| 摘要: | 根據近期無線科技的研究顯示,具有無線網路、一定的計算能力、及儲存空間達十億位元組(Gigabyte)的行動設備越來越受到歡迎。此外,越來越多的行動裝置結合了定位的科技 (如GPS)。目前一些新興的行動應用可以讓使用者在無線網路無所不在(ubiquitous)的情境下,來做位置相關查詢。例如,移動的使用者發出包含"尋找最近的加油站"與"尋找前三近的餐廳"的位置相關查詢"。在行動運算環境中,位置隱私保護意味著安全與隱私性問題。當移動中的使用者發出一系列需求給一適地性服務 (Location-based service , LBS) 提供者, 使用者的移動軌跡可以經由服務的紀錄檔而被追蹤。 更糟的是,位置相關的查詢會暴露其他機密的使用者訊息,包括生活習慣、政黨與宗教傾向,也會導致不想收到的廣告(如垃圾郵件)。雖然並非所有與位置相關查詢都是極具隱私性,但保護使用者的位置隱私已經是一個漸漸受到重視及關注的議題。因此,能提供適地性服務且同時保護使用者位置隱私的查詢處理技術是非常重要的研究議題。在區域關連需求處理過程下,位置隱私性保護因為技術上的挑戰,有一個有趣的困境:我們需要精確的使用者位置來產生位置相關查詢的結果,然而受限於隱私性,我們又不希望暴露使用者的位置訊息給不受信任的實體的詢問。大部分已存在的解法採用 k-anonymity 模型來解決這樣的多方計算問題。為了實現這個模型,需要一個值得信賴的第三方(例如,位置cloaker)。位置cloaker 維持了系統中所有使用者目前所在的位置。除了直接傳送詢問給適地性服務提供者,一個使用者q 和位置cloaker 聯繫,位置cloaker 產生一個包含q 和其他q 周圍k-1 個使用者的區域來做詢問。然而,這些已存在的解法有許多缺點:首先,位置cloaker 是一個single point of failure-如果一個敵人取得位置cloaker 的控制權,所有使用者的隱私將受到危害。除此之外,由於位置cloaker 經常從使用者更新位置,所以有效能上的瓶頸。其次,為了產生適當大小的遮蔽區域,需要眾多的使用者參予。然而,如果部分使用者是惡意的, k-anonymity 模型提供的隱私性保護將會變弱甚至是產生漏洞。第三,只有單一快照式適地性詢問(single snapshot location-based query)的隱私受到保護,此種模型無法抵擋詢問追蹤攻擊與關聯性攻擊。最後,此模型假設敵人對於使用者一無所知,然而現實生活中這並不總是真的。攻擊者可以透過公開的資料集(dataset)(例如,投票人註冊清單)輕易地蒐集使用者背景訊息。因此,發展新技術來促進適地性服務的位置隱私保護,以增加使用量並且為國家帶來實質效益是極為重要的。本計畫技術目的是希望: 1. 發展空間加密與空間解密機制, 2. 設計能處理保護隱私性的空間需求處理機制, 3. 並發展精確的系統架構以支援現實生活的各種應用。本計畫也藉由將學生使用數學及技術的方法,來考量環境中安全性及資料管理的議題以提升教育深度。本計畫的成功將增加其他學術及商業領域針對適地性服務 (LBS) 的關注並為國家帶來實質的效益。 ; As a result of recent wireless technology advances, mobile devices with significant computational abilities, gigabytes of storage capacities, and wireless communication capabilities have increasingly become popular. In addition, positioning techniques like GPS are incorporated into an increasing number of mobile devices. Emerging mobile applications allow users to issue location-dependent queries in a ubiquitous manner. Typical examples of location-dependent queries include “find the nearest gas station” and “find the top three closest restaurants”. It is believed that location privacy preservation represents important security and privacy problems in mobile computing environments. For instance, when a mobile user launches a series of queries to a location-based service (LBS) provider, that user’s trajectory can be tracked through the service logs. Even worse, location-dependent queries can disclose other sensitive user information, including lifestyle habits, political, and religious affiliations, which may result in unsolicited advertisements (i.e., spams). Although it is true that not all location-dependent queries are privacy-sensitive, it is of growing importance to offer users the choice of protecting their location privacy when it is necessary. Therefore, query processing techniques that are capable of supporting location-based services while protecting users’ location privacy is a very intriguing and important research issue. Location privacy protection in the context of location-dependent query processing is technically challenging due to an interesting dilemma: precise user locations are needed to generate results for location-dependent queries, whereas privacy constraints do not allow revealing users’ location information to untrusted entities responding to the queries. Most existing solutions adopt the K-anonymity model to solve this multi-party computation problem. In order to apply this model, a trusted third-party (i.e., location cloaker) is employed. The location cloaker maintains the current locations of all users in the system. Instead of directly sending queries to location-based service providers, a user q contacts the location cloaker, which generates a cloaked region enclosing q as well as K – 1 other users around q. However, these existing solutions have several defects: First, the location cloaker is a single point of failure – if an adversary gains access to it, the privacy of all users is compromised. In addition, the location cloaker is also a performance bottleneck, because it has to maintain frequent location updates from users. Second, in order to generate cloaked regions with a reasonable size, a large number of participated users is required. However, if some of the users are malicious, the privacy protection provided by the K-anonymity model will be weakened or even breached. Third, from the perspective of queries, privacy is protected only for a single snapshot location-based query. Users are not protected from query tracking attacks and correlation attacks. Last, it is assumed that adversaries have no knowledge (e.g., gender, age, etc.) regarding users, however it is not always true in real life. Attackers can easily collect user background information through public datasets (e.g., voter registration list). As such, it is imperative to develop novel techniques to facilitate location privacy protection in location-based services for increasing the usage and also benefiting the economy of our country. To address the aforementioned issues, the technical objectives of the project are to (1) develop space encryption and space decryption mechanisms, (2) design privacy-protected query processing algorithms to answer spatial queries based on encrypted search space, and (3) develop sophisticated system architecture for supporting real-world applications. The success of this project will lead to another wave of increased usage for LBS and benefit the economy of our country. ; 研究期間 9802 ~ 9807 |
