In this section, we present the proposed CacheBased PrivacyPreserving (CBPP) solution in detail. As we mentioned before, the proposed CBPP solution includes the following two parts.
4.2.1. Query to Neighbors
When a user U needs LBSs, he sends a query with the form of ${Q}_{U2N}=\u2329lo{c}_{U},{q}_{U},h,{t}_{U}\u232a$ to his N neighbors first to seek for an answer. We denote $lo{c}_{U}$ as the location of U, ${q}_{U}$ as the query interest of U, and ${t}_{U}$ as the time point at which U broadcasts ${Q}_{U2N}$. Algorithm 1 gives the pseudo code of the query to neighbors. Specifically, our query to neighbors algorithm includes the following 4 steps:
(1) U first needs to determine $h(=\u2308\frac{{R}_{q}}{{R}_{h}}\u2309)$, which is related to the user’s query range ${R}_{q}$ and the communication range of a hop ${R}_{h}$. Actually, a bigger h brings higher probability that U obtains the required service data. Obviously, the greater h is, the more hops U can obtain. As a result, U has more chances to get the service data from more neighbors. However, a large h also leads to more communication costs and service delay. Then, U broadcasts the query ${Q}_{U2N}$ to his N neighbors to seek for an answer. U listens to the network and waits for the reply from his neighboring peers (Line 3–4 in Algorithm 1).
(2) When
N receive the query
${Q}_{U2N}$,
N first search their buffers, which can be seen as a “Q&A list” in
Figure 2, with the keyword
${q}_{U}$. If
N have the corresponding answer, then they send a message
where
$answer$ represents the service data
U requires, and
t represents the time when
M is sent by
N, to others. Otherwise,
N discard
${Q}_{U2N}$. Next,
N check
h. If
$h=1$, then
N stop the algorithm; If
$h>1$, then
N decrement
h and broadcast the query
${Q}_{U2N}$ with the updated
$h=h1$ to their neighboring peers, who repeat the step (2) (Line 5–19 in Algorithm 1).
(3) For peers who receive M, they check whether they are the originator U of the query ${Q}_{U2N}$. Let $lo{c}_{p}$ denote the current position of peer. If $lo{c}_{U}=lo{c}_{p}$ and ${q}_{U}\in U$ hold simultaneously, then the peer is U; Otherwise, the peer continue to broadcast M to others (Line 21–28 in Algorithm 1).
(4) When U receives M, he determines whether M has expired. M is considered to be expired if the time interval $\leftt{t}_{U}\right$ is beyond $\Delta t$, which is a threshold predefined by U. If M has expired, then U discards M; Otherwise, U gets his required service data (Line 30–35 in Algorithm 1).
Algorithm 1: Query to Neighbors Algorithm. 
 1:
Function User’s query is answered locally by neighboring peers  2:
// Phase 1: Broadcast user’s query to neighbors  3:
U determines a proper $h=\u2308\frac{{R}_{q}}{{R}_{h}}\u2309$;  4:
U broadcasts a query with the form of ${Q}_{U2N}=\u2329lo{c}_{U},{q}_{U},h,{t}_{U}\u232a$;  5:
forN receiving ${Q}_{U2N}$ do  6:
while $h>1$ do  7:
N searches their buffers;  8:
if N has the corresponding service data then  9:
Send $M=\u2329lo{c}_{U},{q}_{U},answer,t\u232a$ to neighboring peers;  10:
else  11:
N discards ${Q}_{U2N}$;  12:
end if  13:
$h\leftarrow h1$;  14:
N broadcasts the query ${Q}_{U2N}=\u2329\phantom{\rule{4pt}{0ex}}lo{c}_{U},{q}_{U},h,{t}_{U}\u232a$;  15:
end while  16:
if $h==1$ then  17:
Run lines 7–12;  18:
end if  19:
end for  20:
// Phase 2: Broadcast neighbors’ found data to U  21:
for peers receiving M do  22:
if $lo{c}_{U}=lo{c}_{p}$ & ${q}_{U}\in U$ then  23:
Peer is U;  24:
Break;  25:
else  26:
Continue broadcasting M to others;  27:
end if  28:
end for  29:
// Phase 3: Check the validity of M  30:
U checks t in M  31:
if$t{t}_{U}\le \Delta t$then  32:
M is valid;  33:
else  34:
U discards the message M;  35:
end if

Figure 2 gives a simple running example for the query to neighbors algorithm. In
Figure 2, we suppose that there are 10 mobile users who are represented by smartphones, and set the number of hops of neighbors allowed to spread within the P2P network equals to two, i.e.,
$h=2$.
U represents the user who issues a query to neighboring peers, and
${N}_{i}$ represents the neighbors of
U. The dotted circle with the same color as the smartphone represents the communication range of this node, and the smartphones with green stars (
${N}_{1}$,
${N}_{2}$,
${N}_{5}$,
${N}_{7}$,
${N}_{9}$) represent the neighbors who have the corresponding service data
U requires.
4.2.2. Query to LBS Server
When a user U cannot receive the required service data from his neighboring peers, or the messages U received from neighbors are invalid, he has to send a live query to the LBS server. As a result, the LBS server knows some personal information about U, such as where he is, what kind of query he submits, etc. However, as we mentioned above, the LBS server is untrusted, and it may threaten ${U}^{\prime}s$ privacy and security. Therefore, in order to protect the user’s location privacy and query privacy from the LBS server, we propose the query to the LBS server algorithm, the basic idea of which is to utilize ldiversity. Algorithm 2 gives the pseudo code of the query to the LBS server, and the technical details are shown as follow.
(1) U first needs to decide a proper degree of anonymity l, which is closely related to ${U}^{\prime}s$ location privacy and query privacy. Actually, the greater l is, the higher anonymity degree U can get. However, a greater l can also incur higher communication cost due to the transmission of l queries (Line 3 in Algorithm 2).
(2) Generally, U receives many queries from his neighboring peers. For these queries, some of them can be answered by U utilizing the caching data in his buffer, while the other cannot. U then derives a set Z of queries that cannot be answered by himself. More specifically, when U receives a query ${Q}_{N2U}$ from his neighbor, U first searches his buffer and seeks for the corresponding service data to ${Q}_{N2U}$. If U does not have the corresponding service data, then U puts the query ${Q}_{N2U}$ into Z (Line 4–12 in Algorithm 2).
(3) Each query
Q sent to the LBS server includes
$\left(id,loc,q\right)$. To protect users’ sensitive information from the LBS server, we design a query to the LBS server algorithm, which provides
ldiversity for user’s location information and query interest simultaneously. Specifically,
U sends the real query
${Q}_{U}$, together with
$l1$ other dummy queries
$\left({Q}_{1},{Q}_{2},\cdots ,{Q}_{l1}\right)$ chosen from
Z, to the LBS server. We denote the final requiring message sent to the LBS server by
U as
${Q}_{U2S}$, then we have
Algorithm 2: Query to LBS Server Algorithm. 
 1:
Function User’s query is answered by LBS server  2:
// Phase 1: U derives the set Z of queries not answered by U  3:
U determines a proper l;  4:
U derives a set $Z=\u2300$;  5:
The number of elements in Z is $z=\leftZ\right=0$;  6:
for query ${Q}_{N2U}$ received by U from neighbor do  7:
U searches his buffer;  8:
if U does not have the answer to ${Q}_{N2U}$ then  9:
U puts ${Q}_{N2U}$ into Z;  10:
$z\leftarrow z+1$;  11:
end if  12:
end for  13:
// Phase 2: U protects privacy by achieving $ldiversity$  14:
if$z\ge l1$then  15:
U constructs set H which contains all $loc$ of Z, i.e., $H=\left(lo{c}_{1},lo{c}_{2},\cdots ,lo{c}_{z}\right)$;  16:
U constructs set I which contains all q of Z, i.e., $I=\left({q}_{1},{q}_{2},\cdots ,{q}_{z}\right)$;  17:
U constructs set $J=\left(lo{c}_{U}\right)$ and $K=\left({q}_{U}\right)$;  18:
for $i=1$; $i\le z$; $i++$ do  19:
if $lo{c}_{i}$∉J then  20:
Insert $lo{c}_{i}$ into J;  21:
end if  22:
end for  23:
for $j=1$; $j\le z$; $j++$ do  24:
if ${q}_{j}$∉K then  25:
Insert ${q}_{j}$ into K;  26:
end if  27:
end for  28:
U selects a subset ${J}^{\prime}$ from $J\setminus \left\{lo{c}_{U}\right\}$ such that ${J}^{\prime}=l1$; *$J\setminus \left\{lo{c}_{U}\right\}$ is a set whose elements are in J but not in $\left\{lo{c}_{U}\right\}$*  29:
U selects a subset ${K}^{\prime}$ from $K\setminus \left\{{q}_{U}\right\}$ such that ${K}^{\prime}=l1$; *$K\setminus \left\{{q}_{U}\right\}$ is a set whose elements are in K but not in $\left\{{q}_{U}\right\}$*  30:
for each $\left({J}^{\prime}\left[i\right],{K}^{\prime}\left[i\right]\right)\in \left({J}^{\prime},{K}^{\prime}\right)$ do  31:
${Q}_{i}=(i{d}_{U},{J}^{\prime}\left[i\right],{K}^{\prime}\left[i\right])$;  32:
end for  33:
U replaces $i{d}_{U}\in {Q}_{U}$ and $i{d}_{i}\in {Q}_{i}$ with a pseudonym $id$;  34:
U sets ${Q}_{U2S}=({Q}_{U},{Q}_{1},{Q}_{2},\cdots ,{Q}_{l1})$;  35:
else  36:
U waits for more queries and repeats line 15–34;  37:
end if  38:
U sends required message ${Q}_{U2S}$ to LBS server;

To effectively achieve ldiversity on ${U}^{\prime}s$ location information and query interest, dummy queries ${Q}_{i=1,2,\cdots ,l1}$ need to be chosen based on the given regulation as follows.
When U selects a dummy query ${Q}_{i}$ in Z, due to our aim being ldiversity on user’s location privacy and query privacy, we need to ensure that $loc$ as well as q in all l queries are different from each other. In other words, for ${Q}_{U}=\left(i{d}_{U},lo{c}_{U},{q}_{U}\right)$ and ${Q}_{i}=\u2329i{d}_{i},lo{c}_{i},{q}_{i}\u232a(i=1,2,\cdots ,l1)$, we have $lo{c}_{i}\ne lo{c}_{j}$, ${q}_{i}\ne {q}_{j},\forall i,j\in \left\{U,1,2,\cdots ,l1\right\}$ (Line 14–32 in Algorithm 2).
Last but not least,
U replaces his real identity
$i{d}_{U}$, as well as all dummy identities
$i{d}_{i}$ in
${Q}_{i}$, with a pseudonym
$id$. Finally,
U sends the required message
to LBS server (Line 33–38 in Algorithm 2).
We illustrate our query to the LBS server algorithm based on the example shown in
Figure 3. In
Figure 3, there are 5 mobile users represented by smartphones.
U represents the user who issues a query to the LBS server, and
${N}_{i=1,2,3,4}$ represent the neighbors of
U. The dotted circle represents the communication range of
U. As shown in
Figure 3, suppose
$l=4$, which means that
U needs to satisfy 4
diversity for his location information and query interest. Thus,
U selects the other 3 dummy queries
${Q}_{1},{Q}_{2},{Q}_{4}$ received from
${N}_{1},{N}_{2},{N}_{4}$ respectively according to proposed query to the LBS server algorithm. Finally, the required message sent to the LBS server by
U is
${Q}_{U2S}=\left({Q}_{U},{Q}_{1},{Q}_{2},{Q}_{4}\right)$. When the LBS server receives
${Q}_{U2S}$, it searches its database and transmits the answers set, which includes the answer
${D}_{U}$ to
${Q}_{U}$ as well as the answer
${D}_{i=1,2,4}$ to
${Q}_{i=1,2,4}$, back to
U.