# A Location Privacy Preservation Method Based on Dummy Locations in Internet of Vehicles

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## Featured Application

**This work can used in location privacy preservation in internet of vehicles.**

## Abstract

## 1. Introduction

- We investigate the problem of vehicle location privacy preservation in IoV and propose a vehicle location privacy-preservation method based on dummy locations.
- We define the concept of effective distance to represent the characteristics of vehicle location distribution. Moreover, we improve the dummy location selection algorithm by using anonymous entropy and effective distance.
- We analyze the performance of the proposed method in terms of security, computation overhead, and communication overhead, and conduct extensive simulations to evaluate the proposed method.

## 2. Related Work

## 3. Preliminaries and Problem Formulation

#### 3.1. System Model

#### 3.2. LBS Query

_{id}denotes a user’s identity; (x, y) represents the user’s location information, x and y represent latitude and longitude, respectively; C denotes the user’s query content; V is the user’s privacy preservation level.

_{1}, y

_{1}), …, (x

_{k}

_{−1}, y

_{k}

_{−1}) are k − 1 dummy locations, C

_{i}represents the query content sent at dummy location (x

_{i}, y

_{i}), i = 1, 2, …, k−1.

#### 3.3. Service Semantics

_{i}

_{,u}represents the request probability of service u in location (x

_{i}, y

_{i}), $0\le {e}_{i}{}_{,u}\le 1$, i = 0, 1, …, k – 1, u = 1, 2, …, U, and $\sum _{u=1}^{U}{e}_{i,u}=1$. In this paper, the LBS server is responsible for the collection and establishment of service semantics.

#### 3.4. Anonymous Entropy

_{0}, y

_{0}), (x

_{1}, y

_{1}), …, (x

_{k}

_{−1}, y

_{k}

_{−1})}. The service request probability at location (x

_{i}, y

_{i}) is q

_{i}, the candidate probability of location (x

_{i}, y

_{i}) is p

_{i}. If the vehicle user at location (x

_{i}, y

_{i}) request service u, the service semantics at location (x

_{i}, y

_{i}) is ${e}_{i,u}$, and the request probability of service u at location (x

_{i}, y

_{i}) is ${{q}^{\prime}}_{i}$,${{q}^{\prime}}_{i}={q}_{i}{e}_{i,u}$, i = 0, 1, …, k – 1, u = 1, 2, …, U. Hence, the anonymous entropy is defined as

_{i}= 1/k, i = 0, 1, …, k – 1, the maximum of anonymous entropy of set $\mathcal{G}$ is log

_{2}k.

#### 3.5. Adversary Model

#### 3.6. Problem Formulation

_{i,j}denotes the cell of row i and column j, i = 1, 2, …, I, j = 1, 2, …, J. The location of cell

_{i,j}is denoted as

**r**

_{i,j}, and

**r**

_{i,j}= (x

_{i,j}, y

_{i,j}). The request probability of cell

_{i,j}is q

_{i,j}, the service semantics of cell

_{i,j}is e

_{(i,j),u}, and the information matrix Q(

**r**, q,

**e**) for each RSU can be set up.

**R**represents the location area accessible by the road.

_{d}), where k

_{d}is the number of dummy locations be filtered out through the auxiliary information.

_{d}, increases. For example, in Figure 2a, k = 4, and k

_{d}= 3. Hence, the effect of privacy protection is degraded.

_{d}. The optimization problem can be defined as

**r**, q,

**e**) is the information matrix corresponding to set $\mathcal{G}$ which consists of vehicle user’s location and k − 1 dummy locations, and set $\mathcal{C}$ is the set of all locations of cells in the area covered by the RSU.

## 4. Algorithm Design

#### 4.1. Effective Distance

**r**

_{i}represents location i in set $\mathcal{W}$, the corresponding coordinates is $({x}_{i},{y}_{i})$,

**r**

_{w}represents location w in set $\mathcal{G}$, the corresponding coordinates is $({x}_{w},{y}_{w})$, i = 1, 2, …, |$\mathcal{W}$|, w = 1, 2, …, |$\mathcal{W}$|, |$\mathcal{W}$| is the number of elements in set $\mathcal{W}$, and d(

**r**

_{i}) is the effective distance of

**r**

_{i}.

#### 4.2. Parameter Settings

#### 4.3. Dummy Location Selection Algorithm under Road Restriction

**r**, q,

**e**), the vehicle user calculates the probability of service request at each location in

**R**, ${{q}^{\prime}}_{(i,j),u}$, i = 1, 2, …, I, j = 1, 2, …, J, u = 1, 2, …, U, cell

_{i,j}∈

**R**. According to service request probability of content C

_{0}, the vehicle user selects other k’ − 1 locations whose service request probabilities are close to that of the vehicle user.

**r**

_{0,0}denote the location of the vehicle user. ${\mathcal{G}}^{\u2033}=\{{\mathit{r}}_{0,0}\}$ and ${\mathcal{G}}^{\u2033}$ = ${\mathcal{G}}^{\u2033}$\{

**r**

_{0,0}}. The vehicle user chooses k − 1 locations with the maximum effective distance through k − 1 rounds.

#### 4.4. A Location Privacy-Preservation Method Based on Dummy Locations under Road Restriction

- (1)
- Based on the historical data of service requests, the LBS server counts the number of service requests initiated by vehicle users in each cell, and the service request probability of cell
_{i,j}, i = 1, 2, …, I, j = 1, 2, …, J, ${q}_{i,j}={f}_{i,j}/F$, where f_{i}_{,j}is the number of service requests initiated by vehicle users in cell_{i}_{,j}, and F is the number of service requests in the area. The service semantics of service u is ${q}_{i,j}={f}_{(i,j),u}/{f}_{i,j}$, where f_{(i,j),u}is the number of requests of service u initiated by vehicle users in cell_{i,j}, u = 1, 2, …, U. - (2)
- The LBS server constructs and distributes the information matrix Q(
**r**, q,**e**) within the RSU’s jurisdiction to each RSU. - (3)
- RSU broadcasts Q(
**r**, q,**e**) and**R**to users in its covered area. - (4)
- According to the privacy preservation level V, the vehicle user calculates its privacy parameter k by (5).
- (5)
- The vehicle user generates k − 1 dummy locations using dummy location selection algorithm under road restriction. The details are as follows:
- (5-a)
- Let k’ = 2k. Within the locations in
**R**, other k′ − 1 locations apart from the vehicle user’s location are selected as dummy locations by solving the problem formulated in (7). Hence, a candidate set $\mathcal{G}$’ is constructed with the vehicle user’s location and k′ − 1 selected dummy locations. - (5-b)
- Within set ${\mathcal{G}}^{\prime}$, other k − 1 locations apart from the vehicle user’s location are selected as dummy locations by solving the problem formulated in (8). Hence, set ${\mathcal{G}}^{\u2033}$ is constructed with the vehicle user’s location and k − 1 selected dummy locations.

- (6)
- The vehicle user generates service query Lq’ including locations in ${\mathcal{G}}^{\u2033}$, their corresponding service contents, and the privacy preservation level, and then, Lq’ is sent to the LBS server via RSU.
- (7)
- Receiving service query Lq’, the LBS server retrieves service results according to k locations and the corresponding service contents, and then, the LBS server returns service results to the vehicle user through RSU.
- (8)
- The vehicle user selects the required result from service results according to its location.

## 5. Performance Analysis

#### 5.1. Security Analysis

#### 5.1.1. Collusion Attack

#### 5.1.2. Inference Attack

**r**, q,

**e**), road information

**R**and k locations in the service query, and so on. Based on this information, the LBS server or the RSU can act as an active attacker to launch reasoning attack and acquire some sensitive information of users.

_{G}(event) be the probability that an attacker successfully guesses that event is true. The proposed method should satisfy (9) to resist inference attack.

**r**

_{i,j}generated by RR-DLS algorithm, the probability of

**r**

_{i}

_{,j}being guessed as the real location is

#### 5.2. Computation Overhead

^{th}round, i = 1, 2, …, k − 1, the vehicle user calculates the effective distance of 2k − 1 − i locations in ${\mathcal{G}}^{\prime}$ to i locations in ${\mathcal{G}}^{\u2033}$ to update the effective distance of each location, and the location with maximum effective distance of locations in ${\mathcal{G}}^{\prime}$ is selected. Hence, the computation overhead is O(k

^{2}). Therefore, the computation overhead of dummy location selection algorithm at the vehicle user is O(k

^{2}+ IJU).

#### 5.3. Communication Overhead

## 6. Performance Evaluation and Discussion

#### 6.1. Computation Overhead

#### 6.2. Communication Overhead

#### 6.3. Anonymous Entropy

#### 6.4. Effective Distance

## 7. Conclusions

## Author Contributions

## Funding

## Conflicts of Interest

## References

- Raya, M.; Hubaux, J.-P. Securing vehicular ad hoc networks. J. Comput. Secur.
**2007**, 15, 39–68. [Google Scholar] [CrossRef] [Green Version] - Zhao, L.; Song, Y.; Zhang, C.; Liu, Y.; Wang, P.; Lin, T.; Deng, M.; Li, H. T-GCN: A Temporal Graph Convolutional Network for Traffic Prediction. IEEE Trans. Intell. Transp. Syst.
**2020**, 21, 3848–3858. [Google Scholar] [CrossRef] [Green Version] - Qiu, H.; Qiu, M.; Lu, R. Secure V2X Communication Network based on Intelligent PKI and Edge Computing. IEEE Netw.
**2019**, 34, 172–178. [Google Scholar] [CrossRef] - Sun, G.; Sun, S.; Sun, J.; Yu, H.; Du, X.; Guizani, M. Security and privacy preservation in fog-based crowd sensing on the internet of vehicles. J. Netw. Comput. Appl.
**2019**, 134, 89–99. [Google Scholar] [CrossRef] - Gupta, R.; Rao, U.P. An Exploration to Location Based Service and Its Privacy Preserving Techniques: A Survey. Wirel. Pers. Commun.
**2017**, 96, 1973–2007. [Google Scholar] [CrossRef] - Jiang, T.; Wang, H.J.; Hu, Y.-C. Preserving location privacy in wireless lans. In MobiSys ′07: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems; Association for Computing Machinery (ACM): New York, NY, USA, 2007; pp. 246–257. [Google Scholar]
- Sweeney, L. k-Anonymity: A Model for Protecting Privacy. Int. J. Uncertain. Fuzziness Knowl. Based Syst.
**2002**, 10, 557–570. [Google Scholar] [CrossRef] [Green Version] - Chow, C.-Y.; Mokbel, M.F.; Aref, W.G. Casper*: Query processing for location services without compromising privacy. ACM Trans. Database Syst.
**2009**, 34, 1–48. [Google Scholar] [CrossRef] - Liu, S.; Wang, J.H.; Wang, J.; Zhang, Q. Achieving user-defined location privacy preservation using a P2P system. IEEE Access
**2020**, 8, 45895–45912. [Google Scholar] [CrossRef] - Ji, Y.; Gui, R.; Gui, X.; Liao, D.; Lin, X. Location Privacy Protection in Online Query based-on Privacy Region Replacement. In Proceedings of the 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 6–8 January 2020; pp. 0742–0747. [Google Scholar]
- Perazzo, P.; Skvortsov, P.; Dini, G. On Designing Resilient Location-Privacy Obfuscators. Comput. J.
**2015**, 58, 2649–2664. [Google Scholar] [CrossRef] [Green Version] - Kachore, V.A.; Lakshmi, J.; Nandy, S. Location Obfuscation for Location Data Privacy. In Proceedings of the 2015 IEEE World Congress on Services, New York, NY, USA, 27 June–2 July 2015; pp. 213–220. [Google Scholar]
- Qiu, C.; Squicciarini, A.C. Location Privacy Protection in Vehicle-Based Spatial Crowdsourcing Via Geo-Indistinguishability. In Proceedings of the 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), Dallas, TX, USA, 7–9 July 2019; pp. 1061–1071. [Google Scholar]
- Parmar, D.; Rao, U.P. Towards Privacy-Preserving Dummy Generation in Location-Based Services. Procedia Comput. Sci.
**2020**, 171, 1323–1326. [Google Scholar] [CrossRef] - Sun, G.; Chang, V.; Ramachandran, M.; Sun, Z.; Li, G.; Yu, H.; Liao, D. Efficient location privacy algorithm for Internet of Things (IoT) services and applications. J. Netw. Comput. Appl.
**2017**, 89, 3–13. [Google Scholar] [CrossRef] [Green Version] - Lu, H.; Jensen, C.S.; Yiu, M.L. Pad: Privacy-area aware, dummy based location privacy in mobile services. In MobiDE ′08: Proceedings of the Seventh ACM International Workshop on Data Engineering for Wireless and Mobile Access, Vancouver, BC, Canada, 13 June 2008; Association for Computing Machinery (ACM): New York, NY, USA, 2008; pp. 16–23. [Google Scholar]
- Liu, X.; Liu, K.; Guo, L.; Li, X.; Fang, Y. A game-theoretic approach for achieving k-anonymity in Location Based Services. In Proceedings of the IEEE INFOCOM, Turin, Italy, 14–19 April 2013; pp. 2985–2993. [Google Scholar]
- Niu, B.; Li, Q.; Zhu, X.; Cao, G.; Li, H. Achieving k-anonymity in privacy-aware location-based services. In Proceedings of the IEEE INFOCOM 2014—IEEE Conference on Computer Communications, Toronto, ON, Canada, 27 April–2 May 2014; pp. 754–762. [Google Scholar]
- Liao, D.; Huang, X.; Anand, V.; Sun, G.; Yu, H. k-DLCA: An efficient approach for location privacy preservation in location-based services. In Proceedings of the 2016 IEEE International Conference on Communications (ICC), Kuala Lumpur, Malaysia, 22–27 May 2016; pp. 1–6. [Google Scholar]
- Pingley, A.; Zhang, N.; Fu, X.; Choi, H.-A.; Subramaniam, S.; Zhao, W. Protection of query privacy for continuous location based services. In Proceedings of the IEEE INFOCOM, Shanghai, China, 10–15 April 2011; pp. 1710–1718. [Google Scholar]
- Liu, J.; Jiang, X.; Zhang, S.; Wang, H.; Dou, W. FADBM: Frequency-Aware Dummy-Based Method in Long-Term Location Privacy Protection. In Proceedings of the 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS), Tianjin, China, 4–6 December 2019; pp. 384–391. [Google Scholar]
- Niu, J.; Zhu, X.; Shi, L.; Ma, J. Time-Aware Dummy-Based Privacy Protection for Continuous LBSs. In Proceedings of the 2019 International Conference on Networking and Network Applications (NaNA), Daegu, Korea, 10–13 October 2019; pp. 15–20. [Google Scholar]
- Yang, X.; Gao, L.; Zheng, J.; Wei, W. Location Privacy Preservation Mechanism for Location-Based Service with Incomplete Location Data. IEEE Access
**2020**, 8, 95843–95854. [Google Scholar] [CrossRef] - Sun, G.; Cai, S.; Yu, H.; Maharjan, S.; Chang, V.; Du, X.; Guizani, M. Location Privacy Preservation for Mobile Users in Location-Based Services. IEEE Access
**2019**, 7, 87425–87438. [Google Scholar] [CrossRef] - Hara, T.; Suzuki, A.; Iwata, M.; Arase, Y.; Xie, X. Dummy-Based User Location Anonymization under Real-World Constraints. IEEE Access
**2016**, 4, 673–687. [Google Scholar] [CrossRef] - Luo, C.; Liu, X.; Xue, W.; Shen, Y.; Li, J.; Hu, W.; Liu, A.X. Predictable Privacy-Preserving Mobile Crowd Sensing: A Tale of Two Roles. IEEE/ACM Trans. Netw.
**2019**, 27, 361–374. [Google Scholar] [CrossRef] - Zhou, L.; Yu, L.; Du, S.; Zhu, H.; Chen, C. Achieving Differentially Private Location Privacy in Edge-Assistant Connected Vehicles. IEEE Internet Things J.
**2019**, 6, 4472–4481. [Google Scholar] [CrossRef] - Lin, X.; Lu, R. Pseudonym-changing strategy for location privacy. In Vehicular Ad Hoc Network Security and Privacy; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, USA; John Wiley & Sons: Hoboken, NJ, USA, 2015; Volume 1, pp. 71–90. [Google Scholar]
- Guo, N.; Ma, L.; Gao, T. Independent Mix Zone for Location Privacy in Vehicular Networks. IEEE Access
**2018**, 6, 16842–16850. [Google Scholar] [CrossRef] - Al-Anwar, A.; Shoukry, Y.; Chakraborty, S.; Balaji, B.; Martin, P.; Tabuada, P.; Srivastava, M.B. PrOLoc: Resilient localization with private observers using partial homomorphic encryption. In Proceedings of the 16th ACM/IEEE International Conference on Information Processing in Sensor Networks, Pittsburgh, PA, USA, 18–21 April 2017; Association for Computing Machinery (ACM): New York, NY, USA, 2017; pp. 257–258. [Google Scholar]
- Negi, D.; Ray, S.; Lu, R. Pystin: Enabling Secure LBS in Smart Cities with Privacy-Preserving Top-k Spatial–Textual Query. IEEE Internet Things J.
**2019**, 6, 7788–7799. [Google Scholar] [CrossRef] - Farouk, F.; Alkady, Y.; Rizk, R. Efficient Privacy-Preserving Scheme for Location Based Services in VANET System. IEEE Access
**2020**, 8, 60101–60116. [Google Scholar] [CrossRef] - Ni, L.; Tian, F.; Ni, Q.; Yan, Y.; Zhang, J. An anonymous entropy-based location privacy protection scheme in mobile social networks. EURASIP J. Wirel. Commun. Netw.
**2019**, 2019, 93. [Google Scholar] [CrossRef] - Ying, B.; Makrakis, D. Protecting Location Privacy with Clustering Anonymization in vehicular networks. In Proceedings of the 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Toronto, ON, Canada, 27 April–2 May 2014; pp. 305–310. [Google Scholar]
- Frejinger, E. Route Choice Analysis: Data, Models, Algorithms and Applications. Ph.D. Dissertation, Linköping University, Lausanne, Sweden, 30 April 2008. [Google Scholar]

**Figure 2.**Service request probability distribution. (

**a**) with random dummy location selection algorithm; (

**b**) with dummy location selection algorithm under road restrictions.

**Figure 3.**Schematic diagram of vehicle location distribution. (

**a**) vehicle aggregation distribution; (

**b**) vehicle dispersed distribution.

**Figure 9.**Effective distance of two different location selection algorithms. (

**a**) mean; (

**b**) variance.

Entity | Computation Overhead | Communication Overhead |
---|---|---|

Vehicle user | O(k^{2} + IJU) | O(k) |

RSU | O(1) | O(IJU + kn + k) |

LBS Server | O(kn) | O(IJU + kn) |

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Xu, X.; Chen, H.; Xie, L.
A Location Privacy Preservation Method Based on Dummy Locations in Internet of Vehicles. *Appl. Sci.* **2021**, *11*, 4594.
https://doi.org/10.3390/app11104594

**AMA Style**

Xu X, Chen H, Xie L.
A Location Privacy Preservation Method Based on Dummy Locations in Internet of Vehicles. *Applied Sciences*. 2021; 11(10):4594.
https://doi.org/10.3390/app11104594

**Chicago/Turabian Style**

Xu, Xianyun, Huifang Chen, and Lei Xie.
2021. "A Location Privacy Preservation Method Based on Dummy Locations in Internet of Vehicles" *Applied Sciences* 11, no. 10: 4594.
https://doi.org/10.3390/app11104594