BlindLocationBlindLocation:: Supporting Supporting User Location Privacy in User Location Privacy in Mobile Database Using Mobile Database Using Blind SignatureBlind Signature

Source: Journal of Computer Science and Technology, reviewingImact Factor: 0.632Presenter: Yung-Chih Lu (呂勇志 ) Date: 2010/12/31

1

OutlineOutlineIntroductionRelated workProposed SchemeSecurity AnalysisPerformance EvaluationConclusionComment

2

Introduction Introduction (1/3)(1/3)

Mobile Database

3

Introduction Introduction (2/3)(2/3)

Location PrivacyLocation Privacy

4

UserDataba

se

Location-dependent queriesEx: find a restaurant

The answer depends on user’s location.

Introduction Introduction (3/3)(3/3)

Goal◦BlindLocation BlindLocation ◦Mutual Authentication◦Prevention

Insiders Attacks Outsiders Attacks

◦Low computation time

5

Related workRelated workECC Blind signature

6

Min-Shinang Hwang and Pei-Chen Sung, "A study of micro-payment based on one-way hash chain," International Journal of Network Security, vol.2, no.2, pp.81-90, 2006.

Proposed Scheme Proposed Scheme (1/2)(1/2)

Acquiring the anonymous token

7

User Database

A, t, c(x), HMAC(c(x), t, Ksh)

calculate x = h(Q) HMAC(c(x), t, ksh)

Verify SB(S’B(c(x)))?=c(x)calculate S’B(x)=c’(S’B(c(x)))

S’B(c(x))Verify HMAC(C(x), t, ksh) ?= HMAC(C(x), t, ksh)

calculate S’B(c(x))A: User’s ID t: timestamp Ksh: secret shared key

Q: Location based query S’B : DB’s private key c(.): blind signature

Proposed Scheme Proposed Scheme (2/2)(2/2)

Anonymous authentication using the token

8

User Database

S’B(x) ,Q

calculate SB(S’B(Result,S’B(x)))

S’B(Result,S’B(x)) Verify SB(S’B(x))? = h(Q)

A: User’s ID t: timestamp Ksh: secret shared keyQ: Location based query S’B : DB’s private key c(.): blind signature

Security Analysis Security Analysis (1/2)(1/2)

Insiders Attacks◦Location privacy violation

Solution: Psc = 1/m!

◦Embedding a known symbol Solution: verification

◦Information theft Solution: meaningless

◦Impersonation attack: Solution: secret shared key

9

Security Analysis Security Analysis (2/2)(2/2)

Outsiders Attacks◦Denial of Services (DOS) attack

Solutions memory : stateless CPU: limit the number of valid token requests

◦Replay attack: Solution: timestamp

◦Snooping attack: Solution: blind signature & encryption

◦Man-In-The-Middle Solution: verification

10

Performance Evaluation Performance Evaluation (1/2)(1/2)Computation time

11

Performance Evaluation Performance Evaluation (2/2)(2/2)Comparison summaries

12

ConclusionConclusionSolve the location privacy

problemThe quality of service is not

forfeited

13

Comment Comment (1/2)(1/2)

本文主要貢獻簡述：◦提供一個機率上有效的 location privacy

優點：◦適切的應用 blind signature, 達到

location privacy又不損資料庫提供查詢服務的能力

缺點：◦在 Computation time中未與它篇論文比較

14

Comment Comment (2/2)(2/2)

明顯錯誤 ( 含 typos):◦第５頁表１ ,reslut應改成 result.◦第１９頁表３ , 符號Q 定義混淆 .◦論文架構有誤 , Related work應移至

Introduction之後 .◦論文章節未標示清楚

15