Supporting User Privacy in Location Based Services

To offer location based services, service providers need to have access to Location Information (LI) regarding the users which they wish to serve; this is a potential privacy threat. We propose the use of constraints, i.e. statements limiting the use and distribution of LI, that are securely bound to the LI, as a means to reduce this threat. Constraints may themselves reveal information to any potential LI user-that is, the constraints themselves may also be a privacy threat. To address this problem we introduce the notion of a LI Preference Authority (LIPA). A LIPA is a trusted party which can examine LI constraints and make decisions about LI distribution without revealing the constraints to the entity requesting the LI. This is achieved by encrypting both the LI and the constraints with a LIPA encryption key, ensuring that the LI is only revealed at the discretion of the LIPA.

[1]  Chris Wullems,et al.  Enhancing the security of Internet applications using location: a new model for tamper-resistant GSM location , 2003, Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003.

[2]  Wei-Pang Yang,et al.  Enhanced privacy and authentication for the global system for mobile communications , 1999, Wirel. Networks.

[3]  Chris J. Mitchell,et al.  User's Guide To Cryptography And Standards , 2004 .

[4]  Alois Potton Spam , 2003, PIK Prax. Informationsverarbeitung Kommun..

[5]  Chris J. Mitchell,et al.  User's Guide To Cryptography And Standards (Artech House Computer Security) , 2004 .

[6]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[7]  Nigel Davies,et al.  Preserving Privacy in Environments with Location-Based Applications , 2003, IEEE Pervasive Comput..

[8]  Stephen T. Kent,et al.  A public-key based secure mobile IP , 1997, MobiCom '97.

[9]  Eija Kaasinen,et al.  User needs for location-aware mobile services , 2003, Personal and Ubiquitous Computing.

[10]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[11]  Marco Gruteser,et al.  Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative Analysis , 2003, WMASH '03.

[12]  Christian Schwingenschlögl,et al.  Geocast enhancements of AODV for vehicular networks , 2002, MOCO.

[13]  Michael Roe,et al.  Security of Internet location management , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[14]  Deirdre K. Mulligan,et al.  Geopriv Requirements , 2004, RFC.

[15]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .