blindlocation : supporting user location privacy in mobile database using blind signature
Post on 02-Jan-2016
45 Views
Preview:
DESCRIPTION
TRANSCRIPT
BlindLocationBlindLocation:: Supporting Supporting User Location Privacy in User Location Privacy in Mobile Database Using Mobile Database Using Blind SignatureBlind Signature
Source: Journal of Computer Science and Technology, reviewingImact Factor: 0.632Presenter: Yung-Chih Lu (呂勇志 ) Date: 2010/12/31
1
OutlineOutlineIntroductionRelated workProposed SchemeSecurity AnalysisPerformance EvaluationConclusionComment
2
Introduction Introduction (1/3)(1/3)
Mobile Database
3
Introduction Introduction (2/3)(2/3)
Location PrivacyLocation Privacy
4
UserDataba
se
Location-dependent queriesEx: find a restaurant
The answer depends on user’s location.
Introduction Introduction (3/3)(3/3)
Goal◦BlindLocation BlindLocation ◦Mutual Authentication◦Prevention
Insiders Attacks Outsiders Attacks
◦Low computation time
5
Related workRelated workECC Blind signature
6
Min-Shinang Hwang and Pei-Chen Sung, "A study of micro-payment based on one-way hash chain," International Journal of Network Security, vol.2, no.2, pp.81-90, 2006.
Proposed Scheme Proposed Scheme (1/2)(1/2)
Acquiring the anonymous token
7
User Database
A, t, c(x), HMAC(c(x), t, Ksh)
calculate x = h(Q) HMAC(c(x), t, ksh)
Verify SB(S’B(c(x)))?=c(x)calculate S’B(x)=c’(S’B(c(x)))
S’B(c(x))Verify HMAC(C(x), t, ksh) ?= HMAC(C(x), t, ksh)
calculate S’B(c(x))A: User’s ID t: timestamp Ksh: secret shared key
Q: Location based query S’B : DB’s private key c(.): blind signature
Proposed Scheme Proposed Scheme (2/2)(2/2)
Anonymous authentication using the token
8
User Database
S’B(x) ,Q
calculate SB(S’B(Result,S’B(x)))
S’B(Result,S’B(x)) Verify SB(S’B(x))? = h(Q)
A: User’s ID t: timestamp Ksh: secret shared keyQ: Location based query S’B : DB’s private key c(.): blind signature
Security Analysis Security Analysis (1/2)(1/2)
Insiders Attacks◦Location privacy violation
Solution: Psc = 1/m!
◦Embedding a known symbol Solution: verification
◦Information theft Solution: meaningless
◦Impersonation attack: Solution: secret shared key
9
Security Analysis Security Analysis (2/2)(2/2)
Outsiders Attacks◦Denial of Services (DOS) attack
Solutions memory : stateless CPU: limit the number of valid token requests
◦Replay attack: Solution: timestamp
◦Snooping attack: Solution: blind signature & encryption
◦Man-In-The-Middle Solution: verification
10
Performance Evaluation Performance Evaluation (1/2)(1/2)Computation time
11
Performance Evaluation Performance Evaluation (2/2)(2/2)Comparison summaries
12
ConclusionConclusionSolve the location privacy
problemThe quality of service is not
forfeited
13
Comment Comment (1/2)(1/2)
本文主要貢獻簡述:◦提供一個機率上有效的 location privacy
優點:◦適切的應用 blind signature, 達到
location privacy又不損資料庫提供查詢服務的能力
缺點:◦在 Computation time中未與它篇論文比較
14
Comment Comment (2/2)(2/2)
明顯錯誤 ( 含 typos):◦第5頁表1 ,reslut應改成 result.◦第19頁表3 , 符號Q 定義混淆 .◦論文架構有誤 , Related work應移至
Introduction之後 .◦論文章節未標示清楚
15
top related