Ali Khoshgozaran

Private queries in location based services: anonymizers are not necessary

Mobile devices equipped with positioning capabilities (e.g., GPS) can ask location-dependent queries to Location Based Services (LBS). To protect privacy, the user location must not be disclosed. Existing solutions utilize a trusted anonymizer between the users and the LBS. This approach has several drawbacks: (i) All users must trust the third party anonymizer, which is a single point of attack. (ii) A large number of cooperating, trustworthy users is needed. (iii) Privacy is guaranteed only for a single snapshot of user locations; users are not protected against correlation attacks (e.g., history of user movement). We propose a novel framework to support private location-dependent queries, based on the theoretical work on Private Information Retrieval (PIR). Our framework does not require a trusted third party, since privacy is achieved via cryptographic techniques. Compared to existing work, our approach achieves stronger privacy for snapshots of user locations; moreover, it is the first to provide provable privacy guarantees against correlation attacks. We use our framework to implement approximate and exact algorithms for nearest-neighbor search. We optimize query execution by employing data mining techniques, which identify redundant computations. Contrary to common belief, the experimental results suggest that PIR approaches incur reasonable overhead and are applicable in practice.

Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy

In this paper we propose a fundamental approach to perform the class of Nearest Neighbor (NN) queries, the core class of queries used in many of the location-based services, without revealing the origin of the query in order to preserve the privacy of this information. The idea behind our approach is to utilize one-way transformations to map the space of all static and dynamic objects to another space and resolve the query blindly in the transformed space. However, in order to become a viable approach, the transformation used should be able to resolve NN queries in the transformed space accurately and more importantly prevent malicious use of transformed data by untrusted entities. Traditional encryption based techniques incur expensive O(n) computation cost (where n is the total number of points in space) and possibly logarithmic communication cost for resolving a KNN query. This is because such approaches treat points as vectors in space and do not exploit their spatial properties. In contrast, we use Hilbert curves as efficient one-way transformations and design algorithms to evaluate a KNN query in the Hilbert transformed space. Consequently, we reduce the complexity of computing a KNN query to O(K × 22N/n) and transferring the results to the client in O(K), respectively, where N, the Hilbert curve degree, is a small constant. Our results show that we very closely approximate the result set generated from performing KNN queries in the original space while enforcing our new location privacy metrics termed u-anonymity and a-anonymity, which are stronger and more generalized privacy measures than the commonly used K-anonymity and cloaked region size measures.

Location privacy: going beyond K-anonymity, cloaking and anonymizers

With many location-based services, it is implicitly assumed that the location server receives actual users locations to respond to their spatial queries. Consequently, information customized to their locations, such as nearest points of interest can be provided. However, there is a major privacy concern over sharing such sensitive information with potentially malicious servers, jeopardizing users’ private information. The anonymity- and cloaking-based approaches proposed to address this problem cannot provide stringent privacy guarantees without incurring costly computation and communication overhead. Furthermore, they require a trusted intermediate anonymizer to protect user locations during query processing. This paper proposes a fundamental approach based on private information retrieval to process range and K-nearest neighbor queries, the prevalent queries used in many location-based services, with stronger privacy guarantees compared to those of the cloaking and anonymity approaches. We performed extensive experiments on both real-world and synthetic datasets to confirm the effectiveness of our approaches.

Private Information Retrieval Techniques for Enabling Location Privacy in Location-Based Services

The ubiquity of smartphones and other location-aware hand-held devices has resulted in a dramatic increase in popularity of location-based services (LBS) tailored to user locations. The comfort of LBS comes with a privacy cost. Various distressing privacy violations caused by sharing sensitive location information with potentially malicious services have highlighted the importance of location privacy research aiming to protect user privacy while interacting with LBS. The anonymity and cloaking-based approaches proposed to address this problem cannot provide stringent privacy guarantees without incurring costly computation and communication overhead. Furthermore, they mostly require a trusted intermediate anonymizer to protect a users location information during query processing. In this chapter, we review a set of fundamental approaches based on private information retrieval to process range and k-nearest neighbor queries, the elemental queries used in many Location Based Services, with significantly stronger privacy guarantees as opposed to cloaking or anonymity approaches.

GeoDec: A framework to visualize and query geospatial data for decision-making

There is a critical need for advanced geospatial decision-making tools for countless geospatial applications, such as urban planning, emergency response, military intelligence, simulator training, and serious gaming. With the abundance of available geospatial data - such as satellite and aerial imagery - the most effective approach to geospatial decision-making is through sophisticated virtualization. An ideal application designed to formulate and evaluate decision-making questions should contain realistic modeling, a host of geotagged and time-stamped data sets, and efficient presentation of a basic set of spatiotemporal queries on top of the information-rich virtual geolocation.

Blind evaluation of location based queries using space transformation to preserve location privacy

In this paper we propose a fundamental approach to perform the class of Range and Nearest Neighbor (NN) queries, the core class of spatial queries used in location-based services, without revealing any location information about the query in order to preserve users’ private location information. The idea behind our approach is to utilize the power of one-way transformations to map the space of all objects and queries to another space and resolve spatial queries blindly in the transformed space. Traditional encryption based techniques, solutions based on the theory of private information retrieval, or the recently proposed anonymity and cloaking based approaches cannot provide stringent privacy guarantees without incurring costly computation and/or communication overhead. In contrast, we propose efficient algorithms to evaluate KNN and range queries privately in the Hilbert transformed space. We also propose a dual curve query resolution technique which further reduces the costs of performing range and KNN queries using a single Hilbert curve. We experimentally evaluate the performance of our proposed range and KNN query processing techniques and verify the strong level of privacy achieved with acceptable computation and communication overhead.

A hybrid aggregation and compression technique for road network databases

Vector data and in particular road networks are being queried, hosted and processed in many application domains such as in mobile computing. Many client systems such as PDAs would prefer to receive the query results in unrasterized format without introducing an overhead on overall system performance and result size. While several general vector data compression schemes have been studied by different communities, we propose a novel approach in vector data compression which is easily integrated within a geospatial query processing system. It uses line aggregation to reduce the number of relevant tuples and Huffman compression to achieve a multi-resolution compressed representation of a road network database. Our experiments performed on an end-to-end prototype verify that our approach exhibits fast query processing on both client and server sides as well as high compression ratio.

A Multi-Resolution Compression Scheme for EfficientWindow Queries over Road Network Databases

Vector data and in particular road networks are being queried, hosted, and processed by many application domains such as mobile computing. However, many hosting/processing clients such as PDAs cannot afford this bulky data due to their storage and transmission limitations. In particular, the result of a typical spatial query such as window query is too huge for a transfer-and-store scenario. While several general vector data compression schemes have been studied by different communities, we propose a novel approach in vector data compression which is easily integrated within a geospatial query processing system. It uses line aggregation to reduce the number of relevant tuples and Huffman compression to achieve a multi-resolution compressed representation of a road network database. Our empirical results verify that our approach exhibits both a high compression ratio and fast query processing

GeoDec : a multi-layered query processing framework for spatio-temporal data

Harnessing the potential of todays ever growing and dynamic geospatial data requires the development of novel visual analysis interfaces, tools and technologies. In this paper, we present GeoDec, a generic framework capable of supporting queries and visualizations of real-world spatio-temporal data sets. We show, for various locations and applications, how our innovative Query Driven Design enhances the visual analysis of geospatial data through the interactive manipulation of queries and the temporal navigation of these query results.

Location privacy in geospatial decision-making

Geospatial data-sets are becoming commonplace in many application domains, especially in the area of decision-making. Current state-of-the-art in geospatial systems either lack the ease-of-use and efficiency or sophisticated querying and analysis features needed by these applications. To address these shortcomings, we have been working on a generic and scalable geospatial decision making system dubbed GeoDec. In this paper, we first discuss many of the new features of GeoDec, particularly its spatial querying utilities. Next, we argue that in some applications, a user of GeoDec may not want to reveal the location of the query and/or its result set to the GeoDec server to preserve his/her privacy. Hence, for GeoDec to remain applicable in these scenarios, it should be able to evaluate the spatial queries without knowing the locations of the query and/or results. Towards this end, we present our novel space-encoding approach which would enable the GeoDec server to evaluate the spatial queries blindly.