Privacy-Enhanced Trusted Location Based Services (PE-TLBS) framework based on Direct Anonymous Attestation (DAA) protocol

The proliferation of heterogeneous mobile applications has overridden privacy and security issues. Since privacy threat in Location Based Services (LBS) is very hard to define, new approach of addressing the anonymity issues in Privacy Enhancing Technologies (PETs) using Trusted Computing technologies will result the privacy enhancement of user personal data and location information in mobile network services. In this paper we present a framework called Privacy Enhanced Trusted LBS (PE-TLBS) providing trusted services while protecting the client privacy. This paper mainly focuses on implementing a simplified protocol based on anonymous attestation that allows users to attest and authenticate an attribute while keeping their identity hidden under anonymity. The key idea behind the new approach is to hierarchically encrypt location information using RSA key pairs known as Endorsement Key (EK) and Attestation Identity Key (AIK), and distribute the appropriate keys only to Trusted Group of clients with the necessary permission. The trust-ability is measured based on Direct Anonymous Attestation (DAA) scheme supported by Trusted Platform Module (TPM) functionalities in terms of preserving anonymity, detecting rogue users/TPM and possible linkability complying with privacy requirements. We form Virtualized Secure Framework technique using TPM Emulator and TCG Software Stack (TSS) to simulate and make the accession to TPM much simpler while maintaining the functionality as well as provide Application Programming Interfaces (APIs).

[1]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[2]  Sabrina De Capitani di Vimercati,et al.  Access Control in Location-Based Services , 2009, Privacy in Location-Based Applications.

[3]  Chi Yin Chow,et al.  Privacy Preserving in Location Based Services , 2010, Encyclopedia of GIS.

[4]  Chris J. Mitchell,et al.  On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA) , 2008, TRUST.

[5]  Dong-Wan Kang,et al.  A study on migration scheme for a mobile trusted module , 2009, 2009 11th International Conference on Advanced Communication Technology.

[6]  Srinivasan Seshan,et al.  Quantifying and mitigating privacy threats in wireless protocols and services , 2009 .

[7]  Joshua D. Guttman,et al.  Attestation: Evidence and Trust , 2008, ICICS.

[8]  Thomas F. La Porta,et al.  A Flexible Privacy-Enhanced Location-Based Services System Framework and Practice , 2009, IEEE Transactions on Mobile Computing.

[9]  Jing Xu,et al.  A Method for Privacy Protection in Location Based Services , 2009, 2009 Ninth IEEE International Conference on Computer and Information Technology.

[10]  Michael Backes,et al.  Type-checking zero-knowledge , 2008, CCS.

[11]  Robert H. Deng,et al.  Remote attestation on program execution , 2008, STC '08.

[12]  Jiangtao Li,et al.  A Pairing-Based DAA Scheme Further Reducing TPM Resources , 2010, TRUST.

[13]  Kenneth G. Paterson,et al.  Challenges for Trusted Computing , 2008, IEEE Security & Privacy Magazine.

[14]  Lina Wang,et al.  A Direct Anonymous Attestation Protocol Based on Hierarchical Group Signature , 2009, 2009 International Conference on Computational Science and Engineering.

[15]  Mohamed Mokbel,et al.  Challenges in Preserving Location Privacy in Peer-to-Peer Environments , 2006, 2006 Seventh International Conference on Web-Age Information Management Workshops.

[16]  Anand S. Gajparia On User Privacy for Location-based Services , 2007 .

[17]  Sumeet Bajaj sbajaj TPM Trusted Platform Module , 2011, Encyclopedia of Cryptography and Security.

[18]  Zhou Yanzhou,et al.  A Remote Anonymous Attestation Scheme with Improved Privacy CA , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[19]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.

[20]  Chi-Yin Chow,et al.  Privacy in location-based services: a system architecture perspective , 2009, SIGSPACIAL.

[21]  Jingsha He,et al.  A Privacy-Enhanced Access Control Model , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[22]  Jiqiang Liu,et al.  A remote anonymous attestation protocol in trusted computing , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[23]  Daqing Zhang,et al.  A trustworthy framework for impromptu service discovery with mobile devices , 2007, Mobility '07.

[24]  Sushil Jajodia,et al.  Privacy in Location-Based Applications: Research Issues and Emerging Trends , 2009 .

[25]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[26]  Sucasas Iglesias,et al.  IMPLEMENTATION OF AN ANONYMOUS CREDENTIAL PROTOCOL , 2009 .

[27]  Ingrid Verbauwhede,et al.  Efficient implementation of anonymous credentials on Java Card smart cards , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).