RemindU: A Secure and Efficient Location Based Reminder...

RemindU: A Secure and Efficient Location BasedReminder System

Xinxin Zhao, Lingjun Li, Guoliang XueArizona State University

Abstract—Reminder applications are essential applications inmobile devices. Since most smart devices are equipped with accu-rate localization capabilities, location based reminders emerge inrecent smart devices. A user could add a location based reminderwhich reminds the user to do something once she enters or leavesa location. Convenient as these applications are, a user can beeasily tracked once she installs these applications. We proposea secure and efficient location based reminder system. In oursystem, the reminder location and reminder message are storedin the form of ciphertext on the cloud server. The cloud serveris able to preform a private location match without knowinganything about the user’s location information. We propose anovel method to represent the user’s reminder area in order tosave the storage space and computation time of both users andthe cloud server. We demonstrate the efficiency of our system inour simulations.

I. INTRODUCTION

Reminder applications are becoming crucial applicationsin mobile devices. They help users to memorize somethingimportant to do in the future and remind users at specificoccasions. Traditional reminder applications are time basedreminders, i.e., a user enters a reminder message and setsup a reminder time, which could be one time or periodicallyrepeated times. The application displays the reminder messageon the screen at the setting time and alerts the user. Recentyears have witnessed a rapid development of smart devices.Most smart devices are now equipped with accurate localiza-tion capabilities, based for example on GPS receivers, accesspoints, or triangulation with nearby base stations [13].

Due to the development of localization capabilities, thereminder applications have an additional functionality on moreand more smart devices. A user can mark a location when sheadds a new reminder. We call this location reminder location.The smart device alerts the user when she is near the reminderlocation. The closeness to the reminder location is set bythe user. We denote this closeness as reminder distance. Forexample, a user can set a reminder to remind her to buygroceries when she is 1 mile away from the supermarket.

One approach to implement the location based reminder isbased on a single smart device. The user stores all remindermessages and associated reminder locations in the smartdevice. The smart device periodically queries the localizationsensor to detect the user’s current location. If the user is withinthe reminder distance, the smart device alerts the user and

Zhao, Li and Xue are all affiliated with Arizona State University, Tempe,AZ 85287. Email: {zhao.xinxin, li.lingjun, xue}@asu.edu. This research wassupported in part by ARO grant W911NF-12-1-0470, and NSF grant 1217611.The information reported here does not reflect the position or the policy ofthe federal government.

pops out the reminder message on the screen. This approachis easy to implement and relatively secure regarding users’ pri-vacy. However, the synchronization between a user’s differentsmart devices is hard to implement using this approach. Forexample, if the user sets a reminder using a tablet when sheis browsing the Internet at home, she may want the reminderto automatically appear on her smartphone when she is outtaking with it.

Due to the development of cloud service, many companiesuse the cloud to synchronize users’ personal data, includingreminders. A typical example is iCould, which can synchro-nize users’ data between their iDevices. A user can add areminder on her iPad, and upload an encrypted copy to iCloud.iCloud pushes the copy to the user’s other devices, such asiPhone or iTouch. In this way, the user can get the reminderfrom whichever device she takes with her. The disadvantage ofthis approach is that multiple copies exist in different devices.Thus, it wastes local storage space and users’ cellular datausage. If the reminder message is of large size, the storageoverhead would be considerable. In addition, if a smart devicehas been offline for a long time, it will take a long time tosynchronize the reminders when it is online again.

Reminder distance

Reminder areaReminder

location

add a reminder

current location

Fig. 1. An illustration of cloud assisted location based reminder system

It is desirable to keep just one copy of all reminders on thecloud server, which pushes the reminder message to the user’ssmart device only when it is within the reminder distance. Wecall this kind of reminder system cloud-assisted location basedreminder system, which is illustrated in Figure 1. As shown inFigure 1, the reminder area is a disc centered at the reminderlocation. A user adds a new reminder in any of her smartdevices, which uploads the reminder to the cloud server. Theuser’s smart devices periodically send their current locations tothe cloud server. If any device appears in the reminder area, thecorresponding reminder message is pushed to it, e.g., in Figure

IEEE ICC 2014 - Communication and Information Systems Security Symposium

978-1-4799-2003-7/14/$31.00 ©2014 IEEE 1011

1, the reminder message is pushed to the user’s smartphoneonce it is in the reminder area.

In this paper, we propose a secure and efficient locationbased reminder system, in which the cloud server is ableto determine whether a user is around the reminder areawithout learning anything of the user’s location information.The reminder messages are also stored in the cloud serverin the form of ciphertext. We propose a novel reminder arearepresentation method. We divide the earth into small squares,each of which has a unique ID. Centered at the reminderlocation, we use a east-west direction bar to represent thereminder area. We also use a north-south direction bar torepresent a user’s current location area. The two bars are ofthe same length and divided into squares. This representationsaves a large storage space and computation time for bothusers and the cloud server.

The contributions of our paper are as follows.• We propose a secure and efficient location based reminder

system. In our system, users’ location privacy and re-minder message confidentiality are preserved.

• We propose an efficient area representation method.• We propose to use bloom filter for the cloud server to

test whether a user is around the reminder area or not.The use of bloom filter saves a large storage space forthe cloud server.

The rest of our paper is organized as follows. We reviewthe area of location privacy in Section II. We formulate ourproblem in Section III. In Section IV, we present our systemconstruction and give our system analysis in Section V. Weshow our simulation results in Section VI and conclude ourwork in Section VII.

II. RELATED WORK

Location privacy is becoming a hot topic in recent years.In previous studies, location privacy mainly focused on loca-tion based service (LBS), in which the mobile device sendsqueries to the server, and the server returns the correspondinginformation regarding the query content. An extensive workabout location privacy was based on K-anonymity model [14],[15]. In previous K-anonymity approaches, a user’s query isfirst relayed by a third trusted party. The third trusted partydoes not relay the user’s query once it receives it. Instead,it will wait until K different queries are collected from thesame area. In this way, the server could not tell which querycomes from which user. The assumption that the third partyis fully trusted becomes the security weakness of this kind ofapproach. Kalnis et al. [7] pointed out that in certain scenariosthe K-anonymity approach leaks private location informationto malicious entities.

To overcome the aforementioned disadvantages, a new classof location privacy protection approaches were proposed,which were known as transformation based approaches. In[8], Khoshgozaran and Shahabi proposed to use an one-waytransformation to encode the location query and the objectspace. The query is evaluated in the transformed space suchthat users’ location privacy is preserved. Their approaches

do not rely on a trusted third party, but may have errors inscenarios that require exact results.

Some other works were proposed to preserve the locationprivacy by using private information retrieval (PIR) [3]. Hen-gartner proposed an architecture which utilized PIR and trustedcomputing to protect users’ location privacy [6]. However,the proposed architecture is not implemented yet. Ghinitaet al. used computational PIR to enable private evaluationof the nearest neighbour queries [4]. However, the heavycomputational overhead of the underlying PIR scheme makesthe approach unsuitable for a smart device. A fast PIR basedlocation privacy scheme was proposed by Khoshgozaran et al.[9]. Their scheme requires a tamper-resistant trusted hardwareinstalled close to the server, which makes the scheme lesspractical.

As far as we know, Zhao et al. was the first to study theprivacy issue in location based reminder [18]. They proposeda secure location based reminder system. In their scheme,they divide the earth into small squares and use crosses torepresent the reminder area and the user’s current location area.Searchable symmetric encryption was used in their system toreduce inequality testing to equality testing.

III. PROBLEM FORMULATION

In this section, we present our system model, threat model,and design goals.

A. System Model and Threat Model

Our system consists of a cloud server S and multiple users.Since all the interactions are between a user and S, we use u todenote any user interacting with S. A user u may have multiplesmart devices (e.g., tablet, smartphone, etc.). All the devicesshare the same account so that the user could convenientlymanage all her devices. When user u enrolls in a remindersystem, she chooses a reminder distance du, and a parameterau. She also chooses secret keys for the hash functions used inour system, which we will elaborate in the following sections.The reminder area is a disc centered at the reminder locationwith radius du. If user u adds a reminder in any of her device,the device should be able to upload the encrypted reminder toS. User u may have multiple reminders stored on S. She maytake any of her devices when she is out. When a user passesby the marked location with one of her devices, S is able topush the correct reminder message to this device, and alert theuser. In our work, we only focus on the privacy protection ofthe location based reminder. Time based reminder is out ofscope of our paper.

The cloud server S in our paper is considered to be honestbut curious. S honestly follows the protocol execution. At thesame time, it may be curious about users’ location information.It may collect all messages transmitted between itself andusers, analyze them, and try to infer users’ location privacy.Our system is distributed and does not rely on a trusted thirdparty. In our paper, we assume that users’ smart devices arenot hacked by malicious applications. Malicious applicationdetection in mobile devices is studied by [10], [12] and is ourof scope of our paper.


1012

B. Design GoalsIn summary, our system should achieve the following design

goals.• Location Privacy: The cloud server should not know

users’ reminder locations and should not be able to trackusers;

• Reminder Confidentiality: The cloud server should not beable to access reminder messages;

• Efficiency: The system should be efficient in computation,cellular data usage, and space consumption;

• Workability: The cloud server should be able to checkwhether the user is around the reminder area and sendcorresponding reminder messages;

• Responsiveness: A user’s device should not need tosynchronize in order to receive reminders from the cloudserver, even when the device has been offline for a longtime.

IV. SYSTEM CONSTRUCTION

In this section, we describe our system constructions. First,we demonstrate a novel reminder area representation method.Next, we introduce to use bloom filter for private locationmatch and present the details of our system construction.

A. A Novel Area RepresentationFollowing the similar idea as that in [11], we tessellate the

earth into squares, which was introduced in our previous work[18]. The tessellation forms a grid on the earth. We use Gu todenote the grid mapped on the plane. Gu consists of squareswith the side length au which is defined by user u. Each squarehas a unique ID and we use id(x,y) to denote the square that thelocation (x, y) locates. Since a reminder area is a disc consistsof numerous points, a challenge here is to find an approach torepresent the disc using a finite number of location points.

We try to find an area representation method that reducesthe space consumption while keeping the inaccuracy small.Our idea is to use a horizontal bar to represent the reminderarea, and use a vertical bar to represent the user’s currentlocation area, as shown in Figure 2. The bar is divided into2(ddu/aue)+1 squares in the tessellation and is centered at thesquare where the interested location (reminder location or cur-rent location) locates. Given a location (x, y), we use id i,∗(x,y),i = ±1,±2, · · · ,±(ddu/aue) to denote i-th square identifierto the east/west (negative numbers denote the west direction)of square id(x,y), and id ∗,i(x,y) i = ±1,±2, · · · ,±(ddu/aue) todenote the i-th square identifier to the north/south (negativenumbers denote the south direction) of square id(x,y). All thesquares in the bar, i.e., the shaded squares in Figure 2, arecalled valid squares with respect to (x, y).

We use two different procedures to create valid squareidentifier sets regarding the reminder location and the user’scurrent location. Given a location (x, y), a reminder distancedu, and a square side length au, we use Procedure 1 if (x, y)is the reminder location, otherwise we use Procedure 2.

Using valid square identifier sets, we can test whetherthe distance between two locations (x′, y′) and (x, y) issmaller than or equal to du or not. We generate two different

N

ddu/aue

au

reminder location

current location

Fig. 2. Using cross to represent an area

Procedure 1: CreateHorizontalBar(x, y)Data: location (x, y)Result: ID(x,y), the set of square identifiers on the

east-west direction bar centered at (x, y)ID(x,y) ← ∅;ID(x,y) ← ID(x,y) ∪ {id(x,y)};for i← 1 to ddu/aue doID(x,y) ← ID(x,y) ∪ {id i,∗(x,y), id

−i,∗(x,y)};

endreturn ID(x,y)

square identifier sets ID(x′,y′) and ID(x,y) with respect to(x′, y′) and (x, y), respectively, and test whether they have anyintersection. If they do not have intersections, the user’s currentlocation is definitely not in the reminder area, otherwise theuser retrieves the ciphertext of the intersected square from thecloud server, decrypts it, and calculates the distance betweenthe reminder location and her current location. If the two barshave an intersection, it does not necessarily mean that theuser’s current location is in the reminder area. We use Figure3 to show three cases of bar intersections. We use a bluepoint to denote the reminder location (x, y) and a red point todenote the user’s current location (x′, y′). After the distancecalculation, the user retrieves the corresponding remindermessage from the cloud server if the distance between (x, y)and (x′, y′) is less than or equal to du.

B. Toward Private Location MatchIn a desired secure location based reminder system, the

cloud server performs a private location match without know-ing anything about users’ location information. We propose touse bloom filter [1] for this purpose. Bloom filter is a space-efficient randomized data structure for representing a set inorder to support membership queries [2]. Suppose we want to

Procedure 2: CreateVerticalBar(x, y)Data: location (x, y)Result: ID(x,y), the set of square identifiers on the

north-south direction bar centered at (x, y)ID(x,y) ← ∅;ID(x,y) ← ID(x,y) ∪ {id(x,y)};for i← 1 to ddu/aue doID(x,y) ← ID(x,y) ∪ {id ∗,i(x,y), id

∗,−i(x,y)};

endreturn ID(x,y)


1013

d > du

du

(a)

d > du

(b)

d < du

(c)

Fig. 3. Three cases of bar intersections

use a M -bit bloom filter for a data set with Num elements{di}Numi=1 . The initial bits of the bloom filter are all set to 0.We choose t hash functions {hj(·)}tj=1, with each output ofthe hash function in the range of 1−M . For each element di,we compute the hash values {hj(di)}tj=1, and set the hj(di)-th component of the bloom filter to bit 1. To check if anelement e is in the set {di}Numi=1 , we compute t hash values{hj(e)}tj=1, and check if all t bits at index {hj(e)}tj=1 is 1.If it is, e is in the data set with a large probability, otherwise,we can make sure that e is definitely not in the data set.

Assume the reminder location is (x, y), for each id ∈ID(x,y), the user computes its hash values {hj(id)}tj=1, andsends them to the server. The server sets all the components atindex {hj(id)}tj=1 to bit 1. The user periodically uploads thehash values regarding her current location to the server, whichsearches in the bloom filter to find if there is any match, i.e. theintersection of the two bars representing the user’s reminderarea and current location area, respectively. If a match is found,the server sends the encrypted reminder location to the user,who will decrypts the ciphertext, and calculates the distancebetween the reminder location and her current location. If thedistance is less than or equal to the reminder distance, the userretrieves the corresponding reminder message from the server.

C. System Construction

In this section, we give the details of our system construc-tion.

We assume that the number of a user’s active remindersis no more than N . For example, it is difficult for a personto handle 500 reminders at the same time. While using adynamic bloom filter [5] is able to enhance the space efficiencyand dynamically respond to the user’s increasing demands, wewould like to focus on comparing the usage of bloom filtersand that of searchable encryptions for secure location basedreminder system in this paper.

Procedure 3: CreateIndexSets(ID(x,y))

Data: a set of square identifiers ID(x,y)

Result: a set of index sets I, each element of I is a setof indices

I ← ∅;foreach id ∈ ID(x,y) doIid = {hi(id)}ti=1; // hi(x) = h(x||ki) mod Mrandomly permutes the elements of Iid;I ← I ∪

{Iid}

;endrandomly permutes the elements of I ; // eachelement is a setreturn I

For a specific user u, given the reminder distance du andthe square side length au, the number of square IDs in abar is 2ddu/aue + 1. The capacity, in terms of reminders,of the bloom filter is the number of reminders it can holdwhile the false positive probability is less than a designatednumber. Since the more elements stored in the bloom filter,the greater probability a collision happens in the bloom filter,to reduce the error probability, we need to restrict the capacityof the bloom filter. Assume the capacity of the bloom filteris N . The bloom filter array size is M . Each componentof the bloom filter is a tuple < b,R >, where b is a bitdenoting whether the component is set and R is a set ofreferences associated with the component. Given a reference,the server can locate the ciphertext of the reminder locationand reminder message. To construct t hash functions, a usergenerates t hash keys k1, · · · , kt, where each key is a randomnumber. A hash function is constructed as: hi(x) = h(x||ki)mod M , i = 1, · · · , t. Our construction mainly consists ofthree protocols, location marking protocol, location searchprotocol, and removing reminder protocol. They are shownin Figure 4, Figure 5, and Figure 6, respectively. We useProcedure 3 to create index set for the bloom filter.

User u marks location (x, y) as a reminder location with areminder message Msg. u also secretly maintains a vectorof hash function secret keys {k1, k2, · · · , kt}. u chooses asymmetric encryption key k and keeps it secret.

1) u creates a horizontal bar set ID(x,y) ←CreateHorizontalBar(x,y). u generates a set of indexsets I ← CreateIndexSets

(ID(x,y)

).

2) Using the symmetric encryption system, u encryptsthe reminder location as C1 = Enck(x||y) and thereminder message as C2 = Enck(Msg). The userassembles them together to form a ciphertext tupleC =< C1, C2 >. User u sends < C, I > to theserver.

3) Upon receiving < C, I > from user u, the serverstores C and obtains a reference rC to the storedlocation. For each index set Ii ∈ I and each elementindj ∈ Ii, the server sets Bu[indj ].b ← 1 and putsrC into the associated reference set Bu[indj ].R ←{rC} ∪Bu[indj ].R.

Fig. 4. Location Marking Protocol

V. SYSTEM ANALYSIS

A. Security side

The secret keys for hash functions is randomly selected bya user and kept secret in the user’s local storage. The hashvalues will then be converted into the residue system moduloM . Because the bloom filter size M is far smaller than theoutput of the hash function h(·), the server has no way todetermine the original hash value. The user randomly permuteseach Iid so that linking the hash value back to the secret hashkey becomes more difficult for the server. Therefore, the servercannot recover the square identifier from the index set Iid. The


1014

User u checks if a given location (x, y) is in any of herexisting reminder area and fetches the reminder message.

1) User u constructs a vertical bar set ID(x,y) ←CreateVerticalBar(x, y) and generates a set of indexsets I ← CreateIndexSets

(ID(x,y)

). User u sends I

to the server.2) Upon receiving I from user u, the server performs as

follows for each Ii ∈ I• Checks if

∧indj∈Ii

Bu[indj ].b = 1.

• If no such Ii exists, informs user u. If it is truefor some Ii, calculates set intersection R∗ =⋂indj∈Ii Bu[indj ].R, retrieves the first part of ev-

ery referenced ciphtertext tuples C1 = {< C1, rC >|C =< C1, ∗ > and rC ∈ R∗}, and sends C1 to u.

3) Upon receiving C1, user u decrypts each element toget a location coordinate tuple L = {< (x′, y′), rC >|(x′, y′) = Deck(C1)and < C1, rC >∈ C1}. Thedecryption to a coordinate tuple is possible becauseeach coordinate is of fixed bit size. User checks thedistance between each pair of (x, y) and (x′, y′), andobtains the valid reminder references R′ = {rC | <(x′, y′), rC >∈ L and (x− x′)2 + (y− y′)2 ≤ d2u}. usends R′ to the server.

4) Upon receiving R′, the server retrieves the ciphertext{C|rC ∈ R′} and sends back to the user. The useruses her secret key k to recover the reminder message.

Fig. 5. Location Search Protocol

Given a reminder location (x, y) and reference rC , removethe relevant reminder information stored on the server.

1) User u constructs a horizontal bar set ID(x,y) ←CreateHorizontalBar(x, y), generates a set of indexsets I ← CreateIndexSets

(ID(x,y)

), and sends <

I, rC > to the server.2) Upon receiving < I, rC > from the user, the server

delete the ciphtertext tuple stored at rC . For each Ii ∈I and each indj ∈ Ii, the server removes rC fromB[indj ].R. If B[ind].R becomes empty, the serversets B[ind].b← 0.

Fig. 6. Removing Reminder Protocol

user also randomly permutes among index sets, i.e. Iid’s inI, so that the server cannot learn the relationship between anytwo squares.

All the messages are encrypted using a symmetric keyencryption cryptosystem. The server cannot learn the contentbecause the encryption key k is kept secret by the user.The user should use CBC mode encryption such that thereplacing or modifying of any block of the ciphertext will fail.Furthermore, the user can employ CCA2 secure symmetrickey encryption system [17] to provide more protection to thereminder message.

Early match problem: We call the case that two barshave an intersection while the distance between the reminderlocation and the user’s current location is greater than du as

early match. All points in a (2d + a) × (2d + a) rectanglecentered at id(x,y) may trigger a match and a follow updecryption. However, the desired reminder area is a platecentered at the reminder location. So the early match areais (2du + au)

2 − πd2u. The early match probability is 1 −π

2+(au/du). Given a reminder distance du, the smaller au is

the less probably early match happens. However, a smaller auwill cause more computation during the location marking andsearch, as well as the server side storage.

Given the maximum reminder number N , the expectedmaximum of squares stored in the bloom filter is Ns =N ·(2ddu/aue+1). To achieve a false alarm probability P , thebloom filter size is given by M = Ns lnP

(ln 2)2 and the desirablehash key number is t = M

Nsln 2 [16]. A typical usage is to set

remind distance as 1, 000 meters and the square length as 20meters. If the maximum number of reminders is N = 500, wewill have 25000 elements to be stored in the bloom filter.

If we set P = 1%, we have M = 23, 963 < 3KB andt = 7. A typical configuration of the reminder system in [18]contains a 160-bit ECC group a 80-bit symmetric key, whichgives lg = 160 and le = 80. A typical server storage overheadis (400 + rC)(4Au + 1)n, where Au = ddu/aue.

To compare the work in this paper and the work in [18],the computation overhead on the user side is to compute theindex set, computing either pseudo-random numbers as in [18]or hash functions in this paper. To index a square in [18], weneed to do a hash operation, a group exponentiation, and asymmetric encryption, while we just need to do t hash opera-tions in this paper. If we take the hash operations equivalent toa group multiplication mul in terms of the computation time,we have the overall user indexing time in Table I. A fast groupexponentiation takes O(lgmul) operations.

VI. SYSTEM SIMULATION

In this section, we evaluated the performance of the pro-posed system via simulation. A Motorola Droid smartphonewas used to simulate a user’s smart device and a MacbookPro was used to simulate the server. The Motorola Droid hasa 550MHz A8 processor, 256MB memory, and 16GB SDcard as an external storage. The Macbook Pro is equippedwith a 2.53GHz Intel Dual Core CPU and 4GB memory.We used C++ to implement the system and generated nativecode for the Android platform in order to get a low latency.The cryptographic library used in the implementation wasCrypto++ 5.6.1 and we ported it to the Android platform. Weused SHA-1 as the hash function in the system.

We did comparison experiments of the system in this paperwith the system proposed in [18]. The system in [18] is basedon the searchable encryption and was implemented on a 160bit ECC group [18]. For convenience, we denote the systemin [18] as SE and the system in our paper as BF, which isconstructed based on a bloom filter. Fixing a square side lengthas 20 meters and message size as 1024 bit, we collected thecomputation time that was used to mark a location, as thereminder distance increased from 500 meters to 3500 meters,with a 200-meter increment. Next, we fixed the reminderdistance on 1000 meters, changed the message size from 5M


1015

TABLE IOVERHEAD COMPARISON

server storage user indexing time server matching timeRemindU M + (2Au + 1)nt · lr‡ O((2Au + 1)t · mul) O(2Au + 1)AsiaCCS (4Au + 1)n · (2lg + le + lr) ∗ O((4Au + 1)lg · mul) O((4Au + 1) logn)

‡lr is the bit size of a reference.∗lg and le are the ECC group size and the bit size of a key encryption, respectively.

0.01

0.05

0.20

1.00

5.00

Reminder distance

Inde

xing

tim

e fo

r a lo

catio

n

BFSE

500 1100 1700 2300 2900 3500

(a) Indexing time (y-axis is logscaled )

02

46

810

1214

Message Size

Inde

xing

tim

e fo

r a lo

catio

n

BFSE

5 10 20 30 40 50

(b) Marking with large messagesize

.1765

.1775

.1785

BFSE

.00028

.00029

.0003

Number of reminders

Sea

rch

time

for l

ocat

ion

50 250 450 650 850 1050 1250

(c) Searching time

Fig. 7. Comparison between SE system and BF system

bytes to 50M bytes, and recorded the execution time on theuser side. The results are shown in Figure 7(a) and 7(b),respectively. It is obvious that BF, denoted by blue lines, isefficient than SE on the user side, because for SE, the userneeds to generate a pseudo random number in computing aindex, while in BF, the user only calculates t hash values. Thepseudo random number generation involves an exponentiationwhich is computationally expensive. The time for computingindices in BF is less than 0.07 seconds while in SE, thecomputation time is almost 5 seconds. When the size of thereminder message is large, in SE, the user usually costs 12seconds for computing indices while the time in BF increaseswith the message size.

Fixing the reminder distance as 1000 meters, square sidelength as 20 meters, and message size as 1024 bits, werecorded the time of searching a reminder after differentnumber of reminders (from 50 to 1250) were uploaded. Theexecution time in Figure 7(c) is the average time over 50searches. From Figure 7(c), we can see that the search time inSE is between 0.1765 seconds and 0.1785 seconds, while inBF, the server finished one search in less than 0.0003 time. Thedifference is remarkable because in SE, the server searchesamong n reminders, which costs O(log n) time. In BF, theserver searches one square in a short time, by only comparing thash values and t is usually small, e.g. t = 7 in our experiment.

VII. CONCLUSIONS

In this paper, we have proposed a secure and efficient cloud-assisted location based reminder system. The cloud servercould preform a private search on users’ reminder locationswithout knowing anything about users’ location information.We have presented an efficient area representation methodwhich saves a large storage space and computation time forboth users and the cloud server.

REFERENCES

[1] B. H. Bloom, “Space/time trade-offs in hash coding with allowableerrors,” Commun. ACM, vol. 13, no. 7, pp. 422–426, 1970.

[2] A. Broder and M. Mitzenmacher, “Network applications of bloom filters:A survey,” Internet Mathematics, vol. 1, no. 4, pp. 485–509, 2004.

[3] B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan, “Private informa-tion retrieval,” Journal of the ACM (JACM), vol. 45, no. 6, pp. 965–981,1998.

[4] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, “Pri-vate queries in location based services: anonymizers are not necessary,”in SIGMOD Conference, 2008, pp. 121–132.

[5] D. Guo, J. Wu, H. Chen, Y. Yuan, and X. Luo, “The dynamic bloomfilters,” IEEE Trans. Knowl. Data Eng., vol. 22, no. 1, pp. 120–133,2010.

[6] U. Hengartner, “Hiding location information from location-based ser-vices,” in MDM, 2007, pp. 268–272.

[7] P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias, “Preservinganonymity in location based services,” National University of Sigapore,Tech. Rep., 2006.

[8] A. Khoshgozaran and C. Shahabi, “Blind evaluation of nearest neighborqueries using space transformation to preserve location privacy,” inSSTD, 2007, pp. 239–257.

[9] A. Khoshgozaran, C. Shahabi, and H. Shirani-Mehr, “Location privacy:going beyond k-anonymity, cloaking and anonymizers,” Knowl. Inf.Syst., vol. 26, no. 3, pp. 435–465, 2011.

[10] L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, “Chex: statically vettingandroid apps for component hijacking vulnerabilities,” in Proceedingsof the 2012 ACM CCS. ACM, 2012, pp. 229–240.

[11] A. Narayanan, N. Thiagarajan, M. Lakhani, M. Hamburg, and D. Boneh,“Location privacy via private proximity testing,” in Proc. of NDSS, vol.2011, 2011.

[12] H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru,and I. Molloy, “Using probabilistic generative models for ranking risksof android apps,” in Proceedings of the 2012 ACM conference onComputer and communications security. ACM, 2012, pp. 241–252.

[13] R. Shokri, G. Theodorakopoulos, J.-Y. L. Boudec, and J.-P. Hubaux,“Quantifying location privacy,” in IEEE Symposium on Security andPrivacy, 2011, pp. 247–262.

[14] L. Sweeney, “Achieving k-anonymity privacy protection using general-ization and suppression,” International Journal of Uncertainty, Fuzzinessand Knowledge-Based Systems, vol. 10, no. 5, pp. 571–588, 2002.

[15] ——, “k-anonymity: A model for protecting privacy,” InternationalJournal of Uncertainty, Fuzziness and Knowledge-Based Systems,vol. 10, no. 5, pp. 557–570, 2002.

[16] S. Tarkoma, C. E. Rothenberg, and E. Lagerspetz, “Theory and practiceof bloom filters for distributed systems.” IEEE Communications Surveysand Tutorials, vol. 14, no. 1, pp. 131–155, 2012.

[17] J. T. Trostle, “Chosen ciphertext secure (ccs): Stateful symmetric keycca encryption with minimal ciphertext expansion,” IACR CryptologyePrint Archive, vol. 2013, p. 269, 2013.

[18] X. Zhao, L. Li, and G. Xue, “Secure cloud-assisted location basedreminder,” in ASIACCS, 2013, pp. 323–328.


1016

RemindU: A Secure and Efficient Location Based Reminder...

Documents

Transcript of RemindU: A Secure and Efficient Location Based Reminder...