Transaction pseudonyms in mobile environments

Network Operators start to offer formerly hidden services such as location service, messaging services and presence services. This fosters the development of a new class of innovative context aware applications that are operated by third party application providers. However, without the implementation of proper privacy protection mechanisms, location and presence information, that is processed by third party application providers, may also imply severe risks to users. If no privacy protection is foreseen, the user’s identity could be used maliciously which renders such applications dangerous. To protect the user’s sensitive data such as location information we propose a novel service architecture which fosters the development of innovative applications that brings together internet applications with telco services. An underlying privacy enhancing mechanism that is based on the notion of pseudonyms allows even untrusted third party application providers to access sensitive data provided by telco services such as location, presence or messaging services. Due to their high security, pseudonyms guarantee that the user’s identity is kept secret towards the untrusted application providers. Due to its low computational complexity this pseudonym generation scheme can also be implemented on devices such as mobile phones and digital assistants with only little computational power and restricted memory capabilities. To illustrate our approach, we demonstrate a transportation ticket application that implements the proposed service architecture. This application allows the use of transportation tickets which are extended by the location-tracking functionality. Similar to the well known paper based transportation tickets our solution supports anonymity of users even if the ticket application “knows” the location of the holder.

[1]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.

[2]  Marco Gruteser,et al.  USENIX Association , 1992 .

[3]  S. Fischer-h bner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[4]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[5]  Markulf Kohlweiss,et al.  Privacy for Profitable Location Based Services , 2005, SPC.

[6]  Alastair R. Beresford,et al.  Location privacy in ubiquitous computing , 2005 .

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  M. Weiser The Computer for the Twenty-First Century , 1991 .

[9]  Gerald Quirchmayr,et al.  A Privacy Enhancing Service Architecture for Ticket-based Mobile Applications , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[12]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[13]  Dix Alan,et al.  A lightweight approach to managing privacy in location-based services, Equator-02-058 , 2002 .

[14]  Iris A. Junglas,et al.  A Research Model for Studying Privacy Concerns Pertaining to Location-Based Services , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.