Blind Location Supporting User Location Privacy in Mobile

Blind. Location: Supporting User Location Privacy in Mobile Database Using Blind Signature Source: Journal of Computer Science and Technology, reviewing Imact Factor: 0. 632 Presenter: Yung-Chih Lu (呂勇志) Date: 2010/12/31 1

Outline Introduction Related work Proposed Scheme Security Analysis Performance Evaluation Conclusion Comment 2

Introduction (1/3) Mobile Database 3

Introduction (2/3) Location Privacy Location-dependent queries Ex: find a restaurant User Databas e The answer depends on user’s location. 4

Introduction (3/3) Goal ◦ Blind. Location ◦ Mutual Authentication ◦ Prevention Insiders Attacks Outsiders Attacks ◦ Low computation time 5

Related work Min-Shinang Hwang and Pei-Chen Sung, "A study of micropayment based on one-way hash chain, " International Journal of Network Security, vol. 2, no. 2, pp. 81 -90, 2006. ECC Blind signature 6

Proposed Scheme (1/2) Acquiring the anonymous token Databas e User calculate 　x = h(Q) 　HMAC(c(x), t, ksh) A, t, c(x), HMAC(c(x), t, Ksh) S’B(c(x)) Verify 　SB(S’B(c(x)))? =c(x) calculate 　S’B(x)=c’(S’B(c(x))) Verify 　HMAC(C(x), t, ksh) 　? = 　HMAC(C(x), t, ksh) calculate 　S’B(c(x)) A: User’s ID t: timestamp Ksh: secret shared key Q: Location based query S’B : DB’s private key c(. ): blind signature 7

Proposed Scheme (2/2) Anonymous token authentication using the Databas e User S’B(x) , Q S’B(Result, S’B(x)) calculate　 SB(S’B(Result, S’B(x))) Verify 　SB(S’B(x))? = h(Q) A: User’s ID t: timestamp Ksh: secret shared key Q: Location based query S’B : DB’s private key c(. ): blind signature 8

Security Analysis (1/2) Insiders Attacks ◦ Location privacy violation Solution: Psc = 1/m! ◦ Embedding a known symbol Solution: verification ◦ Information theft Solution: meaningless ◦ Impersonation attack: Solution: secret shared key 9

Security Analysis (2/2) Outsiders Attacks ◦ Denial of Services (DOS) attack Solutions memory : stateless CPU: limit the number of valid token requests ◦ Replay attack: Solution: timestamp ◦ Snooping attack: Solution: blind signature & encryption ◦ Man-In-The-Middle Solution: verification 10

Performance Evaluation (1/2) Computation time 11

Performance Evaluation (2/2) Comparison summaries 12

Conclusion Solve the location privacy problem The quality of service is not forfeited 13