A two-level protocol to answer private location-based queries

An important privacy issue in location based services (LBS) is to hide a user´s identity and location while still providing quality location based services. A user´s identity can be easily hidden through anonymous Web browsing services. However, a user´s location can reveal a user´s identity. For example, a user at home may want to ask queries such as ldquoFind the nearest hospital around merdquo through a GPS enabled mobile phone but he may not be willing to dislose his own location. A common way to achieve location privacy is through cloaking, e.g. the client sends a cloaked region to the server and filters the results to find the exact answer. Recently, private information retrieval has been adopted to answer private location-based queries. However, we argue that ensuring the server does not reveal more data than what is queried is important at the same time. In this paper, we propose an efficient two-level solution based on two cryptographic protocols: PIR and oblivious transfer. Our solution is a general-purpose one and can use either a two-level PIR [2] or it can use a combination of PIR and oblivious transfer [11]. Our approach provides privacy for the user/client, does not use a trusted party or anonymizer, is provably privacy-preserving, and when compared to previous approaches ensures that the server reveals as minimum data as is required, and the data that is released by the server is as fine-grained or precise as possible.