A secure and privacy enhanced location-based service transaction protocol in ubiquitous computing environment

Abstract

Nowadays mobile phones and PDAs are part and parcel of our lives. By carrying a portable mobile device with us all the time we are already living in partial Ubiquitous Computing Environment (UCE) that is waiting to be exploited very soon. One of the advantages of ubiquitous computing is that it strongly supports the deployment of Location-Based Service(s) (LBSs). In UCE, there would be many competitive service provider(s) (SPs) trying to sell different or similar LBSs to users. In order to avail a particular service, it becomes very difficult and burdensome for a low-computing and resource-poor mobile device to handle many such service providers at a time, and to identify and securely communicate with only genuine ones. Our protocol establishes a convincing trust model through which secure job delegation is accomplished. As a result, a low-computing device can delegate its job to a trusted high-computing device/entity. Secure Job delegation and cost effective cryptographic techniques (like symmetric-key implementations and hash functions) largely help in reducing the burden on the mobile device in order to securely communicate with trusted service providers. The protocol extends our trust in the Mobile Operator (MO) to secure LBS transactions. Mobile operator takes responsibility on behalf of its subscribers to select, identify, and authenticate the genuine service providers and also maintains a list of services they offer at a particular location. Mobile operator behaving like a "proxy" receives the user``s requests and preferences and processes the same on behalf of him, thus greatly reducing the burden on the user``s mobile device. Our protocol provides users privacy protection. During a LBS transaction, mobile operator conceals the identity of the user and sends only the location details of the user to the service provider. Service provider cannot maintain the user``s detailed profile, as it does not know to whom the service is being offered to. Our P...