LNCS 10039 Xingming Sun · Alex Liu Han-Chieh Chao · Elisa Bertino (Eds.) Cloud Computing and Security Second International Conference, ICCCS 2016 Nanjing, China, July 29–31, 2016 Revised Selected Papers, Part I 123 Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zurich, Switzerland John C Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany 10039 More information about this series at http://www.springer.com/series/7409 Xingming Sun Alex Liu Han-Chieh Chao Elisa Bertino (Eds.) • • Cloud Computing and Security Second International Conference, ICCCS 2016 Nanjing, China, July 29–31, 2016 Revised Selected Papers, Part I 123 Editors Xingming Sun University of Information Science and Technology Nanjing China Alex Liu Michigan State University East Lansing, MI USA Han-Chieh Chao National Dong Hwa University Shoufeng Taiwan Elisa Bertino Purdue University West Lafayette, IN USA ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notes in Computer Science ISBN 978-3-319-48670-3 ISBN 978-3-319-48671-0 (eBook) DOI 10.1007/978-3-319-48671-0 Library of Congress Control Number: 2016955502 LNCS Sublibrary: SL3 – Information Systems and Applications, incl Internet/Web, and HCI © Springer International Publishing AG 2016 This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland Preface This volume contains the papers presented at ICCCS 2016: the Second International Conference on Cloud Computing and Security held during July 29–31, 2016, in Nanjing, China The conference was hosted by the College of Computer and Software at the Nanjing University of Information Science and Technology, who provided the wonderful facilities and material support We made use of the excellent EasyChair submission and reviewing software The aim of this conference is to provide an international forum for the latest results from research, development, and applications in the field of cloud computing and information security This year we received more than 270 submissions from 15 countries and regions, including USA, UK, France, Australia, Ireland, South Korea, South Africa, India, Iraq, Kazakhstan, Indonesia, Vietnam, Ghana, China, and Taiwan Each submission was allocated to three Program Committee (PC) members and each paper received on average of three reviews The committee decided to accept 97 papers The program also included ten distinguished talks: “A Bacteria-Inspired Solution for 5G Mobile Communication” by Prof Han-Chieh Chao, National Dong Hwa University, Taiwan; “Flow-Net Accountable Logging and Applications” by Dr Yang Xiao, University of Alabama, USA; “Security and Privacy in Cloud Computing: Challenges and Opportunities” by Prof Yang Xiang, Deakin University, Australia; “Internet of Vehicles: When Cloud Computing Meets Intelligent Transport Systems” by Prof Yan Zhang, Simula Research Laboratory and University of Oslo, Norway; “Children’s Privacy Protection Engine for Smart Anthropomorphic Toys” by Prof Patrick C K Hung, University of Ontario Institute of Technology (UOIT), Canada; “Bioinformatics and Cloud Computing” by Dr Zemin Ning, Wellcome Trust Sanger Institute, UK; “Towards Smart and Secure Connected Health” by Dr Honggang Wang, University of Massachusetts Dartmouth, USA; “Semantic Searchover Encrypted Cloud Data” by Dr Zhangjie Fu, Nanjing University of Information Science and Technology, China; “Coverless Information Hiding Method Based on the Text Big Data” by Dr Xianyi Chen, Nanjing University of Information Science and Technology, China We would like to extend our sincere thanks to all authors who submitted papers to ICCCS 2016, and all PC members It was a truly great experience to work with such talented and hard-working researchers We also appreciate the external reviewers for assisting the PC members in their particular areas of expertise Finally, we would like to thank all attendees for their active participation and the organizing team who nicely managed this conference We look forward to seeing you again at next year’s ICCCS July 2016 Xingming Sun Alex Liu Han-Chieh Chao Elisa Bertino Organization General Chairs Xingming Sun Alex Liu Han-Chieh Chao Elisa Bertino Nanjing University of Information Science and Technology, China Michigan State University, USA National Dong Hwa University, Taiwan University of Purdue, USA Technical Program Committee Chairs Chin-Feng Lai Yang Xiao Yun Q Shi Jian Shen National Chung Cheng University, Taiwan University of Alabama, USA New Jersey Institute of Technology, USA Nanjing University of Information Science and Technology, China Technical Program Committee Saeed Arif Zhifeng Bao Hanhua Chen Jie Chen Xiaofeng Chen Ilyong Chung Jintai Ding Zhangjie Fu Jinguang Han Mohammad Mehedi Hassan Debiao He Wien Hong Qiong Huang Xinyi Huang Yongfeng Huang Zhiqiu Huang Patrick C.K Hung Hai Jin Sam Tak Wu Kwong University of Algeria, Algeria Royal Melbourne Institute of Technology University, Australia Huazhong University of Science and Technology, China East China Normal University, China Xidian University, China Chosun University, South Korea University of Cincinnati, USA Nanjing University of Information Science and Technology, China Nanjing University of Finance and Economics, China King Saud University, Saudi Arabia Wuhan University, China Nanfang College of Sun Yat-Sen University, China South China Agricultural University, China Fujian Normal University, China Tsinghua University, China Nanjing University of Aeronautics and Astronautics, China University of Ontario Institute of Technology, Canada Huazhong University of Science and Technology, China City University of Hong Kong, SAR China VIII Organization Sungyoung Lee Jiguo Li Kuan-Ching Li Xiangyang Li Yangming Li Quansheng Liu Zhe Liu Junzhou Luo Yonglong Luo Sangman Moh Yi Mu Zemin Ning Shaozhang Niu Jeff Z Pan Wei Pang Rong Peng Jiaohua Qin Yanzhen Qu Kui Ren Shengli Sheng Robert Simon Sherratt Jianyong Sun Tsuyoshi Takagi Xianping Tao Yoshito Tobe Pengjun Wan Jian Wang Honggang Wang Liangmin Wang Xiaojun Wang Q.M Jonathan Wu Shaoen Wu Zhihua Xia Yang Xiang Naixue Xiong Aimin Yang Ching-Nung Yang Ming Yang Qing Yang Xinchun Yin Yong Yu Kyung Hee University, South Korea Hohai University, China Providence University, Taiwan, China Illinois Institute of Technology, USA University of Washington, USA University of South Britanny, France University of Waterloo, Canada Southeast University, China Anhui Normal University, China Chosun University, South Korea University of Wollongong, Australia Wellcome Trust Sanger Institute, UK Beijing University of Posts and Telecommunications, China University of Aberdeen, UK University of Aberdeen, UK Wuhan University, China Central South University of Forestry and Technology, China Colorado Technical University, USA State University of New York, USA University of Central Arkansas, USA University of Reading, UK University of Greenwich, UK Kyushu University, Japan Nanjing University, China Aoyang University, Japan Illinois Institute of Technology, USA Nanjing University of Aeronautics and Astronautics, China University of Massachusetts-Dartmouth, USA Jiangsu University, China Dublin City University, Ireland University of Windsor, Canada Ball State University, USA Nanjing University of Information Science and Technology, China Deakin University, Australia Colorado Technical University, USA Guangdong University of Foreign Studies, China National Dong Hwa University, Taiwan Southeast University, China Montana State University, USA Yangzhou University, China University of Electronic Science and Technology of China, China Organization Mingwu Zhang Wei Zhang Xinpeng Zhang Yan Zhang Yao Zhao Hubei University of Technology, China Nanjing University of Posts and Telecommunications, China University of Science and Technology of China, China Simula Research Laboratory, Norway Beijing Jiaotong University, China Organizing Committee Chairs Chih-Hsien Hsia Yingtao Jiang Eric Wong Zhangjie Fu Chinese Culture University, Taiwan University of Nevada at Las Vegas, USA University of Texas at Dallas, USA Nanjing University of Information Science and Technology, China Organizing Committee Xianyi Chen Zhiguo Qu Zhaoqing Pan Yan Kong Zhili Zhou Baowei Wang Zhihua Xia Nanjing University of Information and Technology, China Nanjing University of Information and Technology, China Nanjing University of Information and Technology, China Nanjing University of Information and Technology, China Nanjing University of Information and Technology, China Nanjing University of Information and Technology, China Nanjing University of Information and Technology, China Science Science Science Science Science Science Science IX Contents – Part I Information Hiding A Blind Image Watermarking Algorithm in the Combine Domain Qingtang Su Reversible Contrast Enhancement Zhenxing Qian, Xinpeng Zhang, Weiming Zhang, and Yimin Wang 18 On Improving Homomorphic Encryption-Based Reversible Data Hiding Xiaotian Wu, Zhuoqian Liang, Bing Chen, and Tong Liu 28 Coverless Information Hiding Method Based on Multi-keywords Zhili Zhou, Yan Mu, Ningsheng Zhao, Q.M Jonathan Wu, and Ching-Nung Yang 39 Reversible Data Hiding with Low Bit-Rate Growth in H.264/AVC Compressed Video by Adaptive Hybrid Coding Tian-Qi Wang, Hong-Xia Wang, and Yue Li 48 An Information Hiding Algorithm for HEVC Based on Differences of Intra Prediction Modes Qi Sheng, Rangding Wang, Anshan Pei, and Bin Wang 63 Improvement of Universal Steganalysis Based on SPAM and Feature Optimization Lei Min, LiuXiao Ming, Yang Xue, Yang Yu, and Wang Mian 75 Optimizing Feature for JPEG Steganalysis via Gabor Filter and Co-occurrences Matrices Bing Cao, Guorui Feng, and Zhaoxia Yin 84 Improved Separable Reversible Data Hiding in Encrypted Image Based on Neighborhood Prediction Shu Yan, Fan Chen, and Hongjie He 94 Fragile Watermarking with Self-recovery Capability via Absolute Moment Block Truncation Coding Ping Ji, Chuan Qin, and Zhenjun Tang 104 Schur Decomposition Based Robust Watermarking Algorithm in Contourlet Domain Junxiang Wang and Ying Liu 114 Outsourced Data Modification Algorithm with Assistance 405 one modification update, the computational cost will reduce further for the support of lazy update The final are the follow-up operations after user revocation In [29], (Y EXP + Y Pairing) are needed to update the corresponding Y authenticators last modified by the revoked user, while no operation is necessary in our algorithm for no write permission of assistants and the support of identity authentication, which makes attackers have no ability to imitate as a valid assistant 8.2 Communication Cost In our algorithm, the communication cost mainly comes from the common conference key generation among assistants, discussion of modification suggestion, and the inform of modification In the process of common conference key generation, vk 1ị Eji ẳ È É Dj ; ðCji Þei are transmitted in channel to cooperate with each other As for the discussion of modification suggestions among assistants, ðv À 1Þ groups of modification suggestions including the detailed modification information are sent from assistant i to the rest assistants After that, v Boolean values would be returned back to i The final is informing of modification, where only one encrypted modification suggestion would be transmitted in the whole process In summary, the communication complexity of our algorithm is O(vk) Conclusion In this paper, we propose a novel algorithm for dynamic update of data files in cloud, which employs several assistants to help error discovery and modification discussion We point out the shortcomings of the impractical scene that only data owner could participate in cloud data modification, and overcome the chaotic management of the scene with multiusers who possess both read and write permissions In our algorithm, assistants provide modification suggestions to data owner, and data owner is the only one who can update cloud data indeed Besides the orderly process of dynamic operations, our algorithm supports identity authentication, malicious assistant revocation, and lazy update as well Extensive numerical analysis validates the performance of our works Acknowledgments This work is supported by the National Science Foundation of China under Grant No 61300237, No U1536206, No U1405254, No 61232016 and No 61402234, the National Basic Research Program 973 under Grant No 2011CB311808, the Natural Science Foundation of Jiangsu province under Grant No BK2012461, the research fund from Jiangsu Technology & Engineering Center of Meteorological Sensor Network in NUIST under Grant No KDXG1301, the research fund from Jiangsu Engineering Center of Network Monitoring in NUIST under Grant No KJR1302, the research fund from Nanjing University of Information Science and Technology under Grant No S8113003001, the 2013 Nanjing Project of Science and Technology Activities for Returning from Overseas, the 2015 Project of six personnel in Jiangsu Province under Grant No R2015L06, the CICAEET fund, and the PAPD fund 406 J Shen et al References Mell, P., Grance, T.: The NIST definition of cloud computing Commun ACM 53(6), 50 (2011) Xiao, Z., Xiao, Y.: Security and privacy in cloud computing IEEE Commun Surv Tutor 15(15), 843–859 (2013) Dudin, E.B., Smetanin, Y.G.: A review of cloud computing Sci Tech Inf Process 38(38), 280–284 (2011) Zeng, W., Zhao, Y., Ou, K., Song, W.: Research on cloud storage architecture and key technologies In: Proceedings of the International Conference on Interaction Sciences: Information Technology, Culture and Human 2009, Seoul, Korea, 24–26 November, pp 1044–1048 (2009) Wang, Q., He, M., Du, M., Chow, S.S.M., Lai, R.W.F., Zou, Q.: Searchable encryption over feature-rich data IEEE Trans Dependable Secure Comput PP(99), (2016) doi:10.1109/ TDSC.2016.25934446 Buyya, R., Yeo, C.S., Venugopal, S., Broberg, J., Brandic, I.: Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility Future Gener Comput Syst 25(6), 599–616 (2009) Velte, T., Velte, A., Elsenpeter, R.: Cloud Computing, A Practical Approach McGraw-Hill, New York (2009) Yang, K., Jia, X.: Data storage auditing service in cloud computing: challenges, methods and opportunities World Wide Web-Internet Web Inf Syst 15(4), 409–428 (2011) Xiao, Z., Xiao, Y., Chen, H.: An accountable framework for sensing-oriented mobile cloud computing J Internet Technol 15(5), 813–822 (2014) 10 He, D., Zeadally, S., Kumar, N., Lee, J.: Anonymous authentication for wireless body area networks with provable security IEEE Syst J PP(99), 1–12 (2016) 11 Zhang, Q., Chen, Z., Len, Y.: Distributed fuzzy c-means algorithms for big sensor data based on cloud computing Int J Sens Netw 18(1/2), 32–39 (2015) 12 Ren, Y., Shen, J., Wang, J., Lee, S.: Mutual verifiable provable data auditing in public cloud storage J Internet Technol 16(2), 317–323 (2015) 13 Yuan, J., Yu, S.: Efficient public integrity checking for cloud data sharing with multi-user modification In: Proceedings of the IEEE International Conference on Computer Communication, pp 2121–2129 (2014) 14 Rakesh, J., Krishna, J.V.: A novel approach for secure data sharing in multi-owner groups in cloud Int J Comput Trends Technol 16(1), 20–23 (2014) 15 He, D., Zeadally, S.: Authentication protocol for ambient assisted living system IEEE Commun Mag 35(1), 71–77 (2015) 16 Baskar, H.: Fully secure and efficient data sharing with attribute revocation for multi-owner cloud storage Int J Adv Res Educ Technol 3(2), 835–838 (2015) 17 Wang, B., Li, H., Liu, X., Li, X., Li, F.: Preserving identity privacy on multi-owner cloud data during public verification Secur Commun Netw 7(11), 2104–2113 (2013) 18 Suba, J.: Multi owner data sharing with privacy preserving in cloud security mediator Int J Sci Res 3(3), 41–44 (2014) 19 Tasmiya, S.K., Kausar, F.: An efficient approach to share data in cloud with multi-owner groups Int J Comput Technol 1(3), 137–141 (2014) 20 Wang, G., Liu, Q., Wu, J., Guo, M.: Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers Comput Secur 30(5), 320–333 (2011) Outsourced Data Modification Algorithm with Assistance 407 21 Sun, D., Chang, G., Miao, C., Wang, X.: Modelling and evaluating a high serviceability fault tolerance strategy in cloud computing environments Int J Secur Netw 7(4), 196–210 (2012) 22 Femilshini, F., Ganeshkarthikeyan, V., Janani, S.: Privacy preserving revocation update protocol for group signature in cloud In: Proceedings of the IEEE International Conference on Engineering and Technology, pp 1–5 IEEE (2015) 23 Zagade, P., Yadav, S., Shah, A., Bachate, R.: Group user revocation and integrity auditing of shared data in cloud environment Int J Comput Appl 128(12), 22–25 (2015) 24 Yang, K., Jia, X.: An efficient and secure dynamic auditing protocol for data storage in cloud computing IEEE Trans Parallel Distrib Syst 24(9), 1717–1726 (2013) 25 Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing In: Backes, M., Ning, P (eds.) ESORICS 2009 LNCS, vol 5789, pp 355–370 Springer, Heidelberg (2009) 26 Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling public auditability and data dynamics for storage security in cloud computing IEEE Trans Parallel Distrib Syst 22(5), 847–859 (2011) 27 Wang, B., Li, B., Li, H.: Oruta: privacy-preserving public auditing for shared data in the cloud IEEE Trans Cloud Comput 2(1), 295–302 (2012) 28 Wang, B., Li, B., Li, H.: Public auditing for shared data with efficient user revocation in the cloud In: Proceedings of the 32nd IEEE International Conference on Computer Communication, Turin, Italy, pp 2904–2912 (2013) 29 Yuan, J., Yu, S.: Public integrity auditing for dynamic data sharing with multi-user modification IEEE Trans Inf Forensics Secur 10(8), (2015) 30 Green, M.: The threat in the cloud IEEE Secur Priv 11(1), 86–89 (2013) 31 Fu, Z., Ren, K., Shu, J., Sun, X., Huang, F.: Enabling personalized search over encrypted outsourced data with efficiency improvement IEEE Trans Parallel Distrib Syst (2015) doi:10.1109/TPDS.2015.2506573 32 Hu, S., Wang, Q., Wang, J., Qin, Z., Ren, K.: Securing SIFT: privacy-preserving outsourcing computation of feature extractions over encrypted image data IEEE Trans Image Process 25(7), 3411–3425 (2016) 33 He, D., Zeadally, S., Wu, L.: Certificateless public auditing scheme for cloud-assisted wireless body area networks IEEE Syst J PP(99), 1–10 (2015) 34 Shen, J., Tan, H., Wang, J., Wang, J., Lee, S.: A novel routing protocol providing good transmission reliability in underwater sensor networks J Internet Technol 16(1), 171–178 (2015) 35 Santos, D., Nascimento, T., Westphall, C., Leandro, M., Westphall, C.: Privacy-preserving identity federations in the cloud: a proof of concept Int J Secur Netw 9(1), 1–11 (2014) 36 Khorshed, M.T., Ali, A.B.M.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing Future Gener Comput Syst 28(6), 833–851 (2012) 37 Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Incio, P.R.M.: Security issues in cloud environments: a survey Int J Inf Secur 13(2), 113–170 (2014) 38 Soares, L.F.B., Fernandes, D.A.B., Gomes, J.V., Freire, M.M., Incio, P.R.: Cloud Security: State of the Art, Security, Privacy and Trust in Cloud Systems, pp 3–44 Springer, Heidelberg (2014) 39 Chraibi, M., Harroud, H., Maach, A.: Classification of security issues and solutions in cloud environments In: Proceedings of the International Conference on Information Integration and Web-Based Applications & Services ACM (2013) 40 Chen, Y., Paxson, V., Katz, R.H.: What’s new about cloud computing security Univ Calif Berkeley Rep 20(2010), 2010–2015 (2010) 408 J Shen et al 41 Ju, H.: Intelligent disaster recovery structure and mechanism for cloud computing network Int J Sens Netw 16(2), 70–76 (2014) 42 Barua, M., Liang, X., Lu, R., Shen, X.: ESPAC: enabling security and patient-centric access control for eHealth in cloud computing Int J Secur Netw 6(2/3), 67–76 (2011) 43 Boampong, P.A., Wahsheh, L.A.: Different facets of security in the cloud In: Proceedings of the 15th Communications and Networking Simulation Symposium Society for Computer Simulation International (2012) 44 Shen, J., Moh, S., Chung, I.: Identity-based key agreement protocol employing a symmetric balanced incomplete block design J Commun Netw 14(14), 682–691 (2012) 45 Xiao, Z., Xiao, Y.: Achieving accountable MapReduce in cloud computing Future Gener Comput Syst 30(1), 1–13 (2014) (Elsevier) 46 Lawal, B.: Incomplete block design In: Lawal, B (ed.) Applied Statistical Methods in Agriculture, Health and Life Sciences, pp 639–659 Springer International Publishing, Heidelberg (2014) 47 Lee, O., Yoo, S., Park, B., Chung, I.: The design and analysis of an efficient load balancing algorithm employing the symmetric balanced incomplete block design Inf Sci 176(15), 2148–2160 (2006) 48 Shen, J., Moh, S., Chung, I.: Enhanced secure sensor association and key management in wireless body area networks J Commun Netw 17(5), 453–462 (2015) 49 Xiao, Z., Xiao, Y.: Accountable MapReduce in cloud computing In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp 1082–1087 (2011) 50 Mbegbu, J.I.: Some designs from symmetric balanced incomplete block design J Niger Assoc Math Phy 17, 363–366 (2013) 51 Shen, J., Zheng, W., Wang, J., Zheng, Y., Sun, X.: An efficient verifiably encrypted signature from Weil pairing J Internet Technol 14(6), 682–691 (2012) Location Privacy Protected Recommendation System in Mobile Cloud Haiyan Guan(B) , Hongyan Qian, and Yanchao Zhao College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China {ghy nuaa,qhy98,yczhao}@nuaa.edu.cn Abstract As the core of location-based services (LBS), the LBSoriented recommendation systems, which suggest the points-of-interest (POIs) to users by analyzing the distribution of the user’s previous points-of-interest, have attracted great interest from both academia and industry Despite the convenience brought by the LBS-oriented recommendation systems, most of current systems require users to expose their locations, which give rise to a big concerning of the location privacy issues Meanwhile, as the defacto LBS infrastructure, the mobilecloud computing paradigm introduces new opportunities and challenges to solve the privacy issues in LBS-oriented recommendation systems To this end, we propose a novel location-privacy protected scheme for mobile-cloud based recommendation system The scheme consists of two parts (1) The server analyzes the user behavior pattern and then makes a list of sketchy recommendation, named as the recommended candidate list (2) Mobile phone downloads the recommended candidate list from the server and refines the recommendation by taking the current geographical position, current time and location popularity into consideration With the result from real data driven simulations, the scheme is proved to solve the problem of location privacy risks and improve the accuracy of recommendation Keywords: LBS-oriented recommendation system · Points-of-interest · Location-based social networks · Check-in data · Privacy risks Introduction Nowadays, the location based services (LBSs) have brought great convenience to improve the quality of life As the core of the LBSs, LBS-oriented recommendation is the task of suggesting unvisited POIs to the users and mining the potential customers for businesses effectively According to the user’s check-in history, LBS-oriented recommendation system makes analysis when and where the user prefers to go [1] Traditionally, most of the work endeavour to improve the accuracy of recommendation For example, Lian, et al exploited weighted matrix factorization for the task of sparse check-in data [2] Yin et al proposed c Springer International Publishing AG 2016 X Sun et al (Eds.): ICCCS 2016, Part I, LNCS 10039, pp 409–420, 2016 DOI: 10.1007/978-3-319-48671-0 36 410 H Guan et al a unified probabilistic generative model, Topic-Region Model (TRM), to simultaneously discover the semantic, temporal and spatial pattern of users’ check-in activities, and to model their joint effect on users’ decision-making for POIs [3] Although the accuracy of LBS-oriented recommendation system has been improved, the concern of privacy protection in location based services keeps rising Some recommendation systems require users to expose their current position to the server and recommend POIs based on users’ check-in history Hence, there are great risks of location privacy-leaking due to insecure transmission or compromised cloud end, as is shown in Fig Recently some of the works focus on protecting the location privacy while still provides the cloud services Jin et al in [4] proposed a user-centric device-cloud architecture for intelligently managing user data The architecture allowed users to keep the confidential data on their mobile devices and decided what to be shared with the service providers on the cloud which reduced the pressure on processing users’ information Some systems protected user privacy by using encryption, pseudonym, K-anonymity [5,6], or cache pushing [7] However, the state-of-the-art work have following limitations Firstly, most of these works ignore the location privacy issues in LBS-oriented recommendation system Secondly, the computation capacity of mobile devices has not been fully explored to achieve both high quality services and location privacy protection Meanwhile, the LBSs trend to be implemented in the mobile-cloud computing paradigm [8] This paradigm utilizes both the computation power of cloud end and mobile devices to achieve best performance by offloading certain computation Based on this paradigm, how to balance the recommendation system and achieve location privacy is still lack of research efforts To alleviate the above limitations, we propose a novel scheme to achieve the cloud-based LBS-oriented recommendation which is designed to solve the problem of location privacy risks and improve the accuracy of recommendation Our main contributions are summarized as following – We propose a location uploading-free recommendation system architecture which can still provide accurate recommendation results – We design a location-protected transport protocol by using k-anonymity, which introduced by Sweeney in [5] and the pseudonym in [9] to avoid the real information was leaked during transmission – We exploit a new algorithm by combining the temporal pattern, geographical correlation, categorical correlation and social influence to improve the accuracy of the recommendation The rest of this paper is organized as following We introduce the related work in Sect In Sect 3, the framework of our system is designed Then experiments on the kinds of datasets and the discussion of results are presented in Sect Section concludes this paper Location Privacy Protected Recommendation System in Mobile Cloud 2.1 411 Related Work Privacy Preservation K-anonymity is the most commonly used model for privacy preservation which attackers cannot distinguish one user from a k user group [5] Submission of fake position [10] is similar to K-anonymity which is the model that sends fake positions to the server while Spatio-Temporal cloaking [11–13] is the model that sends a region instead of their accurate position Chen et al [7] proposed a Location Privacy Preservation Scheme (LPPS) based on distributed cache pushing which was based on Markov Chain And the cache pushing strategy in their system divided cache content into group and broadcast the cache items in batch, which was shown to guarantee k-anonymity of location privacy Kong et al [6] proposed a novel Privacy Preserving Compressive Sensing (PPCS) scheme, which encrypted a trajectory with several other trajectories while maintaining the homomorphic obfuscation property for compressive sensing 2.2 Recommendation Accuracy The existing LBS-oriented recommendation systems mainly consider the following four factors, which have major impact on the recommendation accuracy: Geographical Correlation Geographical correlation refers to the movement of the user who will be biased in the vicinity of their work place or home In other words, if the unvisited POIs are closer to the user historical footprints, the easier they are to be accepted by users [14] In order to model the geographical check-in distribution of POIs for each user over the latitude and longitude coordinates, [15,16] used kernel density estimation method with the fixed bandwidth For further research, an adaptive kernel estimation method was used in [14] Social Correlation Social correlation refers to the impact of social relationships on the recommendation In fact, a user will likely accept the recommendations made by friends who have the similar interest Some researches took the users’ similarity as a potential factor to make recommendations [1,17] In our system, we compute the proximity between unvisited POIs of users and visited POIs of the users’ friends Categorical Correlation The category of a POI reflects its usual business activities and nature Systems can obtain the users’ trajectory by taking the categorical correlation into consideration [14,18,19] For example, if a user frequently appears in restaurants during a specified time period, it means that the user will likely to accept the LBS-oriented recommendation related the food and beverage Hu et al leveraged the matrix factorization technique to associate each category and deduced the relevance of a user to a POI based on the latent vectors of the categories of the POI [20] Locational Popularity The location popularity has impact on LBS-oriented recommendation If the location is popular, the user will prefer to accept it than 412 H Guan et al that unknown On the other hand, nearest neighboring locations tending to the famous places will also attract more tourists Zhang et al [14] devised a new method to combine the category bias of a user and the popularity of a POI into a relevance score between the user and the POI so as to personalize the effect of the popularity of the POI on the user System Architecture In this section, we introduce our scheme, which is illustrated in Fig The whole system consists of two modules: the cloud server module and mobile terminal module This scheme automatically deals with the non-sensitive data e.g social relational data and check-in history on cloud server while the sensitive data e.g the current position is utilized on terminal Fig Privacy protection and information theft 3.1 Fig System architecture Cloud Server Module This module mainly contains three parts: – The server gains user’s behavior model by analyzing the user’s check-in data Then computes the correlation score SG (u, l, c, t) of the user’s spatial and temporal distribution – The server computes the correlation score SF (u, l, c, t) of K-Top POIs recommended from the similar and close friends by analyzing the social relationship data and check-in data – The server makes the recommended candidate list by merging the user’s spatial and temporal distribution and the social influence Because the recommended candidate list contains the sensitive information of the users’ behavior model which should be protected, we employ a strategy to hide the sensitive information through pseudonyms Location Privacy Protected Recommendation System in Mobile Cloud 413 A User Behavior Pattern In this section, we analyze the user behavior pattern which is represented by the spatial and temporal distribution Firstly we analyze the categorical popularity which is aimed to get the categorical correlation Secondly, we analyze the geographical correlation of the locations Last, we merge the categorical correlation and geographical correlation, and compute the score of location l being recommended to the user Step 1: Estimating the categorical correlation The category of a POI indicates the activities of a user in the POI For example, if a user often goes to a cinema on Saturday evening, we can recommend a cinema to the user at that time Further more, popularity of a POI indicates the quality of service or goods in the POI In fact, customers will prefer to buy high-quanlity goods so that the popularity of category is useful for making LBS-oriented recommendation We assume that category cg ε C where C is the set of categories of POIs that is often predefined in the LBSN P (c, t) is the popularity of category c and fcg (x) is the probability density function of the categorical popularity, defined as following (1) fcg (x) = ( − 1)(1 + x)− , x >= 0, > In which can be learned from the popularity matrix P (c, t) and the frequence Ru,c of visiting category c by user u = + |U ||C|[ ln(1 + Ru,c P (c, t))] (2) uεU cεC It is obvious that the probability density function of the categorical popularity fcg (x) defined in Eq (1) is monotonically decreasing regarding the categorical popularity P (c, t) In order to obtain the categorical relevance score of P (c, t), which is monotonically increasing respecting the categorical popularity, we employ the cumulative distribution function of fcg (x), defined by P (c,t) CG (P (c, t); t) = fcg (x)dx = − (1 + P (c, t))1− (3) where − < and CG (P (c, t); t) is an increasing function with respect to the categorical popularity P (c, t) Step 2: Estimating the point of interest The geographical region will be defined at two levels: – Geographical region sharing similar user preferences Users would like to accept the recommendation if the location is similar to their preferences For example, a food aficionado would like to go to a restaurant or food street – Geographical region nearby the visited POIs of a user In fact, it is convenient for users to go to the places where are near to their work place or home so that users often accept the location in the region where is nearby their POIs For example, a user would like to have dinner and then go to a cinema where is not too far away from the restaurant 414 H Guan et al We exploit kernel density estimation to compute the geographical correlation SGl (l; t; u) = N n (Ru,li T (u, li |t).(KH (l − li ) + KH (Simi(cl , cli )))) (4) i=1 n N= Ru,li (5) i=1 where Ru,li is the frequence of visiting the location li by user u, T (u, li |t) is the temporal pattern, KH is the kernel function, KH (l − li ) is aimed to compute the correlation of geographical region nearby the visited POIs and KH (Simi(cl , cli )) is used to compute the correlation of geographical region sharing similar user preferences, Simi(cl , cli ) is the similarity of the category cl and cli Step 3: Merging categorical correlation and geographical correlation We compute the score of location l being recommended to the user based on the analysis of user behavior pattern SG (u, l, c, t) = SGl CG (6) B Influence of Users We analyze the influence of friends by using the social relationship data and check-in data, then compute the correlation score of K-Top POIs from the similar and close friends Firstly, we calculate the similarity of users The similarity of users was defined at two levels: the similarity based on the social relationship and the similarity based on the POIs Here we utilize Pearson similarity method to compute the similarity of two users as showed in the following P CS(u, u ) = cov(u, u ) δu δu (7) Secondly, we take social actions such as ‘@’, comments and similarity into consideration to calculate the influence of the friends Rlu,u = α.P CS(u, u ) + β.CLO(u, u ) (8) where α + β = and CLO(u, u ) is the influence of social action Last, we obtain the score of location l being recommended to a user based on the social influence SF (u, l, c, t) = Rlu,u Ru ,l (9) u ∈U C Merging Here we merge the user behavior pattern and social influence to make a list of recommended candidates S(u, l, c, t) = μSG (u, l, c, t) + λSF (u, l, c, t) where μ + λ = (10) Location Privacy Protected Recommendation System in Mobile Cloud 415 The cloud server responses to requests from mobile terminal and sends the recommended candidate list showed as Eq (13) to the mobile However, the information of the list is sensitive and users are averse to being leaked In order to deal with the problem, we code the information of List : (ui , L, T, S, C) anonymously, such as ui −→ code(ui ) ui = code(ui ) = reverse(ui ) + P arameter (11) ui = decode(ui ) = reverse(ui − P arameter) (12) For example, reverse(123) = 321 and P arameter is a constant List = code(List : (ui , L, T, S, C)) (13) where ui is the user id, L is recommended location set {(xit1 , yit1 ), (xit2 , yit2 ), (xit3 , yit3 ), · · · , (xitn , yitn )}, T is the time set {ti1 , ti2 , ti3 , · · · , tin }, S is the score set {si1 , si2 , si3 , · · · , sin } for LBS-oriented recommendation and C is the set of category which represents the user’s favorite categories 3.2 Mobile Terminal Module Firstly, the mobile terminal sends requests to server for the recommended candidate list and downloads it The transport protocol from mobile terminal to cloud server works by coding the requests [code(userID), code(P osition)] The P osition is the set of five positons within Km from the current position of the user which does not include the current position by using k-anonymity In order to hide the identities of users, we use our transport protocol to send the requests to sever After receiving the requests, the server extracts the POIs by filtering the recommended candidate list with the userID and P osition The POIs in the same city with the P osition will be sent to the mobile terminal If there are no POIs fit the requests, we send the representative POIs which can indicate the behavior pattern of the user Secondly the mobile obtains the final recommended results by filtering and refining the recommended candidate list Step 1: Filtering the recommended candidate list In this step, we first decode the recommended candidate list by using Eq (12), then we filter the LBS-oriented recommendation with the current position and time The result of the filtering will have two cases If the user’s POIs in the recommended candidate list is in the same city with the current position which means that we can get the final recommendation from the recommended candidate list, because we have recommended the POIs nearby the visited POIs based on user’s preferences and the location popularity However, there is another case If the current position is too far away from the user’s POIs which means that there are no visited history about the geographical region and its neighbour In this case, we have to mine the user’s preferences from the recommended candidate list (in step 2) and then make the final recommendation according to the preferences and the popularity of the current geographical region (in step 3) 416 H Guan et al Step 2: Mining the user’s preferences Due to the limitation of power, storage and computation capability of mobile terminal, we prefer to mine the user’s preferences from the List : (ui , L, T, S, C) than mine the user’s preferences from the check-in history Here, we mainly consider the category-time distribution of the user which we can easily obtain from List : (ui , L, T, S, C) The categorytime distribution is shown as List(T, S, C) Step 3: Refining the LBS-oriented recommendation In this step, we refine the LBS-oriented recommendation with the location popularity and user’s preferences: (14) Ref ine(List(T, S, C), (Ccurrent , Lcurrent )) Score(c, t, l) = N n (P (c, t).(KH (l − lp ) + KH (Simi(ci , c))) (15) i=1 where List(T, S, C) indicates the user’s preferences, (Ccurrent , Lcurrent ) are the category and location of the current geographical region and its neighbor, cεCcurrent , ci εC, lεLcurrent and N = |C|, lp is the current position of the user The score in Eq (15) is larger, the location will be more likely recommended to the user Evaluation In order to discuss the experimental results, we conduct the experiment to investigate the effect of different LBS-oriented recommendation systems Compared with these experiments by using different algorithms and models, we find that our novel scheme works better In order to get a dataset including the user ID, location ID, location latitude, location longitude, time stamp of the check-in, and location category that are useful to improve the performance, we choose the Gowalla dataset 4.1 System Evaluation Metrics The scheme mentioned in this paper will be compared with GeoSoCa [14], sPCLR [1], GeoMF [2], CoRe [15] based on the following performance metrics: P recision = Recall = u∈U u∈U |R(u) ∩ T (u)| u∈U R(u) |R(u) ∩ T (u)| u∈U T (u) (16) (17) where R(u) is the number of recommendation candidates for user u, T (u) is the number of samples of a user’s POIs, R(u) ∩ T (u) is the accepted number of recommendation The aim of the recommendation system is to get larger precision and recall at the same time Location Privacy Protected Recommendation System in Mobile Cloud 4.2 417 Simulation Results The values of parameters referred in this paper are given as showed in Table Our experiment starts with the analysis of the user’s habits in daily life Figure shows the temporal distribution of three different users towards one category It is obvious that the three users have different habits in daily life For example, User would like to go to the category in the early morning while User and User would like to go at night User and User have the similar living habits, which indicate the two users have the similar preference Table Settings of parameters Parameters α Value β μ λ 0.65 0.35 0.75 0.25 Fig Temporal curves for different users towards one category Figure 4(a) and (b) depict the results of our cloud server module and mobile terminal module respectively The best precision and recall in cloud server module are 0.247 and 0.112 while in mobile terminal module are 0.295 and 0.148 The precision in cloud server is smaller than that in mobile terminal because cloud server only makes a sketchy recommendation without considering the current position and time of the user and the popularity of the current geographical region Figure shows the precision and recall of our experiments compared with GeoSoCa, sPCLR, GeoMF, CoRe It is obvious that our novel scheme works better than those algorithms The most important reason is that we filter and refine the recommendation with the current position, current time and the popularity of the current geographical region We take these steps in mobile in order to protect user privacy Figure shows that the greater number of the recommendation, the smaller precision and the larger recall From Eqs (16) and (17), 418 H Guan et al (a) precision (b) recall Fig Precision and recall in cloud server and mobile terminal (a) precision of different algorithms (b) recall of different algorithms Fig Precision and recall of different algorithms we can learn that the precision and recall have the same molecule R(u) ∩ T (u) R(u) is the number of LBS-oriented recommendation candidates for user u which is changing from to 50 in our experiments, T(u) is the number of samples of a user’s POIs which is static That is why precision is smaller and recall is larger when the number of the recommendation is larger Conclusion In this paper, we propose a location-privacy protected scheme for mobile-cloud based LBS-oriented recommendation system In cloud server module, we take the geographical correlation, categorical correlation and location popularity into consideration to analyze the user behavior pattern by exploiting kernel density estimation Then we merge the social influence and the user behavior pattern to obtain recommended candidate POIs In order to protect user privacy, we encode the recommended candidate POIs on cloud server and use an encrypted transport protocol for the transmission between mobile terminal and cloud server We refine the recommendation with the user’ current position and time on mobile Location Privacy Protected Recommendation System in Mobile Cloud 419 terminal to improve the accuracy of the LBS-oriented recommendation system The experimental results show that our scheme can improve the accuracy and privacy protection of the current state-of-the-art LBS-oriented recommendation approaches In the future, we will further focus on the duration of time a user stayed in a place and the views on POIs which can reflect the degree of a user’s interest in the places References Zhou, D., Wang, X.: Probabilistic category-based location recommendation utilizing temporal influence and geographical influence In: Proceedings of DSAA, pp 115–121 (2014) Lian, D., Zhao, C., Xie, X., Sun, G., Chen, E., Rui, Y.: GeoMF: joint geographical modeling and matrix factorization for point-of-interest recommendation In: Proceedings of ACM SIGKDD, pp 831–840 ACM (2014) Yin, H., Cui, B., Huang, Z., Wang, W., Wu, X., Zhou, X.: Joint modeling of users’ interests and mobility patterns for point-of-interest recommendation In: Proceedings of ACMMM, pp 819–822 ACM (2015) Jin, H., Saldamli, G., Chow, R., Knijnenburg, B.P.: Recommendations-based location privacy control In: Proceedings of PERCOM Workshops, pp 401–404 (2013) Sweeney, L.: K-anonymity: a model for protecting privacy Int J Uncertainty, Fuzziness Knowl.-Based Syst 10(5), 557–570 (2002) Kong, L., He, L., Yang Liu, X., Gu, Y., Wu, M.Y., Liu, Y.: Privacy-preserving compressive sensing for crowdsensing based trajectory recovery In: Proceedings of ICDCS, pp 31–40 (2015) Chen, M., Li, W., Li, Z., Lu, S.: Preserving location privacy based on distributed cache pushing In: Proceedings of WCNC, pp 3456–3461 (2014) Li, W., Zhao, Y., Sanglu, L., Chen, D.: Mechanisms and challenges on mobilityaugmented service provisioning for mobile cloud computing IEEE Commun Mag 53(3), 89–97 (2015) Espinoza, F., Persson, P., Sandin, A., Nystră om, H., Cacciatore, E., Bylund, M.: GeoNotes: social and navigational aspects of location-based information systems In: Abowd, G.D., Brumitt, B., Shafer, S (eds.) UbiComp 2001 LNCS, vol 2201, pp 2–17 Springer, Heidelberg (2001) 10 Kido, H., Yanagisawa, Y., Satoh, T.: Protection of location privacy using dummies for location-based services In: Proceedings of ICDEW, p 1248 IEEE Computer Society (2005) 11 Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking In: Proceedings of MobiSys, pp 31–42 ACM (2003) 12 Gedik, B., Liu, L.: Location privacy in mobile systems,: a personalized anonymization model In: Proceedings of ICDCS, pp 620–629 IEEE Computer Society (2005) 13 Mokbel, M.F., Chow, C.-Y., Aref, W.G.: The new Casper: query processing for location services without compromising privacy In: Proceedings of VLDB, pp 763–774 VLDB Endowment (2006) 14 Zhang, J.-D., Chow, C.-Y.: GeoSoCa: exploiting geographical, social and categorical correlations for point-of-interest recommendations In: Proceedings of ACM SIGIR, pp 443–452 ACM (2015) 15 Zhang, J.D., Chow, C.Y.: CoRe: exploiting the personalized influence of twodimensional geographic coordinates for location recommendations Inf Sci 293, 163–181 (2015) ... from research, development, and applications in the field of cloud computing and information security This year we received more than 270 submissions from 15 countries and regions, including USA,... Taiwan; “Flow-Net Accountable Logging and Applications” by Dr Yang Xiao, University of Alabama, USA; Security and Privacy in Cloud Computing: Challenges and Opportunities” by Prof Yang Xiang,... Huiyu Sun and Suzanne McIntosh 284 A Survey of Speculative Execution Strategy in MapReduce Qi Liu, Dandan Jin, Xiaodong Liu, and Nigel Linge 296 Cloud Security Cryptanalysis and Improvement