Location K-anonymity in indoor spaces

Abstract

With the expansion of wireless-communication infrastructure and the evolution of indoor positioning technologies, the demand for location-based services (LBS) has been increasing in indoor as well as outdoor spaces. However, we should consider a significant challenge regarding the location privacy for realizing indoor LBS. To avoid violations of location privacy, much research has been performed, and location \(\mathcal {K}\)-anonymity has been intensively studied to blur a user location with a cloaking region involving at least \(\mathcal {K}-1\) locations of other persons. Owing to the differences between indoor and outdoor spaces, it is, however, difficult to apply this approach directly in an indoor space. First, the definition of the distance metric in indoor space is different from that in Euclidean and road-network spaces. Second, a bounding region, which is a general form of an anonymizing spatial region (ASR) in Euclidean space, does not respect the locality property in indoor space, where movement is constrained by building components. Therefore, we introduce the concept of indoor location \(\mathcal {K}\)-anonymity in this paper. Then, we investigate the requirements of ASR in indoor spaces and propose novel methods to determine the ASR, considering hierarchical structures of the indoor space. While indoor ASRs are determined at the anonymizer, we also propose processing methods for r-range queries and k-nearest-neighbor queries at a location-based service provider. We validate our methods with experimental analysis of query-processing performance and resilience against attacks in indoor spaces.

Appendices

Appendix A: Cost for Algorithm 2

Let us discuss the cost of \(\mathcal {K}\)-anonymization to determine the ASR using Algorithm 2. The cost C _{T o t a l} for Algorithm 2 is expressed as

$$ C_{Total} = C_{Loc(x,G_{0})} + C_{FindMO} + C_{TraverseNodes} $$

(5)

where \(C_{Loc(x,G_{0})}\) is the cost for finding the node containing the requester (line 1) at level 0, C _{F i n d M O} is the cost for retrieving moving objects within the ASR(lines 4–5), and C _{T r a v e r s e N o d e s} is the cost for finding the parent node (line 8) and its child nodes (line 3). We assume that the location of moving objects is specified as a cell identifier, as discussed in Section 3.2. Therefore, \(C_{Loc(x,G_{0})}\) is given as a small constant time without additional computation. While C _{F i n d M O} is mainly determined by the number of leaf nodes of n o d e _{A S R} , C _{T r a v e r s e N o d e s} depends on the size of the subtree of n o d e _{A S R} . For simplicity, we also assume that the hierarchical graph is balanced and the distribution of objects is uniform. Then, C _{T o t a l} is mainly determined by C _{F i n d M O} and C _{T r a v e r s e N o d e s} because \(C_{Loc(x,G_{0})}\) is very small and can be ignored, as discussed above.

Lemma 1

Time complexity of Algorithm 2 The time complexity of Algorithm 2 is given as O(bf ⁱ ) where

• \(i = \left \lceil \log _{bf}{ \frac {n \cdot \mathcal {K}}{m}} \right \rceil \),

• bf: branching factor of the hierarchical graph,

• n: the total number of cells,

• m: the total number of moving objects

Proof

The expected number of selected leaf nodes of n o d e _{A S R} containing the requester at level i is

$$ |Leaf(Loc(x,(G_{i}))| = bf^{i} $$

(6)

For instance, when i = 0, we are at the bottom level and the number of the cell containing the requester is unique. Therefore, |L e a f(L o c(x,(G _i ))| = b f ⁱ = 1. While |L e a f(L o c(x,(G _i ))| considers the number of leaf nodes, the expected number of selected nodes (including internal nodes) containing the requester at level i is shown as follows:

$$ |Desc(Loc(x,(G_{i}))| = \sum\limits_{k=0}^{i} bf^{k} = \frac{bf^{i} - 1}{bf-1} $$

(7)

The average number of moving objects per cell is \(\frac {m}{n}\). Then, the expected number of moving objects within the selected cells becomes \(\frac {m}{n}\cdot bf^{i}\). In order to satisfy \(\mathcal {K}\)-anonymity, it should be

$$\mathcal{K} \leq \frac{m \cdot bf^{i}}{n} $$

Consequently, the expected number of levels of the hierarchical graph is

$$ i = \left \lceil \log_{bf}{ \frac{n \cdot \mathcal{K}}{m}} \right \rceil $$

(8)

From Eqs. 5, 6, 7 and 8, we describe C _{T o t a l} with the big O notation as

$$\begin{array}{@{}rcl@{}} O(C_{Total}) & = & O \left( |Leaf(Loc(x,(G_{i}))| + |SG_{node}(Loc(x,(G_{i}))| \right) \\ & = & O \left( bf^{i} + \frac{bf^{i} - 1}{bf-1} \right) = O(bf^{i}) \end{array} $$

(9)

Therefore, the time complexity of Algorithm 2 is given as O(b f ⁱ). □

If we assign the i of Eq. 8 to Eq. 6, we obtain the range of the expected number of levels of the hierarchical graph as

$$ \frac{m \cdot \mathcal{K}}{n} \leq |Leaf(Loc(x,(G_{i}))| < \frac{m \cdot \mathcal{K}}{n} \cdot bf $$

(10)

$$ \text{Since } |Leaf(Loc(x,(G_{i}))| = bf^{\left \lceil \log_{bf}{ \frac{n \cdot \mathcal{K}}{m}} \right \rceil} $$

(11)

The cost is mainly determined by the branching factor. We draw an important conclusion that small branching factors yield better performance in most cases; thus, it is recommended to build a hierarchical graph with a small branching factor.

Appendix B: Finding the bucket using cell index

Given a \(\mathcal {K}\) value, the process of finding the bucket containing the requester using the cell index is described in Algorithm 7. First, we find the cell containing the requester (line 1). In order to calculate S _{r e q} , the global sequence number of the requester, we calculate the sum of the number of users in each cell by using the cell index before c e l l _{r e q} (lines 2–6); we add the sequence number of the requester in the cell into S _{r e q} (line 7). We calculate the two numbers n _{p r e v} and n _{n e x t} , which denote the number of previous and next candidate users for the requester we have to find, respectively (lines 8–9). If the bucket is merged into (line 10), we may modify n _{p r e v} and n _{n e x t} (lines 11–16) because we have to merge the last two buckets. If the requester is located in the penultimate bucket (line 11), we need to find users in the last bucket (line 12). If the requester is located in the last bucket (line 13), we need to find users in the penultimate bucket (lines 14–16). Finally, we find n _{p r e v} previous and n _{n e x t} next users of the requester; then, we add them into the bucket b _{r e q} (line 18).

Given that \(\mathcal {K}=3\), U = {m ₁, m ₂,..., m ₇}, and the requester is m ₅ in Fig. 14, we demonstrate how to find all users in the bucket by using Algorithm 7. User m ₅ is located in C ₁ and two cells R ₁ and R ₂ exist before C ₁ in the index. The total number of objects in R ₁ and R ₂ is 2+1=3, and m ₅ is the second in C ₁. Thus, S _{r e q} is 3+2=5. We obtain n _{p r e v} = (S _{r e q} −1) mod \(\mathcal {K} = 1\) and \(n_{next}=\mathcal {K} - n_{prev} - 1 = 1\). Since |U| mod \(\mathcal {K} = 1\), we need to merge the buckets and modify the values. Because the requester is located in the penultimate bucket (\(\lceil S_{req}/\mathcal {K} \rceil = |B|\)), n _{n e x t} = n _{n e x t} +(|U| mod \(\mathcal {K})=2\). We need to find the previous n _{p r e v} = 1 user (m ₄), and the next n _{n e x t} = 2 users (m ₆ and m ₇). Finally, we obtain b _{r e q} = {m ₄, m ₅, m ₆, m ₇}.