Defending Location Privacy Using Zero Knowledge Proof Concept in Location Based Services
23 Jul 2012-pp 368-371
TL;DR: In this article, the authors explored the use of zero knowledge proof for authentication and authorization in the domain of location based services and presented correspondence between the authentication techniques used in above said architecture and zero-knowledge proof technique.
Abstract: The increasing trend of embedding positioning capabilities (e.g., GPS) in mobile devices facilitates the widespread use of Location Based Services. For such applications to succeed, privacy and confidentiality are key issues. Over all privacy will have to be managed through a combination of technology, legislation, corporate policy, and social norms. There are many data privacy schemes including Zero Knowledge Proof (ZKP) those can be used for location privacy. ZKP is also useful for removing the bottleneck problem introduced by use of trusted third party. In the earlier work, authors proposed the concept of middleware architecture in which, request and response are not routed through middleware for every transaction. This has reduced the dependency on middleware. This paper presents correspondence between the authentication techniques used in above said architecture and zero knowledge proof technique. Use of the concept of zero knowledge proof for authentication and authorization in the domain of location based services is also explored.
Citations
More filters
TL;DR: This comprehensive research review will provide the challenge of protecting the privacy of user’s location in MCC; analyze several related works regarding the issue; and suggests possible solutions related to the issue, in light of few shortcomings which still needs attention.
Abstract: One of the recent trends of networking and mobile technology is mobile cloud computing (MCC) that provides rich computational, storage resources and services in clouds to mobile users. MCC applications provide a variety of services to users and one of them is the location-based services (LBS) applications that are widely spread. By using mobile applications and LBS, mobile devices act as a thin client where the abundant data locations are collected and stored at the mobile cloud to provide corresponding services. Privacy of the user’s location has been a renewed research interest and extensively studied in recent years. However, privacy is one of the most important challenges in MCC because the user’s location on mobile devices is offloaded from mobile devices to cloud providers which can be utilized by third parties. Since protecting the privacy of the user is the key to maintain the trust on the mobile environment. LBS faces issues in protecting privacy such as, the privacy of user’s current location, which may contain private information. In case, if the user’s current location is compromised through unauthorized access, it possibly results in severe consequences. Therefore, protecting location privacy of the user while achieving precise location is still a challenge in MCC. This comprehensive research review will provide the challenge of protecting the privacy of user’s location in MCC; analyze several related works regarding the issue. In addition, it suggests possible solutions related to the issue, in lighted few shortcomings which still needs attention with few related case studies.
83 citations
09 Sep 2014
TL;DR: It is found these services do not fall within the scope of existing legislation regarding the privacy of health data, and a set of criteria is presented which would preserve user privacy, and avoid the concerns identified within the policies of the services investigated.
Abstract: With the recent rise in popularity of wearable personal health monitoring devices, a number of concerns regarding user privacy are raised, specifically with regard to how the providers of these devices make use of the data obtained from these devices, and the protections that user data enjoys. With waterproof monitors intended to be worn 24 hours per day, and companion smartphone applications able to offer analysis and sharing of activity data, we investigate and compare the privacy policies of four services, and the extent to which these services protect user privacy, as we find these services do not fall within the scope of existing legislation regarding the privacy of health data. We then present a set of criteria which would preserve user privacy, and avoid the concerns identified within the policies of the services investigated.
66 citations
Cites background from "Defending Location Privacy Using Ze..."
...This is demonstrated, in the context of preservation of user privacy in location-based services, in [10]....
[...]
27 Mar 2014
TL;DR: This paper is an attempt for presenting an approach to data handling and tracking of vehicle by using SPSS (A Statistical Tool), a well known fact that the information can be generated through related and valid data.
Abstract: Critical role is being played by data related handling in providing efficient working environment for any organization or system. The Tracking related services are being used by various persons and organizations for facilitating day to day working of business. The continuous work and research has done by service providers and researchers for providing exact and efficient information to users of Vehicle Tracking Systems. This is a well known fact that the information can be generated through related and valid data. The need is to handle the received data carefully so that the users could get relevant and exact information. This paper is an attempt for presenting an approach to data handling and tracking of vehicle by using SPSS (A Statistical Tool). The overall scenario starting from data received through GPS device to tracking of the vehicle with position and movement through SPSS is being reflected in this paper.
20 citations
TL;DR: Two anonymous authentication schemes based on one-time pseudonymes and Schnorr Zero Knowledge Protocols are proposed that thwart security and privacy attacks, and the performance evaluation shows that the proposed handover schemes impose a small overhead on the mobile nodes and it has smaller computation and communication overheads than those in other schemes.
20 citations
Cites background from "Defending Location Privacy Using Ze..."
...The second scheme, the Zero knowledge authentication scheme, is suitable for the handover procedure where there are two evolving entities, eNBs, that need to verify each other as a prover and verifier [6]....
[...]
TL;DR: Wang et al. as discussed by the authors survey and evaluate existing and emerging privacy issues relating to sharing services from various perspectives, and conclude the issues and solutions from three perspectives, namely, from users', platforms' and service providers' perspectives.
Abstract: Fast development of shared services has become a crucial part of the cyber-enabled world construction process, as sharing services reinvent how people exchange and obtain goods or services. However, privacy leakage or disclosure remains a key concern during the sharing service development process. While significant efforts have been undertaken to address various privacy issues in recent years, there is a surprising lack of review for privacy concerns in the cyber-enabled sharing world. To bridge the gap, in this paper, we survey and evaluate existing and emerging privacy issues relating to sharing services from various perspectives. Differing from existing similar works on surveying sharing practices in various fields, our work comprehensively covers six branches of sharing services in the cyber-enabled world and selects solutions mostly from the recent five to six years. We conclude the issues and solutions from three perspectives, namely, from users’, platforms’ and service providers’ perspectives. Hot topics and less discussed (cold) topics are identified, which provides hints to researchers for their future studies.
18 citations
References
More filters
10 Nov 2006
233 citations
"Defending Location Privacy Using Ze..." refers background in this paper
...Although there are PIR approaches for strict privacy but their complexity and high pre processing requirement make them incongruous for use....
[...]
...It also doesn’t consider the ticket clearance scenarios where the credential Center is not available due to any unforeseen reason [4]....
[...]
...The ticket based service access scheme for the mobile users proposed by Hua Wang, Jinli Cao and yanchuan Zhang discusses about the mobile databases accessed across multiple service domains anonymously [4]....
[...]
Proceedings Article•
01 Jan 2009TL;DR: This work proposes a client-centered approach of plausibly deniable search, using a Latent Semantic Indexing (LSI) based approach to generate queries, and evaluates on the DMOZ webpage collection to show effectiveness of the proposed approach.
Abstract: Query-based web search is an integral part of many people’s daily activities. Most do not realize that their search history can be used to identify them (and their interests). In July 2006, AOL released an anonymized search query log of some 600K randomly selected users. While valuable as a research tool, the anonymization was insufficient: individuals were identified from the contents of the queries alone [2]. Government requests for such logs increases the concern. To address this problem, we propose a client-centered approach of plausibly deniable search. Each user query is substituted with a standard, closely-related query intended to fetch the desired results. In addition, a set of k-1 cover queries are issued; these have characteristics similar to the standard query but on unrelated topics. The system ensures that any of these k queries will produce the same set of k queries, giving k possible topics the user could have been searching for. We use a Latent Semantic Indexing (LSI) based approach to generate queries, and evaluate on the DMOZ [10] webpage collection to show effectiveness of the proposed approach.
68 citations
"Defending Location Privacy Using Ze..." refers background in this paper
...This act has the support of a broad coalition of consumer protection and anti-stalking advocacy groups....
[...]
13 Apr 2010
TL;DR: A framework is proposed that supports the need for changing the rule and policy combination algorithms dynamically based on contextual information and also eliminates the need to recompose policies if the owner decides to change the combination algorithm.
Abstract: Policy-based authorization systems are becoming more common as information systems become larger and more complex. In these systems, to authorize a requester to access a particular resource, the authorization system must verify that the policy authorizes the access. The overall authorization policy may consist of a number of policy groups, where each group consists of policies defined by different entities. Each policy contains a number of authorization rules. The access request is evaluated against these policies, which may produce conflicting authorization decisions. To resolve these conflicts and to reach a unique decision for the access request at the rule and policy level, rule and policy combination algorithms are used. In the current systems, these rule and policy combination algorithms are defined on a static basis during policy composition, which is not desirable in dynamic systems with fast changing environments.In this paper, we motivate the need for changing the rule and policy combination algorithms dynamically based on contextual information. We propose a framework that supports this functionality and also eliminates the need to recompose policies if the owner decides to change the combination algorithm. It provides a novel method to dynamically add and remove specialized policies, while retaining the clarity and modularity in the policies. The proposed framework also provides a mechanism to reduce the set of potential target matches, thereby increasing the efficiency of the evaluation mechanism. We developed a prototype system to demonstrate the usefulness of this framework by extending some basic capabilities of the XACML policy language. We implemented these enhancements by adding two specialized modules and several new combination algorithms to the Sun XACML engine.
50 citations
DOI•
01 Jan 2002TL;DR: In this article, a ticket-based service access model that allows anonymous service usage in mobile application and access is presented, where the service provider can avoid roaming to multiple service domains, only contacting the Credential Centre to check the user's certification.
Abstract: Security is one of the important issues in mobile computing, especially in mobile database systems since mobile environments are dynamic and traditional protection mechanisms do not work very well in such environments For mobile database access across multiple service domains, the traditional access mechanisms rely on the concept of starting home location and cross domain authentication using roaming agreements However, the cross domain authentications will involve many complicated authentication activities when the roam path is long This limits the future mobile applicationsThis paper presents a global solution for all kinds of mobile services, by a ticket-based service access model that allows anonymous service usage in mobile application and access The service provider can avoid roaming to multiple service domains, only contacting the Credential Centre to check the user's certification The user can preserve anonymity and read a clear record of charges in the Credential Centre at anytime Furthermore, the identity of misbehaving users can be revealed by a Trusted Centre
44 citations
01 Dec 2009
20 citations
"Defending Location Privacy Using Ze..." refers background in this paper
...Researchers have come up with an excellent taxonomy of the many available location privacy preserving systems....
[...]