Skip to main content
SpringerLink
Log in

Transaction pseudonyms in mobile environments

  • Eicar 2007 Best Academic Papers
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

Network Operators start to offer formerly hidden services such as location service, messaging services and presence services. This fosters the development of a new class of innovative context aware applications that are operated by third party application providers. However, without the implementation of proper privacy protection mechanisms, location and presence information, that is processed by third party application providers, may also imply severe risks to users. If no privacy protection is foreseen, the user’s identity could be used maliciously which renders such applications dangerous. To protect the user’s sensitive data such as location information we propose a novel service architecture which fosters the development of innovative applications that brings together internet applications with telco services. An underlying privacy enhancing mechanism that is based on the notion of pseudonyms allows even untrusted third party application providers to access sensitive data provided by telco services such as location, presence or messaging services. Due to their high security, pseudonyms guarantee that the user’s identity is kept secret towards the untrusted application providers. Due to its low computational complexity this pseudonym generation scheme can also be implemented on devices such as mobile phones and digital assistants with only little computational power and restricted memory capabilities. To illustrate our approach, we demonstrate a transportation ticket application that implements the proposed service architecture. This application allows the use of transportation tickets which are extended by the location-tracking functionality. Similar to the well known paper based transportation tickets our solution supports anonymity of users even if the ticket application “knows” the location of the holder.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bellare M., Canetti R. and Krawczyk H. (1996). Keying hash functions for message authentication. In: Koblitz, N. (eds) Advances in Cryptology—CRYPTO’96. Lecture Notes in Computer Science, vol. 1109, pp 1–15. Springer, Heidelberg

    Google Scholar 

  2. Beresford, A.R.: Location privacy in ubiquitous computing. In: Technical Report 612. University of Cambridge, Cambridge (2005)

  3. Cheng, R., Zhang, Y., Bertino, E., Prabhakar, S.: Preserving user location privacy in mobile data management infrastructures, in sixth workshop on privacy enhancing technologies (PET’06), Cambridge, UK (2006)

  4. Diffie W. and Hellman M. (1976). New directions in cryptography. IEEE Trans. Inf. Soc. 22(6): 664–654

    MathSciNet  Google Scholar 

  5. Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, 23 November 1995. Off. J. Eur. Commun. L 281, p. 31

  6. Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), 12 July 2002. Off. J. Eur. Commun. L 201/37

  7. Network of Excellence in Cryptology IST-2002-507932. Recent Collision Attacks on Hash Functions: ECRYPT Position Paper. Revision 1.1, 17 February 2005, http://www.ecrypt.eu.org/documents/STVL-ERICS-2-HASH_STMT-1.1.pdf (last access: 2007-04-04)

  8. Fischer-Hübner, S.: IT-security and privacy-design and use of privacy-enhancing security mechanisms. Lecutre Notes of Computer Science, LNCS, 1958. ISBN 3-540-42142-4. Springer, Heidelberg (2001)

  9. Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of The First ACM/USENIX International Conference on Mobile Systems, Applications and Services (MobySys), San Francisco, USA, pp. 31–42 (2003)

  10. Jorns, O., Quirchmayr, G., Jung, O.: A privacy enhancing service architecture for ticket-based mobile applications. International Conference on Availability, Reliability and Security ARES 2007—The Dependability Conference, Vienna, Austria, April 10–13, 2007

  11. Junglas, I.A., Spitzmüller, C.: A research model for studying privacy concerns pertaining to location-based services. In: Proceedings of the 38th Hawaii International Conference on System Sciences, 2005. HICSS ’05. 03–06 Jan. 2005

  12. Kölsch, T., Fritsch, L., Hohlweiss, M., Kesdogan, D.: Privacy for profitable location based services. In: Proceedings of the Second International Conference on Security in Pervasive Computing, Lecture Notes in Computer Science (LNCS 3450), pp. 164–179. Springer, Heidelberg (2005)

  13. Lamport L. (1981). Password authentication with insecure communication. Commun. ACM 24(11): 770–772

    Article  MathSciNet  Google Scholar 

  14. Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. The CRC Press series on discrete mathematics and its applications. CRC, 2000 N.W. Corporate Blvd., Boca Raton, FL 33431-9868, USA (1997)

  15. Parlay X 2.0, The Parlay X 2.0 Specification, http://www. parlay.org/en/specifications/ (2006)

  16. Price Blane, A.: The law is not enough: legislation and privacy enhancing technology for location-aware computing, workshop on location systems privacy and control, Mobile-HCI 2004, Glasgow, Scotland (2004)

  17. Rodden, T., Friday, A., Müller, H., Dix, A.: A leightweight approach to managing privacy in location-based services, technical report equator-02-058. University of Nottingham and Lancaster University and University of Bristol (2002)

  18. Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J., Polk, J.: A document format for expressing privacy preferences for location information, Internet-Draft, draft-ietf-geopriv-policy-08 (2006)

  19. Treu, G., Küpper, A.: Datenschutzmechanismen für Ortsinformationen aus der Sicht zukünftiger Anwendungen, Tagungsband des zweiten GI/ITG KuVS Fachgesprächs über Ortsbezogene Anwendungen und Dienste, Informatikbericht 324, pp. 66–71. Fernuniversität Hagen, Stuttgart, Germany (2005)

  20. Weiser M. (1991). The Computer for the twenty-first century. Scientific American, New York, 94–100

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Telecommunications Research Center Vienna (ftw.), Donau-City Strasse 1, 1220, Vienna, Austria

    Oliver Jorns, Oliver Jung & Gerald Quirchmayr

  2. School of Computer and Information Science, University of South Australia, SA-5001, Adelaide, Australia

    Gerald Quirchmayr

  3. Institute of Distributed and Multimedia Systems, University of Vienna, Liebiggasse 4/3-4, 1010, Vienna, Austria

    Gerald Quirchmayr

Authors
  1. Oliver Jorns
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oliver Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gerald Quirchmayr
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Oliver Jorns.

Additional information

Oliver Jorns is a researcher at the Telecommunications Research Center in Vienna and is also a Lecturer at the University of Vienna. Oliver Jung is employed as a Senior Researcher at the Telecommunications Research Center Vienna.

He is also member of ISO/IEC JTC1 SC27 (IT security techniques). Gerald Quirchmayr is Professor at the Institute for Computer Science and Business Informatics at the University of Vienna and since January 2005 he heads the Department of Distributed and Multimedia Systems, Faculty of Computer Science, at the University of Vienna.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Jorns, O., Jung, O. & Quirchmayr, G. Transaction pseudonyms in mobile environments. J Comput Virol 3, 185–194 (2007). https://doi.org/10.1007/s11416-007-0049-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-007-0049-x

Keywords

Search

Navigation