1 Introduction
-
To the best of our knowledge, this work is the first to address the privacy issues of the site survey in WiFi fingerprint-based localization algorithms.
-
We propose a privacy-preserving site survey scheme for WiFi fingerprint-based localization based on homomorphic encryption and differential privacy model.
-
We theoretically analyze the security of the proposed scheme and carry out simulation experiments on a real-world dataset to evaluate the performance of our scheme.
2 Related work
2.1 Privacy-preserving service request
2.2 Privacy-preserving localization
3 Background
3.1 WiFi fingerprint-based localization
3.2 Differential privacy
3.3 The Paillier cryptosystem
-
Key generation: To construct the public and private keys, one first chooses two large primes p, q of equivalent length and computes N=p q, λ=l c m(p−1,q−1), g=N+1, and μ=φ(N)−1 mod n, where φ(N)=(p−1)(q−1). The public key PK and private key PR are (N,g) and (λ,μ), respectively.
-
Encryption: Let m be the plaintext to be encrypted. We denote the ciphertext of m by E(m), which is given by$$ E(m) =g^{m}r^{N}\mod N^{2}, $$(4)where \(r\in \mathbb {Z}_{N}\) is a random number.
-
Decryption: Let c be the ciphertext, the plaintext D(m) is obtained by$$ D(m) = L(c^{\lambda} \mod N^{2})\mu \mod N. $$(5)
4 System model and problem formulation
4.1 System model
4.2 Design goal
-
Location privacy: Our scheme should ensure that the aggregator cannot learn the locations that the suppliers visited before. Also, the WiFi signal strengths collected by the suppliers should not be revealed, since the aggregator can infer their location privacy based on their measured WiFi signal strengths.
-
Differential privacy: In the crowdsourcing-based site survey, even though the measurements of every supplier are completely hidden from the aggregator, it still can infer the location privacy of a supplier u i by comparing the aggregating result when the u i is in the site survey group and that when u i is not in the site survey group.1 Therefore, our scheme should achieve differential privacy which has been accepted as a standard for privacy preservation [20, 22]. Differential privacy can guarantee that the aggregator can retrieve information about any supplier only up to a predefined threshold, no matter what auxiliary information it knows about that supplier.