To Find Your Location: Secure and Practical Point Location Scheme

With the ubiquitous mobile devices and the advanced wireless communication, location-based service (LBS) helps people to enjoy a convenient lifestyle and has attracted numerous research interests. As a basic query process in LBS system, point location requires to ﬁnd a region containing the query point. Since location belongs to sensitive information and also leads other private information leaked, it is urgent to design a secure and eﬃcient point location scheme. In this paper, we propose a point location scheme named SecPL to protect sensitive information while supporting high eﬃcient location query. Speciﬁcally, we introduce a LineTest scheme from asymmetric scalar-product-preserving encryption (ASPE) to facilitate the checking of whether a point lies above or below a line. Furthermore, the SecPL scheme is designed by using LineTest and order-preserving encryption (OPE) scheme. Through detailed security analysis, we demonstrate that SecPL scheme achieves data privacy and query privacy at the same time. Finally, the performance evaluation demonstrates the high eﬃciency of the proposed SecPL scheme.


Introduction
According to the report on smartphone users worldwide from website Statista, the number of users today have surpassed three billion and will further grow by several hundred million in the next few years. With the ubiquity of mobile devices and wireless communication, location-based service (LBS) enables people to enjoy a convenient life by providing basic services, such as transportation navigation, nearby interest point inquiry, online dating and advertising push [1,2,3,4]. Users only submits a LBS query and the LBS provider can list all the relevant information according to the query, most important of which is point location.
Point location requires to find a region containing the query point and is very useful in many settings. For instance, when a sailor sails on an unfamiliar sea with rocks and sand banks, he wants to know the region where he is. Furthermore, he retrieves the information (e.g., the weather, the geographical setting) about the region through a LBS system. If everyone uses this sort of navigation, LBS provider will face heavy computation tasks. To achieve a low computation and communication burden, LBS provider chooses to outsource his storage and computation tasks to a cloud server [5,6]. However, location information belongs to sensitive information and further will be revealed by the cloud server.
As the simplest way, masking identity has been introduced to preserve the sensitive information in access authentication [7]. But, the real identity is easily revealed in LBS system through frequent queries [8]. To enhance the security, Zhang et al. [9] propose a privacy-preserving LBS scheme from k-anonymity, which ensures the probability of identity an user is at most 1/k. Scheme [9] meanwhile needs a trusted third party (TTP) to store original LBS data and further hides the result with other k − 1 garble locations. Cloaking technique [10,11] as an alternative way has been illustrated recently. Unfortunately, above schemes based on k-anonymity approach and cloaking approach bring heavy communication cost for mobile devices.
Moving a step forward, Paulet et al. [12] propose a privacy-preserving locationbased service scheme by leveraging private information retrieval technique (PIR). In scheme [12], LBS users can obtain results from a remote database without revealing which record they are interested. Moreover, all information are performed in plaintexts by the cloud server contradicting with the privacy requirements in cloud computing. Shao et al. [1] introduce a fine-grained privacy-preserving location-based service scheme called FINE. The FINE provides accurate results and acceptable computation cost for the mobile services, but it also brings unacceptable computation cost for the cloud server. Zhu et al. [2] design a polygon range by using an improved homomorphic encryption scheme [13]. However, scheme [2] returns all related information in a specified distance e.g., 1 km. In this condition, it brings heavy communication and decryption cost for mobile devices.
All above schemes are performed after knowing location. Unfortunately, location involving sensitive information should be preserved. To the best of our knowledge, there is no privacy-preserving point location helping LBS users find a region containing their location. Therefore, we aim to design a secure and efficient point location scheme to enable LBS users to know their locations, namely finding a region ∆ containing the query point q.

Our Contributions
To achieve the target of privacy-preserving point location query in LBS system, we first introduce a basic tool and combine order preserving encryption technique to construct a secure and practical point location scheme, named SecPL. The main contributions are introduced as follows.
• We propose a basic tool called LineTest to check whether a query point lies below or above a line. The LineTest scheme is secure under knwon-plaintext attacks in the presence of an adversary A. • We design a secure and efficient point location scheme over encrypted database in LBS system, and formally introduce and prove its security with indistinguishability under order-ciphertext-only attacks (IND-OCOA). • To illustrate the efficiency of SecPL scheme, we leverage Python language to implement our SecPL. The results show the high efficiency on processing point location query in LBS system.

Related Work
Location-based service enables people to enjoy a convenient life that has attracted numerous interests in recent years. With the huge storage and computation burden, a LBS provider chooses to outsource database under encryption. In this section, we illustrate some works that are closely related to privacy-preserving location-based service.
Masking identity as the simplest approach has been proposed to preserve the identity in access authentication [7]. However, real identity is easily leaked by the location information from frequent queries. To enhance the security, some works [9,14,15,16,17] from k-anonymity have been introduced. k-anonymity requires an adversary can recognize a real identity with an advantage at most 1/k. Scheme [14] constructs a location k-anonymity by leveraging k − 1 other mobile devices. It also requires a trusted platform to store locations and obtains the subject that an advantage for identifying a user is very low. Moving a step forward, Khoshgozaran et al. [18] introduce a k-anonymity approach to construct a location-based service scheme without a trusted third party. Different from the above schemes based on k-anonymity, cloaking technique is introduced to design privacy assurance LBS schemes [11,19,20]. The cloaking technique blurs the location into a cloaked region, e.g., polygon [11] and rectangular [19]. Unfortunately, above schemes from cloaking technique return a number of candidate results instead of accurate and then bring a heavy burden for communication. Paulet et al. [12] demonstrate a LBS scheme from private information retrieval technique to protect sensitive information. However, all the information are performed over plaintexts in scheme [12], which do not apply to the outsource scenario.
Shao et al. [1] illustrate a fine-grained privacy assurance LBS scheme named FINE, which provides rectangle LBS queries. Although it brings accurate results, FINE brings unacceptable computation for the cloud server. Zhu et al. design privacypreserving circle range LBS query [21] and polygon range LBS query [2] based on enhanced homomorphic encryption. However, both two schemes bring heavy computation and communication burden for the mobile devices. To enhance the efficiency, Zeng et al. [22] design a circle range LBS query from asymmetric scalarproduct preserving encryption scheme and the circle range query scheme achieves a high efficiency. However, all above schemes limit to special scenario, circle range query [21,22] and polygon range query [2].
Wang et al. [23] illustrate a general solution to design geometric range query. In scheme [23], Wang et al. propose a symmetric-key searchable encryption scheme from Bloom filter [24] and symmetric-key probabilistic functional encryption (SSW scheme) techniques [25]. As an improvement, Wang et al. further design an efficient geometric range query scheme, which is referred as FastGeo [26]. FastGeo is interpreted as two level search, where the first level depends on equality checking solved by pseudo-random function and the second level relies on the checking of whether inner products are zeros. The second level can be handled from SSW technique. Unfortunately, both schemes require to enumerate all possible points in the geometric range query, which makes it not quite suitable in LBS system.

Organization
The rest of this paper is illustrated as follows. We present some preliminaries in section 2, and illustrate the system model and the formal definition of SecPL in section 3. Then, in section 4, we design a secure LineTest scheme to check whether a point lies above or below a line and prove the security of LineTest. The proposed SecPL scheme is illustrated in section 5 and the security analysis is presented in section 6. In section 7, we demonstrate a performance evaluation of the proposed LineTest and our SecPL scheme. Finally, conclusions are described in section 8.

Preliminaries
In this section, we introduce some preliminaries for order-preserving encryption approach and randomized incremental algorithm of point location.

Order-Preserving Encryption
Order-preserving encryption [27,28] is a special type of encryption scheme where the order of ciphertexts retains that of plaintexts, namely, if m 1 < m 2 , then [m 1 ] < [m 2 ]. It facilitates order comparison on encrypted database in cloud computing without revealing plaintexts. The ideal security requires ciphertexts reveals nothing besides order information and has been achieved by [29,30].
An OPE scheme consists of three polynomial-time algorithms KeyGen, Enc, and Dec. The algorithm is defined as follows.
• KeyGen(λ)→ sk: On input a security parameter λ, it outputs a secret key sk;

Randomized Incremental Algorithm for Point Location
A randomized incremental algorithm presents a data structure T (L) which is used to carry out a point location query. The randomized incremental algorithm has a O(n log n) expected construction time, a O(n) expected storage, and O(log n) expected time for point location, where n is the number of line segments in L. Since one-time construction of data structure, the construction time is acceptable. The data structure T (L) has two types of inner nodes and one type of leaf node for every trapezoid of T (L). The two types of inner nodes are x − node and y − node. The x − node stores an endpoint of line segment in L which indicates a query point q lies to the left or to the right of the vertical line through this endpoint. The y − node stores a line segment which indicates a query point q lies above or below the segment. We introduce details of the randomized incremental algorithm for solving location queries as follows.
Tree Construction. According to a set of planar subdivision segments L = {l 1 , l 2 , · · · , l n }, a LBS provider constructs a data structure T (L) for it. First, the LBS provider computes a bounding rectangle R which includes the set of line segments and he initializes an incremental tree structure T for it. For i = 1 to n, the LBS provider searches data structure T to find leaf nodes ∆ 0 , ∆ 1 , · · · , ∆ k intersected with l i . Finally, the LBS provider removes ∆ 0 , ∆ 1 , · · · , ∆ k and replaces them with new trapezoids which appears because of new segments l i .
An instance of tree construction is introduced in Figure 1. First, it takes segment l 1 with endpoints p 1 , q 1 to construct data structure as described in Figure 1(a). Subsequently, when inserting segment l 2 , line segment l 2 intersects with regions A, C, D in Figure 1(a). Then, remove original regions A, C, D and replace them with new regions A, E, C, F, G, D. The data structure after inserting line segment l 2 is illustrated in Figure 1 Search algorithm: For a query point q, the search algorithm traverses the data structure T (S) to find the leaf node which contains q. From root to leaf node, if non-leaf node ∆ is a x-node, the LBS provider checks whether query point q lies to the left or to the right of the vertical line through endpoint. That is, check the order relation of horizontal axis for x-node and query point q. If non-leaf node ∆ is a y-node, the LBS provider checks whether query point q lies above or below the line segment l. After checking, the LBS provider updates the new child as ∆ until leaf nodes. An instance for search algorithm is shown in Fig. 1

Overview
In this section, we illustrate the system model and the formal definition of our scheme in brief.

System Model
The system model of the proposed scheme consists of a LBS provider, LBS users and a cloud server. The LBS provider is a resource-constraint entity (e.g., a company) who wants to outsource the heavy storage and computation tasks. The LBS users are an entities (e.g., a user of the company) who submit a search request and obtain results from the cloud server. The cloud server is an entity who provides powerful storage and search resources. In this paper, we focus on the problem of point location for the plana subdivision. It means that the LBS provider outsources a tree structure for the plana subdivision to the cloud server. The purpose of point location is to search a polygon containing a location q = (x, y).
We assume that the cloud server is honest-but-curious. It means that the cloud server follows protocol and returns results faithfully. But, the cloud server intends to learn sensitive information about the outsourced database and the search request. To protect the private data, the LBS provider only outsources an encrypted database and LBS users perform an encrypted search request. The architecture of the system model is illustrated in Fig. 2.

Formal Definition
A secure point location query scheme is a tuple of polynomial-time algorithms Π = {KeyGen, TreeBuild, Encrypt, Search } defined as follows: • KeyGen (λ) → sk: On input a security parameter λ, this algorithm outputs a secret key sk. • TreeBuild (L) → T (L): On input a graph data L = {l 1 , l 2 , · · · , l n }, this algorithm constructs an incremental tree T (L) = {p 1 , p 2 , · · · , p 2n , l 1 , l 2 , · · · , l n , ∆ 1 , · · · , ∆ k , P }, where p i is the endpoint of line segment, ∆ i is the region of plana subdivision and P is a set of pointers to cover the parent-child relations.
• Encrypt (sk, T (L)) → T * (L): On input the secret key sk and incremental tree T (L), it encrypts the incremental tree as On input the security key sk, encrypted incremental tree T * (L) and a query point q, this algorithm outputs the region ∆ i containing q. In the following, we illustrate the security requirements for the proposed SecPL scheme in cloud computing.
• Data privacy. The data tuple in the outsourced database should keep secret from an adversary A. General speaking, the adversary A could not obtain any information besides the order about the outsourced database. • Query Privacy. The point location query should keep secret from the adversary A. That is, a location query may contain some sensitive information about the data user, thus the actual information should keep secret even though all queries have been recorded.

Basic Tools
Before illustrating the proposed SecPL scheme, we present a basic tool, which is referred as LineTest. In the following, we describe the proposed LineTest scheme and then illustrate the security analysis.

The LineTest Scheme
The tool enables us to test a query point q = (x, y) lies above or below a line l = (a, b, c) in privacy. Specifically, it gives us the power to check whether ax + by + c > 0. In the following, we demonstrates the tool in five polynomial-time algorithms, KeyGen, Enc, TokenGen, Test, Dec.
• Enc(sk, l)→ C : Takes as input a secret key sk and a line l = (a, b, c) T , it encrypts the line into a ciphertext in the following processes. 1 Adding dimensions. Extend a 3-dimensional data tuple l = (a, b, c) T to a m−dimensional data l ′ as 2 Random splitting. Split the m−dimensional data l ′ into two parts l ′ 1 and The ciphertext is • TokenGen(sk, q)→ T K : Takes as input a secret key sk and a query point q, it computes the search token for the query point. The details are presented as follows. 1 Adding dimensions. Extend a 2-dimensional query data q = (x, y) T into a m-dimensional data q ′ as where r, t 1 , t 2 , · · · , t k−1 are random numbers and t k = • Test(C, T K)→ ord: Takes as input a ciphertext C = (l 1 ,l 2 ) of line l and search token tk = (q 1 ,q 2 ) for query point q, it tests whether If it holds, ord = 1 which means the query point lies above the line l; otherwise, ord = 0 which means the query point lies on or below the line l. • Dec(C, sk)→ l: Takes as input a ciphertext C = (l 1 ,l 2 ) and a secret key sk, it performs the following processes to decrypt. 1 Compute where π 3 = (I 3 , 0) and I 3 is a 3 × 3 identity matrix.

Security Analysis Theorem 4.1 The proposed LineTest scheme is correct.
Proof We prove the correctness of LineTest as follows.
From the equationl 1 ·q 1 +l 2 ·q 2 > 0, we have the conclusion ax + by + c > 0, which means that the query point q = (x, y) lies above the line l = (a, b, c). Otherwise, the query point q = (x, y) lies on or below the line l = (a, b, c).

Theorem 4.2 The proposed LineTest scheme is secure under the known-plaintext attack (KPA) in the presence of an adversary.
Proof The security proof contains two aspects, data privacy and query privacy. First, we introduce the data privacy under known-plaintext attack as follows.
In known-plaintext attack (KPA), suppose that an adversary A owns the knowledge {E(DB), P, C = E(P )}, namely A knows the encrypted database E(DB), a set of plaintexts P and its corresponding ciphertexts C = E(P ). The KPA security requires that the adversary A could not recover a set plaintexts DB A from the known information.
For a line segment l i ∈ P , the security definition requires an adversary A knows its corresponding ciphertext (l 1i ,l 2i ). In the following, we proof the LineTest scheme is KPA secure if the adversary A connot derive the splitting secret key S. We further suppose that m = 4, without considering adding dimensions. Note that adding dimensions will increase the security of LineTest scheme. If an adversary A doesnot know the secret key S, for a segment l i ∈ P , he has to model l ′ 1i and l ′ 2i as random numbers. Next, he tries to recover two 4 × 4 invertible matrices M 1 and M 2 from equation M T 1 l ′ 1i =l 1i and M T 2 l ′ 2i =l 2i . There are 8|P | unknowns in l ′ 1i and l ′ 2i and 32 unknowns in M 1 , M 2 and only 8|P | equations. Therefore, the adversary A could not solve matrices M 1 and M 2 .
Furthermore, the query privacy under known-plaintext attack can be proved in a similar way as above. In conclusion, the LineTest is secure under known-plaintext attack if a adversary A does not know the splitting secret key S.

The Proposed SecPL Scheme
In this section, we first illustrate the methodology of the proposed SecPL scheme and then demonstrate the detailed description of point location in privacy.

High Description
The problem of point location is referred as an resource-constraint LBS provider outsources a data structure T (L) for a planar subdivision and later LBS users perform location queries to find a region containing their location q. Because of privacy requirements, the outsourced structure T (L) and the query request should be encrypted in ciphertexts while keeping search functionality. The data structure contains two types of inner nodes and one type of leaf node. The inner node consists of x−node and y−node two aspects. The leaf node is referred as a label for the region.
In this paper, we aim to adapt order preserving encryption approach to protect the privacy of x − node and LineTest algorithm to assurance privacy of y − node. That is, for a For a y − node l = (a, b, c), we perform the LineTest algorithm C = LineTest.Enc(sk, l). For a query point q = (x, y), compute its ciphertexts from OPE and LineTest algorithm, respectively. Compute the ciphertext of query point q = (x, y) as T K = (T K 1 , T K 2 ), where T K 1 = OPE.Enc(sk, x) and T K 2 = LineTest.TokenGen(sk, q). During search process, if inner node is a x − node, the cloud server performs the order comparison directly over ciphertexts from OPE algorithm. Otherwise, the cloud server performs comparison operation from LineTest.Test. Therefore, the cloud server can search the leaf node which contains query point q.

The Main Construction
For sake of clarity, suppose that OPE=(KeyGen, Enc, Dec) is an order-preserving encryption scheme with IND-OCPA security, and LineTest = (KeyGen, Enc, To-kenGen, Test, Dec) is a new asymmetric scalar-preserving encryption scheme with IND-KPA security. We describe the proposed SecPL scheme in four algorithms as follows.
• TreeBuild (L) → T (L): Takes as input a graph database L = {l 1 , l 2 , · · · , l n }, this algorithm proceeds the randomized incremental algorithm and constructs an incremental tree T (L) = {p 1 , p 2 , · · · , p 2n , l 1 , l 2 , · · · , l n ,∆ 1 , · · · , ∆ k , P }, where p i is an endpoint of a line segment, ∆ i is a region of plana subdivision and P is a set of pointers to cover the parent-child relations.  y − node encryption. For a y − node l i in the incremental tree T (L), it can be represented as 3-dimensional tuple (a, b, c). Subsequently, the LBS provider computes a ciphertext as • Search (sk, T * (S), q) → ∆ i : Takes as input the secret key sk, encrypted tree T * (S) and query point q, it outputs the polygon ∆ i containing q. The following processes should be performed.
-Token generation. For a query point q = (x, y), its ciphertext including two parts. Compute its OPE ciphertext as It performs the order comparison with x − node in the tree structure. Furthermore, it computes the ciphertext C 2 to proceed the comparison with y − node. For a query point q = (x, y), LBS provider performs the LineTest encryption as T K 2 = LineTest.TokenGen(sk, q).
-Tree search. LBS users submit the search token tk to the cloud server. Afterwards, the cloud server proceeds the search algorithm in Algorithm 1 to find the polygon ∆ i containing q. From root to leaf node, if ∆ is a x − node, the cloud server check whether query point q lies to the left or to the right of the vertical line through endpoint p i by checking the order of [x] = OPE.Enc(sk 1 , x) with [x i ] = OPE.Enc(sk 1 , x i ). If ∆ is a y − node, the cloud server computes LineTest.Test(C i , T K) and updates the corresponding child node as a new node. In this condition, the cloud server finally finds the leaf node ∆ containing query point q.

Input:
• an encrypted query point q • an encrypted incremental tree: T * (L) Output: • leaf node ∆ containing query point q 1: ∆ = root; 2: while ∆ is not a leaf node do 3: if ∆ is a x − node p i then Check whether q lies above of below the segment l i through performing LineTest.Test(C i , T K); 12: if q lies above the segment l i then 13: Update ∆ to the left child of l i ; 14: else 15: Update ∆ to the right child of l i ; 16: end if 17: end if 18: end while

Security Analysis
In this section, we demonstrate formal security definition of IND-OCOA and illustrate the security proof of our SecPL scheme. In the security proof, we prove that the proposed SecPL scheme achieves data privacy and query privacy.

Formal Security Definition
Definition 1 (IND-OCOA Data Privacy.) We say that a scheme Π is secure against order ciphertext-only attack (OCOA) on data privacy, if for any polynomialtime adversaries A, it has most negligible advantage in the following game, Security game. The security game between a LBS provider and an adversary A proceeds as follows: 1 Security game. The security game between a LBS provider and an adversary A proceeds as follows: 1 The LBS provider runs the KeyGen(λ) algorithm to generate a secret key sk and chooses a bit b ← {0, 1}; 2 The adversary A sends sequences {q 0

Security Proof
In the following, we analyze the security of the proposed SecPL scheme from two aspects, data privacy and query privacy.
We will proof the theorem through hybrid methods.
In the security game on data privacy, the adversary A has the ciphertexts Thus, it is easy to draw the conclusion that Moving a step forward, since LineTest = {KeyGen, Enc, TokenGen, Test, Dec} is secure under known-plaintext attack proved in theorem 4.2, it also achieves IND-OCOA security (a weaker security definition). Thus, ciphertexts {C 0 j } j and {C 1 j } j are computationally indistinguishability, i.e., In this condition, we further have Owing to the transitivity principle of computationally indistinguishability, we conclude that As a result, an adversary A con not distinguish ciphertexts We complete the proof of data privacy.
In the following, we prove our SecPL scheme achieves query privacy under orderciphertext-only attack. Proof The proof of query privacy under IND-OCOA is extremely similar to that of data privacy as above. Thus, we skip the proof of query privacy owing to the limit space.

Performance Evaluation
In this section, we illustrate an experiment simulation between LineTest scheme and the proposed SecPL scheme to test the practical utility. The proposed SecPL scheme consists of a LBS provider, LBS users and a cloud server. In the following experiment, we simulate the three entities on the same machine. More specifically, the code is run with Python3 language on a machine with Intel Xeon(R) i7-8565U processor running at 16GHz and 1 T memory.

Performance of LineTest
The aim of LineTest is to check whether a query point lies above or below a line segment. In experiment simulation, we perform experiments on a synthetic database with 1 million data items and precalculate the invertible matrices of secret keys M 1 and M 2 to save the time cost in query token generation and decryption. We vary the size of synthetic database from 10,000 to 100,000 and vary expanded dimension m from 10 to 100. The length m = 80 is comparable to the security level of a 1024-bit RSA. The performance of LineTest is simulated in the following aspects, line test, query token encryption, distance comparison and decryption.   Figure 3(a) shows the time cost for various n with a fixed m = 80, while Figure 3(b) shows the time cost for various m with a fixed n = 50, 000. We note that token generation needs a slightly expensive time cost than three other processes and it is very efficient, about 195s for 100,000 queries with m = 80. The test and decryption processes are very efficient and nearly stay flat, 11s for 100,000 tests and 30s for 100,000 decryptions (m = 80). Figure 3(b) shows that the expanded dimension has a small affect on the time cost. Token generation is on the top and it is only affected with m = 100. Therefore, Figure 3(a) and 3(b) demonstrate that the time cost of LineTest scheme is very small and acceptable.

Performance of SecPL scheme
In this section, we use a real database to evaluate the overhead. We run the code on the Gowalla database containing 6,442,890 check-in locations. We randomly choose 1,000,000 locations to evaluate the proposed SecPL scheme. The OPE is simulated as scheme [29] and the symmetric encryption is illustrated as AES-ECB-128 provided by the PyCrypto library. The matrix operations is run in numpy library. We evaluate the performance of SecPL scheme from following aspects, key generation, tree construction, and location search.
Key generation. For the proposed SecPL scheme, the secret key consists of a AES-ECB-128 secret key, a m−bit string S, two m × m invertible matrices M 1 , M 2 and (m−3) random numbers. In our experiments, it takes less than 5ms to generate secret keys for m from 10 to 100.
Tree construction. In tree construction, we simulate the tree build and tree encryption processes together. We vary the size of database from n = 10, 000 to 100, 000 in the tree construction process and evaluate the time cost and storage cost for various n with m = 80.  Figure 4 shows the performance of tree construction under various n with m = 80. From Figure 4(a) and Figure 4(b), we note that the time cost and storage cost is linearly increased with the growth of database. Figure 4(a) demonstrates that the database encryption time are relatively small, 11s for 10,000 data items and 157s for 100,000 data items. In Figure 4(b), we evaluate the storage cost with the growth of database. It shows that the storage cost researches 101M for 10,000 data items and 1,013M for 100,000 data items. Location search. In this process, we measure the execution time for token generation and tree search. The token generation algorithm is performed by LBS users and tree search algorithm is executed by cloud server. We evaluate the time cost for 1,000 queries under various database's size n and expanded dimension m. Fig. 5 shows the time cost for token generation and tree search under various n with m = 80 and various m with n = 50, 000. We note that time cost for token generation and tree search is not affected with the growth n and m. The token generation time even stays flat. Furthermore, tree search time is far bigger than token generation time, about 2s for tree search and 0.2s for token generation.

Conclusions
In this paper, we study a point location approach to securely find a region containing a query point over an encrypted database in LBS system. More specifically, a LineTest scheme has been proposed as a basic tool to check whether a point lie above or below a line. Furthermore, the introduced tool LineTest approach has considerable potentials, such as polygon range LBS queries and circle range LBS queries. Combined LineTest and order preserving encryption techniques, SecPL scheme is introduced to help people in LBS system. The proposed scheme has a faster-thanlinear search complexity and achieves IND-OCOA security. That is, the capacity of an adversary is limited by ciphertext-only attack. It is possible for the adversary A to obtain other related back-ground knowleddge, e.g., knows a set of plains and the corresponding ciphertexts. How to design a more secure point location scheme is a subject for future work.