User Sensitive Information Protection Scheme Based on Blockchain Technology

Luo, Sheng

doi:https://doi.org/10.1155/2022/2328734

Mobile Information Systems

On this page

Abstract Introduction Related Work Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2022 | Article ID 2328734 | https://doi.org/10.1155/2022/2328734

User Sensitive Information Protection Scheme Based on Blockchain Technology

Sheng Luo^1,2

Academic Editor: Ashish Bagwari

Received17 Jan 2022

Accepted30 Mar 2022

Published20 Apr 2022

Abstract

With the continuous development of mobile applications and location technology, -anonymity technology is usually used to protect the privacy and security of users in location-based services that are used by mobile users. Due to the self-interest of users, in the cooperative construction of a -anonymity privacy protection scheme, it is difficult to guarantee the honest cooperation behavior of the requesting and cooperating users. To solve the above problems, this paper proposes a distributed -anonymous location privacy protection scheme based on blockchain. In this paper, we record the requesting users, cooperative users, and their location information as evidence, and we punish the users with location leakage and deception. An anonymous zone cannot be constructed when the user is a requesting user. An interactive record mechanism is designed to constrain the self-interest behavior of the requesting and cooperating users in the process of anonymous region construction. Security analysis and experiments show that this scheme can effectively protect the user’s location privacy, promote the honest cooperation between the requesting user and the cooperative user, and encourage more users to participate in the construction of an anonymous zone.

1. Introduction

In recent years, with the rapid development of GPS equipment and mobile information technology, location-based services (LBS) have become one of the most developed potential services for mobile users [1]. LBS means that mobile services are more colorful according to the geographic location. LBS provides consumers with a series of location-based services and convenient experiences from social networks, navigation, takeout platforms, and so on. However, when people obtain location services through the network, they also expose their location information to LBS providers, which threatens the disclosure of the private information of users.

To prevent the leakage of privacy information, scholars have proposed many location privacy protection methods, including -anonymity, differential privacies, location coordinate transformation, and cryptography-based methods [2–4]. Among them, -anonymity is the most common method in LBS location privacy protection [5]. The basic idea of this method is that when sending an LBS query request, the user first obtains at least the real location of other -1 cooperative users, then constructs an anonymous area, and then submits the anonymous area to a location-based services platform (LSP) instead of his real location, to effectively protect his personal location privacy. However, there are still two problems in -anonymous location privacy protection. On the one hand, after the requesting user receives the real location provided by the cooperative user, the self-interested requesting user will disclose the location information to the third party to obtain additional benefits. Alternatively, the malicious attacker will disguise himself as a requesting user to obtain the real location of the collaborative user, which will lead to the disclosure of the location privacy of the collaborative user. On the other hand, after the cooperative user receives the collaboration request sent by the requesting user, even if some cooperative users are located in sensitive areas, they will still provide false locations to the requesting users to improve their activity (or reputation) due to their self-interest, to enable them to construct anonymous regions efficiently when they are requesters. It can be seen that the existing distributed anonymous location privacy protection scheme cannot completely protect the user’s location privacy. Because blockchain technology has great advantages in information security protection, it has been widely used in AI and medical fields [6, 7]. To solve the above problems, this paper proposes a distributed -anonymity location privacy protection scheme based on blockchain from the user’s self-interested behavior. According to the data, this scheme is the first to use blockchain to study LBS location privacy protection. The research results have certain practical significance and applications value.

In recent years, there have been many research studies on the privacy protection of user location information, and some achievements have been made. This method was first proposed by Chow et al. and its basic idea is to make requests of users to obtain the real locations of at least other cooperative users by point-to-point communication to construct an anonymous area, for the purpose of making the LSP guess the real location of the requesting user from the anonymous area with a probability of no more than [8]. Ghinita et al. used the hibernate curve to map the location information of the requesting users and cooperative users from two-dimensional space to one-dimensional space, and they stored the one-dimensional location information of each user in the data node of a , which enables the requesting user to quickly obtain the real locations of the adjacent cooperative users in the constructed anonymous area [9, 10]. However, when there are many cooperative users, the requesting users must retrieve from the root node of the , which increases the computational cost of the requesting users. To solve this problem, reference [11] uses a ring structure instead of a structure to store the one-dimensional locations of all of the users, which means that the requesting user can quickly find the adjacent users and construct the anonymous area. Chen et al. pointed out that the requesting user should combine with the actual road traffic network when constructing the anonymous area; otherwise, the LSP could identify the real location of some cooperative users from the anonymous area submitted by the requesting user according to the road traffic network and could even directly identify the real location of the requesting user [12]. They make LBS queries on each road for the requesting users and set different quality of service. On the premise of ensuring the quality of service, the generated anonymous area contains as many intersections as possible to improve the location privacy protection level of the requesting user.

In research on the location acquisition method of the collaborative users in a distributed environment, Chow et al. proposed to use the real location of historical cooperative users to construct an anonymous area for the requesting users [13, 14]. In their scheme, the requesting user stored the location information of the cooperative user after each LBS query. If the number of collaborative users obtained in the next LBS query did not meet the requirements of the location privacy protection, then the location information provided by the historical cooperative users could be directly used to construct the anonymous region. To reduce the storage cost of the requesting user, Kim et al. used the Hibert curve to reduce the dimension of the location information of the historical cooperative users, and they used the information entropy of the constructed anonymous area to measure the location privacy protection level of the requesting user; in addition, they proposed a distributed anonymous location privacy protection scheme based on a grid [15]. In addition to using the location information of historical cooperative users, some scholars have proposed two distributed -anonymity location privacy protection schemes based on region awareness, combining them with the existing mobile communication infrastructure [16, 17]. In addition, Che et al. proposed a two-way active distributed -anonymity privacy protection scheme by letting all of the users in the network send information tables of their real locations and the locations of their neighbors [18–20].

In research on incentive mechanisms in distributed -anonymity, Yang et al. pointed out that the original distributed -anonymity privacy protection schemes assume that the cooperative users are honest. They will provide their real location to the requesting user after receiving a request from the anonymous zone collaborative construction [21]. However, in the real world, users are self-interested. If the requesting users directly use these schemes to protect their location privacy in an LBS query, it will be difficult to obtain enough real locations of cooperative users to construct an anonymous area. They use a single round sealed double auction mechanism to allow multiple users to obtain the real location of the cooperative users by auction, thus encouraging all users in the network to participate in the construction of the anonymous area. In addition, Gong et al. pointed out that to better protect the location privacy of the requesting user, the requesting user and the cooperating user must use pseudonyms when participating in the anonymous region construction [22, 23]. Therefore, to encourage cooperative users to change their pseudonyms, they regard the requesting users and cooperative users as a special social group. Based on the social relationships among the group users, they use the maximum group income to encourage cooperative users to change their pseudonyms when they participate in the anonymous region construction.

To summarize, the existing distributed -anonymity location privacy protection schemes do not consider the privacy disclosure and deception behavior in the process of constructing the anonymous region. Therefore, this paper proposes a distributed -anonymous location privacy protection scheme based on blockchain. In this paper, we record the requesting users, cooperative users, and their location information as evidence, and we punish the users who have location leakage and deception. The anonymous zone cannot be constructed when one of these users is the requesting user. An interactive record mechanism is designed to constrain the self-interest behavior of the requesting and cooperating users in the process of anonymous region construction. Second, this paper uses the blockchain technology to effectively prevent the requesting users from disclosing the location information of the cooperative users, and at the same time, it can encourage the cooperative users to provide the real location to participate in the construction of the anonymous area. Finally, experiments show that when the requesting user uses this scheme to construct the anonymous area, the computational cost, communication cost, and storage cost of the cooperative user are less, and the anonymous area can be constructed efficiently. This finding shows that the scheme has good practicability.

3. Research Model

3.1. Blockchain Technology

The concept of blockchain was first proposed by a scholar whose pseudonym is “Nakamoto cong;” blockchain was described as a distributed ledger based on a chain structure. In the ledger, data blocks are linked in the order of being generated over time. Cryptography and consensus algorithms are used to ensure the distribution consistency, tamper proof nature, and unforgeability of the account book data [24, 25]. The basic framework of blockchain can be divided into six layers: data layer, network layer, consensus layer, incentive layer, contract layer, and application layer [26].

3.1.1. Data Layer

The main function of the data layer is to record and store the information on the chain and to ensure the unforgeability and traceability of the data through a Merkle tree, asymmetric encryption algorithm, hash function, time stamp, and other technologies.

3.1.2. Network Layer

The main function of the network layer is to transfer and verify the data through a point-to-point network.

3.1.3. Consensus Layer

The consensus layer mainly uses a consensus algorithm to achieve a stable consensus among the distributed nodes, to ensure the consistency and authenticity of the data.

3.1.4. Incentive Layer

In a blockchain, the data set is maintained by all of the nodes. To encourage nodes to actively participate in the maintenance of the blockchain, the incentive layer encapsulates the allocation rules and payment rules that are compatible with the incentive, to maximize the profits of each node while participating in the maintenance of the blockchain.

3.1.5. Contract Layer

The contract layer mainly provides the development environment of the smart contracts, including the sandbox environment of the blockchain platform and the corresponding programming language.

3.1.6. Application Layer

The application layer is used to realize the application of blockchain technology in various applications scenarios. According to the different applications scenarios, the development of blockchain technology is divided into three stages: programmable currency, programmable finance, and programmable society [27].

3.2. Model Description

In this paper, a point-to-point equality structure is adopted. It is composed of a requesting user, cooperative user, and LSP, and no third party is required. It is assumed that there are secure communications links between the requesting user and the cooperating user and between the requesting user and the LSP [22]. When the requesting user sends a query request to the LSP, the requesting user first sends a collaboration request to the surrounding users to obtain their real locations. After receiving the locations provided by cooperative users , the requesting user constructs the anonymous area ACR and submits it to the LSP together with the query content.

After the LSP authenticates the identity of the requesting user , it searches the database according to the anonymous area and query content submitted by the requesting user, and it returns all of the results to the requesting user . After receiving the query results sent by the LSP, the requesting user filters them according to their real location to obtain accurate query results. Among them, represents the true location of the collaborative user . For the anonymous zone, we have . is the anonymous area constructor, and represents the privacy protection requirements of the requesting user .

In addition, this paper assumes that both the requesting user and the cooperative user are rational; in other words, in the process of constructing the anonymous area, they always choose according to maximizing their own interests. For the rational requesting user , he first expects to obtain the real location provided by the cooperative user to generate the anonymous area ACR. Second, when the anonymous area is constructed successfully, it will disclose the real location of the cooperative users to obtain more additional benefits. Therefore, in the process of constructing the anonymous area, the rational requesting user’s preference satisfaction is the following: Among them, ,

where (1) represents the profit when the user successfully constructs the anonymous area and discloses the real location of the cooperative user (2) represents the profit when the user successfully constructs the anonymous area without disclosing the real location of the cooperative user (3) represents the profit when the user fails to successfully construct the anonymous area and discloses the real location of the cooperative user (4) represents the profit when the user fails to successfully construct the anonymous area and does not disclose the real location of the cooperative user

For the rational cooperative user , he first hopes to protect his location privacy; second, he can effectively protect his location privacy and, at the same time, provide collaborative help for the requesting user. Therefore, in the process of constructing the anonymous region, the preference of the rational cooperative user satisfies the following requirements: . (1) is the profit when the cooperative user provides the false location to the requesting user , and the requesting user uses the false location to construct the anonymous area(2) is the profit when the cooperative user provides the real location to the requesting user , and the requesting user did not disclose the location(3) is the profit when the cooperative user does not provide the location information to cooperate with user to construct the anonymous area(4) is the profit when the cooperative user provides the false location to the requesting user , but the requesting user identifies it correctly and does not use the location to construct the anonymous area(5) represents the profit when the cooperative user provides his/her real location to the requesting user but requests that user disclose his/her real location

3.3. Model Security Definition

In this paper, the requesting user and the surrounding cooperative user are regarded as attackers. In the process of constructing a distributed anonymous area, self-interest request-users are to disclose the location information provided by cooperative users to a third party to obtain additional benefits. However, after receiving the anonymous region construction request sent by the requesting user, the self-interest cooperative user might provide false location information to the requesting user, which makes the anonymous area constructed by the requesting user unable to meet the privacy protection requirements, and it even enables the LSP to directly infer the personal privacy of the requesting user.

To clearly define the security of the distributed anonymous zone construction, this paper regards the cooperative construction of the anonymous zone as a two-party game between the requesting user and the cooperative user . First, the cooperative construction game of the anonymous zone is formally described.

Definition 1 (Anonymous zone cooperative construction game). The anonymous region cooperative construction game is a five-tuple . Among them are the following: (i) is the rational user set; is the requesting user; is the cooperative user(ii) is the policy set of participants, where is the policy set of the requesting user . Here, means that the requesting user will not disclose the location to the third party after receiving it, and means that the requesting user will disclose the location provided by cooperative user to a third party after receiving it. is the policy set of the cooperative user ; means that the cooperative user provides its own real location to the requesting user after receiving the collaboration request, means that the collaborative user does not provide location information to the requesting user after receiving the collaboration request, and indicates that the cooperative user provides a false location to the requesting user after receiving the cooperation request. Moreover, in the anonymous zone cooperative construction game , the requesting user and the cooperative user each choose a strategy form vector as the rational user’s strategy combination. Among them, (iii) is the set of histories. Any history represents the combination of policies selected by rational users at the corresponding time. Obviously, the null character represents the beginning of the cooperative construction game of the anonymous area. For any history , all policy combinations that can appear after it are recorded as .If there is such that , then the history is said to be terminated. The set represents the set of all termination histories(iv) is the user assignment function, which specifies the user who will make the next policy selection for the history without termination. In the anonymous area cooperative construction game, rational cooperative user takes the lead in policy selection, and thus, (v) is the revenue set of rational users. Among them, is the revenue function of the rational requesting user , and is the revenue function of the rational cooperative user Based on the formal description of the anonymity zone cooperative construction game model, the security definition of distributed -anonymity is given below.

Definition 2 (Security of distributed -anonymous location privacy protection). Suppose that is a rational requesting user and is rational cooperative users. When the rational user uses the distributed -anonymous privacy protection scheme to send a cooperative anonymous area request to , and there is successful construction of the anonymous area , the following conditions are true:

Then, the distributed -anonymous location privacy protection scheme is called secure. Here, represents the location privacy protection requirement of the requesting user when sending the current LBS query. Here, . represents the probability that LSP can correctly identify its real location from the anonymous area ACR submitted by the requesting user.

In the above definitions, formula (1) defines the security of the distributed -anonymous location privacy protection from the perspective of anonymous region construction. Formula (1) indicates that the requesting user will not disclose the location of the cooperative user during the construction of the anonymous area. Formula (1) indicates that during the construction of the anonymous area, cooperative user provides its own real location to the requesting user . Formula (1) defines the security of the distributed -anonymous location privacy protection from the perspective of the LBS query.

4. Research Design

To prevent the requesting users from divulging the locations of cooperative users and providing false locations to cheat the requesting users during the construction of a distributed anonymous area, in this paper, encryption and signature techniques are used to prevent other users from illegally obtaining the location information provided by cooperative users and from participating in anonymous area construction that deny users who have location deception or disclosure behavior. Blockchain is used for distributed storage, and both sides of the game involved in the construction of the anonymity zone and the location information provided by them are used as evidence; hence, a distributed -anonymous location privacy protection scheme is designed.

4.1. Consensus Mechanism

To prevent the requesting users from divulging the location information of cooperative users and providing false locations to cheat the requesting users during the construction of a distributed anonymous area, this section first designs a collaboration request recording mechanism to constrain the self-interest behavior of the requesting user and the collaborative user and also proposes a blockchain accounting competition mechanism to encourage all users in the network to participate in the maintenance of the blockchain.

Suppose that in any -th anonymous region cooperative construction game, policy means that the requesting user will not disclose the location provided by cooperative user to the third party after receiving it. Policy means that the requesting user will disclose the location provided by the cooperative user to the third party after receiving it.

Policy means that the cooperative user provides the real location to the requesting user after receiving the collaboration request. Policy means that the cooperative user does not provide any location information to the requesting user after receiving the collaboration request. Policy indicates that the cooperative user provides a false location to the requesting user after receiving the cooperation request. Let and represent the profits of the requesting user and the cooperating user at the end of the -th anonymous region cooperative construction game, respectively. Moreover, the strategy represents the strategy chosen by the requester of the -th anonymous zone cooperative construction game when he is still the requester in the -th game. The strategy represents the strategy chosen by the cooperative user , who participates in the -th anonymous zone cooperative construction game as the requester in the j-th game. Then, the collaboration request recording mechanism proposed in this paper is as follows:

Definition 3 (Consensus mechanism I-interactive recording mechanism). The interactive record mechanism is a two-tuple. Among them, we have the following: (i) is a combination of strategies ( and ) selected by the requesting user and the cooperating user in the -th anonymous region cooperative construction game(ii) is the interactive record mechanism , according to the strategy chosen by the requesting user and the cooperative user in the -th anonymous area collaborative construction game, and it gives them the payment income from the -th anonymous area collaborative construction game to the -th anonymous area collaborative construction game .For any , it satisfies the following:

Among them, is the number of penalty rounds, represents the cooperative user selection strategy in the anonymous zone cooperative construction game , is the number of times that the cooperative users who participate in the anonymous zone cooperative construction game assist other users in constructing the anonymous area when they participate in game , and is the judgment threshold of cooperative users in the anonymous zone cooperative construction game . When , ; otherwise, . Interactive recording mechanism refers to using the requesting users, cooperative users, and location information provided by them to restrict their self-interest behavior. In other words, in the anonymous region collaborative construction game , once it is found that the requesting user divulges the location information of the cooperative user, and then there will be no user to help him construct an anonymous area in the subsequent -times service queries. Similarly, in the anonymous region collaborative construction game , if the cooperative user provides a false location, then the cooperative user will not have other users to help him construct the anonymous area in the subsequent m-times of service queries.

In the scheme proposed in this paper, the researcher uses blockchain distributed storage, with the requesting user, collaborative user, and location information, as evidence. Therefore, to encourage all users in the network to participate in the maintenance of the blockchain, this paper also proposes a block chain accounting rights competition mechanism.

Definition 4 (Consensus mechanism II-accounting rights competition mechanism). Accounting rights competition mechanism is a two-tuple. Among them, we have the following: (i) is the set of times that users who participate in the competition to obtain accounting rights help other users to construct an anonymous area in the competitive production of the new block .Here, is the number of times that the -th users history, which participates in the generation of accounting rights in the new block, and helps other users to construct anonymous zones(ii) is the revenue when the new block is generated (users who participate in the competition of the new block generation bookkeeping rights help other users to construct anonymous areas in history). For any , the following conditions are satisfied:

Among them, represents the number of times that the user who has obtained the accounting rights of the generated block has helped other users to construct an anonymous zone at that time.

In short, the basic idea of the new block accounting rights competition mechanism proposed in this paper is to allow the users who participate in the anonymous zone construction for the largest number of times obtain the accounting rights. However, to prevent the users who participate in the anonymous zone construction for the largest number of times from always obtaining the accounting permission, and thus have the opportunity to forge the distributed anonymous area collaborative construction blockchain, this paper uses to make the accounting rights of the blockchain disperse to each user in the network. In addition, to encourage all users in the network to participate in the updating of the blockchain, this paper regards the accounting rights of generating new blocks as a special way to participate in the construction of an anonymous area. Obviously, for any user in the network, the larger that is, the more help to other users in constructing anonymous areas. Then, when as a requester sends an anonymous area collaborative construction request, the larger the number of users who provide their location information to him is, and the greater the probability that RR can successfully construct an anonymous area. This approach can also prevent users from using new frequently in the blockchain system to a certain extent.

It is worthwhile to note that in the accounting rights, competition mechanism proposed in this paper, any user in the network, including the requesting user who sends the anonymous zone collaborative construction request, the collaborative user who provides the location information, and the other users who receive the anonymous zone collaborative construction request without providing the location information, can participate in the competition of generating the new block accounting rights.

4.2. Specific Scheme

In this paper, the process of requesting users to obtain the real location of collaborative users is regarded as a special kind of transaction. The of both parties and the location information provided by cooperative users are recorded in the transaction bill, and the bill is stored in the public chain. When the requesting user indicates that the cooperative user provides a false location or the cooperative user indicates that the requesting user discloses his location, the transaction bill can be used as a voucher for arbitration. Once the location disclosure or spoofing behavior is confirmed, the user who has the above behavior will not be helped by other users when they are the requester, which makes them unable to construct an anonymous area successfully. In addition, to encourage network users to participate in the maintenance of the blockchain, users who generate blocks each time are regarded as helping users to construct anonymous zones. The specific scheme is as follows:

Step 1. The requesting user sends an anonymous zone construction collaboration request to the cooperative user.

Among them, represents the timestamp when the requesting user sends an anonymous zone construction collaboration request. Additionally, is the pseudonym used by the requesting user in the blockchain system, and represents the number of times that the requesting user has participated in the anonymous zone construction when he is a cooperative user. represents the bill number of the transaction bill , which stores the request of user to cooperate with other users to construct the anonymous zone. Here, , , is the private key of the requesting user in the blockchain system. means signing with private key and “‖” is the connection symbol.

Step 2. After receiving the anonymous area construction request sent by the requesting user, the cooperative user first counts the number of times that the requesting user has participated in the anonymous area construction in the distributed anonymous area collaborative construction blockchain and determines whether there is a penalty transaction bill recording the cheating behavior of the requesting user in the blockchain. (1)When and no penalty transaction bill is found to record the cheating behavior of the current requesting user , the cooperative user decides whether to send his real location to the requesting user according to the threshold value (i)If , the collaboration user does not respond to the collaboration request of the requesting user (ii)If , the cooperative user sends the transaction bill to the requesting user (2)When , but the penalty transaction bill recording the cheating behavior of the current requesting user is found in the block , the cooperative user judges whether the requesting user is still in the penalty period according to the number of current blocks(i)If , in other words, the requesting user is still in the penalty period, the cooperative user does not respond to the request of the requesting user , and the penalty transaction bill is broadcast:(ii)If , in other words, the requesting user has been punished, and the cooperative user will send the transaction bill to the requesting user (3)When , the cooperative user does not respond to the request of the requesting user , and the penalty transaction bill is broadcast:

represents the number of blocks in the distributed anonymous zone collaborative construction blockchain when the requesting user sends the cooperation request. Here, represents the block number of the recorded requesting user spoofing behavior, which satisfies . represents the timestamp that generated the transaction bill and is the penalty threshold. is the public key of the requesting user in the blockchain system. is the private key of the cooperative users in the blockchain system. is the identifier of the penalty transaction bill. represents the ciphertext obtained by encrypting with the public key of the requesting user in the blockchain system.

Step 3. After receiving the transaction bill sent by the cooperative user , requesting user uses the public key of the cooperative user in the blockchain system to verify the correctness of the signature information. (1)If the verification is successful, then requesting user decrypts with his private key to obtain the real location of the cooperative user .Then, and are calculated and written into the transaction bill for broadcasting(2)If the verification fails, then is not used to construct the anonymous area , and the penalty transaction bill is broadcast

The anonymous region can be constructed successfully when the requesting user obtains the real location provided by no less than cooperative users.

Step 4. All of the users in the network verify their authenticity after receiving the transaction bill sent by the broadcast. If the verification fails, then new penalty transaction bills are generated and broadcast. If the verification is passed, the transaction bill is saved to generate a new block . When the distributed anonymous zone is to be updated to construct the blockchain cooperatively, if , then the user obtains the accounting rights and joins the new block into the distributed anonymous area to construct the blockchain cooperatively.

In the above scheme, the user’s will be used as an index to retrieve all of the historical transaction bills that contain the in the blockchain system, in such a way that each user in the network can trace the historical behavior of the requesting user and the cooperative user. In addition, when the “requesting user” uses the above scheme to protect his location privacy during an query, the following three situations could occur: (1)When the requesting user makes multiple queries in the same location, the user does not need to broadcast and send the construction anonymous area cooperation request. Only by looking up the transaction bills stored in the blockchain can it quickly obtain the real location provided by the collaborative users in the historical query, to construct the anonymous area efficiently and improve the quality of service(2)When the requesting user makes a continuous query, the user does not need to send a request to construct an anonymous zone. At this time, by querying the transaction bills stored in the blockchain, it can quickly obtain the users who cooperated in the last query and then directly send the cooperation request to these users, quickly construct the anonymous area, and improve the quality of service(3)When a new block is generated, if there are multiple users , we lethold. The users in the network decide which user in gets the bookkeeping rights of this blockchain by voting. In addition, to reduce the networks user query overhead, in practical applications, we can introduce a sliding window mechanism in the above scheme to reduce the number of blocks that store transaction bills in the blockchain.

In addition, if the location privacy data update frequency is much higher than the transaction speed in the public chain network when using the scheme in practice, the scheme can be optimized by using methods such as region division and alliance chain technology.

4.3. Scheme Analysis

4.3.1. Security Certification

This paper assumes that there are at least users with the threshold in the network. The requesting user can successfully construct an anonymous area that contains the location provided by the other cooperative users. Moreover, it is also assumed that if the requesting user receives the real locations provided by the users, the anonymous area construction method adopted by the user is secure; in other words, equation (12) holds.

Therefore, this paper proves only that the scheme is secure from the perspective of anonymous region construction.

Lemma 5. Let denote the probability that the cooperative user can correctly identify the location disclosure behavior of the requesting user and let represent the probability that the requesting user identifies the false location provided by the cooperative user . When the threshold of users exists in the network, if , then the scheme is able to not only prevent the requesting users from disclosing the location information of the cooperative users but also ensure that the cooperative users provide the real locations when participating in the distributed anonymous construction.

Proof. Proof by contradiction.
Suppose that when the threshold value of rational user is and , the requesting user will disclose the real location to the third party after receiving the rational user ’s real location in any -th anonymous area cooperative construction game, in other words, the selection strategy . At this time, for the requesting user , his profit in the game is as follows:

When the rational cooperative user confirms that has ever disclosed his real location , still acts as the requester in the anonymous area cooperative construction game , , after that time, and the revenue satisfies the following: for .Therefore, the total revenue of rational user for the selection strategy in the ()-time game ,, , is as follows:

However, if the requesting user does not disclose the real location to the third party after receiving the real location ,, in the -th anonymous area cooperative construction game, in other words, when selecting the strategy , the overall revenue of the user in the anonymous area cooperative construction game and ,, is as follows:

According to the hypothesis, if and only if , the requesting user will disclose the location information provided by the cooperative user. More specifically, the following holds. Then, contradicts the known . Therefore, for rational requesting users , it will not reveal the real location of the collaborative users .In the same way, suppose that in any -th anonymous cooperative construction game, when and the cooperative user decides to help the requesting user construct the anonymous area, the cooperative user provides a false location , in other words, the selection strategy . At this time, the rational cooperative user provides a false location to the requesting user , and the probability of correct identification of the requesting user is . Therefore, after the cooperative user is proven to provide a false location in the current game , the total revenue of the cooperative users participating in the -th anonymous zone cooperative construction game is as follows:

Among them, in the anonymous area collaborative construction game , represents the revenue function of the cooperative users as requesters in the subsequent collaborative construction game. When the cooperative user decides to help the requesting user construct the anonymous area and provide the real location , in other words, to choose the strategy , the total revenue in the game and is as follows:

According to the hypothesis, if and only if , the cooperative user will provide a false location to the requesting user. In other words, holds. Then, and are contradictory. Therefore, when the cooperative user decides to help the requesting user construct the anonymous zone, it will provide the real location.

The proof is complete.

Lemma 6. Let denote the probability that the cooperative user can correctly identify the location leakage behavior of the requesting user . Here, represents the probability that the requesting user identifies the false location provided by the cooperative user. For any rational user in the network, when and , this scheme can encourage the user to participate in the construction of the distributed anonymous area. From Lemma 5 and Lemma 6, the following can be concluded:
Let denote the probability that the cooperative user can correctly identify the location leakage behavior of the requesting user . Here, represents the probability that the requesting user identifies the false location provided by the cooperative user. It is assumed that rational users adopt this scheme to protect their location privacy during an query, and there is a threshold of other rational users in the network. Here, represents the number of times in the history that rational requesting users help other users to construct anonymous zones. If , the scheme is safe. In other words, this scheme is able to not only promote the cooperative users to provide their real locations to the requesting users but also prevent the requesting users from divulging these locations. At the same time, the accuracy rate of the in identifying the real location from the anonymous area submitted by the requesting user is not higher than that of .

4.3.2. Computational Complexity

This scheme involves encryption, decryption, and a signature operation. In this paper, the signature operation is regarded as a special encryption operation. Because the decryption operation is the inverse of the encryption operation, is used to represent the computational complexity of the encryption, decryption, and signature operations.

In this scheme, when each cooperative user receives the anonymous region construction request sent by the requesting user , it first calculates according to the requesting user ’s public key , and it verifies the correctness of the signature data . At this time, the required computational complexity is . If the correctness is verified, then the cooperative user will query the transaction bill stored in the blockchain , determine the authenticity of the number of times that requesting user helped other users construct an anonymous area, and determine whether there is a penalty transaction bill from recording cheating in the blockchain. When it is found that the requesting user sends a false or it is still in the penalty period, the penalty transaction bill is broadcast after calculating the . In this case, the computational complexity of is

When is verified to be correct and no penalty transaction bill is found to record the cheating behavior of the requesting user , then the cooperative user decides whether to provide his own location to the requesting user according to the threshold value . If , then it does not respond to the anonymous area construction request sent by the requesting user, and the computational cost is . If , then after calculating the and the corresponding signature , the transaction bill is sent to the requesting user , and the computational complexity of the cooperative user is

Therefore, when an anonymous construction request is received, the upper limit of the computational complexity required by the cooperative user is as follows:

In the same way, after receiving the transaction bill sent by the cooperative user , the computational complexity required by the requesting user is . When a new block is generated, the computational complexity of the users participating in the new block generation is .

To summarize, if the user successfully obtains the real location provided by cooperative users, the computational complexity of each user in the network is as follows: (1)For the requesting user, the calculation complexity is as follows:(2)For users who provide their own real location to construct the anonymous area, the computational complexity is as follows:(3)For the users who do not respond to the anonymous zone cooperative construction request, the computational complexity is as follows:

5. Experiment

To test the effectiveness of the proposed scheme, the computational cost and communication overhead are examined. The experimental environment configuration is shown in Table 1.

In the blockchain network, there are 25 network nodes: one is the requesting user node, and the other 24 are the cooperative user nodes. By generating random numbers, the number of times that the requesting user’s node has participated in the construction of an anonymous area and the thresholds of the cooperative user nodes are generated in such a way that there are at least cooperative users with thresholds . In other words, after sending an anonymous region to construct a cooperative request, the requesting user can obtain at least cooperative users’ location information to construct the anonymous region. In addition, in the established blockchain network platform, the “Consensus mechanism —competition mechanism of bookkeeping rights” proposed in this paper is used to determine which user in the network obtains the generation rights to the new block. Moreover, in the blockchain network platform, each block is set to store 100 historical transaction bills. Each transaction bill is used to record the ciphertext and signature data of the requesting user and the cooperative user about the location information provided by the cooperative user during the construction of the anonymous area. We set the current blockchain length to100; in other words, there are historical transaction bills. In this experiment, the user’s privacy protection requirement value changes from 2 to 20, and the algorithm is repeated 100 times for different values.

5.1. Experiment-1

This experiment is to construct an anonymous region. In experiment 1, suppose that the requesting user has provided his real location and participated in the construction of an anonymous area 100 times, in other words, . When the requesting user receives more than cooperative users’ location information, locations are randomly selected to construct the anonymous area. The average computation delay and communication cost required by the cooperative user and the requesting user in the anonymous region construction process are shown in Figure 1, respectively.

(a) Average computing delay of requesting user and cooperating user

(b) Average communication cost requesting user and cooperating user

When the user uses this scheme to protect its location privacy in an query, the average computing delay required for the successful construction of the anonymous area increases when increases. For cooperative users, the average computing delay is independent of the privacy protection requirements value of the requesting user, as shown in Figure 1(a). The reason for the above phenomenon is that with an increasing value, the requesting user must verify the correctness of the signature data sent by the cooperative user, and the number of times to decrypt and obtain the real location of the cooperative user also increases. However, for cooperative users , when they receive the cooperation request of constructing the anonymous area sent by the requesting user and , it is only required to encrypt its real location with the public key of the requesting user and send the encrypted ciphertext to the requesting user. Therefore, the average computing delay required by the requesting user is independent of the value.

In addition, in the process of constructing the anonymous area, the average communication cost of the requesting user increases with the increase in the value of the privacy protection requirement of the requesting user. The reason is that with an increase in the value, the requesting user must receive more location information provided by cooperative users to construct the anonymous area, which increases the average communication cost of the requesting users. However, for the cooperative users, the point-to-point communication is used to provide their real location to the requesting users. Therefore, the average communication cost required by the cooperative users does not change with the value of the privacy protection requirement of the requesting users, as shown in Figure 1(b).

Through the above experiments, it can also be found that when the requesting user successfully generates the anonymous area by using this scheme, the computation delay and communication cost required by the requesting user and the cooperative user are also very limited. For example, when , the average computing delay of the requesting user is 311.924 ms, and the average communication cost is 17.206 kb; additionally, the average computing delay of the cooperative user is 32.985 ms, and the average computational communication cost is 1.241 kb. This finding shows that the scheme has good usability and can efficiently generate an anonymous area for the requesting user.

5.2. Experiment-2

This experiment is to update the blockchain. Next, we analyze the average computing cost and storage cost of a block chain update. In experiment 2, we set the number of transaction bills included in the new block generation to 100. When updating the blockchain, regardless of whether the requesting user has the permission to update the blockchain or not, the calculation delay decreases with the increase in the privacy protection demand value. The reason is that when the value increases, the amount of verified signature data sent by the cooperative users increases when the requesting users construct the anonymous zone, which reduces the amount of verified signature data sent by cooperative users in the process of updating the blockchain. Figure 2(a) shows this relationship. For example, when the value changes from 2 to 20, if the requesting user does not have permission to update the blockchain, the calculation delay required for updating the blockchain is reduced from 3528.142 ms to 3385.354 ms. If the requesting user is given permission to update the blockchain, the computation delay is reduced from 3242.084 ms to 3125.916 ms.

(a) Average computing delay of requesting user

(b) Average computing delay of cooperative user

For collaborative users, when updating the blockchain, regardless of whether the requesting user has permission to update the blockchain or not, it must verify the correctness of all transaction bills sent by the requesting user. Therefore, the computing delay required by the cooperative user is not affected by the value of the requesting user, as shown in Figure 2(b).

Moreover, since the cooperative user is only required to verify the correctness of the signature data about the real location of the cooperative user in each transaction bill, in the process of updating the blockchain, the computing time delay required by the cooperative users is much less than that of the requesting users.

5.3. Experiment-3

This experiment is used to analyze when the blockchain is updated, to assess the impact of the number of transaction bills on the communication cost, calculation delay, and block size. We set the number of transaction bills from 100 to 1000 when the new block is generated. In this scheme, the transaction bills stored in the blockchain are finally broadcasted by the requesting users, which enables all of the users in the network to verify the correctness of these transaction bills. Therefore, the communication cost of the requesting users in the process of the blockchain update increases with an increase in the number of transaction bills, as shown in Figure 3. Moreover, with an increase in the number of transaction bills, when the new block is generated, the number of transaction bills to be stored ,and the computing delay of the Merkle tree root node to calculate these bills will also increase. As a result, the calculation delay and the size of the new block will increase with an increase in the number of transaction bills, as shown in Figure 4, respectively.

According to the above analysis, when a new block is generated, when there is an increase in the number of transaction bills, the computing delay, communication cost, and storage cost of each user in the network will also increase. However, for the requesting user, when it obtains the generation rights of the new block, it can construct the anonymous area first and then generate the new block. It can be seen from Figure 1(a) and Figure 1(b) that the computation delay and communication cost required by both the requesting user and the cooperative user are very limited when the anonymous area is generated by this scheme. This finding shows that the scheme can generate an anonymous region efficiently and has good practicability.

In addition, in practical applications, the number of transaction bills used to generate a new block can be reduced by adjusting the frequency of generating new blocks, and the computing delay, communication cost, and storage cost of each user in the network can be reduced when the blockchain is updated, to further improve the usability of the scheme.

6. Summary and Prospects

The existing distributed -anonymity privacy protection schemes cannot effectively protect the users’ location privacy. The reason for this problem is that these schemes do not consider privacy disclosure and deception during the construction of an anonymous area, which makes a self-interested requesting user disclose the real location of the cooperative users to a third party to obtain additional benefits. However, the self-interested cooperative users will provide false locations to the requesting user, which results in the constructed anonymous area not meeting the location privacy protection requirements of the requesting user. To solve this problem, this paper first describes the game of constructing a distributed anonymous area, and it then analyzes the policy choices and benefits of the requesting and cooperating users. The security definition of distributed -anonymous location privacy protection is given. Then, the block chain distributed storage is used to take the requesting users, cooperative users, and location information provided by the cooperative users as evidence. When punishing the users who have location leakage and spoofing behavior, they cannot construct an anonymous area successfully when sending anonymous area collaborative construction requests in the future, which will restrict the self-interest behavior of the requesting users and the cooperative users. Based on the above discussion, this paper proposes a distributed -anonymous location privacy protection scheme based on blockchain. Security analysis and experiments show that this scheme can not only effectively prevent the requesting users from divulging the location information of the cooperative users but also urge the cooperative users to provide the real location, to construct the anonymous area efficiently. In addition, this scheme can not only protect the location privacy of the user in a sparse crowd scene but also protect the location privacy of the continuous queries.

Data Availability

The data used to support the findings of this study are included within this article.

Conflicts of Interest

The authors declare there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This research work was supported by the Central Government Guides the Local Science and Technology Development Fund Project Subsidization (Guike AD20238072) and Middle-Age and Young Teachers’ Basic Ability Promotion Project of Guangxi under Grant (2019KY0659).

References

R. Yu, J. Kang, X. Huang, S. Xie, Y. Zhang, and S. Gjessing, “Mixgroup: accumulative pseudonym exchanging for location privacy enhancement in vehicular social networks,” IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 1, pp. 93–105, 2016.
View at: Publisher Site | Google Scholar
S. Mascetti, D. Freni, C. Bettini, X. S. Wang, and S. Jajodia, “Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies,” The VLDB Journal, vol. 20, no. 4, pp. 541–566, 2011.
View at: Publisher Site | Google Scholar
M. Li, S. Salinas, A. Thapa, and P. Li, “n-cd: a geometric approach to preserving location privacy in location-based services,” in 2013 Proceedings IEEE INFOCOM, pp. 3012–3020, Turin, Italy, 2013.
View at: Publisher Site | Google Scholar
Y. Wu, H. Chen, S. Zhao et al., “Differentially private trajectory protection based on spatial and temporal correlation,” Chinese Journal of Computers, vol. 41, no. 2, pp. 309–322, 2018.
View at: Google Scholar
X. Liu, K. Liu, L. Guo, X. Li, and Y. Fang, “A game-theoretic approach for achieving k-anonymity in location based services,” in 2013 Proceedings IEEE INFOCOM, pp. 2985–2993, Turin, Italy, 2013.
View at: Publisher Site | Google Scholar
R. M. S. Vedula, R. S. Bhadoria, and M. Dixit, “Integrating Blockchain with AI,” Multidisciplinary Functions of Blockchain Technology in AI and IoT Applications, IGI Global, pp. 1–25, 2021.
View at: Publisher Site | Google Scholar
N. Saxena, R. S. Bhadoria, S. Dickerson, S. Branch, L. Dalley, and N. Churchill, “Security and Privacy Issues in UK Healthcare,” Security and Privacy of Electronic Healthcare Records: Concepts, paradigms and solutions, The Institution of Engineering and Technology, London, United Kingdom, p. 283, 2019.
View at: Google Scholar
C. Y. Chow, M. F. Mokbel, and X. Liu, “Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments,” GeoInformatica, vol. 15, no. 2, pp. 351–380, 2011.
View at: Publisher Site | Google Scholar
G. Ghinita, P. Kalnis, and S. Skiadopoulos, “Prive: anonymous location- based queries in distributed mobile systems,” in Proceedings of the 16th international conference on World Wide Web, pp. 371–380, Banff Alberta Canada, 2007.
View at: Publisher Site | Google Scholar
S. Zhang, X. Li, Z. Tan, T. Peng, and G. Wang, “A caching and spatial K-anonymity driven privacy enhancement scheme in continuous location-based services,” Future Generation Computer Systems, vol. 94, pp. 40–50, 2019.
View at: Publisher Site | Google Scholar
G. Ghinita, P. Kalnis, and S. Skiadopoulos, “Mobihide: a mobilea peer- to-peer system for anonymous location-based queries,” International Symposium on Spatial and Temporal Databases, Springer, pp. 221–238, 2007.
View at: Publisher Site | Google Scholar
H. Chen and X. Qin, “Query-dependency-aware location privacy protection for road networks,” International Journal of Security and Its Applications, vol. 12, no. 2, pp. 29–44, 2018.
View at: Publisher Site | Google Scholar
C. H. Chen and K. T. Feng, “Enhanced distance and location Estimation for broadband wireless networks,” IEEE Transactions on Mobile Computing, vol. 14, no. 11, pp. 2257–2271, 2015.
View at: Publisher Site | Google Scholar
C. Tian, H. Xu, T. Lu, R. Jiang, and Y. Kuang, “Semantic and trade-off aware location privacy protection in road networks via improved multi-objective particle swarm optimization,” Access, vol. 9, pp. 54264–54275, 2021.
View at: Publisher Site | Google Scholar
H. I. Kim, Y. S. Shin, and J. W. Chang, “A grid-based cloaking scheme for continuous queries in distributed systems,” in 2011 IEEE 11th Inter- national Conference on Computer and Information Technology, pp. 75–82, Paphos, Cyprus, 2011.
View at: Publisher Site | Google Scholar
H. Takabi, J. B. Joshi, and H. A. Karimi, “A collaborative k-anonymity approach for location privacy in location-based services,” in 2009 5th International Conference on Collaborative Computing: Networking, Ap- plications and Worksharing, pp. 1–9, Washington, DC, USA, 2009.
View at: Publisher Site | Google Scholar
G. Zhong and U. Hengartner, “A distributed k-anonymity protocol for location privacy,” in 2009 IEEE International Conference on Pervasive Computing and Communications, pp. 1–10, Galveston, TX, USA, 2009.
View at: Publisher Site | Google Scholar
Y. Che, Q. Yang, and X. Hong, “A Dual-Active Spatial Cloaking Algorithm for Location Privacy Preserving in Mobile Peer-to-Peer Networks,” in 2012 IEEE Wireless Communications and Networking Conference (WCNC), Paris, France, 2012.
View at: Publisher Site | Google Scholar
D. Zhai, Y. Sun, A. Liu et al., “Towards secure and truthful task assignment in spatial crowdsourcing,” World Wide Web, vol. 22, no. 5, pp. 2017–2040, 2019.
View at: Publisher Site | Google Scholar
Y. He and J. Chen, “User location privacy protection mechanism for location-based services,” Digital Communication and Network, vol. 7, no. 2, pp. 264–276, 2021.
View at: Publisher Site | Google Scholar
D. Yang, X. Fang, and G. Xue, “Truthful Incentive Mechanisms for K- Anonymity Location Privacy,” in 2013 Proceedings IEEE INFOCOM, Turin, Italy, 2013.
View at: Publisher Site | Google Scholar
X. Gong, X. Chen, K. Xing, D.-H. Shin, M. Zhang, and J. Zhang, “Personalized location privacy in mobile networks: A social group utility approach,” in 2015 IEEE Conference on Computer Communications (IN- FOCOM), pp. 1008–1016, Hong Kong, China, 2015.
View at: Google Scholar
B. Luo, X. Li, J. Weng, J. Guo, and J. Ma, “Blockchain enabled trust-based location privacy protection scheme in VANET,” IEEE Transactions on Vehicular Technology, vol. 69, no. 2, pp. 2034–2048, 2020.
View at: Publisher Site | Google Scholar
T. Ruffing, P. Moreno-Sanchez, and A. Kate, “Coinshuffle: practical de- centralized coin mixing for bitcoin,” European Symposium on Research in Computer Security, Springer, pp. 345–364, 2014.
View at: Publisher Site | Google Scholar
W. Stallings and M. P. Tahiliani, Cryptography and Network Security: Principles and Practice, Vol. 6, Pearson, 2014.
Q.-F. Shao, C.-Q. Jin, Z. Zhang, W. Qian, and A. Zhou, “Blockchain, architecture and research progress,” Chinese Journal of Computers, vol. 41, no. 5, pp. 969–988, 2017.
View at: Google Scholar
G. Karame and S. Capkun, “Blockchain security and privacy,” IEEE Security and Privacy, vol. 16, no. 4, pp. 11-12, 2018.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Sheng Luo. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Mobile Information Systems

User Sensitive Information Protection Scheme Based on Blockchain Technology

Abstract

1. Introduction

2. Related Work

3. Research Model

3.1. Blockchain Technology

3.1.1. Data Layer

3.1.2. Network Layer

3.1.3. Consensus Layer

3.1.4. Incentive Layer

3.1.5. Contract Layer

3.1.6. Application Layer

3.2. Model Description

3.3. Model Security Definition

4. Research Design

4.1. Consensus Mechanism

4.2. Specific Scheme

4.3. Scheme Analysis

4.3.1. Security Certification

4.3.2. Computational Complexity

5. Experiment

5.1. Experiment-1

5.2. Experiment-2

5.3. Experiment-3

6. Summary and Prospects

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright