Next Article in Journal
Accounting for Local Geological Variability in Sequential Simulations—Concept and Application
Previous Article in Journal
A Simplified Method of Cartographic Visualisation of Buildings’ Interiors (2D+) for Navigation Applications
 
 
Article
Peer-Review Record

A Symbiotic Relationship Based Leader Approach for Privacy Protection in Location Based Services

ISPRS Int. J. Geo-Inf. 2020, 9(6), 408; https://doi.org/10.3390/ijgi9060408
by Hosam Alrahhal 1,2, Mohamad Shady Alrahhal 3,*, Razan Jamous 2 and Kamal Jambi 3
Reviewer 1: Anonymous
Reviewer 3: Anonymous
Reviewer 4: Anonymous
ISPRS Int. J. Geo-Inf. 2020, 9(6), 408; https://doi.org/10.3390/ijgi9060408
Submission received: 27 May 2020 / Revised: 20 June 2020 / Accepted: 23 June 2020 / Published: 26 June 2020

Round 1

Reviewer 1 Report

The authors propose an approach to ensure user privacy in Location-Based Services (LBS) through a Trusted Third Party (TTP) called Leader. The Leader's role is to prevent users from directly interacting with the LBS servers, assuming that the servers can be an attacker. The approach is dynamic, regarding the choice of the Leader, and is based on a symbiotic relationship, dummy queries, and caching concepts. In addition, the authors propose a measure to know the closeness of the attacker at a certain time. The approach is relevant as it addresses security aspects that are of interest to LBS users, highlighting its advantages compared to other approaches in the literature.

The related work, approach, and results are well structured and justified, the scientific contribution is well established. Therefore, one of the important improvements of the article is to revise the writing style of the manuscript since it is now hard to read. There are also some typographical and grammatical mistakes throughout the manuscript. For example, line 41, it is written “… for points of interests (PIO)…” instead of “for points of interests (POI)…”.

It is recommended to make a complete revision of the manuscript to replace the references in the first person (we, our, us) with the corresponding ones in the third person or the proposal itself. Similarly, verify that all references are cited in the manuscript in both text and Figures.

  • Introduction. 1. Clearly highlight that the Leader is a TTP proposed in this approach because in this section is ambiguous. Furthermore, by performing a search, an approach called LEADER was found (http://enrd.ec.europa.eu/enrd-static/leader/leader/leader-tool-kit/the-leader-approach/en/the-leader-approach_en.html), although its approach is different, the names are similar. Perhaps you could consider introducing a modifier to differentiate them. 2. Indicate the reference of the information source from which Figure 1 and Figure 2 were obtained. 3. Briefly describe the references [12, 13] (line 54). 4. Indicate the references where the information for the classification was obtained (line 67).

 

  • Related Work. 1. Replace the parentheses in the title of Sections 2.1, 2.2, and 2.3 with a colon. For example, First Group: Most of the Load on the Server Side. 2. Verify the citation format of the references. For example, the reference [32] should be indicated as Kido et al. instead of Yanagisawa et al.

 

  • Proposed Privacy Protection Approach. 1. The justification for the choice of Leader is confusing, I recommend rewriting this paragraph (lines 353-364). 2. Verify the subscripts in Figure 5, the L_rep_user(g) subscript should be (i + 2) for user(g) _rep. 3. Mention, what would happen if the maximum general reputation is the same for two users? 4. Include the reference to Algorithm 2 and complete its description (lines 443-444), defining TL.

 

  • Used Privacy Metrics. 1. Indicate the reference of the information source from which Figure 7, 8, and 9 are obtained. 2. Include in the text the reference to Figures 7 and 8. 3. Verify Equation 10 and 11, the subscript “n” is not indicated.

 

  • Experimental Results and Evaluation. 1. Standardize the encroachment percentage for all approaches, specifically the percentage of the Enhanced-DLS approach, in Tables 1 and 2.

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 2 Report

Congratulations for the paper. In my opinion, the paper presents the problem, analyzes the state of the art, describes the difficulties in each approach to the problem and finally explains the authors' proposal. All this clearly and based on scientific analysis.

I would like to highlight the paragraph (445-452) that reflects what, as we read the paper, we all come to mind: "Although electing the Leader depends on his general reputation, the probability of converting into an attacker still stands. " The following explanation constitutes; in my opinion; one of the main reasons for the interest of this paper: the mathematical analysis of the Leader's reputation level, and its application to guarantee cluster security.

But also, paper contains very relevant information for research areas related to technological security and individual privacy.

For these reasons, I consider the paper to be accepted and published.

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 3 Report

The paper introduces a new approach for privacy-protection in location based services.

 

I only have minor comments:

- Line 385 - what do the three dots on top of "value" mean?

- The graphical quality of the figure files may be improved. JPEG artifacts are visible in printed-out versions.

- Using the Euro sign to denote the metric is strange for readers in Europe.

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 4 Report

The paper proposes a symbiotic relationship-based leader approach to guarantee complete privacy protection for users of LBS-enabled applications. The authors state the problem of hijacking communication in LBS services, in order to obtain private (location) information.

Contributions are clearly stated, as well as the motivation and context. Also related work is very aligned with the problem to solve.

References belong to hi-quality journals and conferences. However, only two references belong to papers published in the last three years (2018, 2019, 2020). I recommend the authors to include more recent works, or update any of their references.

Please find below my questions:

The use of dummy queries makes it difficult for an attacker to locate the user, but in turn, reduces the effectiveness of the cache mechanisms, since they can also cache the results of dummy requests, which are not really interesting for a cluster. This forces the client that serves as cache to be reliable, so that it only keeps in its cache the requests that it knows to be real.

Have you thought of different strategies to define the cache server? For example, that each node of a cluster is, versus that only the leader is dedicated to caching.

What happens with the communications between the leader and each of the nodes, do we understand that they are point-to-point and no node can hear what others are talking to the leader? Improper security policies can lead to eavesdropping attacks.

The authors must also explain how the network defends itself against a malicious node (aware of the leader election criteria) that works to gain the trust of its neighbors (reputation) to be a leader.

Some minor corrections:

“server-based side” seems awkward, better use server-side. Same with user-based side.

 

 

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Back to TopTop