A novel location-based encryption model using fuzzy vault scheme
The secure storage of the sensitive data in mobile devices is an urgent issue. Most of the existed encryption algorithms are location independent, which means the encrypted data can be decrypted anywhere. In this work, we propose a novel location-based encryption model using a fuzzy vault scheme. First, we may choose a proper encryption algorithm, a symmetric algorithm or an asymmetric encryption algorithm, to encrypt the sensitive data in mobile devices. Then, the crucial issue comes to securely storing the secret key in the encryption algorithm, and it will be solved in the secret key protection phase by applying a fuzzy vault scheme using a location-based digital fingerprint, which represents the valid user in the valid location region. We bind the digital fingerprint and the secret key together to construct a fuzzy vault for storing the both securely. We simulate our model on an Android device and make some performance and security analysis on it. The main contribution of our model is applying a fuzzy vault scheme which uses the location information captured by the user’s mobile devices to securely protect the secret key used in the cryptosystem for encrypting the users sensitive data on the user’s mobile devices.
KeywordsLocation-based data Encryption Secret key Digital fingerprint Fuzzy vault Mobile device
Compliance with ethical standards
Conflict of interest
The authors declare no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
- Abolghasemi MS, Sefidab MM, Atani RE (2013) Using location based encryption to improve the security of data access in cloud computing. In: Proceedings of international conference on advances in computing, communications and informatics (ICACCI). Mysore, pp 261–265Google Scholar
- Andalib AS, Abdulla-Al-Shami M (2013) A novel key generation scheme for biometric cryptosystems using fingerprint minutiae. In: Proceedings of 2013 international conference on informatics, electronics and vision (ICIEV). Bangladesh, pp 1–6Google Scholar
- Askarov A, Sabelfeld A (2007) Gradual release: unifying declassification, encryption and key release policies. In: Proceedings of IEEE symposium on security and privacy (SP’07). California, pp 207–221Google Scholar
- Baidu Inc. (2015). Baidu Map Api. http://developer.baidu.com/map/
- Bui FM, Hatzinakos D (2008) Secure methods for fuzzy key binding in biometric authentication applications. In: Proceedings of IEEE 42nd asilomar conference on signals, systems and computers. California, pp 1363–1367Google Scholar
- Gartner Inc. Forecast: PCs, ultramobiles, and mobile phones, worldwide. http://www.gartner.com/document/2780117.2011-2018, 2Q14 Update 2015
- Google Inc. Nexus 5 - Google. http://www.google.com/nexus/5/. 2015
- Karimi R, Kalantari M (2011) Enhancing security and confidentiality on mobile devices by location-based data encryption. In: Proceedings of 17th IEEE international conference on networks (ICON). Singapore, pp 241–245Google Scholar
- Liu Z, Groszschaedl J, Hu Z, Jarvinen K, Wang H, Verbauwhede I (2016a) Elliptic curve cryptography with efficiently computable endomorphisms and its hardware implementations for the internet of things. IEEE Trans Comput 14(8):1–14Google Scholar
- Liu Z, Huang X, Hu Z, Muhammad KK, Seo H, Zhou L (2016b) On emerging family of elliptic curves to secure internet of things: ECC comes of age. IEEE Trans Dependable Secur Comput. doi: 10.1109/TDSC.2016.2577022
- Nguyen TH, Wang Y, Nguyen TN, Li R (2013) A fingerprint fuzzy vault scheme using a fast chaff point generation algorithm. In: Proceedings of IEEE international conference on signal processing, communications and computing (ICSPCC). Kunming, pp 1–6Google Scholar
- Scott L, Denning DE (2003) Location based encryption and its role in digital cinema distribution. In: Proceedings of the 16th international technical meeting of the satellite division of the institute of navigation (ION GPS/GNSS). Portland, pp 288–297Google Scholar
- Studer A , Perrig A (2010) Mobile user location-specific encryption (MULE): using your office as your password. In: Proceedings of the third ACM conference on wireless network security. New Jersey, pp 151–162Google Scholar
- Wu Z, Wu J, Wu Y, Yang M, Zhao C, Li M (2013) A mobile data protection method based on location information. China Patent No. 2013105479836Google Scholar