1. BlindLocation: Supporting User Location Privacy in Mobile Database Using Blind Signature Source: Journal of Computer Science and Technology, reviewing Imact Factor: 0.632 Presenter: Yung-Chih Lu ( 呂勇志 ) Date: 2010/12/31 1

2. Outline Introduction Related work Proposed Scheme Security Analysis Performance Evaluation Conclusion Comment 2

3. Introduction (1/3) Mobile Database 3

4. Introduction (2/3) Location Privacy Location Privacy 4 User Database Location-dependent queries Ex: find a restaurant The answer depends on user’s location.

5. Introduction (3/3) Goal ◦ BlindLocation ◦ Mutual Authentication ◦ Prevention  Insiders Attacks  Outsiders Attacks ◦ Low computation time 5

6. Related work ECC Blind signature 6 Min-Shinang Hwang and Pei-Chen Sung, "A study of micro- payment based on one-way hash chain," International Journal of Network Security, vol.2, no.2, pp.81-90, 2006.

7. Proposed Scheme (1/2) Acquiring the anonymous token 7 User Database A, t, c(x), HMAC(c(x), t, K sh ) calculate x = h(Q) HMAC(c(x), t, k sh ) Verify S B (S’ B (c(x)))?=c(x) calculate S’ B (x)=c’(S’ B (c(x))) S’ B (c(x)) Verify HMAC(C(x), t, k sh ) ?= HMAC(C(x), t, k sh ) calculate S’ B (c(x)) A: User’s ID t: timestamp K sh : secret shared key Q: Location based query S’ B : DB’s private key c(.): blind signature

8. Proposed Scheme (2/2) Anonymous authentication using the token 8 User Database S’ B (x),Q calculate S B (S’ B (Result,S’ B (x))) S’ B (Result,S’ B (x)) Verify S B (S’ B (x))? = h(Q) A: User’s ID t: timestamp K sh : secret shared key Q: Location based query S’ B : DB’s private key c(.): blind signature

9. Security Analysis (1/2) Insiders Attacks ◦ Location privacy violation  Solution: Psc = 1/m! ◦ Embedding a known symbol  Solution: verification ◦ Information theft  Solution: meaningless ◦ Impersonation attack:  Solution: secret shared key 9

10. Security Analysis (2/2) Outsiders Attacks ◦ Denial of Services (DOS) attack  Solutions  memory : stateless  CPU: limit the number of valid token requests ◦ Replay attack:  Solution: timestamp ◦ Snooping attack:  Solution: blind signature & encryption ◦ Man-In-The-Middle  Solution: verification 10

11. Performance Evaluation (1/2) Computation time 11

12. Performance Evaluation (2/2) Comparison summaries 12

13. Conclusion Solve the location privacy problem The quality of service is not forfeited 13

14. Comment (1/2) 本文主要貢獻簡述 ： ◦ 提供一個機率上有效的 location privacy 優點： ◦ 適切的應用 blind signature, 達到 location privacy 又不損資料庫提供查詢服務的能力 缺點： ◦ 在 Computation time 中未與它篇論文比較 14

15. Comment (2/2) 明顯錯誤 ( 含 typos): ◦ 第５頁表１,reslut 應改成 result. ◦ 第１９頁表３, 符號 Q 定義混淆. ◦ 論文架構有誤, Related work 應移至 Introduction 之後. ◦ 論文章節未標示清楚 15