88,770 research outputs found
Decentralized collaborative TTP free approach for privacy preservation in location based services
In recent trends, growth of location based services have been increased due to the large usage of cell phones, personal digital assistant and other devices like location based navigation, emergency services, location based social networking, location based advertisement, etc. Users are provided with important information based on location to the service provider that results the compromise with their personal information like userâs identity, location privacy etc. To achieve location privacy of the user, cryptographic technique is one of the best technique which gives assurance. Location based services are classified as Trusted Third Party (TTP) & without Trusted Third Party that uses cryptographic approaches. TTP free is one of the prominent approach in which it uses peer-to-peer model. In this approach, important users mutually connect with each other to form a network to work without the use of any person/server. There are many existing approaches in literature for privacy preserving location based services, but their solutions are at high cost or not supporting scalability. In this paper, our aim is to propose an approach along with algorithms that will help the location based services (LBS) users to provide location privacy with minimum cost and improve scalability
Privacy Preserving Location-Based Client-Server Service Using Standard Cryptosystem
Location-Based Mobile Services (LBMS) is rapidly gaining ground and becoming increasingly popular, because of the variety of efficient and personalized services it offers. However, if users are not guaranteed their privacy and there is no assurance of genuineness of server\u27s response, the use of these services would be rendered useless and could deter its growth in mobile computing. This paper aims to provide confidentiality and integrity for communication that occurs between users and location service providers. A practical system that guarantees a user\u27s privacy and integrity of server\u27s response, using a cryptographic scheme with no trusted intermediary, is provided. This scheme also employs the use of symmetric and asymmetric encryption algorithms to ensure secure message and key transfer. In order to overcome the problem of computational complexities with these algorithms, AES-256 is used to encrypt the message and user\u27s location. Several researches have been done in this category but there is still no system that checks the integrity of server\u27s response. The proposed scheme is resistant to a range of susceptible attacks, because it provides a detailed security analysis and, when compared with related work, shows that it can actually guarantee privacy and integrity with faster average response time and higher throughput in LBMS
Mobile User\u27s Privacy Decision Making: Integrating Economic Exchange and Social Justice Perspectives
Recent advances in wireless computing and communication have led to the proliferation of location-based services (LBS). While LBS offer users the flexibility of accessing network services on the move, potential privacy violations have emerged as a contentious issue because details of user identities, movements and behaviors are available to LBS providers. Drawing on the economic exchange and social justice theories, this research addresses privacy issues by examining key mechanisms that can alleviate usersâ privacy concerns. A theoretical framework is developed to link three privacy assurance mechanisms (technology control, industry self-regulation, and government legislation) to the individual privacy decision making process. In addition, as the individual privacy decision making is usually dynamic and context-specific, the research model will be tested in three different contexts with three different types of LBS applications (safety, advertising, and social networking applications). This research contributes to a better understanding of the dynamic and dialectic nature of information privacy through a combination of theoretical and empirical research efforts. The interplay between social and technological issues associated with the privacy assurance will be the interests for application developers, service providers and policy makers
PRIVACY ASSURANCE AND NETWORK EFFECTS IN THE ADOPTION OF LOCATION-BASED SERVICES: AN IPHONE EXPERIMENT
The use of geospatially aware mobile devices and applications is increasing, along with the potential for the unethical use of personal location information. For example, iPhone apps often ask users if they can collect location data in order to make the program more useful. The purpose of this research is to empirically examine the significance of this new and increasingly relevant privacy dimension. Through a simulation experiment, we examine how the assurance of location information privacy (as well as mobile app quality and network size) influences users\u27 perceptions of location privacy risk and the utility associated with the app which, in turn, affects their adoption intentions and willingness-to-pay for the app. The results indicate that location privacy assurance is of great concern and that assurance is particularly important when the appâs network size is low or if its quality cannot be verified
On User Privacy for Location-based Services
This thesis investigates user privacy concerns associated with
the use of location based services. We begin by introducing
various privacy schemes relevant to the use of location based
services.
We introduce the notion of constraints, i.e. statements
limiting the use and dis tribution of Location Information
(LI), i.e. data providing information regarding a subject's
location. Constraints can be securely bound to LI, and are
designed to reduce threats to privacy by controlling its
dissemination and use. The various types of constraint which
may be required are also considered. The issues and risks with
the possible use of constraints are discussed, as are possible
solutions to these hazards.
To address some of the problems that have been identified with
the use of constraints, we introduce the notion of an LI
Preference Authority (LIPA). A LIPA is a trusted party which
can examine LI constraints and make decisions about LI
distribution without revealing the constraints to the entity
requesting the LI. This is achieved by encrypting both the LI
and the constraints with a LIPA encryption key, ensuring that
the LI is only revealed at the discretion of the LIPA. We
further show how trusted computing can be used to enhance
privacy for LI. We focus on how the mechanisms in the Trusted
Computing Group specifications can be used to enable the holder
of LI to verify the trustworthiness of a remote host before
transferring the LI to that remote device. This provides
greater assurance to end users that their expressed preferences
for the handling of personal information will be respected.
The model for the control of LI described in this thesis has
close parallels to models controlling the dissemination and use
of other personal information. In particular, Park and Sandhu
have developed a general access control model intended to
address issues such as Digital Rights Management, code
authorisation, and the control of personal data. We show how
our model for LI control fits into this general access control
model.
We present a generic service which allows a device to discover
the location of other devices in ad hoc networks. The
advantages of the service are discussed in several scenarios,
where the reliance on an infrastructure such as GPS satellites
or GSM cellular base stations is not needed. An outline of the
technology which will be needed to realise the service is
given, along with a look at the security issues which surround
the use of this location discovery service.
Finally, we provide conclusions and suggestions for future
work
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but
storing these keys securely is a challenge, especially if they are used from
multiple devices. Storing keys in a centralized location, like an
Internet-accessible server, raises serious security concerns (e.g. server
compromise). Hardware-based Trusted Execution Environments (TEEs) are a
well-known solution for protecting sensitive data in untrusted environments,
and are now becoming available on commodity server platforms.
Although the idea of protecting keys using a server-side TEE is
straight-forward, in this paper we validate this approach and show that it
enables new desirable functionality. We describe the design, implementation,
and evaluation of a TEE-based Cloud Key Store (CKS), an online service for
securely generating, storing, and using personal cryptographic keys. Using
remote attestation, users receive strong assurance about the behaviour of the
CKS, and can authenticate themselves using passwords while avoiding typical
risks of password-based authentication like password theft or phishing. In
addition, this design allows users to i) define policy-based access controls
for keys; ii) delegate keys to other CKS users for a specified time and/or a
limited number of uses; and iii) audit all key usages via a secure audit log.
We have implemented a proof of concept CKS using Intel SGX and integrated this
into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation
performs approximately 6,000 signature operations per second on a single
desktop PC. The latency is in the same order of magnitude as using
locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on
Security, Privacy, and Identity Management in the Cloud (SECPID) 201
Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061
The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts
Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received
funding from the European Unionâs Horizon 2020 research
and innovation programme under grant agreement No 644429
and No 780351, MUSA project and ENACT project,
respectively. We would also like to acknowledge all the
members of the MUSA Consortium and ENACT Consortium
for their valuable help
- âŠ