ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (3): 576-584.doi: 10.7544/issn1000-1239.2019.20180033

• 信息安全 • 上一篇    下一篇



  1. 1(湖南科技大学计算机科学与工程学院 湖南湘潭 411201); 2(广州大学计算机科学与教育软件学院 广州 510006); 3(湖南大学信息科学与工程学院 长沙 410082) (
  • 出版日期: 2019-03-01
  • 基金资助: 

Trajectory Privacy Protection Method Based on Multi-Anonymizer

Zhang Shaobo1, Wang Guojun2, Liu Qin3, Liu Jianxun1   

  1. 1(School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, Hunan 411201); 2(School of Computer Science and Educational Software, Guangzhou University, Guangzhou 510006); 3(College of Computer Science and Electronic Engineering, Hunan University, Changsha 410082)
  • Online: 2019-03-01

摘要: 位置服务中的隐私保护问题已引起人们的广泛关注,学者们已提出一些隐私保护方法,主要采用基于可信第三方中心匿名器结构.针对该结构存在的隐私风险和性能瓶颈问题,提出一种基于多匿名器的轨迹隐私保护方法.通过在用户和位置服务提供商之间部署多个匿名器,每次查询时用户先取假名,并结合Shamir门限方案将用户查询内容分成n份额子信息,然后将其分别发送到随机选择的n个匿名器中处理再转发给服务提供商,其中随机选择一个匿名器负责对用户位置进行K匿名.该方法中匿名器可以不完全可信,攻击者从单个匿名器不能获得用户的轨迹和查询内容,加强了该模型中用户轨迹的隐私保护,也有效解决了单个匿名器单点失效风险和性能瓶颈问题.安全分析表明该方法能有效保护用户的轨迹隐私;实验表明:相对于经典的可信第三方模型,该方法能减小单匿名器的计算和通信开销.

关键词: 基于位置服务, 轨迹隐私, 多匿名器, Shamir门限, 假名

Abstract: At present, trajectory privacy protection in continuous location-based services has attracted wide attention. Some scholars have proposed some privacy-preserving methods, which mainly adopt the centralized structure based on the trusted third-party. However, there are privacy risks and performance bottlenecks in this structure. To overcome these defects, a trajectory privacy-preserving method based on multi-anonymizer (TPMA) is proposed by deploying multiple anonymizers between the user and the location service provider. In each query the user first selects a pseudonym, and the user’s query content is divided into n shares by the Shamir threshold scheme. Further, they are sent to n different anonymizers that randomly selected for processing, and one of the anonymizers is responsible for the user’s K-anonymity. In this method, the attacker cannot obtain the user’s trajectory and query content from a single anonymizer, and the anonymizer can be semi-trusted entity. The method can enhance the privacy of the user’s trajectory and can effectively solve the single point failure and the performance bottleneck in a single anonymizer structure. Security analysis shows that our approach can effectively protect the user’s trajectory privacy. Experiments show this method can reduce the computation and communication overhead of the single anonymizer compared with the trusted third party model.

Key words: location-based service, trajectory privacy, multi-anonymizer, Shamir threshold, pseudonym