Privacy-Preserving Location Assurance Protocols for Mobile Applications

Location-based applications require a user's location data to provide customized services. However, location data is a sensitive piece of information that should not be revealed unless strictly necessary which induces the emerging of a number of location privacy protection methods, such as anonymity and obfuscation. However, in many applications, one needs to verify the authenticity and other properties (e.g. inclusion to an area) of location data which becomes an intractable problem because of the using of location privacy protection. How to achieve both location assurance, i.e. assuring the authenticity and other properties of location data, and location privacy protection seems to be an intangible problem without complex trusted computing techniques.            By borrowing range proof techniques in cryptography, however, we achieve them both successfully with minimized trusted computing assumptions. The Pedersen commitment scheme is employed to give location data a commitment which would be used for possibly future location assurance. Area proof, testing whether a private location is within some area, is employed to test whether or not the location data having the commitment is within any definite area. Our system model do not rely on third trusted party and we give reasonable explanations for our system model and for the trusted computing assumptions.   We present a new range proof protocol and a new area proof protocol which are based on a new data structure, i.e. Perfect $k$-ary Tree (PKT). Some deeper properties of PKT are presented which are used to analyze our protocols' complexity. The analysis results show that our protocols are more efficient that the former and are flexible enough to support some existing mobile applications, such as tracking services and location-based access control.

[1]  Manachai Toahchoodee,et al.  On the formalization and analysis of a spatio-temporal role-based access control model , 2011, J. Comput. Secur..

[2]  Ivan Damgård,et al.  Efficient and Secure Comparison for On-Line Auctions , 2007, ACISP.

[3]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[4]  Alec Wolman,et al.  I am a sensor, and I approve this message , 2010, HotMobile '10.

[5]  Sabrina De Capitani di Vimercati,et al.  Privacy-enhanced Location-based Access Control , 2008, Handbook of Database Security.

[6]  Vladimir A. Oleshchuk,et al.  Location Privacy for Cellular Systems; Analysis and Solution , 2005, Privacy Enhancing Technologies.

[7]  Carmela Troncoso,et al.  PrETP: Privacy-Preserving Electronic Toll Pricing , 2010, USENIX Security Symposium.

[8]  Nicholas Hopper,et al.  Efficient Private Proximity Testing with GSM Location Sketches , 2012, Financial Cryptography.

[9]  Claudio Bettini,et al.  Pcube: A System to Evaluate and Test Privacy-Preserving Proximity Services , 2010, 2010 Eleventh International Conference on Mobile Data Management.

[10]  Sabrina De Capitani di Vimercati,et al.  Access Control in Location-Based Services , 2009, Privacy in Location-Based Applications.

[11]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[12]  S. Mauw,et al.  Implementation and validation of a Localisation Assurance service provider , 2012, 2012 6th ESA Workshop on Satellite Navigation Technologies (Navitec 2012) & European Workshop on GNSS Signals and Signal Processing.

[13]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[14]  Sanjit Chatterjee,et al.  A New Protocol for the Nearby Friend Problem , 2009, IMACC.

[15]  Jan Camenisch,et al.  Efficient Attributes for Anonymous Credentials , 2012, TSEC.

[16]  Chris Clifton,et al.  Practical and Secure Integer Comparison and Interval Check , 2010, 2010 IEEE Second International Conference on Social Computing.

[17]  Randal C. Burns,et al.  Where Have You Been? Secure Location Provenance for Mobile Devices , 2011, ArXiv.

[18]  Wen-Guey Tzeng,et al.  An Efficient Solution to the Millionaires' Problem Based on Homomorphic Encryption , 2005, ACNS.

[19]  Manachai Toahchoodee,et al.  A Spatio-temporal Role-Based Access Control Model , 2007, DBSec.

[20]  Kun Peng,et al.  Batch Range Proof for Practical Small Ranges , 2010, AFRICACRYPT.

[21]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[22]  Ian Goldberg,et al.  Louis, Lester and Pierre: Three Protocols for Location Privacy , 2007, Privacy Enhancing Technologies.

[23]  Urs Hengartner,et al.  Hiding Location Information from Location-Based Services , 2007, 2007 International Conference on Mobile Data Management.

[24]  Juan A. Garay,et al.  Practical and Secure Solutions for Integer Comparison , 2007, Public Key Cryptography.

[25]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[26]  Sushil Jajodia,et al.  Privacy in geo-social networks: proximity notification with untrusted service providers and curious buddies , 2010, The VLDB Journal.

[27]  Marco Gruteser,et al.  A privacy preserving system for friend locator applications , 2011, MobiWac '11.

[28]  Ian Goldberg,et al.  Formalizing Anonymous Blacklisting Systems , 2011, 2011 IEEE Symposium on Security and Privacy.

[29]  Sead Muftic,et al.  Location-Based Authentication and Authorization Using Smart Phones , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[30]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[31]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.

[32]  Kun Peng,et al.  A Secure and Efficient Proof of Integer in an Interval Range , 2011, IMACC.

[33]  Indrakshi Ray,et al.  Towards a location-based mandatory access control model , 2006, Comput. Secur..

[34]  Jun Pang,et al.  Selective Location Blinding Using Hash Chains , 2011, Security Protocols Workshop.