CN106792501A - A kind of LBS customer locations and privacy of identities guard method - Google Patents

A kind of LBS customer locations and privacy of identities guard method Download PDF

Info

Publication number
CN106792501A
CN106792501A CN201611013779.6A CN201611013779A CN106792501A CN 106792501 A CN106792501 A CN 106792501A CN 201611013779 A CN201611013779 A CN 201611013779A CN 106792501 A CN106792501 A CN 106792501A
Authority
CN
China
Prior art keywords
user
location
information
lbs
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611013779.6A
Other languages
Chinese (zh)
Inventor
程良伦
郭慧
徐金雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201611013779.6A priority Critical patent/CN106792501A/en
Publication of CN106792501A publication Critical patent/CN106792501A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

移动互联网技术在飞速发展,成为了现代人们日常生活中的核心通信设备,随着设备数量的增多及相关技术的日渐成熟,涌现出一大批基于位置服务的应用程序(Location Based Service),服务提供者需要知道用户的位置,才能根据位置为其提供相应的服务,但用户提供的信息中不单只包括位置信息,还可能包含id,请求服务属性等隐私信息,但是LBS服务器一般是不可信的,所以用户把这些信息发给LBS服务器,就可能面临隐私信息泄露的危险。本发明针对上述问题,提出一种LBS用户位置及身份隐私保护方法,该方法通过对用户的位置及身份隐私加密,有效阻止该用户请求信息上传到LBS服务器途中,被恶意攻击者截获。且也对LBS服务器响应消息加密,防止攻击者的推演攻击。

With the rapid development of mobile Internet technology, it has become the core communication device in modern people's daily life. With the increase of the number of devices and the maturity of related technologies, a large number of location-based service applications (Location Based Service) have emerged. The user needs to know the location of the user in order to provide corresponding services according to the location. However, the information provided by the user includes not only location information, but also private information such as id and requested service attributes. However, LBS servers are generally untrustworthy. Therefore, when the user sends this information to the LBS server, he may face the danger of privacy information leakage. Aiming at the above problems, the present invention proposes a method for protecting LBS user location and identity privacy. The method effectively prevents the user request information from being uploaded to the LBS server and being intercepted by malicious attackers by encrypting the user's location and identity privacy. And it also encrypts the response message of the LBS server to prevent deduction attacks by attackers.

Description

一种LBS用户位置及身份隐私保护方法A method for protecting LBS user location and identity privacy

技术领域technical field

本发明涉及移动互联网安全领域,更具体地,一种LBS用户位置及身份隐私保护方法。The invention relates to the field of mobile Internet security, more specifically, a method for protecting LBS user location and identity privacy.

背景技术Background technique

现如今,移动互联网技术在飞速发展,移动设备数量也与日俱增,成为了现代人们日常生活中的核心通信设备,随着设备数量的增多及相关技术的日渐成熟,涌现出一大批基于位置服务的应用程序(Location Based Service),服务提供者需要知道用户的位置,才能根据位置为其提供相应的服务,但用户提供的信息中不单只包括位置信息,还可能包含id,请求服务属性等隐私信息,但是LBS服务器一般是不可信的,所以用户把这些信息发给LBS服务器,就可能面临隐私信息泄露的危险。例如,如果一个用户想要找附近的餐厅,则需要提交附近餐厅的请求。其中这些上传的数据中,就包含用户的敏感信息,包括用户身份、所在位置、请求服务属性。一旦这些信息被攻击者截获,就可能对用户的隐私造成威胁,甚至严重者可能造成严重伤害。Nowadays, mobile Internet technology is developing rapidly, and the number of mobile devices is also increasing day by day, becoming the core communication device in modern people's daily life. With the increase in the number of devices and the maturity of related technologies, a large number of location-based service applications have emerged Program (Location Based Service), the service provider needs to know the location of the user in order to provide corresponding services according to the location, but the information provided by the user not only includes location information, but may also include private information such as id, request service attributes, etc. However, LBS servers are generally untrustworthy, so users may face the danger of private information leakage when they send these information to LBS servers. For example, if a user wants to find nearby restaurants, he needs to submit a request for nearby restaurants. Among them, the uploaded data contains sensitive information of the user, including user identity, location, and requested service attributes. Once the information is intercepted by the attacker, it may pose a threat to the user's privacy, and even serious damage may be caused.

针对LBS中用户位置隐私保护问题,国内外研究者们进行了大量研究工作,其思想主要是通过对用户位置采用泛化、模糊或掩盖等技术方式,降低攻击者识别用户位置的能力。Gruteser等人最先把关系数据库的K匿名引入到LBS隐私保护领域,提出K匿名度量指标;随机化技术也被用于保护隐私,如DUMMY-Q方法,其通过产生哑元来迷惑攻击者,增加了攻击者识别真实位置的不确定性,但是该方法疏于考虑上下文及用户的运动模型,导致产生的哑元与实际的查询差别较大,从而攻击者很容易就能识别真实的哑元,起不到保护查询隐私的作用。Aiming at the problem of user location privacy protection in LBS, domestic and foreign researchers have carried out a lot of research work. The main idea is to reduce the ability of attackers to identify user location by using technical methods such as generalization, obfuscation or masking of user location. Gruteser et al. first introduced K anonymity of relational database into the field of LBS privacy protection, and proposed K anonymity measurement index; randomization technology is also used to protect privacy, such as the DUMMY-Q method, which confuses the attacker by generating dummy, It increases the uncertainty of the attacker identifying the real location, but this method neglects to consider the context and the user's motion model, resulting in a large difference between the generated dummy and the actual query, so that the attacker can easily identify the real dummy , can not play the role of protecting query privacy.

因此,本发明针对上述问题,提出一种LBS用户位置及身份隐私保护方法,该方法通过对用户的位置及身份隐私加密,有效阻止该用户请求信息上传到LBS服务器途中,被恶意攻击者截获。且也对LBS服务器响应消息加密,防止攻击者的推演攻击。Therefore, in view of the above problems, the present invention proposes a method for protecting LBS user location and identity privacy. The method effectively prevents the user request information from being uploaded to the LBS server and being intercepted by malicious attackers by encrypting the user's location and identity privacy. And it also encrypts the response message of the LBS server to prevent deduction attacks by attackers.

发明内容Contents of the invention

本发明为了解决移动互联网中LBS用户位置及身份隐私安全问题,保护用户在得到服务的同时,其敏感信息不会被攻击者识别,提出一种LBS用户位置及身份隐私保护方法。最终达到双重加密的目的,对发送消息加密,有效抵抗了截获攻击;且对响应消息加密,有效的阻止了推演攻击。In order to solve the security problems of LBS user location and identity privacy in the mobile Internet and protect users from receiving services while their sensitive information will not be identified by attackers, the present invention proposes a method for protecting LBS user location and identity privacy. Finally, the purpose of double encryption is achieved, and the encryption of the sent message effectively resists the interception attack; and the encryption of the response message effectively prevents the deduction attack.

为了实现上述目的,本发明通过如下技术方案实现:In order to achieve the above object, the present invention is achieved through the following technical solutions:

一种LBS用户位置及身份隐私保护方法方法,包括以下几个步骤:A method for protecting LBS user location and identity privacy, comprising the following steps:

S1:CA针对每个在线用户生成一对属于用户的密钥对<Uprivate,Upublic>,其中Uprivate表示用户私钥,用来对自身接收到的加密消息解密;Upublic表示用户公钥,且所有用户的公钥Upublic都在一个公开的公钥库中可以找到,便于其他参与者查找,并利用该公钥加密发送给其的消息;S1: CA generates a pair of user-owned key pairs <U private , U public > for each online user, where U private represents the user's private key, which is used to decrypt encrypted messages received by itself; U public represents the user's public key , and the public key U public of all users can be found in a public public key library, which is convenient for other participants to find and use the public key to encrypt messages sent to them;

S2:LBS服务器针对每种可能查询的属性Service生成一对RSA秘钥对<Aprivate,Apublic>,其中Aprivate表示服务私钥,LBS服务器用其来对接收到的对应加密消息解密;Apublic表示LBS服务器发送给用户终端的公钥,用户发送查询请求前,会用对应的公钥加密并发送;S2: The LBS server generates a pair of RSA key pairs <A private , A public> for each possible query attribute Service, where A private represents the service private key, which the LBS server uses to decrypt the corresponding received encrypted message; A public means the public key sent by the LBS server to the user terminal, before the user sends a query request, it will be encrypted with the corresponding public key and sent;

S3:用户终端发送查询请求信息之前,根据所请求服务的属性,用对应的公钥对信息进行加密;其中加密包括加密用户的身份信息及位置信息。S3: Before sending the query request information, the user terminal encrypts the information with the corresponding public key according to the attributes of the requested service; the encryption includes encrypting the user's identity information and location information.

S4:LBS服务器在收到该加密请求之后,利用对应的私钥进行解密;S4: After receiving the encryption request, the LBS server uses the corresponding private key to decrypt it;

S5:针对用户位置及查询请求,查找相关的数据库,从中挑选合适的响应消息,并从公钥库找到用户对应的公钥,加密响应消息之后发送;S5: According to the user's location and query request, search the relevant database, select the appropriate response message from it, and find the corresponding public key of the user from the public key database, encrypt the response message and send it;

S6:用户收到消息之后,利用私钥解密得到该服务。S6: After receiving the message, the user decrypts it with the private key to obtain the service.

在步骤3中,用户对发送的信息进行加密,具体包括如下步骤:In step 3, the user encrypts the sent information, which specifically includes the following steps:

3.1首先将用户属性信息编码,建立属性值与数字字符串之间的映射,其中属性值包括用户的id及位置信息(经纬度坐标),其具体格式如下所示:3.1 First, encode user attribute information, and establish a mapping between attribute values and digital strings, wherein the attribute values include the user's id and location information (latitude and longitude coordinates), and the specific format is as follows:

上述格式是一个映射过程,用户id为其11位手机号码,因此映射之后的phoneNum为11位。location为经纬度表示,其中经度范围0-180(东经为E,西经为W);纬度范围0-90(北纬为N,南纬为S),因此后面的longitude为4位表示,(E,W)表示其中的一个,西经或东经;latitude为3位表示,(N,S)为南纬或北纬的一个。The above format is a mapping process, the user id is its 11-digit mobile phone number, so the phoneNum after mapping is 11 digits. location is longitude and latitude representation, where the longitude range is 0-180 (east longitude is E, west longitude is W); the latitude range is 0-90 (northern latitude is N, south latitude is S), so the following longitude is 4-bit representation, (E, W) indicates one of them, west longitude or east longitude; latitude is represented by 3 digits, and (N,S) is one of south latitude or north latitude.

3.2将上述数字字符串按两个一组,进行分组,假设字符串为k1k2k3…k11(h1h2h3(E)g1g2(S)),其中g,h,k都表示阿拉伯数字0到9的一个,则分组之后格式如下:3.2 Group the above digital strings into groups of two, assuming that the strings are k 1 k 2 k 3 ...k 11 (h 1 h 2 h 3 (E)g 1 g 2 (S)), where g, Both h and k represent one of the Arabic numerals 0 to 9, and the format after grouping is as follows:

k1k2 k3k4 k5k6 k7k8 k9k10 k11(h1h2 h3 Eg1g2S) k 1 k 2 k 3 k 4 k 5 k 6 k 7 k 8 k 9 k 10 k 11 (h 1 h 2 h 3 Eg 1 g 2 S)

3.3利用该用户查询属性值对应的公钥Apublic将得到的分组数据进行加密,之后按分组顺序组合,添加一些必要信息之后发送给LBS服务器;具体加密过程如下:3.3 Use the public key A public corresponding to the user's query attribute value to encrypt the obtained group data, then combine them in group order, add some necessary information and send them to the LBS server; the specific encryption process is as follows:

3.3.1假设Apublic公钥为(m,n),利用公式XXmmodn=YY,XX/n=Q将3.2得到的分组数据进行计算,XX表示任意的两位数字分组,YY表示得到的加密数据。注意其中比较特殊的情况,有分组之后单独的一个数字X,则利用公式Xmmodn=YY进行计算;3.3.1 Assuming that the A public key is (m, n), use the formula XX m modn=YY, XX/n=Q to calculate the grouped data obtained in 3.2, XX represents any two-digit grouping, and YY represents the obtained Encrypt data. Pay attention to the special case, if there is a single number X after grouping, use the formula X m modn = YY to calculate;

3.3.2都计算之后,对得到的数据进行整理,得到最终的发送密文消息,其中包括对每个XX对应的Q值判断,如果Q=0,则密文消息直接为YY;否则,密文消息为YY(Q),格式如下:3.3.2 After all calculations, sort the obtained data to obtain the final sent ciphertext message, which includes the judgment of the Q value corresponding to each XX. If Q=0, the ciphertext message is directly YY; otherwise, the ciphertext message is directly YY; The text message is YY(Q), and the format is as follows:

k1’k2 k3’k4’k5’k6’(Q1)k7’k8’k9’k10’(Q2)k11’(h1’h2’h3’Eg1’g2’S)k 1' k 2 ' k 3' k 4' k 5' k 6' (Q 1 )k 7' k 8' k 9' k 10' (Q 2 )k 11' (h 1' h 2' h 3 ' Eg 1' g 2' S)

3.3.3将上述密文消息与查询属性service一起发送给LBS服务器。3.3.3 Send the above ciphertext message together with the query attribute service to the LBS server.

在该身份及位置信息隐私保护方法中,每个查询属性对应的公钥,生成n的两个素数都是由服务器根据要求随机生成;In the identity and location information privacy protection method, the public key corresponding to each query attribute and the two prime numbers that generate n are randomly generated by the server according to requirements;

步骤4中,LBS服务器利用查询属性的私钥解密接收到的用户请求,并查找响应,具体包括如下步骤:In step 4, the LBS server uses the private key of the query attribute to decrypt the received user request, and finds the response, which specifically includes the following steps:

4.1LBS服务器接收用户上传的请求信息,并根据请求信息中的请求服务属性调取与之对应的RSA私钥Aprivate4.1 The LBS server receives the request information uploaded by the user, and calls the corresponding RSA private key A private according to the request service attribute in the request information;

4.2LBS服务器利用获取的RSA私钥Aprivate解密用户上传的请求消息,以获得用户的身份及用户所处的位置,具体包括如下步骤:4.2 The LBS server uses the obtained RSA private key A private to decrypt the request message uploaded by the user, so as to obtain the user's identity and location, which specifically includes the following steps:

4.2.1假设找到的对应私钥为Aprivate为(w,n),先将得到的密文消息进行两两分组;4.2.1 Assuming that the found corresponding private key is A private (w, n), first divide the obtained ciphertext messages into two groups;

4.2.2利用公式YYwmodn=ZZ,并判断该YY之后是否有Q,如果有,则ZZ=ZZ+Q*n,ZZ为解密得到的明文分组;4.2.2 Use the formula YY w modn=ZZ, and judge whether there is Q after YY, if so, then ZZ=ZZ+Q*n, ZZ is the plaintext group obtained by decryption;

4.2.3整理ZZ得到明文消息k1k2k3…k100k11(0h1h2h3Eg1g2S),注意此处得到的电话号码为12位数字,其中第11位为0,去掉。位置坐标经度中的首个数字为0去掉,剩余的0保留,即为用户发送的明文消息;4.2.3 Arranging ZZ to get the plaintext message k 1 k 2 k 3 …k 10 0k 11 (0h 1 h 2 h 3 Eg 1 g 2 S), note that the phone number obtained here is 12 digits, and the 11th digit is 0, remove. The first number in the location coordinate longitude is 0 and removed, and the remaining 0 is reserved, which is the plaintext message sent by the user;

4.3根据用户位置及请求属性,查找相对应的数据库,提取满足要求的响应列表。4.3 Search the corresponding database according to the user's location and request attributes, and extract the response list that meets the requirements.

在该专利写的LBS用户身份及位置隐私保护方法中,RSA秘钥包括RSA公钥Apublic和RSA私钥privateIn the LBS user identity and location privacy protection method written in this patent, the RSA secret key includes the RSA public key A public and the RSA private key private .

在该专利写的LBS用户身份及位置隐私保护方法中,LBS用户提交的服务请求可能是一个或多个。In the LBS user identity and location privacy protection method written in this patent, there may be one or more service requests submitted by the LBS user.

步骤S5中,LBS服务器利用用户公钥加密响应消息并发送,具体步骤包括:In step S5, the LBS server encrypts the response message with the user public key and sends it. The specific steps include:

5.1LBS服务器根据解密的用户id,在公钥库中查找用户的公钥Upublic5.1 The LBS server looks up the user's public key U public in the public key store according to the decrypted user id;

5.2LBS服务器利用用户的公钥Upublic对响应消息进行加密;5.2 The LBS server encrypts the response message with the user's public key U public ;

5.3LBS服务器将加密之后的密文响应发送到用户终端;5.3 The LBS server sends the encrypted ciphertext response to the user terminal;

在该专利写的LBS用户身份及位置隐私保护方法中,公钥库是由CA颁发的用户公钥共同组成的。In the LBS user identity and location privacy protection method written in this patent, the public key library is composed of user public keys issued by CA.

在该身份及位置信息隐私保护方法中,每个用户的公私钥对<Upublic,Uprivate>由认证中心CA颁发,且每个用户的公私钥都是特有的。In this identity and location information privacy protection method, each user's public-private key pair <U public , U private > is issued by the certification center CA, and each user's public-private key is unique.

与现有技术相比,本发明的有益效果为:本专利针对基于位置服务中的查询服务属性,设计了一种终端用户位置隐私保护方法。该方法针对现实的应用程序注册id及位置,提出对其的加密算法,有效的保护了用户的id及位置隐私。该方法的优点是双重加密,对发送消息加密,有效抵抗了截获攻击;且对响应消息加密,有效的阻止了推演攻击。Compared with the prior art, the beneficial effects of the present invention are as follows: the patent designs a method for protecting terminal user location privacy for querying service attributes in location-based services. This method proposes an encryption algorithm for the actual application registration id and location, which effectively protects the privacy of the user's id and location. The advantage of this method is double encryption, which encrypts the sent message, effectively resisting the interception attack; and encrypts the response message, effectively preventing the deduction attack.

附图说明Description of drawings

图1为本发明的用户隐私保护的步骤流程图;Fig. 1 is a flow chart of the steps of user privacy protection of the present invention;

图2为用户实例加密过程流程图。Figure 2 is a flowchart of the user instance encryption process.

具体实施方式detailed description

下面结合附图对本发明做进一步的描述,但本发明的实施方式并不限于此。The present invention will be further described below in conjunction with the accompanying drawings, but the embodiments of the present invention are not limited thereto.

如图1所示,利用改进RSA算法和服务属性保护LBS用户位置及身份隐私方法,其实施过程具体包括以下步骤:As shown in Figure 1, using the improved RSA algorithm and service attributes to protect the LBS user location and identity privacy method, its implementation process specifically includes the following steps:

首先,CA针对每个在线用户生成一对属于用户的密钥对<Uprivate,Upublic>,且所有用户的公钥Upublic都在一个公开的公钥库中可以找到;First, CA generates a pair of user-owned key pairs <U private , U public > for each online user, and the public key U public of all users can be found in a public public key library;

接着,LBS服务器针对每种可能查询的属性生成一对RSA秘钥对<Aprivate,Apublic>,并将查询属性及生成的密钥对中的公钥发送到在线的用户终端中;Next, the LBS server generates a pair of RSA key pairs <A private , A public> for each possible query attribute, and sends the query attribute and the public key in the generated key pair to the online user terminal;

接着,用户终端发送查询请求信息之前,根据所请求服务的属性,用对应的公钥对信息进行加密;其中加密包括加密用户的身份信息及位置信息。Next, before the user terminal sends the query request information, it encrypts the information with the corresponding public key according to the attribute of the requested service; the encryption includes encrypting the user's identity information and location information.

其中用公钥对隐私信息加密,包括如下步骤:Encrypting private information with a public key includes the following steps:

首先将用户属性信息编码,建立属性值与数字字符串之间的映射,其中属性值包括用户的id及位置信息(经纬度坐标);First, user attribute information is encoded, and a mapping between attribute values and digital strings is established, wherein the attribute values include the user's id and location information (latitude and longitude coordinates);

将数字字符串按两个一组,进行分组,利用该查询属性值对应的公钥将得到的分组数据进行加密。之后按分组顺序组合并发送;Group the number strings into groups of two, and use the public key corresponding to the query attribute value to encrypt the obtained grouped data. Then assemble and send according to the grouping order;

在该身份及位置信息隐私保护方法中,每个查询属性对应的公钥,生成n的两个素数都是由服务器根据要求随机生成;In the identity and location information privacy protection method, the public key corresponding to each query attribute and the two prime numbers that generate n are randomly generated by the server according to requirements;

接着,步骤4中LBS服务器在收到该加密请求之后,利用对应的私钥进行解密;Then, in step 4, after receiving the encryption request, the LBS server utilizes the corresponding private key to decrypt;

具体的,用私钥解密密文消息,并查找响应,包括如下步骤:Specifically, use the private key to decrypt the ciphertext message and find the response, including the following steps:

LBS服务器接收用户上传的请求信息,并根据请求信息中的请求服务属性调取与之对应的RSA私钥;The LBS server receives the request information uploaded by the user, and retrieves the corresponding RSA private key according to the request service attribute in the request information;

LBS服务器利用获取的RSA私钥解密用户上传的请求消息,以确定用户的身份及用户所处的位置;The LBS server uses the obtained RSA private key to decrypt the request message uploaded by the user to determine the user's identity and location;

接着,步骤5中针对用户位置及查询请求,查找相关的数据库,从中挑选合适的响应消息,并从公钥库找到用户对应的公钥,加密响应消息之后发送;具体实施包括如下步骤:Then, in step 5, for the user's location and query request, search the relevant database, select a suitable response message therefrom, and find the corresponding public key of the user from the public key database, and send the encrypted response message; the specific implementation includes the following steps:

LBS服务器根据解密的用户id,在公钥库中查找用户的公钥;The LBS server looks up the user's public key in the public key store according to the decrypted user id;

LBS服务器利用用户的公钥对响应消息进行加密;The LBS server encrypts the response message with the user's public key;

LBS服务器将加密之后的密文响应发送到用户终端;The LBS server sends the encrypted ciphertext response to the user terminal;

接着,用户收到消息之后,利用自己的私钥解密消息,获得相应服务。Then, after receiving the message, the user decrypts the message with his private key to obtain the corresponding service.

为了较好的理解本申请利用改进RSA算法及查询属性保护LBS用户身份及位置隐私方法,以用户id为手机号(13189340078),位置为(98(E),45(N)),查询属性为附近汽车站,对应RSA公钥为(3,33),私钥为(7,33)为例,对本申请的LBS用户身份及位置隐私保护方法是如何实现用户身份及位置隐私的保护做详细的阐述,具体见说明书附图2。In order to better understand the method for protecting LBS user identity and location privacy using the improved RSA algorithm and query attributes in this application, the user id is the mobile phone number (13189340078), the location is (98(E), 45(N)), and the query attributes are Take a nearby bus station, the corresponding RSA public key is (3,33), and the private key is (7,33) as an example, how the LBS user identity and location privacy protection method of this application realizes the protection of user identity and location privacy in detail For details, see Figure 2 of the description.

首先,对手机号码11位数字进行分组,两两一组,则分组情况如下:First, group the 11 digits of the mobile phone number into groups of two by two, and the grouping is as follows:

13 18 93 40 07 813 18 93 40 07 8

之后利用公钥(3,33)对用户id进行加密,得到结果如下:Then use the public key (3,33) to encrypt the user id, and the results are as follows:

19 24 15 13 13 1719 24 15 13 13 17

用户所处坐标(98(E),45(N)),利用公钥(3,33)对其加密,得到结果如下:The user's coordinates (98(E), 45(N)) are encrypted with the public key (3,33), and the results are as follows:

32(E),12(N)32(E), 12(N)

接着,构建用户要发送的密文消息为:Next, construct the ciphertext message to be sent by the user as:

T192415(2)13(1)131732(2)E12(1)Nbus stationT192415(2)13(1)131732(2)E12(1)Nbus station

LBS服务器接收到用户密文之后,根据bus station查找到对应私钥(7,33),解密密文,结果如下:After receiving the user's ciphertext, the LBS server finds the corresponding private key (7,33) according to the bus station, and decrypts the ciphertext. The result is as follows:

T131827(2)07(1)070832(2)E12(1)NT131827(2)07(1)070832(2)E12(1)N

做进一步处理,得For further processing, the

用户id:13189340078,坐标(98E,45N)User id: 13189340078, coordinates (98E, 45N)

接着查找对应数据库,得到结果列表,用用户公钥加密之后,返回给用户终端,之后用户终端利用其私钥对响应消息进行解密,得到相应服务。Then search the corresponding database to get the result list, encrypt it with the user's public key, and return it to the user terminal, and then the user terminal uses its private key to decrypt the response message to obtain the corresponding service.

综上所述,本专利针对上述用户身份及位置隐私安全问题,提出利用RSA算法和服务属性保护LBS用户位置及身份隐私。首先,CA针对每个在线用户生成一对属于用户的密钥对<Uprivate,Upublic>,且所有用户的公钥Upublic都在一个公开的公钥库中可以找到;LBS服务器针对每种可能查询的属性生成一对RSA秘钥对<Aprivate,Apublic>,并将查询属性及生成的密钥对中的公钥发送到在线的用户终端中;用户终端发送查询请求信息之前,根据所请求服务的属性,用对应的公钥对信息进行加密;LBS服务器在收到该加密请求之后,利用对应的私钥进行解密;并查找用户对应请求的列表,挑选合适的响应消息,从公钥库找到用户对应的公钥,并加密响应消息之后发送;用户收到消息之后,利用私钥解密得到该服务。该方法的优点是双重加密,对发送消息加密,有效抵抗了截获攻击;且对响应消息加密,有效的阻止了推演攻击。To sum up, this patent proposes to use the RSA algorithm and service attributes to protect the location and identity privacy of LBS users for the above-mentioned user identity and location privacy security issues. First, the CA generates a pair of user-owned key pairs <U private , U public > for each online user, and the public key U public of all users can be found in a public key storehouse; the LBS server for each Generate a pair of RSA secret key pair <A private , A public> for the attribute that may be queried, and send the query attribute and the public key in the generated key pair to the online user terminal; before the user terminal sends the query request information, according to The attribute of the requested service is encrypted with the corresponding public key; after receiving the encrypted request, the LBS server decrypts it with the corresponding private key; and searches the list corresponding to the user's request, selects the appropriate response message, and retrieves it from the public key. The keystore finds the public key corresponding to the user, and sends the encrypted response message; after receiving the message, the user decrypts it with the private key to obtain the service. The advantage of this method is double encryption, which encrypts the sent message and effectively resists the interception attack; and encrypts the response message, which effectively prevents the deduction attack.

以上所述的本发明的实施方式,并不构成对本发明保护范围的限定。任何在本发明的精神原则之内所作出的修改、等同替换和改进等,均应包含在本发明的权利要求保护范围之内。The embodiments of the present invention described above are not intended to limit the protection scope of the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principle of the present invention shall be included in the protection scope of the claims of the present invention.

Claims (3)

1.一种LBS用户位置及身份隐私保护方法,其特征在于,包括如下步骤:1. A method for LBS user position and identity privacy protection, is characterized in that, comprises the steps: S1:CA针对每个在线用户生成一对属于用户的密钥对<Uprivate,Upublic>,且所有用户的公钥Upublic都在一个公开的公钥库中可以找到;S1: CA generates a pair of user-owned key pair <U private , U public > for each online user, and the public key U public of all users can be found in a public public key library; S2:LBS服务器针对每种可能查询的属性生成一对RSA秘钥对<Aprivate,Apublic>,将查询属性及生成的密钥对中的公钥发送到在线的用户终端中;S2: The LBS server generates a pair of RSA key pairs <A private , A public> for each possible query attribute, and sends the query attribute and the public key in the generated key pair to the online user terminal; S3:用户终端发送查询请求信息之前,根据所请求服务的属性,用对应的公钥对信息进行加密;其中加密包括加密用户的身份信息及位置信息;S3: Before sending the query request information, the user terminal encrypts the information with the corresponding public key according to the attributes of the requested service; the encryption includes encrypting the user's identity information and location information; S4:LBS服务器在收到该加密请求之后,利用对应的私钥进行解密;S4: After receiving the encryption request, the LBS server uses the corresponding private key to decrypt it; S5:针对用户位置及查询请求,查找相关的数据库,挑选合适的响应消息,并从公钥库找到用户对应的公钥,加密响应消息之后发送;S5: According to the user's location and query request, search the relevant database, select the appropriate response message, and find the corresponding public key of the user from the public key database, encrypt the response message and send it; S6:用户收到消息之后,利用私钥解密得到该服务。S6: After receiving the message, the user decrypts it with the private key to obtain the service. 2.根据权利要求1所述的用户位置及身份隐私保护方法,所述的步骤S3,用对应的公钥对信息进行加密,具体包括如下步骤:2. The user location and identity privacy protection method according to claim 1, said step S3, encrypting information with a corresponding public key, specifically comprising the following steps: 3.1首先将用户属性信息编码,建立属性值与数字字符串之间的映射,其中属性值包括用户的id及位置信息,具体格式如下所示:3.1 First encode the user attribute information, and establish a mapping between attribute values and digital strings, where the attribute values include the user's id and location information, and the specific format is as follows: 上述格式是一个映射过程,用户id为其11位手机号码,因此映射之后的phoneNum为11位。location为经纬度表示,其中经度范围0-180,东经为E,西经为W;纬度范围0-90,北纬为N,南纬为S,因此后面的longitude为4位表示,(E,W)表示其中的一个,西经或东经;latitude为3位表示,(N,S)为南纬或北纬的一个The above format is a mapping process, the user id is its 11-digit mobile phone number, so the phoneNum after mapping is 11 digits. location is longitude and latitude representation, where the longitude range is 0-180, east longitude is E, west longitude is W; latitude range is 0-90, north latitude is N, south latitude is S, so the following longitude is 4-bit representation, (E, W) Indicates one of them, west longitude or east longitude; latitude is 3 digits, (N,S) is one of south latitude or north latitude 3.2将上述格式的数字字符串按两个一组,进行分组,假设字符串为k1k2k3…k11(h1h2h3(E)g1g2(S)),其中g,h,k都表示阿拉伯数字0到9的一个,则分组之后格式如下:3.2 Group the digital strings in the above format into groups of two, assuming that the strings are k 1 k 2 k 3 ...k 11 (h 1 h 2 h 3 (E)g 1 g 2 (S)), where g, h, and k all represent one of the Arabic numerals 0 to 9, and the format after grouping is as follows: k1k2 k3k4 k5k6 k7k8 k9k10 k11(h1h2 h3 Eg1g2S) k 1 k 2 k 3 k 4 k 5 k 6 k 7 k 8 k 9 k 10 k 11 (h 1 h 2 h 3 Eg 1 g 2 S) 3.3利用该用户查询属性值对应的公钥Apublic将得到的分组数据进行加密,之后按分组顺序组合,添加一些必要信息之后发送给LBS服务器;具体加密过程如下:3.3 Use the public key A public corresponding to the user's query attribute value to encrypt the obtained group data, then combine them in group order, add some necessary information and send them to the LBS server; the specific encryption process is as follows: 3.3.1假设Apublic公钥为(m,n),利用公式XXmmodn=YY,XX/n=Q将3.2得到的分组数据进行计算,XX表示任意的两位数字分组,YY表示得到的加密数据;分组之后单独的一个数字X,则利用公式Xmmodn=YY进行计算;n是两个保密素数p,q的乘积。3.3.1 Assuming that the A public key is (m, n), use the formula XX m modn=YY, XX/n=Q to calculate the grouped data obtained in 3.2, XX represents any two-digit grouping, and YY represents the obtained Encrypted data; a single number X after grouping is calculated using the formula X m mod n = YY; n is the product of two confidential prime numbers p, q. 3.3.2计算完后,对得到的数据进行整理,得到最终的发送密文消息,其中包括对每个XX对应的Q值判断,如果Q=0,则密文消息直接为YY;否则,密文消息为YY(Q),格式如下:3.3.2 After the calculation, sort the obtained data to obtain the final sent ciphertext message, which includes the judgment of the Q value corresponding to each XX. If Q=0, the ciphertext message is directly YY; otherwise, the ciphertext message is directly YY; The text message is YY(Q), and the format is as follows: k1’k2’k3’k4’k5’k6’(Q1)k7’k8’k9’k10’(Q2)k11’(h1’h2’h3’Eg1’g2’S)k 1' k 2' k 3' k 4' k 5' k 6' (Q 1 )k 7' k 8' k 9' k 10' (Q 2 )k 11' (h 1' h 2' h 3 ' Eg 1' g 2' S) 3.3.3将上述密文消息与查询属性service一起发送给LBS服务器。3.3.3 Send the above ciphertext message together with the query attribute service to the LBS server. 3.根据权利要求2所述的用户位置及身份隐私保护方法,所述的步骤S4中,LBS服务器在收到该加密请求之后,利用对应的私钥进行解密,具体包括如下步骤:3. The user location and identity privacy protection method according to claim 2, in the step S4, the LBS server utilizes the corresponding private key to decrypt after receiving the encryption request, specifically comprising the following steps: 4.1LBS服务器接收用户上传的请求信息,并根据请求信息中的请求服务属性调取与之对应的RSA私钥Aprivate4.1 The LBS server receives the request information uploaded by the user, and calls the corresponding RSA private key A private according to the request service attribute in the request information; 4.2LBS服务器利用获取的RSA私钥Aprivate解密用户上传的请求消息,以获得用户的身份及用户所处的位置,具体包括如下步骤:4.2 The LBS server uses the obtained RSA private key A private to decrypt the request message uploaded by the user, so as to obtain the user's identity and location, which specifically includes the following steps: 4.2.1假设找到的对应私钥为Aprivate为(w,n),先将得到的密文消息进行两两分组;4.2.1 Assuming that the found corresponding private key is A private (w, n), first divide the obtained ciphertext messages into two groups; 4.2.2利用公式YYwmodn=ZZ,并判断该YY之后是否有Q,如果有,则ZZ=ZZ+Q*n,ZZ为解密得到的明文分组;4.2.2 Use the formula YY w modn=ZZ, and judge whether there is Q after YY, if so, then ZZ=ZZ+Q*n, ZZ is the plaintext group obtained by decryption; 4.2.3整理ZZ得到明文消息k1k2k3…k100k11(0h1h2h3Eg1g2S),注意此处得到的电话号码为12位数字,其中第11位为0,去掉;位置坐标经度中的首个数字为0去掉,剩余的0保留,即为用户发送的明文消息;4.2.3 Arranging ZZ to get the plaintext message k 1 k 2 k 3 …k 10 0k 11 (0h 1 h 2 h 3 Eg 1 g 2 S), note that the phone number obtained here is 12 digits, and the 11th digit is 0, remove; the first number in the location coordinate longitude is 0 to remove, and the remaining 0 is reserved, which is the plaintext message sent by the user; 4.3根据用户位置及请求属性,查找相对应的数据库,提取满足要求的响应列表。4.3 Search the corresponding database according to the user's location and request attributes, and extract the response list that meets the requirements.
CN201611013779.6A 2016-11-17 2016-11-17 A kind of LBS customer locations and privacy of identities guard method Pending CN106792501A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611013779.6A CN106792501A (en) 2016-11-17 2016-11-17 A kind of LBS customer locations and privacy of identities guard method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611013779.6A CN106792501A (en) 2016-11-17 2016-11-17 A kind of LBS customer locations and privacy of identities guard method

Publications (1)

Publication Number Publication Date
CN106792501A true CN106792501A (en) 2017-05-31

Family

ID=58969411

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611013779.6A Pending CN106792501A (en) 2016-11-17 2016-11-17 A kind of LBS customer locations and privacy of identities guard method

Country Status (1)

Country Link
CN (1) CN106792501A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107749865A (en) * 2017-12-07 2018-03-02 安徽大学 Location privacy query method based on homomorphic encryption
CN108566383A (en) * 2018-03-22 2018-09-21 西安电子科技大学 A kind of intimacy protection system and method towards service of calling a taxi online
CN109218974A (en) * 2018-09-18 2019-01-15 北京邮电大学 It is a kind of cooperate secret protection node determine method and device
CN110972070A (en) * 2018-09-28 2020-04-07 苹果公司 System and method for locating wireless accessories
CN111510280A (en) * 2020-04-21 2020-08-07 国网河北省电力有限公司信息通信分公司 A general IoT space LBS privacy security protection system and method
CN112084411A (en) * 2020-09-10 2020-12-15 绍兴文理学院 User privacy protection method for personalized information retrieval
WO2021093811A1 (en) * 2019-11-14 2021-05-20 华为技术有限公司 Network access method and related device
CN113420228A (en) * 2021-07-21 2021-09-21 北京沃东天骏信息技术有限公司 Information generation method and device
CN114125702A (en) * 2021-11-12 2022-03-01 东南大学 A Location Information Fingerprinting Protection Method Based on Monte Carlo Algorithm
US20220070667A1 (en) 2020-08-28 2022-03-03 Apple Inc. Near owner maintenance
US11863671B1 (en) 2019-04-17 2024-01-02 Apple Inc. Accessory assisted account recovery
US12073705B2 (en) 2021-05-07 2024-08-27 Apple Inc. Separation alerts for notification while traveling
US12106641B2 (en) 2012-10-24 2024-10-01 Apple Inc. Devices and methods for locating accessories of an electronic device
US12143895B2 (en) 2021-06-04 2024-11-12 Apple Inc. Pairing groups of accessories
US12262278B2 (en) 2019-04-17 2025-03-25 Apple Inc. Proximity enhanced location query
US12279227B2 (en) 2021-06-04 2025-04-15 Apple Inc. Device location finding

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618995A (en) * 2013-12-04 2014-03-05 西安电子科技大学 Position privacy protection method based on dynamic pseudonyms
CN104219245A (en) * 2014-09-19 2014-12-17 西安电子科技大学 User privacy protection system and method for location-based services
CN105354233A (en) * 2015-10-08 2016-02-24 西安电子科技大学 Linear SVM classification service query system and method with two-way privacy protection
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618995A (en) * 2013-12-04 2014-03-05 西安电子科技大学 Position privacy protection method based on dynamic pseudonyms
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
CN104219245A (en) * 2014-09-19 2014-12-17 西安电子科技大学 User privacy protection system and method for location-based services
CN105354233A (en) * 2015-10-08 2016-02-24 西安电子科技大学 Linear SVM classification service query system and method with two-way privacy protection

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘洪志: "Linux环境网关中IPSec VPN的设计与实现", 《中国优秀硕士学位论文》 *
陈昂: "云环境下LBS对称和非对称混合加密方案", 《中国优秀硕士学位论文》 *

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12106641B2 (en) 2012-10-24 2024-10-01 Apple Inc. Devices and methods for locating accessories of an electronic device
CN107749865B (en) * 2017-12-07 2019-11-15 安徽大学 Location privacy query method based on homomorphic encryption
CN107749865A (en) * 2017-12-07 2018-03-02 安徽大学 Location privacy query method based on homomorphic encryption
CN108566383B (en) * 2018-03-22 2020-11-10 西安电子科技大学 Privacy protection system and method for online taxi-taking service
CN108566383A (en) * 2018-03-22 2018-09-21 西安电子科技大学 A kind of intimacy protection system and method towards service of calling a taxi online
CN109218974A (en) * 2018-09-18 2019-01-15 北京邮电大学 It is a kind of cooperate secret protection node determine method and device
CN110972070A (en) * 2018-09-28 2020-04-07 苹果公司 System and method for locating wireless accessories
US11641563B2 (en) 2018-09-28 2023-05-02 Apple Inc. System and method for locating wireless accessories
US12075313B2 (en) 2018-09-28 2024-08-27 Apple Inc. System and method for locating wireless accessories
CN110972070B (en) * 2018-09-28 2022-07-15 苹果公司 System and method for locating wireless accessories
US11606669B2 (en) 2018-09-28 2023-03-14 Apple Inc. System and method for locating wireless accessories
US12262278B2 (en) 2019-04-17 2025-03-25 Apple Inc. Proximity enhanced location query
US11863671B1 (en) 2019-04-17 2024-01-02 Apple Inc. Accessory assisted account recovery
WO2021093811A1 (en) * 2019-11-14 2021-05-20 华为技术有限公司 Network access method and related device
CN111510280A (en) * 2020-04-21 2020-08-07 国网河北省电力有限公司信息通信分公司 A general IoT space LBS privacy security protection system and method
US20220070667A1 (en) 2020-08-28 2022-03-03 Apple Inc. Near owner maintenance
US11889302B2 (en) 2020-08-28 2024-01-30 Apple Inc. Maintenance of wireless devices
US12170892B2 (en) 2020-08-28 2024-12-17 Apple Inc. Maintenance of wireless devices by electronic devices
CN112084411B (en) * 2020-09-10 2021-04-20 绍兴文理学院 User privacy protection method for personalized information retrieval
CN112084411A (en) * 2020-09-10 2020-12-15 绍兴文理学院 User privacy protection method for personalized information retrieval
US12073705B2 (en) 2021-05-07 2024-08-27 Apple Inc. Separation alerts for notification while traveling
US12143895B2 (en) 2021-06-04 2024-11-12 Apple Inc. Pairing groups of accessories
US12279227B2 (en) 2021-06-04 2025-04-15 Apple Inc. Device location finding
CN113420228A (en) * 2021-07-21 2021-09-21 北京沃东天骏信息技术有限公司 Information generation method and device
CN114125702A (en) * 2021-11-12 2022-03-01 东南大学 A Location Information Fingerprinting Protection Method Based on Monte Carlo Algorithm
CN114125702B (en) * 2021-11-12 2024-03-01 东南大学 Monte Carlo algorithm-based position information fingerprint protection method

Similar Documents

Publication Publication Date Title
CN106792501A (en) A kind of LBS customer locations and privacy of identities guard method
Yuan et al. PriRadar: A privacy-preserving framework for spatial crowdsourcing
Li et al. Location-sharing systems with enhanced privacy in mobile online social networks
CN106254324B (en) A kind of encryption method and device of storage file
CN104219245B (en) System and method for location based service-orientated user privacy protection
CN105024802B (en) Multi-user&#39;s multi-key word based on Bilinear map can search for encryption method in cloud storage
CN108632237A (en) A kind of position service method based on the anonymity of more Anonymizers
CN103618995A (en) Position privacy protection method based on dynamic pseudonyms
CN111510464B (en) Epidemic situation information sharing method and system for protecting user privacy
Gao et al. Lip‐pa: A logistics information privacy protection scheme with position and attribute‐based access control on mobile devices
Li et al. MobiShare+: Security Improved System for Location Sharing in Mobile Online Social Networks.
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN113672949A (en) Data transmission method and system for advertising multi-party privacy protection
Deng et al. Policy-based broadcast access authorization for flexible data sharing in clouds
CN117220865A (en) Longitude and latitude encryption method, longitude and latitude verification device and readable storage medium
Tao et al. Anonymous identity authentication mechanism for hybrid architecture in mobile crowd sensing networks
CN105007270B (en) Encryption method of the key strategy based on attribute of more authoritys on lattice
CN107947923B (en) Attribute key distribution method without trusted center
CN206962851U (en) Cloud storage file access control system
Ashouri-Talouki et al. Homomorphic encryption to preserve location privacy
JP5799635B2 (en) ENCRYPTED DATA SEARCH SYSTEM, DEVICE, METHOD, AND PROGRAM
JPWO2018043466A1 (en) Data extraction system, data extraction method, registration device and program
CN104135495B (en) The attribute base encryption method of the ciphertext policy of the without authority with secret protection
CN102833239B (en) Method for implementing nesting protection of client account information based on network identity
Kanza Location corroborations by mobile devices without traces

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170531

OSZAR »