A Location Difference-Based Proximity Detection Protocol for Fog

IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017

1117

LoDPD: A Location Difference-Based Proximity Detection Protocol for Fog Computing Yan Huo, Member, IEEE, Chunqiang Hu, Member, IEEE, Xiaowei Qi, and Tao Jing

Abstract—Proximity detection is one of the most common location-based applications in daily life when users intent to find their friends who get into their proximity. Studies on protecting user privacy information during the detection process have been widely concerned. In this paper, we first analyze a theoretical and experimental analysis of existing solutions for proximity detection, and then demonstrate that these solutions either provide a weak privacy preserving or result in a high communication and computational complexity. Accordingly, a location difference-based proximity detection protocol is proposed based on the Paillier cryptosystem for the purpose of dealing with the above shortcomings. The analysis results through an extensive simulation illustrate that our protocol outperforms traditional protocols in terms of communication and computation cost. Index Terms—Location privacy, Paillier cryptosystem, privacy preserving, private proximity detecting.

I. I NTRODUCTION OG computing is a paradigm that extends cloud computing and services to the edge of the network, which has little latency and without intermittent connectivity, especially in the social network [1] as well as the crowdsourcing systems [2]. Their high speed Internet connection to the cloud, and physical proximity to users, enable real time applications and location-based services (LBSs), and mobility support [3]. In particular, with the great developments of mobile smart terminal, LBS have been great popular over the past years. Specially, proximity detection service is a typical application of the LBS [4] or the content sharing services [5]. Considering the scenario that your friends get into your vicinity, a service provider (SP) will remind you based on your demand that the friend is close to you. For example, when Alice wants to know which of her friends are in the same park with her, she will consider the park as her vicinity region and send a query command to the SP to find her friends

F

Manuscript received September 16, 2016; revised December 23, 2016 and February 5, 2017; accepted February 12, 2017. Date of publication February 16, 2017; date of current version October 9, 2017. This work was supported in part by the National Natural Science Foundation of China under Grant 61471028 and Grant 61371069, and in part by the Fundamental Research Funds for the Central Universities under Grant 2015JBM016. (Corresponding author: Yan Huo.) Y. Huo, X. Qi, and T. Jing are with the School of Electronics and Information Engineering, Beijing Jiaotong University, Beijing 100044, China (e-mail: [email protected]; [email protected]; [email protected]). C. Hu is with the School of Software Engineering and the Key Laboratory of Dependable Service Computing in Cyber Physical Society, Chongqing University, Chongqing 400030, China (e-mail: [email protected]). Digital Object Identifier 10.1109/JIOT.2017.2670570

within the same park. The SP will then response Alice if her friend Bob is in the same park. In the process of data processing and transmission, Alice may have a risk of disclosing her privacy since she broadcasts her personal information via plain-texts among all services. As series of privacy incidents resulted from the geographical location disclosure via the edge nodes in the network, the privacy preserving technologies have been paid more attention in the world [6], [7]. In fact, any user does not want others, including the SP or even its friends, to easily access their privacy and track their location in the case of unauthorized. On the other hand, the traditional privacy preserving techniques have been out of date and unsuitable for the mobile scenarios. Accordingly, it becomes a challenge to ensure edge nodes exploit LBS applications without disclosing any individual information [8], [9]. Several private proximity detection (PPD) algorithms using an alert distance have been proposed in [10]–[13], and also were applied in smartphones [14]. An SP can only find the friends whose straight-line distance is below to the alert threshold. However, this kind of method is considered too simple and inflexible to specify the vicinity region of interest. In order to achieve PPD, a secure two-party homomorphic encryption computation protocol was proposed in [15]. Here, Alice was able to specify any proximity convex polygons and send an inquiry to all of her friends so as to detect whether they were in her proximity region. Nevertheless, this protocol also has several limitations. First, the protocol only dealt with convex polygons that may be not sufficient in practice, because the proximity region of Alice was an arbitrary polygon region in many applications. Second, Alice and her friends had to interact with each other for several times to achieve privacy, which led to the high communication costs especially the complicated proximity area. Moreover, because of processing the large amount of encrypted data for every edge of the proximity region, the PPD protocol should result in high computation cost as well, which was hard to implement in the resource-constrained devices such as a smartphone or a tablet. In this paper, we propose an efficient third-party homomorphic secure protocol to solve the above challenges, which is called as a location difference-based proximity detection protocol (LoDPD). In our protocol, Alice could find her friends from any polygon vicinity region that is based on her requirement. Our major contributions are summarized as follows. 1) A practical symmetric client-server protocol is presented in the LBS process, which can protect the privacy of the users’ location from disclosing to any party.

c 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. 2327-4662  See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

1118

IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017

2) In order to reduce the computation and communication cost, Alice can deduce the detection results without encrypting all her proximity edges by decision-tree theory. 3) We conduct extensive experiments to evaluate the performance of our protocol and make a comparison with the traditional PPD protocol. This paper is organized as follows. Some of the related work is summarized in Section II, followed by the background knowledge of PPD in Section IV. In Section V, we formulate the protocol process and illustrate the related algorithms and security analysis. Sequentially, numerical analysis and discussion are presented in Section VI to evaluate the performances of our protocol. In the end, we conclude this paper in Section VII. II. R ELATED W ORK Many solutions have been proposed for LBS to protect users’ privacy during collecting personal data, e.g., the mobile sensing [16]. This section reviews the general privacy preserving schemes and the PPD services. There existed three kinds of privacy preserving techniques in LBS. The first one was spatial and temporal cloaking [17], in which the user’s location was sent to the SP along with locations of other k potential requesters. The user could choose the correct result from all the query results responded by the SP. However, this approach was not applicable in the case of proximity detection for the reason that it may not only decrease the detection accuracy but be easy to hurt users’ privacy when suffering several simple attacks [18]. The second one was location transformation method. The user employed this algorithm to transform the exact locations into a mendacious coordinates to preserve the privacy. Although Khoshgozaran and Shahabi [19] adopted the Hilbert curves algorithm to transform user’s location, there were still some potential threats which could lead to the breakdown of the system [20]. Third, private information retrieval [21] was also used to prevent privacy leakage. The performance of this approach was greatly improved by the usage of the secure hardware [22]. Nevertheless, the solution had a higher requirement on user’s mobile phones because of a high communication costs, which was not applicable in most LBS services. In contrast with the LBS privacy preserving techniques, some PPD algorithms in the literature applied a tessellation method to partition the geographic space into multiple cells. In this way, they transformed the PPD problem into an equivalent testing problem that was to determine whether the two users are in the same or nearby cells. Ruppel et al. [23] proposed an anonymous user tracking mechanism, which employed a coordinate transformation algorithm to protect the target pseudonyms and a distance-preserving mapping to convert the user’s actual location q into a transformed location Q. All of the users shared a public key to encrypt the transformed location Q. Additionally, a centralized proximity detection method was applied to detect the proximity among the transformed locations. Despite all this, the approach also leaked some

information as the SP could easily get the distance between the users. Furthermore, if one of the users colluded with the SP and reveals the key, the attacker could easily derive the secret mapping function and disclose user’s location. Similar to [23], Mascetti et al. [24] presented a filter and hybrid solution named Hide&Crypt. In this protocol, the SP was not totally trusted and the user should cloak the exact location by the level of location precision. By computing the minimum and maximum distances between the cloak regions, the result of PPD could be deduced by SP. Although the hybrid solution significantly reduced communication cost with respect to the decentralized solutions when the privacy requirements were not strict, it still led to some privacy risks while the central SP always knew users’ cloaked regions. When strong privacy was required, users had to perform user-to-user communication more frequently, which could result in the risk of privacy disclosing and the higher communication costs. Šikšnys et al. [25] proposed a protocol, named FriendLocator, which employed a grid structure for cloaking the user’s location and converted it into an encrypted tuple before sending to the SP. It was unable to deduce the users’ actual locations though the SP could detect the proximity among them. Nevertheless, the protocol was also vulnerable to collusion with the SP since user had to exchange the keys with all of its friends. Moreover, the protocol might also disclose some approximate information about the distance between two users to the SP. Different from the tessellation method, there also existed some other solutions. Zhong et al. [26] proposed three decentralized secure protocols for location privacy in proximitybased services, namely Louis, Lester, and Pierre. All of these protocols could achieve privacy preserving for proximity detection through applying the encryption algorithm to calculate the straight-line distance between any two users. In special, Louis computed the actual distance by introducing a trusted third party, but users would learn the exact location of each other if they were nearby. Lester was a secure two-party protocol where only Alice could learn about Bobs location when they were nearby. Pierre was a third-party protocol, in which Alice could fuzz her actual location through using coordinates (xr , yr ) = ((x/r), (y/r)) instead of real location (x, y), where r denoted the resolution distance. In this way, the protocol had an effect of dividing the plane into grids and calculated user’s location only depended on the grid where he located. However, all the three protocols were only applicable for circle proximity setting. Moreover, Mascetti et al. [27] proposed two protocols named C-Hide&Seek and C-Hide&Hash, which required every user to share his secret key with his friends. Another privacy-preserving solution was presented in [28], in which Narayanan et al. made use of the location tags to enhance the security of proximity testing which will lay heavy burden on the mobile devices. Besides, Mu and Bakiras [15] presented a two-party homomorphic protocol named PPD to handle concave polygons as well, which encrypted the location information with two different homomorphic encryption systems. However, the protocol required Alice to hold a private key with each of her friends, which might lead to a high communication and computation costs among the service since Alice had to repeat the encryption for every friend.

HUO et al.: LoDPD FOR FOG COMPUTING

Fig. 1.

System structure.

1119

region P nor the exact location. Third, the local SP should not deduce the exact locations of Alice and Bob. To satisfy the requirements of privacy, we will introduce a homomorphic algorithm named Paillier cryptosystem in Section III-B. 3) Accuracy Requirement: In our protocol, we set χ determined by Alice to be the accuracy requirement, which is related to the number of decimal places of the GPS. Generally speaking, our civilian GPS on the user’s smart mobile can be accurate to the seventh places after the decimal point for collecting user’s location. It is the reason that the value of χ is set up from 2 to 7. The bigger of χ , the higher precision of the PPD result. For example, when Alice set χ = 6, the whole system deviation can be accurate to 1 m.

III. P RELIMINARIES In this section, we first introduce the system model and the problem formulation for the PPD, then briefly describe the Paillier cryptosystem to achieve privacy persevering in the data transmission process. A. System Model Under the cloud network, our system model, shown in Fig. 1, consists of three types of entities of fog network, also called as the fog nodes, including Alice (represented a task initiator or the host fog node), her friend Bob and a fog sever SP. We assume that both Alice and Bob should have mobile devices with GPS and basic communication capabilities, so as to allow them to determine the actual location and communicate with other entities. The goal of this paper is not only to achieve proximity detection, but also to protect the location privacy of fog nodes. Therefore, it is essential to define the privacy threats and requirements in details as below. According to Fig. 1, we assume that Alice can specify an arbitrary polygon P as a vicinity region including her position, which consists of n vertices {P0 , P1 , . . . , Pn−1 }. In that case, she also can initiate a query to the local SP to inquire whether Bob is in or on the boundary of the proximity P. To illustrate the privacy preserving in the process of proximity detection, we provide the relevant threats and requirements here. 1) Privacy Threats: In our protocol, all the network entities, including the three parts of the system model and other external entities, are treated as potential adversaries. Alice would spare no efforts to get the exact location of Bob, while Bob would try to acquire the location of Alice as well. Meanwhile, the local SP would also try to derive any information of Alice’s proximity P and the location of Bob. Moreover, the external malicious attackers would go all out to pick up the exact location information about Alice and Bob. Finally, each party in Fig. 1 is assumed as a semi-honest secure model, which means that Alice, Bob and the SP are not collusion with each other. Thus, all the messages will be dealt with in the PPD process. 2) Privacy Requirements: The privacy requirements of our protocol are listed as follows: first, Alice has rights to launch a query to inquire whether Bob locates in the proximity and only gets a response with FALSE or TRUE for the purpose of keeping Bob’s exact location secrecy. Second, Bob cannot access the result of Alice’s query or pick up any information related to Alice’s location including neither the shape of proximity

B. Homomorphic Encryption Homomorphic encryption [29] allows certain computation over encrypted data. Paillier cryptosystem [30] is a popular Homomorphic encryption scheme that provides fast encryption and decryption [30], [31], which is a probabilistic asymmetric algorithm based on the decisional composite residuosity problem. It is adopted by the secure scalar product [32], which has been widely used in privacy preserving data mining. It also has been applied to privacy-preserving localization [33] and privacy-preserving biometric identification [34]. The Paillier cryptosystem is briefly introduced as follows. 1) Key Generation: An entity selects two large primes p and q and computes N = p · q and λ = lcm(p − 1, q − 1), where lcm stands for the least common multiple. It then chooses an nonzero integer g such that gcd(L(gλ modN 2 ), N) = 1, where gcd stands for the greatest common divisor, g ∈ Z∗N , and L(x) = [(x − 1)/N]. The public key and private key are, respectively, {N, g} and {λ}. 2) Encryption: Let m ∈ Z∗N be a plaintext and r ∈ Z∗N be a random number. The ciphertext of m is computed by E(m) = gm · rN modN 2

(1)

where E(·) denotes the encryption operation using public key {N, g}. 3) Decryption: For the ciphertext E(m), the corresponding plaintext can be computed by   L E(m)λ modN 2   mod N (2) D(E(m)) = L gλ modN 2 where D(·) denotes the decryption operation using private key {λ}. 4) Homomorphic: The Paillier cryptosystem is additively homomorphic as it satisfies the following conditions: given {m1 , m2 } ∈ Z∗N , we have E(m1 ) · E(m2 ) = E(m1 + m2 ).

(3)

Furthermore, given E(m) and a constant K, E(K · m) can be computed by E(K · m) = E(m)K .

(4)

Obviously, the computational cost will grow exponentially with the increase of K. Therefore, the cost during the computation phase of E(K · m) on the smart phone should be great

1120

IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017

when we select a n-bit integer K for the secure communication. To reduce the computation, (4) can be represented as  n  n    K i E(K · x) = E Ki · 10 · m = E 10i · m i (5) i=0

i=0

where Ki is the value of the ith place of the big  integer K. In other words, k can be represented as K = ni=0 Ki · 10i . Accordingly, we can easily simplify the encryption computation shown in Section IV-A.

Fig. 2.

Relationship between two lines.

Fig. 3.

Alice’s proximity.

IV. P ROXIMITY I NFORMATION S ECURITY E XTRACTION Considering the individual privacy, an analysis of Paillierbased relative location is presented to determine that Bob locates on which side of boundary line of Alice’s proximity region. Accordingly, we generate the decision-tree to illustrate our proximity detection process. A. Paillier-Based Relative Location Analysis Assuming a line l in Fig. 2 is an edge of Alice’s proximity, we can choose two points A(xa , ya ) and B(xb , yb ) on the line. Then we analyze Bob’s location on the basis of l’s slope. 1) Slope of l Is Real Number: In this case, the slope and intercept of l can be expressed as k=

ya − yb xa − xb

and

Rl =

xb ya − xa yb . xb − xa

Suppose Bob’s exact location is point Q(xq , yq ), we can draw a new line lq through Q and parallelling to l, whose slope and intercept are as k=

ya − yb xa − xb

and

Rq = yq −

ya − yb xq . xa − xb

Therefore, we now deduce the intercept difference between the two lines, which is α = Rl − Rq xb ya − xa yb ya − yb = − yq + xq xb − xa xa − xb (xb ya − xa yb ) + (yb − ya )xq + (xa − xb )yq = xb − xa z1 + z2 + z3 = xb − xa β = xb − xa

(6)

where β is the numerator of α, and z1 , z2 , z3 is defined as xb ya − xa yb , (yb − ya )xq , (xa − xb )yq , respectively. Assume without loss of generality that xb > xa , the ciphertext of β based on the Paillier encryption system described in Section III-B is E(β) = E(z1 ) · E(z2 ) · E(z3 ) = E(xb ya − xa yb )E(yb − ya )xq E(xa − xb )yq .

(7)

2) Slope of l Is Infinite: As of the equal x-coordinates of A and B (xa = xb ), the intercept difference between the l and lq

is represented as α = Rl − Rq = xa − xq . Here, we assume that ya > yb for the convenient of discussion. Similar to (7), the value of β in the case of infinite slope of l can be rewritten as   β = xa − xq (ya − yb ) (8) = (xb ya − xa yb ) + (yb − ya )xq + (xa − xb )yq . Therefore, we can also encrypt β, the sign of relative location between two lines, by the Paillier cryptosystem in this case. Then the local SP can compare the encrypted β of the two lines, E(β), regardless of the value of l’s slope. Specifically, E(z1 ), E(z2 ), and E(z3 ) in (7) should be successively calculated. Obviously, z1 can be encrypted easily by the public key, while the followed two parts in (7) have to be computed by (5) for the purpose of simplifying the computation cost. Thus, the encrypted z2 and z3 can be rewritten as  x E(z2 ) = E 10n (yb − ya ) n · · · E(yb − ya )x0  n y E(z3 ) = E 10 (xa − xb ) n · · · E(xa − xb )y0 (9)   where xq = ni=0 xi · 10i , yq = nj=0 yj · 10i . After that, the local SP will deduce the relative location of the two lines by decrypting the value of E(β), so that we can determine Bob locates on which side of the edge l. In this way, the final result of the proximity detection will be determined when every edge of Alice’s proximity is tested. In order to further simplify the computation process and improve the algorithm efficiency, we exploit the decision-tree theory to detect the Alice’s proximity, which will be discussed in detail in the following section. B. Generation of Decision Tree To illustrate how to infer the relationship between Bob’s location and any edge of a polygon specified by Alice when considering privacy preserving, we first show a diagram, Fig. 3, which shows the Alice’s proximity polygon P and her friend Bob whose location is Q(xq , yq ). Before generate the decision tree for the purpose of proximity detection, some definitions are presented as follows.

HUO et al.: LoDPD FOR FOG COMPUTING

1121

Fig. 5.

Fig. 4.

Decision-tree.

Definition 1 (Convex Edge and Concave Edge): If all of Alice’s proximity region is located on a single side of an edge and its extension line, we define this edge as a convex edge. Otherwise we define the edge as a concave edge. In Fig. 3, AB, BC, CD, and FA are defined as convex edges because all of Alice’s proximity area is located on the same side of these edges. On the contrary, DE and EF are the concave edges. Definition 2 (Upper Side and Lower Side): Recall the definition of intercept in last section, we define that Bob is located on the upper side of the edge if β < 0, otherwise Bob is located on the lower side. Take Fig. 3 as an example, N locates on the upper side of line AB and on the lower side of line FA. Definition 3 (INSIDE and OUTSIDE): We define Bob is INSIDE of Alice’s proximity if Bob locates within the Alice’s proximity area P. Otherwise, Bob is OUTSIDE of P. Fig. 4 demonstrates an example of proximity detection using decision-tree theory for Fig. 3. Each edge of Alice’s proximity is a decision node in the tree, which has two child nodes to represent the lower or the upper side of the edge. Particularly, the left child node means the lower side of the edge, whose index of the subtree is defined as γ = 1, whereas γ = −1 indicates the right node that is located on the upper side of the edge. Besides the decision nodes explained above, we also employ Definition 3 to end the query process of proximity detection for Bob. In other words, we can finish the detection process and draw the final conclusion that whether Bob is inside Alice’s proximity when a detected edge is in the INSIDE state. Generally, Alice’s proximity polygon may contain both convex and concave edges. For convenience in this paper, we will usually first create the decision-tree by Alice’s convex edges and followed by the concave edges. In other words, all convex edges in Fig. 3, which are AB, BC, CD, and FA, should be processed first. Obviously, the proximity area is located on the upper side of the line AB, which points to the next convex edge BC on the right child node of the subtree. On the contrary, the left node of the subtree labeled “OUTSIDE” means the ending detection. It is the same as the other convex edges, including BC, CD, and FA. Note that the last convex edge should point to the first concave edge according to Bob’s relative location. Unlike the convex edge analysis, we should exploit extension line of the concave edge to divide Alice’s proximity. Take the extension line of DE in Fig. 3 as an example. It may divide

Detailed LoDPD.

Algorithm 1 System Startup Require: Friends set F; Proximity Polygon P with N edges; 1: Alice forms and sends the encrypted messages of DT and χ to the local SP. 2: SP generates the Paillier key (Pk , Sk ), selects a big integer R, and sends Pk and E(R) to Alice. 3: Alice broadcasts Pk and E(R) to all of her friends.

the proximity region into two sub-areas, which are the upper part P1 and the lower part P2 . Obviously, there was no doubting that Bob locates in Alice’s proximity if he locates in the part P2 that is on the lower side of DE. So that we assign the “INSIDE” label to the left child node and the next convex edge EF to the right child node. Similarly, if Bob locates on the lower side of EF, INSIDE and OUTSIDE are labeled to the left and right child nodes, respectively. V. LoDPD A. Description of the Secure Proximity Detection Protocol In this section, we present an LoDPD in detail for the thirdparty system structure. The detection process is divided into two phases for convenience, including startup and detection, which are demonstrated in Fig. 5. In startup phase, Alice should send a detection query to the local SP when she wants to find her friends within her proximity region. In the case, she has to construct a decisiontree DT, select her accuracy requirement χ , and transmit these parameters along with her friends set F to the SP. Once the SP receives Alice’s detection query, it should create a pair of Pailllier key, Pk and Sk , for her. Meanwhile, the SP also has to generate a large integer R and returns the encrypted R based on the public key Pk in order to prevent external attacks. Finally, Alice will broadcast the accuracy requirement χ and the messages [both Pk and E(R)] received from the SP to all of her friends in the set F. The system startup phase is illustrated in Algorithm 1. The following phase is to detect whether Bob is in the Alice’s proximity region. In this phase, there exist three steps to implement the proximity testing. The first step presented in Algorithm 2 is to calculate and broadcast the three fractions shown in (7), which represents the value of relative location described in Section IV-A. Here, Alice randomly selects two points on edge li , e.g., A(xa , ya ) and B(xb , yb ), and converts the coordinates of A and B into the integer type according to χ , such as A(Xa , Ya ) and B(Xb , Yb ). Next,

1122

Algorithm 2 Alice Broadcasts Encrypted Relative Location Require: Proximity polygon P; Tree node li in DT; Encryption E(R) 1: for all friends in F and tree node li in the DT do 2: while li = OUTSIDE and li = INSIDE, Alice do 3: Choose two points on li randomly and convert them into integer as A(Xa , Ya ) and B(Xb , Yb ) 4: Calculate E(Z1 )E(R) 5: Compute and store E(Yb − Ya ), . . . , E(10n (Yb − Ya )) in set S1 successively 6: Compute and store E(Xa − Xb ), . . . , E(10n (Xa − Xb )) in set S2 successively 7: Send E(Z1 )E(R), {S1 }, {S2 }, and edge li to Bob 8: end while 9: end for Algorithm 3 Bob Sends Encrypted Information to SP Require: Edge li ; Set {S1 }; Set {S2 }; E(Z1 )E(R) 1: Calculate E(Z2 )E(R) and E(Z3 )E(R) 2: Compute E(βi  ) = E(Z1 )E(R) · E(Z2 )E(R) · E(Z3 )E(R) 3: Send E(βi  ) and li to SP Algorithm 4 Decision-Tree-Based Proximity Determination Require: Decision tree DT; Tree node li ; Private key Sk ; 1: SP decrypt E(βi  ) by private key Sk 2: if (βi  − 3R) < 0 then 3: return the left child node of li in DT to Alice. 4: else 5: return the right child node of li in DT to Alice. 6: end if

she has to calculate E(Z1 )E(R) = E(Xb Ya − Xa Yb )E(R), {S1 } = {E(Yb − Ya ), . . . , E(10n (Yb − Ya ))}, and {S2 } = {E(Xa − Xb ), . . . , E(10n (Xa − Xb ))} where n = χ + 2, and sends all of the encrypted data to Bob. After receiving the encrypted data from Alice, Bob starts to compute his own encrypted parameters based on Algorithm 3 and sends them to the SP. Similar to Alice, Bob also converts his current location Q(xq , yq ) into Q(Xq , Yq ), calculates E(βi  ) = E(Z1 )E(R) · E(Z2 )E(R) · E(Z3 )E(R) according to (9), and sends E(βi  ) along with the edge li to the SP. After receiving the messages from Bob, the local SP will execute the third step explained in Algorithm 4. In this algorithm, the SP will finally determine whether Bob is in Alice’s privacy proximity. Decrypting E(βi  ) using the private key Sk , the SP will return the final decision to Alice based on (βi  − 3R). In other words, if (βi  − 3R) < 0, the SP returns the left child node of edge li in DT, otherwise the SP returns the right child node. Specially, Alice will finish the detecting phase and obtain the final result, if Bob is in the state of OUTSIDE or INSIDE. Otherwise, Alice has to continue to check next edge until satisfying the OUTSIDE or INSIDE state in DT.

IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017

B. Privacy Analysis The LoDPD we proposed in this paper is able to achieve the data sharing among friends with anti-disclosure of personal information, especially in the fog computing systems. In that case, the data transmission among nonfriends or nonneighbor friends is denied. Yet, the information exchanging between neighboring friends is carried out under the premise of personal privacy protection. According to the privacy requirements, the security of the proposed proximity detection protocol is analyzed from each entity of the system structure. In our third-party system model, the fog server SP will generate a pair of Paillier key {N, g} and {λ} when it receives the proximity detection query. For the purpose of protecting the transmitted data from external attacker, both Alice and Bob will encrypt the transmitted data with the public key {N, g} in the protocol startup phase. For the host fog node (Alice), the encrypted data, including the proximity decision-tree DT and the accuracy requirement χ , is sent to the SP according to analyzing her proximity region during the whole detection process. Thus, the SP and Bob cannot get any useful information of Alice. Specially, Bob can only obtain the slope of Alice’s proximity edge li even if he knows the private key Sk to decrypt Alice’s ciphertext. In the case of unknown intercept of li , neither Alice’s exact location nor her proximity area can be deduced. Similarly, Bob sends the value of E(βi  ) to the SP, which is computed by his own position Q and the encrypted data from Alice. Note that the sever only learns the intercept difference, βi , by decrypting E(βi  ), which certainly cannot deduce the exact location of both Alice and Bob. In the meantime, Alice also cannot infer any personal information of Bob except the final testing result on account of lacking of any his information. Accordingly, our proposed protocol can achieve the goal of the privacy preserving during the proximity detection process. In other words, either Alice or Bob cannot learn the location of others, and the SP cannot deduce their detailed location and proximity information as well. VI. P ERFORMANCE E VALUATION In this section, we conduct an extensive simulation to evaluate the performance of our protocol. The data space is normalized to a 100 × 100 km2 square extracted from a real map, in which we set several fog nodes. The length of the encryption key of the Paillier cryptosystem is 1024 bit, and the default number of Alice’s friends is 100. Moreover, the original location of Alice is randomly selected from the data space, and the distance of Alice’s proximity edge is limited to 5 km. Our experiments implemented in Java are conducted on a workstation with Intel 2.83 GHz CPU and 4 GB RAM, running windows operating system, and each measurement is the average result over 100 randomly generated queries. We first analyze the CPU cost and the communication cost of Alice via the different accuracy requirement χ , which is shown in Fig. 6. Here the number of Alice’s proximity edges is assumed to be 5. Clearly, both the CPU cost and the communication cost grow along with the increase of χ remarkably. The

HUO et al.: LoDPD FOR FOG COMPUTING

Fig. 6. cost.

Effect of accuracy requirement. (a) CPU cost. (b) Communication

Fig. 7. Effect of proximity edges of every entities. (a) CPU cost. (b) Communication cost.

1123

Fig. 9. Effect of proximity edges of different protocol. (a) CPU cost. (b) Communication cost.

encryption may take up lots of time. Besides, Fig. 8(b) reports that the bigger accuracy requirement is, the higher communication cost is, which neatly illustrates that the communication cost is severely affected by χ . Nevertheless, our protocol has a better performance than the traditional PPD protocol’s for the various χ . The reason for the lower costs is that there are less times of communication with each other and encryption process on the proposed protocol. Similarly, the costs also increase linearly with the number of proximity edges when Alice employs the same χ to start query detection in Fig. 9. Obviously, the more complicated of Alice’s Proximity is, the more CPU cost and communication cost are. Despite all that, the proposed protocol still has less costs than the traditional protocol’s. VII. C ONCLUSION

Fig. 8.

Effect of domain size. (a) CPU cost. (b) Communication cost.

reason is that the decrypted and transmitted information will be increased if the accuracy requirement is improved, which can lead to the increase of costs of Alice in turn. In contrast, without encryption process, the costs of both Bob and SP grow slowly. Next, the impact of the number of proximity edges is studied when χ = 5. Fig. 7 is clear that the CPU and communication costs of the three entities grow linearly with the number of proximity edges. The reason is that the more number of edges of Alice’s proximity, the more data needs to be processed, which will certainly result in the higher CPU and communication cost. Additionally, the proposed protocol is compared with the PPD protocol proposed in [15]. Figs. 8 and 9 demonstrates the overall system CPU cost and the communication cost of the two protocol via different χ and different number of proximity edges, respectively. In Fig. 8, the costs of the two protocol increase with the growth of accuracy requirement χ . In other words, a large χ will cause more CPU cost for the reason that the Paillier-based

In this paper, an LoDPD is proposed to solve the privacy preserving issue for the proximity detection in a fog computing system, which exploit the Paillier encryption algorithm and the decision-tree theory. Without the collusion scenario, we define a difference that is used to determine the relative location between a edge and Bob’s location in the protocol for the purpose of ensuring privacy. During the detection, the parameters are transmitted among Alice, Bob and the SP in the Paillier encryption form to keep out of the external malicious attacks. Analyses and simulation results clearly explain that our protocol outperforms the traditional PPD method in both communication cost and CPU cost. For future work, we will extend the vicinity regions to the closed regions of arbitrary shapes and develop an APP based on the protocol to do more tests in a real scenario. ACKNOWLEDGMENT The authors would like to thank all reviewers who have helped improve the quality of this paper. The authors also thank Beijing review copyeditor Y. Nan for improving the language. R EFERENCES [1] Z. Cai, Z. He, X. Guan, and Y. Li, “Collective data-sanitization for preventing sensitive information inference attacks in social networks,” IEEE Trans. Depend. Secure Comput., to be published. [2] Y. Wang et al., “An incentive mechanism with privacy protection in mobile crowdsourcing systems,” Comput. Netw., vol. 102, pp. 157–171, Jun. 2016.

1124

[3] I. Stojmenovic, “Fog computing: A cloud to the ground support for smart things and machine-to-machine networks,” in Proc. Aust. Telecommun. Netw. Appl. Conf. (ATNAC), Southbank, VIC, Australia, 2014, pp. 117–122. [4] J. Wang et al., “Differentially private k-anonymity: Achieving query privacy in location-based services,” in Proc. Int. Conf. Identification Inf. Knowl. Internet Things (IIKI), Beijing, China, Oct. 2016, pp. 1–6. [5] Z. He et al., “An energy efficient privacy-preserving content sharing scheme in mobile social networks,” Pers. Ubiquitous Comput., vol. 20, no. 5, pp. 833–846, 2016. [6] A. Stefanidis, A. Crooks, and J. Radzikowski, “Harvesting ambient geospatial information from social media feeds,” GeoJ., vol. 78, no. 2, pp. 319–338, 2013. [7] P. F. Riley, “The tolls of privacy: An underestimated roadblock for electronic toll collection usage,” Comput. Law Security Rev., vol. 24, no. 6, pp. 521–528, 2008. [8] J. Y. Tsai, P. G. Kelley, L. F. Cranor, and N. Sadeh, “Location-sharing technologies: Privacy risks and controls,” J. Law Policy Inf. Soc., vol. 6, no. 2, p. 119–151, 2010. [9] X. Zheng, Z. Cai, J. Li, and H. Gao, “Location-privacy-aware review publication mechanism for local business service systems,” in Proc. 36th Annu. IEEE Int. Conf. Comput. Commun. (INFOCOM), Atlanta, GA, USA, May 2017, pp. 1–9. [10] X. Lin, H. Hu, H. P. Li, J. Xu, and B. Choi, “Private proximity detection and monitoring with vicinity regions,” in Proc. 12th Int. ACM Workshop Data Eng. Wireless Mobile Acess, New York, NY, USA, 2013, pp. 5–12. [11] S. Mascetti, C. Bettini, D. Freni, and X. S. Wang, “Spatial generalisation algorithms for LBS privacy preservation,” J. Location Based Services, vol. 1, no. 3, pp. 179–207, 2007. [12] P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias, “Preventing location-based identity inference in anonymous spatial queries,” IEEE Trans. Knowl. Data Eng., vol. 19, no. 12, pp. 1719–1733, Dec. 2007. [13] Z. He, Z. Cai, Y. Sun, Y. Li, and X. Cheng, “Customized privacy preserving for inherent data and latent data,” Pers. Ubiquitous Comput., vol. 21, no. 1, pp. 43–54, 2017. [14] L. Zhang, Z. Cai, and X. Wang, “FakeMask: A novel privacy preserving approach for smartphones,” IEEE Trans. Netw. Service Manag., vol. 13, no. 2, pp. 335–348, Jun. 2016. [15] B. Mu and S. Bakiras, “Private proximity detection for convex polygons,” in Proc. Int. ACM Workshop Data Eng. Wireless Mobile Acess, New York, NY, USA, 2013, pp. 36–43. [16] L. Zhang, X. Wang, J. Lu, P. Li, and Z. Cai, “An efficient privacy preserving data aggregation approach for mobile sensing,” Security Commun. Netw., vol. 9, no. 16, pp. 3844–3853, 2016. [17] M. Gruteser and D. Grunwald, “Anonymous usage of location-based services through spatial and temporal cloaking,” in Proc. 1st Int. Conf. Mobile Syst. Appl. Services, San Francisco, CA, USA, 2003, pp. 31–42. [18] P. Golle and K. Partridge, “On the anonymity of home/work location pairs,” in Proc. Int. Conf. Pervasive Comput., Nara, Japan, 2009, pp. 390–397. [19] A. Khoshgozaran and C. Shahabi, “Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy,” in Proc. Int. Symp. Spatial Temporal Databases, Boston, MA, USA, 2007, pp. 239–257. [20] D. Lin, E. Bertino, R. Cheng, and S. Prabhakar, “Position transformation: A location privacy protection method for moving objects,” in Proc. SIGSPATIAL ACM GIS Int. Workshop Security Privacy GIS LBS, Irvine, CA, USA, 2008, pp. 62–71. [21] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, “Private queries in location based services: Anonymizers are not necessary,” in Proc. 8th ACM SIGMOD Int. Conf. Manag. Data, Vancouver, BC, Canada, 2008, pp. 121–132. [22] S. Papadopoulos, S. Bakiras, and D. Papadias, “Nearest neighbor search with strong location privacy,” Proc. VLDB Endowment, vol. 3, nos. 1–2, pp. 619–629, 2010. [23] P. Ruppel, G. Treu, A. Küpper, and C. Linnhoff-Popien, “Anonymous user tracking for location-based community services,” in Proc. 2nd Int. Symp. Location Context-Awareness, Dublin, Ireland, 2006, pp. 116–133. [24] S. Mascetti, C. Bettini, D. Freni, X. S. Wang, and S. Jajodia, “Privacyaware proximity based services,” in Proc. 10th Int. Conf. Mobile Data Manag. Syst. Service Middleware (MDM), Taipei, Taiwan, 2009, pp. 31–40. [25] L. Šikšnys, J. R. Thomsen, S. Šaltenis, M. L. Yiu, and O. Andersen, “A location privacy aware friend locator,” in Proc. Int. Symp. Spat. Temporal Databases, Aalborg, Denmark, 2009, pp. 405–410.

IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017

[26] G. Zhong, I. Goldberg, and U. Hengartner, “Louis, lester and pierre: Three protocols for location privacy,” in Proc. Int. Workshop Privacy Enhancing Technol., Ottawa, ON, Canada, 2007, pp. 62–76. [27] S. Mascetti, D. Freni, C. Bettini, X. S. Wang, and S. Jajodia, “Privacy in geo-social networks: Proximity notification with untrusted service providers and curious buddies,” Int. J. Very Large Data Bases, vol. 20, no. 4, pp. 541–566, 2011. [28] A. Narayanan, N. Thiagarajan, M. Lakhani, M. Hamburg, and D. Boneh, “Location privacy via private proximity testing,” in Proc. NDSS, San Diego, CA, USA, 2011, pp. 1–17. [29] C. Fontaine and F. Galand, “A survey of homomorphic encryption for nonspecialists,” EURASIP J. Inf. Security, vol. 2007, no. 1, pp. 1–10, 2007. [30] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in Proc. Int. Conf Theory Appl. Cryptograph. Techn., Prague, Czech Republic, 1999, pp. 223–238. [31] V. Nikolaenko et al., “Privacy-preserving ridge regression on hundreds of millions of records,” in Proc. IEEE Symp. Security Privacy (SP), San Francisco, CA, USA, 2013, pp. 334–348. [32] B. Goethals, S. Laur, H. Lipmaa, and T. Mielikäinen, “On private scalar product computation for privacy-preserving data mining,” in Proc. Int. Conf. Inf. Security Cryptol., Seoul, South Korea, 2004, pp. 104–120. [33] H. Li, L. Sun, H. Zhu, X. Lu, and X. Cheng, “Achieving privacy preservation in WiFi fingerprint-based localization,” in Proc. IEEE INFOCOM, Toronto, ON, Canada, 2014, pp. 2337–2345. [34] Y. Huang, L. Malka, D. Evans, and J. Katz, “Efficient privacypreserving biometric identification,” in Proc. Netw. Distrib. Syst. Security Symp. (NDSS), San Diego, CA, USA, Feb. 2011, pp. 1–14.

Yan Huo (M’11) received the B.E. and Ph.D. degrees in communication and information system from Beijing Jiaotong University, Beijing, China, in 2004 and 2009, respectively. He has been a faculty member with the School of Electronics and Information Engineering, Beijing Jiaotong University, Beijing, since 2011, where he is currently an Associate Professor. He was a Visiting Scholar with the Department of Computer Science, George Washington University, Washington, DC, USA, from 2015 to 2016. His current research interests include wireless communication theory, security and privacy, cognitive radio, and signal processing.

Chunqiang Hu (GS’14–M’16) received the B.S. degree in computer science and technology from Southwest University, Chongqing, China, in 2006, the M.S. and Ph.D. degrees in computer science and technology from Chongqing University, Chongqing, in 2009 and 2013, respectively, and the Ph.D. degree in computer science from George Washington University, Washington, DC, USA, in 2016. He was a Visiting Scholar with George Washington University, for one year in 2011. Since 2017, he has been with Chongqing University honored with the Hundred-Talent Program. His current research interests include privacyaware computing, big data security and privacy, wireless and mobile security, applied cryptography, and algorithm design and analysis. Dr. Hu is a member of the ACM.

Xiaowei Qi received the B.E. degree from the School of Information Science and Engineering, Hohai University, Jiangsu, China, in 2012. He is currently pursuing the master’s degree at the Shu Hua Wireless Network and Information Perception Center, Beijing Jiaotong University, Beijing, China. His current research interest includes security and privacy in mobile social networks.

Tao Jing received the M.S. and Ph.D. degrees from the Changchun Institute of Optics, Fine Mechanics and Physics, Chinese Academy of Sciences, Beijing, China, in 1994 and 1999, respectively. He is a Professor with the School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing. His current research interests include capacity analysis, spectrum prediction and resource management in cognitive radio networks, RFID in intelligent transporting systems, and smart phone applications.