Revisiting a Privacy-Preserving Location-based Service Protocol using Edge Computing

Abstract

Location-based services are getting more popular day by day. Finding nearby\nstores, proximity-based marketing, on-road service assistance, etc., are some\nof the services that use location-based services. In location-based services,\nuser information like user identity, user query, and location must be\nprotected. Ma et al. (INFOCOM-BigSecurity 2019) proposed a privacy-preserving\nlocation-based service using Somewhat Homomorphic Encryption (SHE). Their\nprotocol uses edge nodes that compute on SHE encrypted location data and\ndetermines the $k$-nearest points of interest contained in the Location-based\nServer (LBS) without revealing the original user coordinates to LBS, hence,\nensuring privacy of users locations. In this work, we show that the above\nprotocol by Ma et al. has a critical flaw. In particular, we show that their\nsecure comparison protocol has a correctness issue in that it will not lead to\ncorrect comparison. A major consequence of this flaw is that straightforward\napproaches to fix this issue will make their protocol insecure. Namely, the LBS\nwill be able to recover the actual locations of the users in each and every\nquery.\n