Design and Evaluation of a Location Based Encryption Protocol

Abstract

Over the past decade, Location Based Systems (LBSs) have been becoming more and more popular among users, as these services help them to locate their acquaintances, share their favorite places, find the nearest hospital or even find their beloved ones. These services, however, are usually built from the ground up with only practicality in mind. In general, security countermeasures in LBSs are aiming at different aspects of privacy, such as encryption of certain user data and/or providing secure communication between the users and the server during data transmission. However, it appears that direct or inadvertent disclosure and/or misuse of location information of the users gives rise to certain security threats. For example, when the location privacy is lost, confidential information regarding people’s private lives can easily be obtained. Work or home addresses, in addition to certain places relevant to religious views can be revealed. Places that are frequented based on income levels may also be disclosed. Accordingly, this information may potentially be used for several malicious purposes, such as stalking a person, exploitation of one’s private life, taking advantage of users based on the places they frequent and even threatening them. Hence, new countermeasures against the loss of location privacy should be presented to mitigate this very problem, as today’s LBSs are operating on a highly location-pervasive way.This master thesis addresses the uprising problem of location privacy and thereafter introduces a new location-based encryption protocol called LOCKUM. We show that such a protocol is highly effective in retaining the location privacy for certain use-cases, such as location-based messaging applications, locationbased games and location-based advertisement services. LOCKUM provides a scheme where users can send each other messages that are geographically locked to a certain area by encrypting the messages using the location data; this way, users are given the opportunity to communicate using their location information while still retaining their location privacy. Current encryption techniques don’t facilitate using location data directly, and we demonstrate that location data are, in and of itself, not suitable to be used directly as an encryption key due to its low entropy, but rather it should be a part of the key construction process. Hence, we show how location data itself could be used to encrypt information while still retaining the location privacy. Lastly, after the protocol is introduced, evaluation of the protocol and an improved version are presented.