A Secure Protocol for Location Based Queries

In this paper we are going to present a solution to one of the location-based query problems. This problem is defined are as follows: (i) a user wants to query a database of location data, called as Points Of Interest, and does not want to reveal person location to the server due to privacy concerns; (ii) the owner of the location data, that is, the location server, does not want to simply distribute its data to all users. The location server desires to have some control over its data, since the data is its asset. We propose a major enhancement upon previous solutions we are introducing a two stage approach, first step is based on Oblivious Transfer and the second step is based on Private Information Retrieval, to achieve a secure solution for both parties. The solution we are going to present is efficient and practical in many scenarios. We are implementing our solution on a desktop machine and a mobile device to assess the efficiency of our protocol. We are introducing a security model and analyse the security in the context of our protocol. Finally, we highlight a security weakness of our previous work and present a solution to overcome it. The paper formally defines a framework to evaluate the risk in revealing a user identity via location information and presents preliminary ideas about algorithms to prevent this to happen. The popularity of location-based services leads to serious concerns on user privacy. A common mechanism is to protecting users’ location and query privacy is spatial generalization. The paper sets out a formal framework within which obfuscated location-based services are defined.