least
kglobal-1 others. However, in practice, kglobal may be defined
much smaller than klocal.
Definition 3. (Qualified cloaked region) For a particular
query q, the client q can be cloaked together with q should
satisfy the following conditions using formulas (1) (2) and
(3):
(1) A(R)q;
(2) Simv(q, q) ;
(3) SimA(q, q) ;
The first condition ensures that adding q into the
cloaking set meets the quality requirement. R is the cloaked
region formed by q and the clients already been cloaked
with q and the cloaking area A(R) is calculated with formula
(3). As a larger cloaking area indicates a higher data
distortion, we introduce q to limit data distortion in case
that it brings out bad QoS. q is combined with klocal and
kglobal to balance the privacy and quality. q can be
determined by the anonymizing server based on the history.
Conditions (2) and (3) give the velocity similarity and
acceleration similarity restrictions and for the clients
cloaked together. A region meeting all the conditions can be
a candidate cloaking region. If and only if the candidate
cloaking region CR at time t fulfills the flowing
prerequisites, CR is a qualified cloaking region:
|CRR1R2Rt-1|kglobal
This condition protects the client from query tracking
attack. The clients in the qualified cloaking region CR form
the qualified cloaking set.
Definition 4. (Evaluation <K, n>) Given a continuous
query, K represents the size of the intersection of all the
successfully cloaked sets formed consecutively. The
maximum number of cloaked sets meeting the privacy and
quality requirements in the continuous snapshots is denoted
as n.
Algorithm V-DCA
Input: query q <l, p, Tq, Texp, Con>
Output: cloaking region R
1. candidate cloaking set U= null, minA=1016, qmin=
null;
2. If q is fresh; /q is a newly established query*/
3. put q into U;
4. for q in Rset /searching each client q in the precloaked set Rset*/
5.
calculating the area A(r1) after q added;
6.
if A(r1)q / checking if they satisfy q quality
216
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
V.
K percentage =
| R1 R2 ... Rn |
100%
| R1 |
(4)
local 1
D (q, mi ) / (klocal 1)
(5)
(6)
(7)
Ct avg = i =1ton Ct ( Ri ) / n
(8)
B. Experiment Setup
Due to the privacy concerns, there are no real large-scale
moving object datasets published according to our
knowledge. We use the famous Thomas Brinkhoff Networkbased Generator of Moving Objects [25] as many works.
The road map we adopt is the highway of Shanghai. 300
217
C. Evaluation Results
The privacy guaranty comparison results are shown in
Fig. 4. In the Fig.4 (a), the results show that both V-DCA
and D-TC can achieve relative higher n (n>50) than GCA
when kglobal is smaller than 6, while V-DCA is much more
stable than D-TC. With the increase of the kglobal, the quality
model requirement (q=1.0e+7) cannot be achieved for all
the snapshots by GCA, the cloaking process failed.
However, V-DCA and D-TC can provide several (n<10)
consecutive successfully cloaked snapshots.
The quality model has a significant influence on n as
shown in Fig.4 (b). With the increase of quality restraint,
both V-DCA and D-TC can cloak successfully for a larger n
than GCA, while V-DCA performs relatively better than DTC. Telling from Fig.4 (a) and Fig.4 (b), we can infer that
V-DCA provides a larger number of consecutive successful
snapshots than D-TC and GCA, furthermore, the V-DCA
can provide more stable query response than the other two
algorithms.
The n and the quality model q also influence the
intersection percentage Kpercentage of the consecutive
successfully cloaked snapshots as shown in Fig.4 (c) and
Fig.4 (d). From Fig. 4 (c), we can find that the Kpercentage of
V-DCA is the highest among the three algorithms. Because
the GCA fails to satisfy the quality model requirement
(q=1.0e+7), its Kpercentage keeps zero, which indicates that
GCA cannot provide the same quality of continuous query
response service. Comparing with D-TC, the Kpercentage of VDCA is much more stable, steady with 0.42 for more than
80 snapshots; furthermore, it has a relative larger Kpercentage
when the number of snapshots reaches 70. Fig.4 (d)
compares the Kpercentage and the quality model q. The results
show that V-DCA has the highest Kpercentage throughout the
whole snapshots when satisfying the same quality model q.
The results suggest that with the same quality model
218
[3]
much faster than GCA for different kglobal requirement, VDCA and D-TC are equally matched. It is because that GCA
generates the cloaking area for each snapshot during the
entire section by estimating the distortion of the whole
query period, while V-DCA and D-TC only calculate the
current cloaking region.
Fig.6 (b) illustrates that V-DCA and D-TC have much
better performance than GCA for different quality models q
with 100 snapshots and kglobal set to 2. Furthermore, V-DCA
consumes less time than D-TC. The result indicates that the
performance of V-DCA is superior to both D-TC and GCA.
The performance varying with snapshot number n is
shown in Fig.6 (c). V-DCA and D-TC perform much better
than GCA as with Fig.6 (a) and Fig.6 (b). With the increase
of snapshots number, the average cloaking-time of GCA
deceases, but those of V-DCA and D-TC staying stable. At
the first sight, D-TC performs a little better than V-DCA in
the first few snapshots. Thats because we consider much
more factors such as velocity similarity and acceleration
similarity in order to achieve better privacy, However, VDCA is comparable with D-TC as we privilege the clients in
the nearest m successfully cloaking regions when generating
the new cloaking set in the long run.
According to the comparison and evaluation results of
the three algorithms, V-DCA can make a good balance
among privacy, QoS and performance. It can achieve the
privacy guaranty with a low QoS impairment and low
processing cost. V-DCA performs better than D-TC and
GCA in the circumstance which has a high QoS
requirement.
VI.
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
CONCLUSION
[17]
[18]
[19]
[20]
[21]
[22]
ACKNOWLEDGMENT
This work is partially supported by SafeNet research
award, by key technology research and development
program of Sichuan province under grant No.
M110106012009FZ0148, and by National Science
Association Foundation under grant number: U1230106.
[23]
[24]
REFERENCES
[1]
[2]
[25]
[26]
219
><
70
50
40
30
20
10
0
2
6
kglobal
10
80
50
40
30
50
60
50
40
30
20
20
10
10
0
2
10
40
30
20
10
0
10
20
30
V-DCA
D-TC
GCA
60
70
60
12
V-DCA
D-TC
GCA
90
k p e rce n ta ng e (% )
60
V-DCA
D-TC
GCA
80
n u m b e r o f s n a p s h o ts
70
n u m b e r o f s n a p s h o ts
100
90
V-DCA
D-TC
GCA
80
k p e rce n ta ng e (% )
90
40
50
60
70
80
90
10
number of snapshots
V-DCA
D-TC
GCA
10
160
V-DCA
D-TC
GCA
140
V-DCA
D-TC
GCA
120
100
10
80
60
40
20
0
0
0
kglobal
10
12
10
12
14
16
18
20
22
4
2
8
6
4
2
6
kglobal
10
50
60
70
80
12
V-DCA
D-TC
GCA
8
6
4
2
10
12
14
16
18
20
22
10
20
30
40
50
60
70
80
number of snapshots
90 100 110
V-DCA
D-TC
GCA
18
V-DCA
D-TC
GCA
60
30
35
25
20
15
10
16
40
40
20
14
V-DCA
D-TC
GCA
12
10
8
6
4
2
0
0
kglobal
6
10
12
90
40
10
30
number of snapshots
V-DCA
D-TC
GCA
10
20
V-DCA
D-TC
GCA
10
10
quality model(m*m)*10^7
0
0
10
12
14
16
18
20
22
20
40
60
80
number of snapshots
220
100