Vulnerability Analysis of Geohash Code Against k-nearest Neighbor Attack

doi:10.3969/j.issn.1671-1122.2021.02.002

Abstract

Abstract:

As a dimensionality reduction technology, Geohash coding has been applied to many spatial databases and spatial data engines, but there is no research on its security. This paper focuses on the security vulnerabilities in Geohash encoding, theoretically analyzes the reason why this dimensionality reduction technology produces inference channels, and proposes an encrypted Geohash field reconstruction algorithm based on k nearest neighbor query, by observing a large number of k nearest neighbor query responses for plaintext information, perform statistical inference and reconstruct the original value of encrypted Geohash. Reconstruction experiments on the encrypted interest point database show that the more the number of query responses observed, the higher the accuracy of the reconstruction value. In the case of Geohash coding accuracy of 30bit, when 100000 to 3000000 query responses are observed, the average error between the reconstructed value and the original value is 0.074% to 0.015%. This work reveals the vulnerability and formation mechanism of Geohash coding in resisting k nearest neighbor query inference attacks, and will promote the security application and research of related geographic information system industries.

Key words: spatial database, Geohash coding, k-nearest neighbor query, searchable encryption, database reasoning attack

CLC Number:

TP309

TU Guoqing, YANG Yanhao, LIU Shubo. Vulnerability Analysis of Geohash Code Against k-nearest Neighbor Attack[J]. Netinfo Security, 2021, 21(2): 10-15.

Figures/Tables 6

References 15

[1]	JIN An, CHENG Chengqi, SONG Shuhua, et al. Regional Query of Area Data Based on Geohash[J]. Geography and Geo-information Science, 2013,29(5): 31-35.
	金安, 程承旗, 宋树华, 等. 基于 Geohash 的面数据区域查询[J]. 地理与地理信息科学, 2013,29(5): 31-35.
[2]	HUANG Keying, LI Guoqing, WANG Jian. Rapid Retrieval Strategy for Massive Remote Sensing Metadata Based on GeoHash Coding[J]. Remote Sensing Letters, 2018,9(11): 1070-1078.
[3]	ZHOU Chang, LU Huimei, XIANG Yong, et al. GeohashTile: Vector Geographic Data Display Method Based on Geohash[J]. ISPRS International Journal of Geo-Information, 2020,9(7): 418-443.
[4]	XIANG Longgang, WANG Dehao, GONG Jianya. Organization and Efficient Range Query of Large Trajectory Data Based on Geohash[J]. Geomatics and Information Science of Wuhan University, 2017,42(1): 21-27.
	向隆刚, 王德浩, 龚健雅. 大规模轨迹数据的 Geohash 编码组织及高效范围查询[J]. 武汉大学学报(信息科学版), 2017,42(1): 21-27.
[5]	HE Shouwu, CHU Longxian, LI Xiaoying. Spatial Query Processing for Location Based Application on Hbase[C]//IEEE. 2nd International Conference on Big Data Analysis (ICBDA), March 10-12, 2017, Bejing, China. New York: IEEE, 2017: 110-114.
[6]	TAKASU A. An Efficient Distributed Index for Geospatial Databases[C]//Springer. Database and Expert Systems Applications, September 1-4, 2015, Valencia, Spain. Nature Switzerland AG: Springer, 2015: 28-42.
[7]	BAN Ya, WANG Rui, LIU Hongjing, et al. An Efficient Distributed Index for Geospatial Databases[C]//Atlantis Press. International Conference on Computer Modeling, Simulation and Algorithm (CMSA), April, 22-23, 2018, Beijing,China. Paris: Atlantis Press, 2018: 385-388.
[8]	WU Ke. Research on GPU-based Spatial Data Index and Query Technology[D]. Xi’an: Xidian University, 2018.
	吴珂. 基于GPU的空间数据索引与查询技术研究[D]. 西安:西安电子科技大学, 2018.
[9]	BOST R. Forward Secure Searchable Encryption[C]//ACM. Proceedings of the 23th ACM Conference on Computer and Communications Security (ACM CCS), October 24-28, 2016, Vienna Austria. New York: ACM, 2016: 1143-1154.
[10]	CASH D, JAEGER J, JARECKI S, et al. Dynamic Searchable Encryption in Very-large Databases: Data Structures and Implementation[C]//ISOC. Network & Distributed System Security Symposium (NDSS), February 23-26, 2014, San Diego, CA, USA. Reston VA: ISOC, 2014: 23-26.
[11]	CURTMOLA R, GARAY J, KAMARA S, et al. Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions[J]. Journal of Computer Security, 2011,19(5): 895-934.
[12]	KELLARIS G, KOLLIOS G, NISSIM K, et al. Generic Attacks on Secure Outsourced Databases[C]//ACM. Proceedings of the 23th ACM Conference on Computer and Communications Security (ACM CCS), October 24-28, 2016, Vienna Austria. New York: ACM, 2016: 1329-1340.
[13]	LACHARITÉ M S, MINAUD B, PATERSON K G. Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage[C]//IEEE. 2018 IEEE Symposium on Security and Privacy (SP), May 20-24, 2018, San Francisco, CA, USA. New York: IEEE, 2018: 297-314.
[14]	KORNAROPOULOS E M, PAPAMANTHOU C, TAMASSIA R. Data Recovery on Encrypted Databases with k-nearest Neighbor Query Leakage[C]//IEEE. 2019 IEEE Symposium on Security and Privacy (SP), May 19-23, 2019, San Francisco, CA, USA. New York: IEEE, 2019: 1033-1050.
[15]	GRUBBS P, LACHARITÉ M S, MINAUD B, et al. Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks[C]//IEEE. 2019 IEEE Symposium on Security and Privacy (SP), May 19-23, 2019, San Francisco, CA, USA. New York: IEEE, 2019: 1067-1083.

模拟次数/万次	原始值	10	100	300
汉南区	wt3h7v	wt3h8r	wt3h7w	wt3h7w
蔡甸区	wt3jez	wt3jf4	wt3jf9	wt3jf3
汉阳区	wt3jyg	wt3jyu	wt3jyr	wt3jyj
硚口区	wt3jyy	wt3jz1	wt3jz1	wt3jyx
江夏区	wt3kc6	wt3kc7	wt3kcj	wt3kc6
洪山区	wt3m9b	wt3m9s	wt3m9n	wt3m9f
武昌区	wt3mc1	wt3mch	wt3mc9	wt3mc2
东西湖区	wt3njn	wt3nje	wt3nk2	wt3njq
江汉区	wt3q06	wt3q0p	wt3q0h	wt3q05
江岸区	wt3q0f	wt3q0y	wt3q0r	wt3q0d
青山区	wt3q6c	wt3q6n	wt3q6j	wt3q6b
黄陂区	wt3rdt	wt3rdn	wt3rdt	wt3rdp
新洲区	wt3xkq	wt3xkm	wt3xk6	wt3xkk