Privacy preservation and content protection in location based queries

Abstract

Location based services are widely used to access location information such as nearest ATMs and hospitals. These services are accessed by sending location queries containing user's current location to the Location based service(LBS) server. LBS server can retrieve the the current location of user from this query and misuse it, threatening his privacy. In security critical application like defense, protecting location privacy of authorized users is a critical issue. This paper describes the design and implementation of a solution to this privacy problem, which provides location privacy to authorized users and preserve confidentiality of data in LBS server. Our solution is a two stage approach, where first stage is based on Oblivious transfer and second stage is based on Private information Retrieval. Here the whole service area is divided into cells and location information of each cell is stored in the server in encrypted form. The user who wants to retrieve location information will create a clocking region(a subset of service area), containing his current location and generate a query embedding it. Server can only identify the user is somewhere in this clocking region, so user's security can be improved by increasing the size of the clocking region. Even if the server sends the location information of all the cells in the clocking region, user can decrypt service information only for the user's exact location, so confidentiality of server data will be preserved.