Databases Reference
In-Depth Information
Fig. 1.
General privacy threat in LBS
•
The
Location-aware Trusted Server (LTS)
stores precise location
data of all its users, using data directly provided by users' devices and/or
acquired from the infrastructure. It also has the ability to eciently per-
form spatio-temporal queries to determine, for example, which or how
many users are in a certain region.
•
The
Service Provider (SP)
fulfills user requests and communicates with
the user through the LTS. Both pull and push communication service
models are possible; We concentrate on the former but the framework we
present can be easily extended to deal with the latter too.
In our model each request
r
is processed by the LTS into a request
r
with the same logical components but appropriately generalized. Under the
condition that user's privacy is guaranteed, this generalization should be as
little as possible to ensure the best service quality for the user. Requests, once
forwarded by the LTS, may be acquired by potential attackers in different
ways: they may be stolen from SP storage, voluntarily published by the trusted
parties, or may be acquired by eavesdropping on the communication lines. On
the contrary, the communication between the user and the LTS is considered
as trusted, and the data stored at the LTS is not considered accessible by the
attacker.
Most of the approaches proposed in the literature [8, 9, 11, 16] to protect
LBS privacy consider scenarios that can be easily mapped to the one depicted
in Figure 2. Actually, scenarios where no location-aware intermediate entity is
present have also been considered. For example, in [12] a direct communication
between the user and the service provider is assumed, and the defense function
is computed on the client system. Clearly in this model it is not possible to
assume that the client has any awareness of the exact location of other clients;
hence the generalization techniques proposed in this and in other papers would
not be applicable. We believe that the current business models of mobile
operators naturally support the existence and functionality of an entity like
the LTS. Indeed, mobile users implicitly trust the operator infrastructure even
