An Oblivious Transfer Protocol Based on Elgamal Encryption for Preserving Location Privacy
Location based services (LBS) are applications that require a client’s geographical location to provide a service or a piece of information that is related to the client at that location. Although LBSs promise safety and convenience, they threaten the privacy of their clients in different ways. In 2014, Paulet et al. proposed a variant of 1-out-of-L oblivious transfer protocol based on Elgamal encryption to be employed on location based queries not only for preserving the client’s location privacy but also for protecting an LBS server’s database security. In other words, they claim that using their protocol, the server cannot determine a client’s location, and the clients can only obtain the block of data that is intended to be accessed by them. In this paper, we show that the oblivious transfer protocol proposed by Paulet et al. is not able to protect the security of the LBS server’s database. We also suggest an improvement to this protocol to strengthen it against the aforementioned vulnerability. The improved protocol protects both client’s location privacy and the server’s database security, at the cost of slight performance degradation.
KeywordsElgamal encryption Location based query Location privacy Oblivious transfer Private information retrieval
- 2.Yelp. (2014). http://www.yelp.co.uk.
- 8.Kido, B. Y., Yanagisawa, Y., & Satoh, T. (2005) An anonymous communication technique using dummies for location-based services. In Proceedings of international conference on pervasive services (ICPS’05), Santorini, Greece, pp. 88–97.Google Scholar
- 9.Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., & Samarati, P. (2007). Location privacy protection through obfuscation-based techniques. In Proceedings of 21st annual IFIP WG 11.3 working conference on data and applications security, Redondo Beach, CA, USA, pp. 47–60. LNCS 4602.Google Scholar
- 11.Talukder, N., & SI, A. (2010). Preventing multi-query attack in location-based services. In Proceedings of 3th ACM conference on wireless network security (WiSec’10), Hoboken, New Jersey, USA, pp. 25–36.Google Scholar
- 13.Ghinita, G., Kalnis, P., Khoshgozaran, A., Shahabi, C., & Kl, T. (2008). Private queries in location based services: Anonymizers are not necessary. In Proceedings ACM SIGMOD international conference on management of data (SIGMOD’08), Vancouver, Canada, 2008, pp. 121–132.Google Scholar
- 16.Gentry, C., & Ramzan, Z. (2005) Single-database private information retrieval with constant communication rate. In Proceedings 32nd international colloquium on automata, languages, and programming (ICALP’05), Lisbon, Portugal, pp. 803–815. LNCS 3580.Google Scholar
- 17.Naor, M., & Pinkas, B. (1999). Oblivious transfer with adaptive queries. In Proceedings of CRYPTO, vol. 1666, Santa Barbara, CA, USA, pp. 791–791.Google Scholar