Decentralized collaborative TTP free approach for privacy preservation in location based services

In recent trends, growth of location based services have been increased due to the large usage of cell phones, personal digital assistant and other devices like location based navigation, emergency services, location based social networking, location based advertisement, etc. Users are provided with important information based on location to the service provider that results the compromise with their personal information like user’s identity, location privacy etc. To achieve location privacy of the user, cryptographic technique is one of the best technique which gives assurance. Location based services are classified as Trusted Third Party (TTP) & without Trusted Third Party that uses cryptographic approaches. TTP free is one of the prominent approach in which it uses peer-to-peer model. In this approach, important users mutually connect with each other to form a network to work without the use of any person/server. There are many existing approaches in literature for privacy preserving location based services, but their solutions are at high cost or not supporting scalability.  In this paper, our aim is to propose an approach along with algorithms that will help the location based services (LBS) users to provide location privacy with minimum cost and improve scalability

Privacy Preserving Location-Based Client-Server Service Using Standard Cryptosystem

Location-Based Mobile Services (LBMS) is rapidly gaining ground and becoming increasingly popular, because of the variety of efficient and personalized services it offers. However, if users are not guaranteed their privacy and there is no assurance of genuineness of server\u27s response, the use of these services would be rendered useless and could deter its growth in mobile computing. This paper aims to provide confidentiality and integrity for communication that occurs between users and location service providers. A practical system that guarantees a user\u27s privacy and integrity of server\u27s response, using a cryptographic scheme with no trusted intermediary, is provided. This scheme also employs the use of symmetric and asymmetric encryption algorithms to ensure secure message and key transfer. In order to overcome the problem of computational complexities with these algorithms, AES-256 is used to encrypt the message and user\u27s location. Several researches have been done in this category but there is still no system that checks the integrity of server\u27s response. The proposed scheme is resistant to a range of susceptible attacks, because it provides a detailed security analysis and, when compared with related work, shows that it can actually guarantee privacy and integrity with faster average response time and higher throughput in LBMS

Mobile User\u27s Privacy Decision Making: Integrating Economic Exchange and Social Justice Perspectives

Recent advances in wireless computing and communication have led to the proliferation of location-based services (LBS). While LBS offer users the flexibility of accessing network services on the move, potential privacy violations have emerged as a contentious issue because details of user identities, movements and behaviors are available to LBS providers. Drawing on the economic exchange and social justice theories, this research addresses privacy issues by examining key mechanisms that can alleviate users’ privacy concerns. A theoretical framework is developed to link three privacy assurance mechanisms (technology control, industry self-regulation, and government legislation) to the individual privacy decision making process. In addition, as the individual privacy decision making is usually dynamic and context-specific, the research model will be tested in three different contexts with three different types of LBS applications (safety, advertising, and social networking applications). This research contributes to a better understanding of the dynamic and dialectic nature of information privacy through a combination of theoretical and empirical research efforts. The interplay between social and technological issues associated with the privacy assurance will be the interests for application developers, service providers and policy makers

PRIVACY ASSURANCE AND NETWORK EFFECTS IN THE ADOPTION OF LOCATION-BASED SERVICES: AN IPHONE EXPERIMENT

The use of geospatially aware mobile devices and applications is increasing, along with the potential for the unethical use of personal location information. For example, iPhone apps often ask users if they can collect location data in order to make the program more useful. The purpose of this research is to empirically examine the significance of this new and increasingly relevant privacy dimension. Through a simulation experiment, we examine how the assurance of location information privacy (as well as mobile app quality and network size) influences users\u27 perceptions of location privacy risk and the utility associated with the app which, in turn, affects their adoption intentions and willingness-to-pay for the app. The results indicate that location privacy assurance is of great concern and that assurance is particularly important when the app’s network size is low or if its quality cannot be verified

On User Privacy for Location-based Services

This thesis investigates user privacy concerns associated with the use of location based services. We begin by introducing various privacy schemes relevant to the use of location based services. We introduce the notion of constraints, i.e. statements limiting the use and dis tribution of Location Information (LI), i.e. data providing information regarding a subject's location. Constraints can be securely bound to LI, and are designed to reduce threats to privacy by controlling its dissemination and use. The various types of constraint which may be required are also considered. The issues and risks with the possible use of constraints are discussed, as are possible solutions to these hazards. To address some of the problems that have been identified with the use of constraints, we introduce the notion of an LI Preference Authority (LIPA). A LIPA is a trusted party which can examine LI constraints and make decisions about LI distribution without revealing the constraints to the entity requesting the LI. This is achieved by encrypting both the LI and the constraints with a LIPA encryption key, ensuring that the LI is only revealed at the discretion of the LIPA. We further show how trusted computing can be used to enhance privacy for LI. We focus on how the mechanisms in the Trusted Computing Group specifications can be used to enable the holder of LI to verify the trustworthiness of a remote host before transferring the LI to that remote device. This provides greater assurance to end users that their expressed preferences for the handling of personal information will be respected. The model for the control of LI described in this thesis has close parallels to models controlling the dissemination and use of other personal information. In particular, Park and Sandhu have developed a general access control model intended to address issues such as Digital Rights Management, code authorisation, and the control of personal data. We show how our model for LI control fits into this general access control model. We present a generic service which allows a device to discover the location of other devices in ad hoc networks. The advantages of the service are discussed in several scenarios, where the reliance on an infrastructure such as GPS satellites or GSM cellular base stations is not needed. An outline of the technology which will be needed to realise the service is given, along with a look at the security issues which surround the use of this location discovery service. Finally, we provide conclusions and suggestions for future work

Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users receive strong assurance about the behaviour of the CKS, and can authenticate themselves using passwords while avoiding typical risks of password-based authentication like password theft or phishing. In addition, this design allows users to i) define policy-based access controls for keys; ii) delegate keys to other CKS users for a specified time and/or a limited number of uses; and iii) audit all key usages via a secure audit log. We have implemented a proof of concept CKS using Intel SGX and integrated this into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation performs approximately 6,000 signature operations per second on a single desktop PC. The latency is in the same order of magnitude as using locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID) 201

Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061

The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts

Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help