基于指纹识别的定位是最流行的室内定位方法.在离线阶段,服务器测量指纹,比如来自特定空间已知位置的不同接入点(AP)的接收信号强度(RSS),测量后服务器将测量结果保存在数据库中;在线上阶段,用户同时向服务器发送他当前指纹的测量结果以及位置查询请求,服务器将在数据库中查找与测量结果最接近的指纹.虽然这种方法已经被研究了很久,但现有的工作并没有考虑2个隐私要求:供应商希望保护他们花大代价收集的指纹,用户想要对服务器保留他们的指纹测量结果,以避免泄漏位置.为了实现隐私保护,本文提出一种使用加密技术的指纹匹配方案,这个方案在加密情况下计算由用户测量的指纹与服务器存储的指纹的距离,服务器存储的指纹在这一过程中仍处于密文空间.本文证明了这个方案在进行单点定位时能够很好地保证两者的隐私要求.为了减少高昂的时间开销,本文还提出了一个基于网格划分的改进方案,以及以有限的隐私损失为代价的扩展方案.为加强安全性,最后提出了有效对抗特定攻击的对策,在这种攻击中恶意用户可以通过重复定位获得服务器存储的指纹.使用公众RSS指纹数据集的扩展实验结果显示本文方案足以在实现实时定位的同时保留定位精度.
Fingerprinting-based localization is one of the most popular indoor localization approaches.In the offlinephase,the service provider measures the fingerprint, i. e., receives signal strength( RSS) samples from variousaccess points(APs) at a number of knownlocations in the target space and stores them in a database.In the onlinephase,a user sends his location query with his current fingerprint measurement to the server,which will search forthe closest fingerprintin the database.Although this approach has been studied for a long time,no existing work con-siders the privacy requirements for the two sides:the provider wants to protect thecollected fingerprints against theusers;while the users want to protect their fingerprint measurements against the service provider to avoid location-leaking.In this paper,we aim to protect the privacy of the users and the service provider at the same time.We pro-pose a privacy-preserving fingerprint matching scheme which uses a cryptographic technique to compute the distance between the fingerprint measured by the user and the fingerprints in the database within the ciphertext space.Weshow that it well guarantees the privacy requirement of both the two sides in a single localization.To reduce its timeoverhead,we then present an improved scheme based on the grid division as well as three extensions at the cost oflimited privacy loss.To enhance its security,we finally present an effective countermeasure against a special attackleveraging which malicious users could revealfingerprints on the server through repeated localizations.The extensiveexperiments with a public RSS-fingerprint dataset show that our proposal is fast enough for realtime localization andpreserve the localization precision at the same time.