The VLDB Journal

, Volume 19, Issue 3, pp 363–384 | Cite as

Enabling search services on outsourced private spatial data

  • Man Lung YiuEmail author
  • Gabriel Ghinita
  • Christian S. Jensen
  • Panos Kalnis
Regular Paper


Cloud computing services enable organizations and individuals to outsource the management of their data to a service provider in order to save on hardware investments and reduce maintenance costs. Only authorized users are allowed to access the data. Nobody else, including the service provider, should be able to view the data. For instance, a real-estate company that owns a large database of properties wants to allow its paying customers to query for houses according to location. On the other hand, the untrusted service provider should not be able to learn the property locations and, e.g., selling the information to a competitor. To tackle the problem, we propose to transform the location datasets before uploading them to the service provider. The paper develops a spatial transformation that re-distributes the locations in space, and it also proposes a cryptographic-based transformation. The data owner selects the transformation key and shares it with authorized users. Without the key, it is infeasible to reconstruct the original data points from the transformed points. The proposed transformations present distinct trade-offs between query efficiency and data confidentiality. In addition, we describe attack models for studying the security properties of the transformations. Empirical studies demonstrate that the proposed methods are efficient and applicable in practice.


Data outsourcing Spatial query processing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Advanced Encryption Standard (AES): NIST—Federal Information Processing Standards Publication 197, Nov (2001)Google Scholar
  2. 2.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: SIGMOD (2004)Google Scholar
  3. 3.
    Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: SIGMOD (2000)Google Scholar
  4. 4.
    Böhm C.: A cost model for query processing in high-dimensional data spaces. ACM TODS 25(2), 129–178 (2000)CrossRefGoogle Scholar
  5. 5.
    Brinkhoff T.: A framework for generating network-based moving objects. GeoInformatica 6(2), 153–180 (2002)zbMATHCrossRefGoogle Scholar
  6. 6.
    Butz A.R.: Alternative algorithm for Hilbert’s space-filling curve. IEEE Trans. Comput. C-20(4), 424–426 (1971)CrossRefGoogle Scholar
  7. 7.
    Cheng, W., Pang, H., Tan, K.-L.: Authenticating multi-dimensional query results in data publishing. In: DBSec (2006)Google Scholar
  8. 8.
    Damiani, E., Vimercati, S.D.C., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS (2003)Google Scholar
  9. 9.
    Devanbu P., Gertz M., Martel C., Stubblebine S.G.: Authentic data publication over the Internet. J. Comput. Secur. 11(3), 291–314 (2003)Google Scholar
  10. 10.
    Dwork, C.: Differential privacy: a survey of results. In: TAMC, pp. 1–19 (2008)Google Scholar
  11. 11.
    Gedik, B., Liu, L.: Location privacy in mobile systems: a personalized anonymization model. In: ICDCS (2005)Google Scholar
  12. 12.
    Ghinita, G., Kalnis, P., Khoshgozaran, A., Shahabi, C., Tan, K.L.: Private queries in location based services: anonymizers are not necessary. In: SIGMOD (2008)Google Scholar
  13. 13.
    Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: VLDB (2007)Google Scholar
  14. 14.
    Goldreich O., Ostrovsky R.: Software protection and simulation on oblivious rams. J. ACM 43, 431–473 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: USENIX MobiSys (2003)Google Scholar
  16. 16.
    Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: SIGMOD (2002)Google Scholar
  17. 17.
    Hacigümüs, H., Mehrotra, S., Iyer, B.R.: Providing database as a service. In: ICDE (2002)Google Scholar
  18. 18.
    Hjaltason G.R., Samet H.: Distance browsing in spatial databases. TODS 24(2), 265–318 (1999)CrossRefGoogle Scholar
  19. 19.
    Kalnis P., Ghinita G., Mouratidis K., Papadias D.: Preventing location-based identity inference in anonymous spatial queries. IEEE TKDE 19(12), 1719–1733 (2007)Google Scholar
  20. 20.
    Kargupta, H., Datta, S., Wang, Q., Sivakumar, K.: On the privacy preserving properties of random data perturbation techniques. In: ICDM (2003)Google Scholar
  21. 21.
    Khoshgozaran, A., Shahabi, C.: Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy. In: SSTD (2007)Google Scholar
  22. 22.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: ICDE (2006)Google Scholar
  23. 23.
    Li, N., Li, T., Venkatasubramanian, S.: t-Closeness: privacy beyond k-anonymity and l-diversity. In: ICDE (2007)Google Scholar
  24. 24.
    Liu K., Kargupta H., Ryan J.: Random projection-based multiplicative data perturbation for privacy preserving distributed data mining. IEEE TKDE 18(1), 92–106 (2006)Google Scholar
  25. 25.
    Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: l-Diversity: privacy beyond k-anonymity. In: ICDE (2006)Google Scholar
  26. 26.
    Merkle, R.C.: A certified digital signature. In: CRYPTO (1989)Google Scholar
  27. 27.
    Mokbel, M.F., Chow, C.-Y., Aref, W.G.: The new casper: query processing for location services without compromising privacy. In: VLDB (2006)Google Scholar
  28. 28.
    National Institute of Standards and Technology. Secure Hashing.
  29. 29.
    Papadimitriou, S., Li, F., Kollios, G., Yu, P.S.: Time series compressibility and privacy. In: VLDB (2007)Google Scholar
  30. 30.
    Samarati P.: Protecting respondents’ identities in microdata release. IEEE TKDE 13(6), 1010–1027 (2001)Google Scholar
  31. 31.
    Stuckmann, P., Ehlers, N., Wouters, B.: GPRS traffic performance measurements. In: IEEE Vehicular Technology Conference (2002)Google Scholar
  32. 32.
    Theodoridis, Y., Sellis, T.K.: A model for the prediction of R-tree performance. In: PODS (1996)Google Scholar
  33. 33.
    Weber, R., Schek, H.-J., Blott, S.: A quantitative analysis and performance study for similarity-search methods in high-dimensional spaces. In: VLDB (1998)Google Scholar
  34. 34.
    Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 139–148 (2008)Google Scholar
  35. 35.
    Wong, W.K., Cheung, D.W., Kao, B., Mamoulis, N.: Secure k-NN computation on encrypted databases. In: SIGMOD (2009)Google Scholar
  36. 36.
    Yang, Y., Papadopoulos, S., Papadias, D., Kollios, G.: Spatial outsourcing for location-based services. In: ICDE (2008)Google Scholar
  37. 37.
    Yiu, M.L., Ghinita, G., Jensen, C.S., Kalnis, P.: Outsourcing search services on private spatial data. In: ICDE (2009)Google Scholar
  38. 38.
    Yiu, M.L., Jensen, C.S., Huang, X., Lu, H.: SpaceTwist: Managing the trade-offs among location privacy, query performance, and query accuracy in mobile services. In: ICDE (2008)Google Scholar

Copyright information

© Springer-Verlag 2009

Authors and Affiliations

  • Man Lung Yiu
    • 1
    Email author
  • Gabriel Ghinita
    • 2
  • Christian S. Jensen
    • 3
  • Panos Kalnis
    • 4
  1. 1.Department of ComputingHong Kong Polytechnic UniversityHong KongChina
  2. 2.Department of Computer SciencePurdue UniversityWest LafayetteUSA
  3. 3.Department of Computer ScienceAalborg UniversityAalborgDenmark
  4. 4.Division of Mathematical and Computer Sciences and EngineeringKAUST UniversityThuwalSaudi Arabia

Personalised recommendations