Privacy-Preserving Location Assurance Protocols for Mobile Applications

Location-based applications require a user’s location data to provide customized services. However, location data is a sensitive piece of information that should not be revealed unless strictly necessary which induces the emerging of a number of location privacy protection methods, such as anonymity and obfuscation. However, in many applications, one needs to verify the authenticity and other properties (e.g. inclusion to an area) of location data which becomes an intractable problem because of the using of location privacy protection. How to achieve both location assurance, i.e. assuring the authenticity and other properties of location data, and location privacy protection seems to be an intangible problem without complex trusted computing techniques. By borrowing range proof techniques in cryptography, however, we achieve them both successfully with minimized trusted computing assumptions. The Pedersen commitment scheme is employed to give location data a commitment which would be used for possibly future location assurance. Area proof, testing whether a private location is within some area, is employed to test whether or not the location data having the commitment is within any definite area. Our system model do not rely on third trusted party and we give reasonable explanations for our system model and for the trusted computing assumptions. We present a new range proof protocol and a new area proof protocol which are based on a new data structure, i.e. Perfect k-ary Tree (PKT). Some deeper properties of PKT are presented which are used to analyze our protocols’ complexity. The analysis results show that our protocols are more efficient that the former and are flexible enough to support some existing mobile applications, such as tracking services and location-based access control.