ABSTRACT
In this paper we describe an architecture that supports the secure operation of Location Based Services (LBSs) over the Internet. In particular, we describe a three-party protocol that is used to mutually identify and authenticate users, LBSs, and a trusted middleware infrastructure that is responsible for managing the users' identity and location information. This authentication protocol is based upon the X.509 two-way authentication protocol and a mediated identity based cryptography system, and it enables users to identify and authenticate themselves to the infrastructure using their real identities. In order to preserve the users' privacy, they can identify and authenticate themselves to the LBSs using pseudonyms. This protocol can be subsequently used to exchange messages containing location information, and the confidentiality, integrity, and non-repudiation of these messages can be demonstrated.
- Directive 2002/58/EC of The European Parliament and of The Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). European Union, July 2002.]]Google Scholar
- Extensible Markup Language (XML) 1.0 (Fourth Edition). W3C Recommendation, August 2006.]]Google Scholar
- Information Technology - Open Systems Interconnection - The Directory: Authentication Framework. Recommendation X.509, ITU, 1997.]]Google Scholar
- Issues Relating To Business And Consumer E-Commerce. Special Eurobarometer, European Opinion Research Group EEIG, March 2004.]]Google Scholar
- J. Baek and Y. Zheng. Identity-Based Threshold Decryption. In Proceedings of PKC'04, volume 2947 of Lecture Notes in Computer Science, pages 262--276. Springer-Verlag, March 2004.]]Google Scholar
- L. Barkhuus and A. Dey. Location-Based Services for Mobile Telephony: a study of users' privacy concerns. In Proceedings of IFIP INTERACT03: Human-Computer Interaction, page 709. IFIP Technical Committee No 13 on Human-Computer Interaction, 2003.]]Google Scholar
- A. R. Beresford and F. Stajano. Location Privacy in Pervasive Computing. IEEE Pervasive Computing, 2(1):46--55, 2003.]] Google ScholarDigital Library
- T. Berners-Lee, L. Masinter, and M. McCahill. Uniform Resource Locators (URL). RFC 1738, IETF Network Working Group, December 1994.]] Google ScholarDigital Library
- H. Bharadvaj, A. Joshi, and S. Auephanwiriyakul. An Active Transcoding Proxy to Support Mobile Web Access. In Symposium on Reliable Distributed Systems, pages 118--123, 1998.]] Google ScholarDigital Library
- C. Brooks, M. S. Mazer, S. Meeks, and J. Miller. Application-Specific Proxy Servers as HTTP Stream Transducers. In Proceedings of the 4th International World Wide Web Conference, pages 539--548, 1995.]]Google Scholar
- M. Brunato and R. Battiti. PILGRIM: A Location Broker and Mobility-Aware Recommendation System. In PERCOM '03: Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, page 265, Washington, DC, USA, 2003. IEEE Computer Society.]] Google ScholarDigital Library
- T. Candebat. A Secure Architecture enabling End-User Privacy in the context of Commercial Wide-Area Location-enhanced Web Services. PhD thesis, Faculty of Engineering and Computing, School of Computing, Dublin City University, Dublin, Ireland, July 2005.]]Google Scholar
- T. Candebat and D. T. Gray. Secure Pseudonym Management Using Mediated Identity-Based Encryption. Journal of Computer Security, 14(3):249--267, 2006.]] Google ScholarDigital Library
- X. Cheng, L. Guo, and X. Wang. An Identity-based Mediated Signature Scheme from Bilinear Pairing. International Journal of Network Security, 2(1):29--33, January 2006.]]Google Scholar
- K. Cheverst, N. Davies, K. Mitchell, and A. Friday. Experiences of developing and deploying a context-aware tourist guide: the GUIDE project. In MobiCom '00: Proceedings of the 6th annual international conference on Mobile computing and networking, pages 20--31, New York, NY, USA, 2000. ACM.]] Google ScholarDigital Library
- G. Danezis, S. Lewis, and R. Anderson. How Much is Location Privacy Worth? In Fourth Workshop on the Economics of Information Security, June 2005.]]Google Scholar
- A. Escudero-Pascual and J. Maguire, G. Q. Role(s) of a proxy in location based services. In Personal, Indoor and Mobile Radio Communications, 2002. The 13th IEEE International Symposium on, volume 3, pages 1252--1256, Sept. 2002.]]Google Scholar
- R. T. Fielding, J. Gettys, J. C. Mogul, H. F. Nielsen, L. Masinter, P. J. Leach, and T. Berners-Lee. Hypertext Transfer Protocol - HTTP/1.1. RFC 2616, IETF Network Working Group, June 1999.]] Google ScholarDigital Library
- M. Gruteser and D. Grunwald. Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In MobiSys '03: Proceedings of the 1st international conference on Mobile systems, applications and services, pages 31--42, New York, NY, USA, 2003. ACM.]] Google ScholarDigital Library
- C. Hauser and M. Kabatnik. Towards Privacy Support in a Global Location Service. In IFIP Workshop on IP and ATM Traffic Management, pages 81--89, 2001.]]Google Scholar
- F. Hess. Efficient Identity Based Signature Schemes Based on Pairings. In SAC '02: Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography, pages 310--324, London, UK, 2003. Springer-Verlag.]] Google ScholarDigital Library
- A. Pfitzmann and M. Hansen. Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology. Technische Universität Dresden, Version v0.31, 15/2/2008.]]Google Scholar
- A. Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO 84 on Advances in cryptology, pages 47--53, New York, NY, USA, 1985. Springer-Verlag New York, Inc.]] Google ScholarDigital Library
Index Terms
- A three-party architecture and protocol that supports users with multiple identities for use with location based services
Recommendations
Anonymity preserving framework for location-based information services
MEDES '10: Proceedings of the International Conference on Management of Emergent Digital EcoSystemsRecently, location based services (LBS) have become more important in today technology advancements. Privacy issue in LBS is one of the most important concerns. In this paper, we have proposed an anonymity preserving framework which can provide a user ...
An Almost-Optimally Fair Three-Party Coin-Flipping Protocol
In a multiparty fair coin-flipping protocol, the parties output a common (close to) unbiased bit, even when some corrupted parties try to bias the output. Cleve [in Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC), ACM, New York, ...
Provably secure three-party password-based authenticated key exchange protocol
A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve ''heuristic'' security; the underlying hardness assumptions ...
Comments