Location-Based Mobile Marketing Innovations 2018View this Special Issue
Location Privacy Protection Research Based on Querying Anonymous Region Construction for Smart Campus
Along with the rapid development of smart campus, the deployment of novel learning applications for smart campus requires full consideration of information security issues. Location privacy protection is one of the most important issues, which considers the privacy protection and guarantees the quality of service. The existing schemes did not consider the area of the querying regions for location-based service provider (LSP) during the construction of the anonymous regions, which led to the low quality of service. To deal with this problem, the user’s query range was introduced to present a novel anonymous region construction scheme. In the proposal, the anonymous server first generated the original anonymous subregions according to the user’s privacy requirements, and then merged these subregions to construct the anonymity regions submitted to LSP based on the size of corresponding querying regions. The security and experiment analysis show that the proposed scheme not only protects the user’s privacy effectively but also decreases the area of LSP querying regions and the region-constructing time, improving the quality of service for smart campus.
With the development and construction of novel learning applications for smart campus, smart devices and services, smart meters, smart terminals, and the like are widely applied to offer real-time learning feedback to students through continuously monitoring and analyzing the status and activities of students with various devices and platforms. As a large number of smart meters and intelligence appliances are accessed, incorporating various technologies and enabling world-changing learning, the network border further extends to the user side. Security risks on the user side for smart campus will become more and more prominent. Data privacy issues, especially location privacy protection and the quality of service, must be considered .
Users’ location privacy threats refer to the risks that an attacker can obtain unauthorized access to raw location data by locating a transmitting device and identifying the subject (person) using it. Examples of such risks include spamming users with unwanted advertisements, drawing sensitive inferences from victims’ visits to various locations (e.g., students and teachers’ offices), and learning sensitive information about them (identity, religious and political affiliations, etc.). Hence, location privacy protection for smart campus is becoming a critical issue .
However, location information is consistently sent to service providers without protection when users query LBSs, allowing location providers to collect location information from all users. The collected location information may expose users to customized advertisement or even be sold to third parties. A worse scenario is location information may be leaked to adversaries with criminal intents. Therefore, many researchers focus on creating location protection algorithms to protect the location privacy of users .
The European Union’s Information Protection Supervision Organization recently said that high-tech equipment such as smart meters that monitor household energy consumption will pose a huge threat to personal privacy. Smart meters may track personal information, and the vast amounts of information collected can have serious consequences for consumers.
With the popularization of mobile devices and location technology, location-based services (LBSs) are widely used in real life, which refers to the user accesses to its designated location information query and entertainment services through the mobile device . However, the location-based service provider (LSP) may also collect and abuse user’s service information while providing the convenient LBS for the user, to illegally obtain the user’s confidential information. The location privacy protection in LBS has attracted the extensive attention of researchers [5–8].
In view of the popularization of mobile positioning devices, if these novel learning applications are used in smart campus, the combination of location information and services at different moments in personal privacy may reveal sensitive information such as the user’s behavior habits and work nature. For example, if a mobile user is collected near a hospital, the user may be presumed to have any disease or health condition. If the user’s starting location and ending location are analyzed since the last few days, the user’s home address or work unit, the nature of work, and so on can be speculated. Therefore, the location data of mobile object brings convenience to people and brings about the threat of revealing privacy, which may contain other sensitive information such as home address, personal preference, personality habit, health status, working property, personal income, etc. If this information falls into the hands of normal institutions, it is a tool for information protection, if it falls into the hands of illegal institutions, it will be the weapon of innocent destruction. What we can do is to seek transparency in the use of personal information and to protect user’s location privacy not to be exploited by unscrupulous businesses and illegal agencies.
As the most commonly used LBS privacy protection method, the basic idea of k-anonymity  is that when a user sends a LBS query, he will send his real location and querying content to a trusted anonymous server, then the anonymous server will remove the user’s identification information and generate anonymity regions containing other users for the real location, finally sending them (all the generated anonymity regions and the real location) along with the querying content to the LSP. Compared with other LBS privacy protection methods (such as pseudo location , fuzzification , differential privacy , and cryptography-based methods [13, 14]), k-anonymity has the following advantages: (1) users can get accurate querying results; (2) the user’s cost of computing and communication is small; and (3) this method can confuse the relevance between users and LBS queries. So, k-anonymity is widely used in LBS privacy protection [15, 16].
In smart campus, we can query the nearby points of interest. There are many sensors to be addressed for enabling such novel learning applications and services, which aims to enhance the service quality of novel learning applications. When k-anonymity method is used to protect the privacy of users in the above query, if the anonymous region generated by the anonymous server is too large, the querying cost of the location-based service provider (LSP) will increase and the service quality deteriorates [17–19]. To solve this problem, the existing methods [20–26] obtain n disjoint anonymous subregions by removing the part that does not contain the users in the regions, to reduce the area of anonymous regions and improve the service quality as shown in Figure 1. However, the quality of service in LBS queries based on k-anonymity is not only related to the size of the anonymous regions but also to the user’s query range. If we use the existing methods to construct the anonymous regions, the quality of service cannot be effectively improved. As shown in Figure 2, when using the existing division methods to divide the initial anonymous region, LSP will repeatedly search the points of interest in some regions, reducing the quality of service, and is the query radius. This paper also proves this point through experiments.
This paper proposes the LBS privacy protection scheme based on querying anonymous region construction. In which, firstly, the anonymous server generates initial anonymous subregions according to the privacy protection requirements of users and merges the anonymous regions according to the corresponding querying regions so that the anonymous regions finally submitted to the LSP can reduce the querying cost of LSP and improve the service quality without reducing the user’s privacy protection level. This is the first k-anonymity privacy protection scheme based on constructing the user querying anonymous regions. The main contributions of this paper are as follows:(1)Based on the theoretical analysis, it is concluded that the existing anonymous region demarcation method cannot reduce the LSP querying cost and improve the service quality, and we prove it through experiments.(2)We think that the area of querying regions is the judgment criterion to merge the anonymous subregions and propose an anonymous region construction scheme based on the user’s query range. Security analysis shows that the proposed scheme can effectively protect the users’ location privacy.(3)A large number of experiments show that this scheme can effectively reduce the querying cost of LSP and improve the service quality, without causing a large computational cost for anonymous servers.
2. Related Work
At present, the international research on the privacy protection for smart campus is still in the initial stage. The discussion on the privacy protection focuses more on the risk analysis of exposing personal privacy for the wireless applications and devices. Research in the United States is the leader, which publishes relevant documents on this issue.
Privacy laws in the United States do not explicitly address the smart campus and its related data, which is same as the regulations of the existing national Internet of Energy and power transmission . The existing laws and regulations need to be revised to appeal to the smart campus. At the same time, new data items in the Internet of Energy, as well as new ways of using existing data, require more research and public opinion to adapt to current laws or shape new laws.
US Internet of Energy Information Security is very concerned about privacy issues. NIST (National Institute of Standards and Technology) released “Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and Smart Grid”  in August 2010 and preliminarily analyzed the privacy issues of smart campus. For location privacy protection, many researchers have done a great deal of work.
Grutese applied k-anonymity to the field of location privacy protection for the first time . The anonymous server divides the area with a quadtree structure and stores the users in the corresponding region in the node. When the user requests a service, a quadtree is retrieved upward from a leaf node corresponding to the user’s location. If the current leaf node does not satisfy the k-anonymity, the parent node will be retrieved until no less than other users to obtain the anonymous region. However, if the number of users in a leaf node does not satisfy the privacy requirements, it needs to retrieve its parent node, which will result in a four-fold increase in the anonymity area, thereby degrading the user’s service quality. To deal with the above problem, Mokbel et al.  improved the anonymous region construction method in . In their scheme, if the current leaf node does not satisfy k-anonymity, firstly its sibling nodes will be retrieved, if it still does not satisfy the user’s privacy requirements, then it retrieves the parent node. To further solve the problem of low quality of service due to the large anonymous region based on the quadtree structure, Li et al.  proposed to reduce the area of anonymous regions and improve the service quality by suppressing part of users’ requests and deleting the most distant trails.
Subsequently, the researchers proposed Clique Cloak  and Hilbert Cloak , respectively, to construct the anonymous regions by searching for the nearest users who meet the privacy requirements. In , users can customize the privacy protection requirements, but the scheme uses an undirected graph to construct an anonymous region and the cost of the solution is too large. It may happen that the anonymous region has not been successfully constructed but beyond the anonymous period. In , the anonymous server maps all users in two-dimensional space to a one-dimensional array according to the Hilbert curve and divides the users into several sets according to the value of . When a user makes a service request, the anonymous region is constructed by using the user set to which the user belongs.
Recently, Jin et al.  thought the anonymization server could lead to a new class of attacks called location injection attacks which can successfully violate users’ in-distinguishability (guaranteed by k-anonymity) among a set of users. Therefore, they propose and characterize location injection attacks by presenting a set of attack models and quantify the costs associated with them. Then, they propose and evaluate k-Trustee, which is resilient to location injection attacks and guarantees a low bound on the user’s in-distinguishability. The experimental results show that the proposed cloaking algorithm guaranteeing k-Trustee is effective against various location injection attacks, but the quality of location services is poor and cannot be guaranteed.
In all the above solutions, if the users used to construct the anonymous regions are far away from each other, the anonymous regions may still be too large, and the service quality may be low. Tan et al.  were the first ones to apply the idea of regionalization to the construction of anonymous regions, which divided the users in the anonymous regions into separate groups through the Hilbert space filling curve. When a user makes a server request, the anonymous server will use the locations of other users in the group to which it belongs to construct the anonymous region. Subsequently, Li and Zhu  also used the method of regionalization to research on reducing the area of anonymous regions and improving the quality of service. The anonymous server firstly constructs an anonymous region containing users and then removes the anonymous regions that do not contain the users according to relationship among the users’ locations to form multiple anonymous subregions that do not intersect each other.
However, the existing anonymous region construction schemes [35–37] ignore the impact of the users’ query range on LBS querying service quality. When using these methods to construct the anonymous regions, the LSP will repeatedly search the points of interest in the partial regions, reducing the service quality.
3. Improved k-Value Location Privacy Protection Method
3.1. System Structure
This paper uses the centralized system architecture , composed of three parts: user, anonymous server, and LSP. When the user requests a service, the anonymous server blurs the real location of the user into an anonymous region and sends it to the LSP, which contains not only the real user but also other at least users. In this case, the correct rate that LSP correlates the service query with the right user will be not more than , which achieves k-anonymity. The system structure is shown in Figure 3.
Assume that there is a secure communication channel between the user and the anonymous server. When the user queries the point of interest nearby, the secure channel is used to send the query request to the trusted anonymous server. In which, represents the identity of the user; represents the location coordinates of the user; represents the radius of the user query; represents the point of interest of the user query; represents the privacy protection requirement of the user current query; represents the anonymous region generated by the anonymous server contains at least other users; and represents the minimum area of anonymous regions generated by anonymous server.
After receiving the user’s request, the trusted anonymous server will determine the identity through authentication and find other users to generate anonymous regions that the area is not less than according to the user’s privacy protection requirements and then send the query request obtained from the anonymization to the semitrusted LSP. represents the anonymous region generated by the anonymous server for the current user making the service query.
After receiving the anonymous query request sent by the anonymous server, the LSP will search in the database and return all the query candidate results to the anonymous server. After the anonymous server receives the query result from the LSP, it selects the query result according to the location of the user, and finally returns the accurate query result to the user.
In this system model, we treat the LSP directly as an attacker. The attacking purposes are as follows: (1) the real location of the user could be identified in the anonymous region sent from the anonymous server and (2) the real user will be speculated from the query request.
In addition, in the above model, LBS query quality of service is mainly affected by the following four factors: (1) the time required by the anonymous server to generate anonymous regions; (2) the time that the anonymous server sends the anonymous query request to LSP; (3) the time required by the LSP to retrieve the database for the anonymous query request sent by the anonymous server; and (4) the time it takes for the LSP to send the retrieval result to the anonymous server, and the time required by the anonymous server to finalize the query result. Because the time taken for the LSP to send search results to the anonymous server and the time required for the anonymous server to finalize the query results is affected by the distribution of points of interest, the time required for the anonymous server to send the anonymous query request to the LSP is affected by the transmission bandwidth. Therefore, this paper evaluates the quality of service based on k-anonymous LBS queries only by the time it takes the anonymous server to generate the anonymous regions and the LSP to retrieve the database.
3.2. Querying Region of LSP
After receiving the anonymous query request sent by the anonymous server, the LSP first calculates the querying region according to the anonymous region and the query radius and then searches the interest point of the user query in the region . The querying regions corresponding to the anonymous regions are as shown in Figure 4.
When the anonymous region is a circle, the area of the querying region is where represents the radius of the circular anonymous region and is the area of the anonymous region.
When the anonymous region is a rectangle, the area of the querying region is where , is the side length of the rectangular anonymous region and is the area of the anonymous region .
It can be learned from the above analysis that after receiving the anonymous query request sent by the anonymous server, the time required by the LSP to retrieve the database is not only related to the size of the anonymous region generated by the anonymous server but also to the radius of the user’s query, in other words, it is determined by the querying region. However, the existing anonymous region partitioning schemes only take the size of the anonymous regions into account, which makes these solutions not effectively improve the LBS query service quality and even further reduces the service quality.
4. Anonymous Region Construction Scheme Based on Query Range
In this paper, the anonymous server first generates initial anonymous subregions according to the privacy protection requirements of the users and constructs the corresponding querying regions by calculating and then merges the anonymous subregions to finally obtain the anonymous subregion set. The solution can reduce the LSP query cost and improve the service quality without lowering the user privacy protection level.
4.1. Generation of Initial Anonymous Subregions
After receiving the service request sent by the users, the anonymous server will start to search the other users according to the user’s privacy protection requirement and obtain their location information . Then, the server will generate disjoint initial anonymous subregions to satisfywhere represents the initial anonymous subregion containing the i-th location , ; represents the location of the user who sent the query request; represents the central location of initial anonymous subregion ; and represents the area of initial subanonymous region .
4.2. Merger of Anonymous Subregions
After generating the initial anonymous subregions , the anonymous server will calculate the area of the corresponding querying regions , respectively, according to the query radius of the user and judge whether the anonymous subregions need to be merged on the basis of the area of the querying regions. In order to effectively reduce the cost, LSP retrieves the points of interest, and after the merger of anonymous subregions, it should ensure
That is to say, the sum of the area of each querying region corresponding to each anonymous subregion in the anonymous regions is the smallest. represents the i-th anonymous subregion after the merger of anonymous subregions, , .
The merger process of anonymous subregions in the anonymous server is as follows:(1)Filtering the anonymous subregions that require region consolidation
To ensure that the querying area of the anonymous region is minimized, the anonymous server chooses the anonymous subregions and to merge if the area of querying region is the smallest after the merger of them. The selected anonymous subregions and are needed to satisfy(2)Selecting anonymous subregions to merge
For the two anonymous subregions and , represents the new anonymous subregion formed by merging the anonymous subregion with and the corresponding querying region is . If , it does not merge with . Else it merges with to make the new anonymous subregion .(3)Repeating the process until there is no need to merge anonymous subregions. In this case, the anonymous server will obtain the anonymous set
In this scheme, when the anonymous server merges the anonymous subregions, it chooses the anonymous regions and to make the area of the querying region the smallest after merging. Therefore, after every merger of the anonymous subregions, the area of the new querying region is the smallest, which ensures that the querying area of the final anonymous region set is the smallest.
In this paper, the locations of users are used as the input to generate the corresponding anonymous subregions and merge them to obtain the final anonymous subregion set , which is submitted to the LSP (Algorithm 1).
5. Scheme Analysis and Experimental Results
5.1. Analysis of Security
In our scheme, we construct the disjoint initial anonymous subregions that the area of each initial anonymous subregion is less than according to real locations and ensure every real location is not located in the center of the initial anonymous sub-region for smart campus, that is, . If the anonymous server directly sends the initial anonymous subregions to the LSP, which cannot correctly identify the real location of the user from the anonymous region . If the anonymous server uses the proposed scheme to merge the anonymous subregions and sends the final anonymous region set to the LSP, the area of every anonymous subregion satisfies , so the area of every merged anonymous subregion will satisfy no less than and for any location , and it satisfies that the center of is not . In addition, the user’s identity has been removed from the anonymous query request sent by the anonymous server. Though the LSP received the anonymous query request , it is unable to know the user who made the service request. Therefore, this scheme proposed in this paper can effectively protect the privacy of users.
5.2. Analysis of Computational Complexity
When the anonymous server receives the service query request sent by the user and uses this solution proposed in this paper to generate an anonymous region for it, it firstly generates initial anonymous subregions according to the privacy protection requirement of the user. The computational complexity of generating the initial anonymous subregions is . When the anonymous server determines whether any two anonymous subregions and need to be merged, it first needs to use the anonymous subregions and to generate a new anonymous region . In this case, the number of new anonymous regions that need to be generated is , and the computational complexity is . Subsequently, the anonymous server will calculate the area of the querying region corresponding to each newly generated anonymous region , which requires times of computation, and the computational complexity is . Finally, comparing the area of the querying region and with that of the newly generated anonymous region to determine whether the both initial anonymous subregions are needed to merge, which requires times of computation, and the computational complexity is . So the computational complexity of merging all the initial anonymous subregions is . After obtaining the new anonymous region merged from the initial anonymous subregions and , it also needs to judge whether the new anonymous subregions need to be merged again with other anonymous subregions. During the merging process of the anonymous subregions, the best case is that any one of initial anonymous subregions does not need to be merged with others. In this case, the computational complexity required to implement this solution is
In contrast, the worst case is that any one of initial anonymous subregions needs to be merged with others and finally merged to an anonymous region. In this case, it needs to repeat the above anonymous region merger and judge time, and the computational complexity required to implement this solution is
5.3. Experimental Results and Analysis
In this paper, a network-based generator of moving objects (NGMO)  is used to generate the experimental data. This generator is often used in the existing research of LBS privacy protection, which is based on the Oldenburg map of German city and simulates the location information of users by setting parameters such as the number of moving objects. We set the privacy requirement as , the generated initial anonymous subregion is rectangular, and its area satisfies . At the same time, to assess the LSP query cost, this paper simulates 500000 points of interest, such as restaurants, hotels, hospitals, parking lots, and so on. In addition, R-tree structure is used to access these points of interest because R-tree is the best-balanced tree for storing high-dimensional data, which can effectively improve the searching efficiency in high-dimensional space . The experimental environment is Intel (R) Core(TM) i7-6700HQ CPU @ 2.60 GHz, 20.0 GB RAM. The algorithms are programmed by Python and the programs run in the Windows 10 Enterprise. The experimental data sets are shown in Table 1.
5.3.1. Problems Existing in Real Anonymity Region Constructions Schemes
To prove that the existing anonymous region construction scheme cannot effectively improve the service quality of LBS query, this paper selects Casper scheme  and Fragment scheme , respectively, to search nearby points of interest. As the most commonly used anonymous region construction method, the Casper method generates at least an anonymous region that contains all users. Fragment is to deal with the anonymous region generated by the Casper scheme to reduce the area of the anonymous regions by removing the part that does not contain the user’s location according to the location of the user in the anonymous region.
This paper compares the time required to generate the anonymous region, the area of the anonymous region, and the area of the querying region of LSP in the above two schemes to prove that the existing anonymous region division methods will further reduce the quality of service when there is an overlap querying region between both anonymous regions. In this part of the experiment, this paper sets the user’s query radius r = 500 m. The experimental results are shown in Figures 5 and 6.
As is shown in Figure 5, compared with the Casper scheme, the Fragment scheme uses a region division method to reduce the area of anonymous regions, for example, when , the area of anonymous regions generated by the Casper scheme is , and the time of generating the anonymous regions is . The area of anonymous regions generated by the Fragment scheme is , and the time of generating the anonymous regions is . However, in the Casper and Fragment schemes, the time required for the LSP to query the points of interest is, respectively, (the corresponding area of querying regions is ) and (the corresponding area of querying regions is ). Therefore, when the anonymous server adopts the Casper and Fragment schemes to generate the anonymous regions, the cost time when the user obtains the accurate query results (without considering the transmission delay) is and , respectively. When the anonymous server adopts the existing region division schemes to construct the anonymous regions, the time for the user to obtain the query result increases instead.
5.3.2. Analysis of Our Scheme’s Effectiveness
In this section, we compare our proposed scheme with Casper scheme and prove that the proposed scheme can effectively reduce the query cost of the LSP and improve the query service quality in the smart campus. The experimental results are shown in Figures 5 and 6.
As is shown in Figures 5 and 6, compared with the existing scheme, the anonymous regions and querying regions generated by our proposed scheme significantly reduced and the same as the time required for LSP to query the points of interest. For example, when , the area of anonymous regions generated by our scheme is , which decreases by compared to the Casper scheme, and the time to generate the anonymous regions increases from to , increasing by . The area of querying regions generated by our scheme is , which decreases by compared to the Casper scheme, and the time for query processing increases from to . Therefore, compared with the Casper scheme, our scheme can effectively improve LBS query service quality.
As can been seen from Figures 5(b) and 6(b), compared with the Casper scheme, as the value of increases, our scheme needs more extra time to construct the anonymous regions (the time difference between our scheme and the Casper scheme), but less time for query processing. At the same time, the time that the anonymous server generates the anonymous regions is in the milliseconds level, which has little impact on the user delay. The time of query processing is in the second level, which greatly affects the user delay. The query processing time of the LSP determines the user’s service quality to a great extent.
The paper also has made a brief analysis about the influence of the user-specified query radius on the scheme. The experimental results are shown in Figures 7(a) and 7(b). As the user query radius increases, the number of anonymous subregions that need to be merged also increases, increasing the computational cost of the anonymous server. As a result, the area of querying regions and the time of LSP query processing also increase, which obviously influences the LBS query service quality.
In summary, the proposed scheme not only reduces the computational cost of the anonymous server but also significantly reduces the area of the LSP querying regions and its query time, which effectively improves the LSB query service quality for smart campus.
In this paper, we merged novel learning applications technology with mobile technology to research on the location privacy protection technology for smart campus and proposed a new location privacy protection scheme based on querying anonymous region construction which faces the challenges to achieve the higher quality of smart campus services. Through theoretical analysis and experimental results in the location privacy protection based on k-anonymity, this paper proves that the existing anonymous region construction schemes based on the idea of region division cannot effectively improve the LBS query service quality. The root cause of this problem is that the service quality of sensors in the smart campus is not only related to the anonymous area size constructed by the anonymous server but also to the range of the LSP query. To deal with the above problem, this paper introduces the user’s query range into the construction process of the anonymous region. The anonymous server first generates initial anonymous subregions based on the user’s privacy protection requirement, and then the anonymous subregions will be judged if it needs to be merged based on the size of the querying region. The scheme analysis shows that our proposed scheme can effectively reduce the query cost of LSP and improve the service quality while protecting user’s location privacy for smart campus.
The data used to support the findings of this study are available from the corresponding author upon request.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
This work was funded by the National Natural Science Foundation of China (61772282, 61772454, and 61811530332). It was also supported by the Priority Academic Program Development of Jiangsu Higher Education Institutions (PAPD), Postgraduate Research & Practice Innovation Program of Jiangsu Province (KYCX18_1032), Natural Science Foundation of Jiangsu Province (BK20150460), and Jiangsu Collaborative Innovation Center on Atmospheric Environment and Equipment Technology (CICAEET). It was also funded by the open research fund of Key Lab of Broadband Wireless Communication and Sensor Network Technology (Nanjing University of Posts and Telecommunications), Ministry of Education.
J. S. Turner, “New directions in communications,” IEEE Journal on Selected Areas in Communications, vol. 13, no. 1, pp. 11–23, 1995.View at: Google Scholar
L. Jin, C. Li, B. Palanisamy, and J. Joshi, “k-trustee: location injection attack-resilient anonymization for location privacy,” Computers & Security, vol. 78, pp. 212–230, 2018.View at: Google Scholar
S. Xiao, “Consideration of technology for constructing Chinese smart grid,” Automation of Electric Power Systems, vol. 9, no. 33, pp. 1–4, 2009.View at: Google Scholar
M. Gruteser and D. Grunwald, “Anonymous usage of location-based services through spatial and temporal cloaking,” in Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, pp. 31–42, ACM, San Francisco, CA, USA, May 2003.View at: Google Scholar
B. Niu, Z. Zhang, X. Li, and H. Li, “Privacy-area aware dummy generation algorithms for location-based services,” in Proceedings of 2014 IEEE International Conference on Communications (ICC), pp. 957–962, IEEE, Sydney, NSW, Australia, June 2014.View at: Google Scholar
K. Vu, R. Zheng, and J. Gao, “Efficient algorithms for K-anonymous location privacy in participatory sensing,” in Proceedings of 31st Annual IEEE International Conference on Computer Communications (INFOCOM, 2012), pp. 2399–2407, IEEE, Orlando, FL, USA, March 2012.View at: Google Scholar
R. Zhang, Y. Zhang, and C. Zhang, “Secure top-k query processing via untrusted location-based service providers,” in Proceedings of 31st Annual IEEE International Conference on Computer Communications (INFOCOM, 2012), pp. 1170–1178, IEEE, Orlando, FL, USA, March 2012.View at: Google Scholar
A. R. A. Bouguettaya and M. Y. Eltoweissy, “Privacy on the web: facts, challenges, and solutions,” IEEE Security & Privacy, vol. 99, no. 6, pp. 40–49, 2003.View at: Google Scholar
A. Lee, “Guidelines for smart grid cyber security,” NIST Interagency/Internal Report (NISTIR)-7628, National Institute of Standards and Technology, Gaithersburg, MD, USA, 2010.View at: Google Scholar
M. F. Mokbel, C. Y. Chow, and W. G. Aref, “The new Casper: a privacy-aware location-based database server,” in Proceedings of IEEE 23rd International Conference on Data Engineering (ICDE 2007), pp. 1499-1500, IEEE, Istanbul, Turkey, April 2007.View at: Google Scholar
T. C. Li and W. T. Zhu, “Protecting user anonymity in location-based services with fragmented cloaking region,” in Proceedings of 2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE), pp. 227–231, IEEE, Zhangjiajie, China, May 2012.View at: Google Scholar
D. Steiert, D. Lin, Q. Conduff, and W. Jiang, “Poster: a location-privacy approach for continuous queries,” in Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 115–117, ACM, Indianapolis, IN, USA, June 2017.View at: Google Scholar
E. H. Yilmaz, E. Ferhatosmanoglu, and R. C. Aksoy, “Privacy-preserving aggregate queries for optimal location selection,” IEEE Transactions on Dependable and Secure Computing, vol. 2017, no. 99, p. 1, 2017.View at: Google Scholar