保护位置隐私的效用优化本地差分隐私机制

摘要/Abstract

摘要： 移动设备收集用户的地理位置数据用以提供个性化服务，同时也会产生数据泄露的潜在风险。现有地理位置差分隐私保护机制对于不同地理位置隐私保护级别等同对待，效用优化本地差分隐私（ULDP）考虑了对数据加以不同级别的隐私保护，但仅适用于类别型数据的频率估计，在地理位置隐私保护方面没有应用。考虑ULDP机制下的地理位置保护方案，将平方机制进行改造，提出效用优化的平方机制（USM）。该机制对于敏感地理位置满足本地差分隐私，对于非敏感地理位置不作安全性要求以提高整体效用。选取2种不同的真实地理位置数据集，在隐私预算相同的条件下将USM与平方机制进行对比实验，理论分析和实验结果表明USM在效用方面有显著提升。本文同时还展望了本机制进一步优化的可能方向。

关键词: 位置隐私, 隐私保护, 差分隐私, 平方机制

Abstract: Mobile devices collect users’ geographic location data to provide personalized services, which will also produce the potential risk of data leakage. The existing geographic location differential privacy protection mechanism treats different geographic location privacy protection levels equally. Utility-optimized local differential privacy (ULDP) considers different levels of privacy protection for data, but it is only applicable to the frequency estimation of category data and has no application in geographic location privacy protection. Considering the geographic location protection scheme under ULDP mechanism, the square mechanism is transformed, and a utility-optimized square mechanism (USM) is proposed. This mechanism meets the local differential privacy for sensitive geographical locations and does not make security requirements for non-sensitive geographical locations to improve the overall utility. Two different real geographic data sets are selected to compare USM with square mechanism under the condition of the same privacy budget. Theoretical analysis and experimental results show that USM has significantly improved in its effectiveness. At the same time, it also looks forward to the possible direction of further optimization of this mechanism.

Key words: location privacy, privacy protection, differential privacy, square mechanism

冯立刚, 朱友文, . 保护位置隐私的效用优化本地差分隐私机制[J]. 计算机与现代化, 2022, 0(09): 99-105.

FENG Li-gang, ZHU You-wen, . Utility-optimized Local Differential Privacy Mechanism for Protecting Location Privacy[J]. Computer and Modernization, 2022, 0(09): 99-105.

参考文献［28］

［1］	WANG L, YANG D Q, HAN X, et al． Location privacy preserving task allocation for mobile crowd sensing with differential geo-obfuscation［C］// Proceedings of the 26th International Conference on World Wide Web. 2017:627-636.
［2］	TO H, SHAHABI C, XIONG L. Privacy-preserving online task assignment in spatial crowdsourcing with untrusted server［C］// 2018 IEEE 34th International Conference on Data Engineering (ICDE). 2018:833-844.
［3］	BENNETT P N, RADLINSKI F, WHITE R W, et al. Inferring and using location metadata to personalize Web search［C］// Proceeding of the 34th International ACM SIGIR Conference on Research and Development in Information Retrieval. 2011:135-144.
［4］	PAN J J, LI G L, HU J T. Ridesharing: Simulator, benchmark, and evaluation［J］. Proceedings of the VLDB Endowment, 2019,12(10):1085-1098.
［5］	李晓会,陈潮阳,白雨靓,等. 一种轨迹隐私保护服务推荐模型研究［J］. 小型微型计算机系统, 2021,42(5):990-995.
［6］	李兰,张才宝,奚舒舒,等. 一种身份认证下交换查询的轨迹位置保护算法［J］. 小型微型计算机系统, 2021,42(6):1340-1344.
［7］	陈潇然,唐晓岚,陈文龙,等. 城市车载网络的路边单元部署机制［J］. 小型微型计算机系统, 2021,42(3):601-608.
［8］	ZHANG D Q, WANG L, XIONG H Y, et al. 4W1H in mobile crowd sensing［J］. IEEE Communications Magazine, 2014,52(8):42-48.
［9］	王乐业. 群智感知中的地理位置本地化差分隐私机制:现状与机遇［J］. 计算机科学, 2021,48(6):301-305.
［10］	WANG J, WANG L, WANG Y, et al. Task allocation in mobile crowd sensing: State-of-the-art and future opportunities［J］. IEEE Internet of Things Journal, 2018,5(5):3747-3757.
［11］	顾一鸣,白光伟,沈航,等. 基于预先缓存的连续查询隐私保护机制［J］. 计算机科学, 2019,46(5):122-128.
［12］	GRUTESTER M, GRUNWALD D. Anonymous usage of location-based services through spatial and temporal cloaking［C］// Proceedings of the 1st International Conference on Mobile Systems, Applications and Services. 2003:31-42.
［13］	DWORK C. Differential privacy: A survey of results［C］// International Conference on Theory and Applications of Models of Computation. 2006:1-19.
［14］	NIU B, ZHANG Z Y, LI X Q, et al． Privacy-area aware dummy generation algorithms for location-based services［C］// 2014 IEEE International Conference on Communications (ICC)． 2014:957-962.〖HJ1.1mm〗
［15］	SUN Y P, ZHANG B F, ZHAO B K, et al． Mix-zones optimal deployment for protecting location privacy in VANET［J］. Peer-to-peer Networking and Applications, 2015,8(6):1108-1121．
［16］	ERLINGSSON U, PIHUR V, KOROLOVA A. RAPPOR:Randomized aggregatable privacy-preserving ordinal response［C］// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014:1054-1067.
［17］	CORMODE G, JHA S, KULKARNI T, et al. Privacy at scale: Local differential privacy in practice［C］// Proceedings of the 2018 International Conference on Management of Data. 2018:1655-1658.
［18］	BORDENABE N E, CHATZIKOKOLAKIS K, PALAMIDESSI C. Optimal geo-indistinguishable mechanisms for location privacy［C］// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014:251-262.
［19］	GU X L, LI M, CAO Y, et al. Supporting both range queries and frequency estimation with local differential privacy［C］// 2019 IEEE Conference on Communications and Network Security (CNS). 2019:124-132.
［20］	ANDRES M E, BORDENABE N E, CHATZIKOKOLAKIS K, et al. Geo-indistinguishability: Differential privacy for location-based systems［C］// Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. 2013:901-914.
［21］	WANG N, XIAO X K, YANG Y, et al. Collecting and analyzing multidimensional data with local differential privacy［C］// 2019 IEEE 35th International Conference on Data Engineering (ICDE). 2019:638-649.
［22］	HONG D, JUNG W, SHIM K. Collecting geospatial data with local differential privacy for personalized services［C］// 2021 IEEE 37th International Conference on Data Engineering (ICDE). 2021:2237-2242.
［23］	TAKAO M, YUSUKE K. Utility-optimized local differential privacy mechanisms for distribution estimation［C］// Proceedings of the 28th USENIX Security Symposium. 2018:1877-1894.
［24］	POWELL M. A direct search optimization method that models the objective and constraint functions by linear interpolation［C］// Advances in Optimization and Numerical Analysis. 1994:51-67.
［25］	GU X L, LI M, LI X, et al. Providing input-discriminative protection for local differential privacy［C］// 2020 IEEE 36th International Conference on Data Engineering (ICDE). 2020:505-516.
［26］	袁健,王迪,高喜龙,等. 基于差分隐私的匿名组LBS轨迹隐私保护模型［J］. 小型微型计算机系统, 2019,40(2):341-347.
［27］	白雨靓,李晓会,陈潮阳,等. 面向轨迹数据发布的优化抑制差分隐私保护研究［J］. 小型微型计算机系统, 2021,42(8):1787-1792.
［28］	胡德敏,詹涵. 可预测的差分扰动用户轨迹隐私保护方法［J］. 小型微型计算机系统, 2019,40(6):1286-1290.

[1]	查凯金, 王志波, 何月顺, 徐洪珍. 区块链安全保护研究综述[J]. 计算机与现代化, 2023, 0(06): 110-117.
[2]	张天喜, 王利朋, 周春天, 杨艳艳, 李晓冲. 物联网中基于区块链的密态内容审计方案[J]. 计算机与现代化, 2022, 0(03): 30-36.
[3]	赵龙, 龙士工, . 基于本地差分隐私的众包隐私保护方法[J]. 计算机与现代化, 2021, 0(07): 115-119.
[4]	左鹏,贺智谋,袁梦,张海阔,杨卫平. 基于加密传输的标识解析模型研究[J]. 计算机与现代化, 2020, 0(04): 46-.
[5]	尚靖伟1,2，姜茸1,2，胡潇涵1,2，施明月1,2. 医疗大数据及隐私泄露[J]. 计算机与现代化, 2019, 0(07): 111-.
[6]	朱世照，薛善良. WSN中一种基于可控能耗的源位置隐私保护协议[J]. 计算机与现代化, 2017, 0(7): 95-100+123.
[7]	陈杨，于守健. 基于差分隐私的决策树发布技术研究[J]. 计算机与现代化, 2017, 0(3): 59-.
[8]	朱世照，薛善良. 一种WSN中多幻影节点源位置隐私保护协议[J]. 计算机与现代化, 2017, 0(2): 98-104+108.
[9]	何玉辉. 基于随机博弈的机会网络隐私保护机制[J]. 计算机与现代化, 2016, 0(9): 30-34.
[10]	夏小玲，刘慧艺. 面向数据流的差分隐私直方图发布[J]. 计算机与现代化, 2016, 0(2): 52-57.
[11]	戴颖玲，陈俊杰，周德华，陈杰朗. 一种改进的云存储数据完整性验证方案[J]. 计算机与现代化, 2016, 0(10): 92-95.
[12]	李沛谕，张治学. 基于可扩展加密的传感器网络数据隐私保护研究[J]. 计算机与现代化, 2015, 0(7): 34-.
[13]	刘博,黄志球,王珊珊. 一种隐私暴露风险控制的服务演化方法[J]. 计算机与现代化, 2014, 0(10): 76-80,107.
[14]	张兴兰;于金英. 一种支持数据修改的隐私保护策略[J]. 计算机与现代化, 2013, 1(8): 175-178,.
[15]	张兴兰;刘乐伟. 面向多敏感属性的隐私保护方法[J]. 计算机与现代化, 2013, 1(8): 168-171,.