Wireless Personal Communications

, Volume 97, Issue 2, pp 3113–3123 | Cite as

An Oblivious Transfer Protocol Based on Elgamal Encryption for Preserving Location Privacy

  • Hoda Jannati
  • Behnam Bahrak


Location based services (LBS) are applications that require a client’s geographical location to provide a service or a piece of information that is related to the client at that location. Although LBSs promise safety and convenience, they threaten the privacy of their clients in different ways. In 2014, Paulet et al. proposed a variant of 1-out-of-L oblivious transfer protocol based on Elgamal encryption to be employed on location based queries not only for preserving the client’s location privacy but also for protecting an LBS server’s database security. In other words, they claim that using their protocol, the server cannot determine a client’s location, and the clients can only obtain the block of data that is intended to be accessed by them. In this paper, we show that the oblivious transfer protocol proposed by Paulet et al. is not able to protect the security of the LBS server’s database. We also suggest an improvement to this protocol to strengthen it against the aforementioned vulnerability. The improved protocol protects both client’s location privacy and the server’s database security, at the cost of slight performance degradation.


Elgamal encryption Location based query Location privacy Oblivious transfer Private information retrieval 


  1. 1.
    Shokri, R., Theodorakopoulos, G., Papadimitratos, P., Kazemi, E., & Hubaux, J. P. (2014). Hiding in the mobile crowd: Location privacy through collaboration. IEEE Transaction on Dependable and Secure Computing, 11(3), 266–279.CrossRefGoogle Scholar
  2. 2.
    Yelp. (2014).
  3. 3.
    Beresford, A. R., & Stajano, F. (2003). Location privacy in pervasive computing. IEEE Pervasive Computing, 2(1), 46–55.CrossRefGoogle Scholar
  4. 4.
    Memon, I., Hussain, I., Akhtar, R., & Chen, G. (2015). Enhanced privacy and authentication: An efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wireless Personal Communications, 84(2), 1487–1508.CrossRefGoogle Scholar
  5. 5.
    Schilit, B., Hong, J., & Gruteser, M. (2003). Wireless location privacy protection. Computer, 36, 135–137.CrossRefGoogle Scholar
  6. 6.
    Puttaswamy, K. P. N., Wang, S., Steinbauer, T., Agrawal, D., El Abbadi, A., Kruegel, C., et al. (2014). Preserving location privacy in geo-Social applications. IEEE Transaction on Mobile Computing, 13(1), 159–173.CrossRefGoogle Scholar
  7. 7.
    Memon, I. (2015). Authentication users privacy: An integrating location privacy protection algorithm for secure moving objects in location based services. Wireless Personal Communications, 82(3), 1585–1600.CrossRefGoogle Scholar
  8. 8.
    Kido, B. Y., Yanagisawa, Y., & Satoh, T. (2005) An anonymous communication technique using dummies for location-based services. In Proceedings of international conference on pervasive services (ICPS’05), Santorini, Greece, pp. 88–97.Google Scholar
  9. 9.
    Ardagna, C., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., & Samarati, P. (2007). Location privacy protection through obfuscation-based techniques. In Proceedings of 21st annual IFIP WG 11.3 working conference on data and applications security, Redondo Beach, CA, USA, pp. 47–60. LNCS 4602.Google Scholar
  10. 10.
    Gedik, B., & Liu, L. (2008). Protecting location privacy with personalized k-anonymity: Architecture and algorithms. IEEE Transaction on Mobile Computing, 7(1), 1–18.CrossRefGoogle Scholar
  11. 11.
    Talukder, N., & SI, A. (2010). Preventing multi-query attack in location-based services. In Proceedings of 3th ACM conference on wireless network security (WiSec’10), Hoboken, New Jersey, USA, pp. 25–36.Google Scholar
  12. 12.
    Lien, I. T., Lin, Y. H., Shieh, J. R., & Wu, J. L. (2013). A novel privacy preserving location-based service protocol with secret circular shift for K-NN search. IEEE Transaction on Information Forensics and Security, 8(6), 863–873.CrossRefGoogle Scholar
  13. 13.
    Ghinita, G., Kalnis, P., Khoshgozaran, A., Shahabi, C., & Kl, T. (2008). Private queries in location based services: Anonymizers are not necessary. In Proceedings ACM SIGMOD international conference on management of data (SIGMOD’08), Vancouver, Canada, 2008, pp. 121–132.Google Scholar
  14. 14.
    Chor, B., Kushilevitz, E., Goldreich, O., & Sudan, M. (1998). Private information retrieval. Journal of the ACM, 45(6), 965–981.CrossRefMathSciNetzbMATHGoogle Scholar
  15. 15.
    Paulet, R., Golam Kaosar, M., Yi, X., & Bertino, E. (2014). Privacy-preserving and content-protecting location based queries. IEEE Transaction on Knowledge and Data Engineering, 26(5), 1200–1210.CrossRefGoogle Scholar
  16. 16.
    Gentry, C., & Ramzan, Z. (2005) Single-database private information retrieval with constant communication rate. In Proceedings 32nd international colloquium on automata, languages, and programming (ICALP’05), Lisbon, Portugal, pp. 803–815. LNCS 3580.Google Scholar
  17. 17.
    Naor, M., & Pinkas, B. (1999). Oblivious transfer with adaptive queries. In Proceedings of CRYPTO, vol. 1666, Santa Barbara, CA, USA, pp. 791–791.Google Scholar
  18. 18.
    ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transaction on Information Theory, 31(4), 469–472.CrossRefMathSciNetzbMATHGoogle Scholar
  19. 19.
    Katz, J., & Lindell, Y. (2014). Introduction to modern cryptography (2nd ed.). Cambridge: Chapman & Hall/CRC Cryptography and Network Security Series.zbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.School of Computer ScienceInstitute for Research in Fundamental Sciences (IPM)TehranIran
  2. 2.Department of Electrical and Computer EngineeringUniversity of TehranTehranIran

Personalised recommendations