WORAL: A Witness Oriented Secure Location Provenance Framework for Mobile Devices

WORAL: A Witness Oriented Secure Location Provenance Framework for Mobile Devices

ABSTRACT:

Location-based services allow mobile device users to access various services based on the users’ current physical location information. Path-critical applications, such as supply chain verification, require a chronological ordering of location proofs. It is a significant challenge in distributed and user-centric architectures for users to prove their presence and the path of travel in a privacy-protected and secure manner. So far, proposed schemes for secure location proofs are mostly subject to tampering, not resistant to collusion attacks, do not offer preservation of the provenance, and are not flexible enough for users to prove their provenance of location proofs. In this paper, we present WORAL, a complete ready-to-deploy framework for generating and validating witness oriented asserted location provenance records. The WORAL framework is based on the asserted location proof protocol and the OTIT model for generating secure location provenance on the mobile devices. WORAL allows user-centric, collusion resistant, tamper-evident, privacy protected, verifiable, and provenance preserving location proofs for mobile devices. This paper presents the schematic development, feasibility of usage, comparative advantage over similar protocols, and implementation of WORAL for android device users including a Google Glass-based client for enhanced usability.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

Understanding Smartphone Sensor and App Data for Enhancing the Security of Secret Questions

Understanding Smartphone Sensor and App Data for Enhancing the Security of Secret Questions

ABSTRACT:

Many web applications provide secondary authentication methods, i.e., secret questions (or password recovery questions), to reset the account password when a user’s login fails. However, the answers to many such secret questions can be easily guessed by an acquaintance or exposed to a stranger that has access to public online tools (e.g., online social networks); moreover, a user may forget her/his answers long after creating the secret questions. Today’s prevalence of smartphones has granted us new opportunities to observe and understand how the personal data collected by smartphone sensors and apps can help create personalized secret questions without violating the users’ privacy concerns. In this paper, we present a Secret-Question based Authentication system, called “Secret-QA”, that creates a set of secret questions on basic of people’s smartphone usage. We develop a prototype on Android smartphones, and evaluate the security of the secret questions by asking the acquaintance/stranger who participate in our user study to guess the answers with and without the help of online tools; meanwhile, we observe the questions’ reliability by asking participants to answer their own questions. Our experimental results reveal that the secret questions related to motion sensors, calendar, app installment, and part of legacy app usage history (e.g., phone calls) have the best memorability for users as well as the highest robustness to attacks.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

REFERENCE:

Peng Zhao, Kaigui Bian, Tong Zhao, Xintong Song, Jung-Min “Jerry” Park, Xiaoming Li, Fan Ye, Wei Yan, “Understanding Smartphone Sensor and App Data for Enhancing the Security of Secret Questions”, IEEE Transactions on Mobile Computing, 2017.

STAMP: Enabling Privacy-Preserving Location Proofs for Mobile Users

STAMP: Enabling Privacy-Preserving Location Proofs for Mobile Users

ABSTRACT:

Location-based services are quickly becoming immensely popular. In addition to services based on users’ current location, many potential services rely on users’ location history, or their spatial-temporal provenance. Malicious users may lie about their spatial-temporal provenance without a carefully designed security system for users to prove their past locations. In this paper, we present the Spatial-Temporal provenance Assurance with Mutual Proofs (STAMP) scheme. STAMP is designed for ad-hoc mobile users generating location proofs for each other in a distributed setting. However, it can easily accommodate trusted mobile users and wireless access points. STAMP ensures the integrity and non-transferability of the location proofs and protects users’ privacy. A semi-trusted Certification Authority is used to distribute cryptographic keys as well as guard users against collusion by a light-weight entropy-based trust evaluation approach. Our prototype implementation on the Android platform shows that STAMP is low-cost in terms of computational and storage resources. Extensive simulation experiments show that our entropy-based trust model is able to achieve high collusion detection accuracy.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

SenSpeed: Sensing Driving Conditions to Estimate Vehicle Speed in Urban Environments

SenSpeed: Sensing Driving Conditions to Estimate Vehicle Speed in Urban Environments

SenSpeed: Sensing Driving Conditions to Estimate Vehicle Speed in Urban Environments

ABSTRACT:

Acquiring instant vehicle speed is desirable and a corner stone to many important vehicular applications. This paper utilizes smartphone sensors to estimate the vehicle speed, especially when GPS is unavailable or inaccurate in urban environments. In particular, we estimate the vehicle speed by integrating the accelerometer’s readings over time and find the acceleration errors can lead to large deviations between the estimated speed and the real one. Further analysis shows that the changes of acceleration errors are very small over time which can be corrected at some points, called reference points, where the true vehicle speed can be estimated. Recognizing this observation, we propose an accurate vehicle speed estimation system, SenSpeed, which senses natural driving conditions in urban environments including making turns, stopping, and passing through uneven road surfaces, to derive reference points and further eliminates the speed estimation deviations caused by acceleration errors. Extensive experiments demonstrate that SenSpeed is accurate and robust in real driving environments. On average, the real-time speed estimation error on local road is 2:1km=h, and the offline speed estimation error is as low as 1:21 km/h. Whereas the average error of GPS is 5:0 and 4:5 km/h, respectively.

OUTPUT VIDEO:

EXISTING SYSTEM:

  • The existing studies utilizing Derivative Dynamic Time Warping (DDTW) algorithm introduces large overhead on collecting offline trace and prevents large-scale deployment. Also, the speed estimation accuracy of DDTWsuffers from the coarse-grained signal information.
  • In the existing work, there are two vehicle speed estimation mechanisms deployed on highways or main roads. One is employing the loop detectors, and the other is using traffic cameras. These solutions all rely on predeployed infrastructures that incur installation cost. The traffic camera could be installed in urban environments, but it suffers low accuracy, bad weather conditions and high maintenance cost.

DISADVANTAGES OF EXISTING SYSTEM:

  • GPS embedded in smartphones often suffers from the urban canyon environment, which could result in low availability and accuracy. In addition, the low update rate of GPS is not able to keep up with the frequent change of the vehicle speed in urban driving environments.
  • Moreover, continuously using GPS drains the phone battery quickly. Thus, it is hard to obtain accurate vehicle speed relying on GPS for applications requiring real-time or high-accuracy speed estimations.
  • The accelerometer readings are noisy and affected by various driving environments.
  • The speed estimation is not real-time and accurate.
  • The solution is not lightweight and computational not feasible on smartphones.

PROPOSED SYSTEM:

  • In this paper we consider a sensing approach, which uses smartphone sensors to sense natural driving conditions, to derive the vehicle speed without requiring any additional hardware.
  • The basic idea is to obtain the vehicle’s speed estimation by integrating the phone’s accelerometer readings along the vehicle’s moving direction over time. While the idea of integrating the acceleration values over time seems simple, a number of challenges arise in practice.
  • We propose to perform accurate vehicle speed estimation by sensing natural driving conditions using smartphone sensors.
  • We study the impact of the acceleration error on the speed estimation results obtained from the integral of the phone’s accelerometer readings.
  • We exploit three kinds of reference points sensed from natural driving scenarios to infer the vehicle speed at each reference point, which could be utilized to reduce the acceleration error that affect the accuracy of vehicle speed estimation.
  • We develop a vehicle speed estimation system, Sen-Speed, which utilizes the information obtained from the reference points to measure and eliminate the acceleration error and achieves high accuracy speed estimation.

ADVANTAGES OF PROPOSED SYSTEM:

  • Our system, SenSpeed, identifies unique reference points from the natural driving conditions to infer the vehicle’s speed at each reference point grounded on different features presented by these reference points. Such reference points include making turns, stopping (at a traffic light or stop sign or due to road traffic) and passing through uneven road surfaces (e.g., speed bumps or potholes).
  • Based on the speed inferred from the reference points, SenSpeed measures the acceleration error between each two adjacent reference points and eliminates such errors to achieve high-accuracy speed estimation.
  • The main advantage of SenSpeed is that it senses the unique features in natural driving conditions through simple smartphone sensors to facilitate vehicle speed estimation.
  • Furthermore, SenSpeed is easy to implement and computational feasible on standard smartphone platforms.

SYSTEM ARCHITECTURE:

SenSpeed Sensing Driving Conditions to Estimate Vehicle

MODULES:

  • Obtain the vehicle speed
  • Sensing Turns
  • Sensing Stops
  • Sensing Uneven Road Surfaces
  • Sending data Alert SMS module

MODULES DESCSRIPTION:

Obtain the vehicle speed

We first describe how to obtain the vehicle speed from smartphone sensors. The vehicle’s acceleration can be obtained from the accelerometer sensor in the smartphone when a phone is aligned with the vehicle. Suppose the accelerometer’s y-axis is along the moving direction of the vehicle. We could then monitor the vehicle acceleration by retrieving readings from the accelerometer’s y-axis. The vehicle speed can then be calculated from the integral of the acceleration data over time.

Although the basic idea of using smartphone sensors to estimate vehicle speed is simple, it is challenging to achieve high-accuracy speed estimations. The most obvious problem is that the noise from sensor readings cause serious errors in the estimation results. Such sensor readings are affected by various noise encountered while driving such as engine vibrations, white noise, etc. And the estimation errors are accumulated when integrating the accelerometer’s readings over time.

In this module, we present the design of our proposed system, SenSpeed, which estimates vehicle speed accurately through sensing driving conditions in urban environments. SenSpeed does not depend on any pre-deployed infrastructure and additional hardware.

Sensing Turns

The vehicle speed can be estimated by integrating of acceleration data over time. However, the accumulative error from the biased accelerations causes large deviations between the true speed and the estimated speed. In order to realize an accurate vehicle speed estimation, SenSpeed senses the natural driving conditions to identify the reference points, then uses the information of the reference points to measure the acceleration error and further eliminates accumulative error.

Our system identifies three kinds of references points, making turns, stopping, and passing through uneven road surfaces, by sensing natural driving conditions based on smartphone sensors.

A vehicle usually undergoes plenty of turns in urban environments. The vehicle speed can be inferred according to a principle of the circular movement when a vehicle makes a turn. When a vehicle makes a turn, it experiences a centripetal force, which is related to its speed, angular speed and turning radius. Thus, by utilizing the accelerometer and the gyroscope, we can derive the tangential speed of a vehicle.

Sensing Stops

A vehicle stops frequently in urban environments because of stop signs, red traffic lights or heavy traffic. When a vehicle stops, the vehicle speed is determined to be zero. The vehicle speed decreases to zero when a vehicle stops, so we can obtain the exact speed at a stop reference point. Based on our observation, the data pattern of the acceleration on the vehicle’s z-axis for stop is remarkably different from that of moving. It plots the readings from the accelerometer’s z-axis when the vehicle is moving and stops. It can be seen that the jitter of the acceleration on z-axis is almost disappeared and the standard deviation of the acceleration on z-axis remains low while the vehicle stops. Thus, the standard deviation of the acceleration on z-axis can be used to detect stop reference points. The standard deviation of the acceleration collected by smartphone is calculated in a small sliding window

Sensing Uneven Road Surfaces

Speed bumps, potholes, and other severe road surfaces are common on urban roads. The accelerometer’s readings from smartphones can be utilized to infer the vehicle speed, when a car is passing over uneven road surfaces. Speed bumps, potholes, and uneven road surfaces are common in urban environments. When a car is passing over uneven road surfaces, the accelerometer’s readings from smartphones can also be utilized to infer the vehicle speed. It shows the accelerations on the car’s z-axis, when a car is passing over a speed bump. The front wheels hit the bump first and then the rear wheels.

Sending data Alert SMS module

In this module, based on the variation of directions an alert messages is sent to the Owner (The number which is saved in app default, which can be changed) with a data say car number or any etc. The module, is triggered when it crosses the threshold limit of the Reference points. The mobile should have sufficient balance to send the SMS.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse

REFERENCE:

Jiadi Yu, Member, IEEE, Hongzi Zhu, Member, IEEE, Haofu Han, Yingying (Jennifer) Chen, Senior Member, IEEE, Jie Yang, Member, IEEE, Yanmin Zhu, Member, IEEE, Zhongyang Chen, Guangtao Xue, Member, IEEE, and Minglu Li, “SenSpeed: Sensing Driving Conditions to Estimate Vehicle Speed in Urban Environments”, IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 15, NO. 1, JANUARY 2016.

SBVLC: Secure Barcode-Based Visible Light Communication for Smartphones

SBVLC: Secure Barcode-Based Visible Light Communication for Smartphones

SBVLC: Secure Barcode-Based Visible Light Communication for Smartphones

ABSTRACT:

2D barcodes have enjoyed a significant penetration rate in mobile applications. This is largely due to the extremely low barrier to adoption—almost every camera-enabled smartphone can scan 2D barcodes. As an alternative to NFC technology, 2D barcodes have been increasingly used for security-sensitive mobile applications including mobile payments and personal identification. However, the security of barcode-based communication in mobile applications has not been systematically studied. Due to the visual nature, 2D barcodes are subject to eavesdropping when they are displayed on the smartphone screens. On the other hand, the fundamental design principles of 2D barcodes make it difficult to add security features. In this paper, we propose SBVLC—a secure system for barcode-based visible light communication (VLC) between smartphones. We formally analyze the security of SBVLC based on geometric models and propose physical security enhancement mechanisms for barcode communication by manipulating screen view angles and leveraging user-induced motions. We then develop three secure data exchange schemes that encode information in barcode streams. These schemes are useful in many security-sensitive mobile applications including private information sharing, secure device pairing, and contactless payment. SBVLC is evaluated through extensive experiments on both Android and iOS smartphones.

PROJECT OUTPUT VIDEO: (Click the below link to see the project output video):

EXISTING SYSTEM:

  • Recently, several systems are designed to stream a series of barcodes between a LCD screen and smartphone camera. These systems can enable high-throughput ad hoc communication between smartphones without relying on the Internet connectivity. However, they are designed based on highly customized barcodes which are not widely adopted in practice.
  • QR Droid is a smartphone App related to this work. In QR Droid, the sender phone encodes a short message into a QR code and displays on its screen; the receiver uses its camera to capture the QR code and decodes it back to the message. The message can be encrypted with DES algorithm under a common secret key configured by both parties. However, there is no automatic key exchange step in the implementation of QR Droid.

DISADVANTAGES OF EXISTING SYSTEM:

  • Due to the visual nature, 2D barcodes are subject to eavesdropping when they are displayed on the smartphone screens. The proliferation of smartphones in turn puts a portable camera in everyone’s pocket, making eavesdropping significantly easier.
  • 2D barcode only contains a very limited amount of information and hence cannot adopt advanced encryption primitives. Moreover, most existing barcode applications are based on a single barcode exchange, which is insufficient to establish a secure communication channel.

PROPOSED SYSTEM:

  • In this paper, we investigate secure barcode-based communication for smartphones. We design a new system that can stream QR codes between smartphones at a throughput comparable to that of state-of-art NFC systems.
  • Due to the inherent directionality, the visible light communication (VLC) channel of barcode exchanges yields some interesting security properties. We formally analyze the security of VLC based on geometric models and propose physical security enhancement mechanisms such as manupilating view angles and leveraging user-induced motions.
  • Based on our security analysis, we develop three secure data exchange protocols that encode information in barcode streams. We believe such protocols are useful in many mobile applications including private information sharing, secure device pairing, and contactless mobile payment, etc.
  • We propose secure barcode-based visible light communication (SBVLC)—a novel secure ad-hoc wireless communication system for smartphones. Unlike NFC, SBVLC can be widely adopted by most off-the-shelf smartphones. It works across various smartphone platforms equipped with a color screen and a front-facing camera. Our system can also be easily extended to support other mobile and portable devices such as laptops and tablets.

ADVANTAGES OF PROPOSED SYSTEM:

  • To the best of our knowledge, this work is the first that focuses on modelling and analyzing the security of VLC channel and barcode-based communication between smartphones.
  • Specifically, we first design a real-time duplex screen-camera VLC channel based on 2D barcode streaming. By embedding extra information into the color of quick response (QR) codes, we developed a fast QR filtering technique to quickly remove the non-QR and duplicate QR frame images.
  • On top of the duplex VLC channel, we further propose three secure communication schemes.

 

SYSTEM ARCHITECTURE:

SBVLC Secure Barcode-Based Visible Light

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse/Android Studio

REFERENCE:

Bingsheng Zhang, Kui Ren, Senior Member, IEEE, Guoliang Xing, Senior Member, IEEE, Xinwen Fu, Senior Member, IEEE, and Cong Wang, Member, IEEE, “SBVLC: Secure Barcode-Based Visible Light Communication for Smartphones”, IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 15, NO. 2, FEBRUARY 2016.

Privacy-Preserving Location Sharing Services for Social Networks

Privacy-Preserving Location Sharing Services for Social Networks

Privacy-Preserving Location Sharing Services for Social Networks

ABSTRACT:

A common functionality of many location-based social networking applications is a location sharing service that allows a group of friends to share their locations. With a potentially untrusted server, such a location sharing service may threaten the privacy of users. Existing solutions for Privacy-Preserving Location Sharing Services (PPLSS) require a trusted third party that has access to the exact location of all users in the system or rely on expensive algorithms or protocols in terms of computational or communication overhead. Other solutions can only provide approximate query answers. To overcome these limitations, we propose a new encryption notion, called Order-Retrievable Encryption (ORE), for PPLSS for social networking applications. The distinguishing characteristics of our PPLSS are that it (1) allows a group of friends to share their exact locations without the need of any third party or leaking any location information to any server or users outside the group, (2) achieves low computational and communication cost by allowing users to receive the exact location of their friends without requiring any direct communication between users or multiple rounds of communication between a user and a server, (3) provides efficient query processing by designing an index structure for our ORE scheme, (4) supports dynamic location updates, and (5) provides personalized privacy protection within a group of friends by specifying a maximum distance where a user is willing to be located by his/her friends. Experimental results show that the computational and communication cost of our PPLSS is much better than the state-of-the-art solution.

OUTPUT VIDEO:

EXISTING SYSTEM:

  • Existing location-based social networking systems with location sharing services rely on a central server which receives location information from all users in the system.
  • Existing privacy-preserving location sharing schemes aim to protect the user location privacy against the central server, but they still allow the server to provide the user with the necessary services.
  • However, in some existing schemes, the central server still knows the user’s approximate location. Other schemes require several messages to be exchanged not only between the user and the central server but also directly between the user and the user’s friends, increasing the communication cost and making those schemes less practical.

DISADVANTAGES OF EXISTING SYSTEM:

  • The problem with this approach is that the central server can generate a detailed movement profile of each user (e.g., the location, time and frequency of each place which has been visited by each user) and that raises privacy concerns.
  • Other schemes only return approximate results, making them less useful.

PROPOSED SYSTEM:

  • In this paper, we propose a new encryption notion, called Order-Retrievable Encryption (ORE); a new cryptographic protocol that realizes our Privacy-Preserving Location Sharing Services (PPLSS) for social networking systems. In particular, our ORE scheme enables users to browse their friends’ exact locations within a certain distance without revealing any information about their locations to any other users or a social networking service provider.
  • The framework of our PPLSS consists of a database server (which is maintained by the social networking service provider) and users. The users send their location information in encrypted form to the database server according to our ORE scheme.
  • When a user wants to locate his/her friends in the vicinity, the user logs onto the social networking system, sends a location query (e.g., “Q1: Send me the location of my friends within 2 km of my current location”) to the database server, and obtains the requested location information in encrypted form based on our ORE scheme. The user then recovers the actual location of his/her friends from the encrypted information returned by the database server.

ADVANTAGES OF PROPOSED SYSTEM:

  • Secure location privacy. PPLSS does not disclose any location information of its users to a central server or an eavesdropper, not even an approximate location, and does not require any third party.
  • Low computational and communication cost. It allows a user to receive the exact location information of his/her friends without requiring direct communication between users or multiple rounds of communication between a user and a server.
  • Index structure.We design an index structure for our ORE scheme to index encrypted locations of a group of friends to improve the efficiency of location query processing.
  • Efficient data updates. Our scheme supports highly dynamic location updates from individual users efficiently.
  • Personalized privacy within a group of friends. Each user is able to specify a maximum distance defining a personalized privacy region so that only those friends who are within the region can locate the user.
  • The rationale behind such personalized privacy is that users may not want to share their locations with far-away friends as it might not be practical or necessary to share their location with friends at large distances.

SYSTEM ARCHITECTURE:

Privacy-Preserving Location Sharing Services

MODULES

  • Mobile Users
  • Location Based Server (LBS)
  • User Query
  • Check authenticity
  • User privacy

MODULES DESCRIPTION:

MOBILE USERS

Consider N users who move in an area split into M discrete regions/locations. The mobility of each user u is a discrete-time Markov chain on the set of regions: The probability that user u, currently in region ri, will next visit region rj is denoted by pu(rj |ri). Let πu(ri) be the probability that user u is in region ri. Each user possesses a location-aware wireless device, capable of ad hoc device-to-device communication and of connecting to the wireless infrastructure (e.g., cellular and Wi-Fi networks). 

LOCATION BASED SERVER (LBS)

As users move between regions, they leverage the infrastructure to submit local-search queries to LBS. The information that the LBS provides expires periodically, in the sense that it is no longer valid. Note that information expiration is not equivalent to the user accessing the LBS: A user accesses the LBS when her information has expired and she wishes to receive the most up-to-date version of it. 

USER QUERY

A seeker, essentially a user who does not have the sought information in her buffer, first broadcasts her query to her neighbors through the wireless ad hoc interface of the device. This a local query. Each user with valid information about a region is termed informed user for that region. Users interested in getting location-specific information about a region are called information seekers of that region.

CHECK AUTHENTICITY

The information the LBS provides is self-verifiable, i.e., users can verify the integrity and authenticity of the server responses. This can be done in different ways; in our system, the user device verifies a digital signature of the LBS on each reply by using the LBS provider’s public key. As a result, a compromised access point or mobile device cannot degrade the experience of users by altering replies or disseminating expired information.

 USER PRIVACY

In essence, a subset of users in every region has to contact the LBS to get the updated information, and the rest of the users benefit from the peer-to-peer collaboration. Intuitively, the higher the proportion of hidden user queries, the higher her location privacy is.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse/Android Studio

REFERENCE:

Roman Schlegel, Member, IEEE, Chi-Yin Chow, Member, IEEE, Qiong Huang, Member, IEEE, and Duncan S. Wong, Member, IEEE, “Privacy-Preserving Location Sharing Services for Social Networks”, IEEE Transactions on Services Computing, 2016.

PassBYOP: Bring Your Own Picture for Securing Graphical Passwords

PassBYOP: Bring Your Own Picture for Securing Graphical Passwords

PassBYOP: Bring Your Own Picture for Securing Graphical Passwords

ABSTRACT:

PassBYOP is a new graphical password scheme for public terminals that replaces the static digital images typically used in graphical password systems with personalized physical tokens, herein in the form of digital pictures displayed on a physical user-owned device such as a mobile phone. Users present these images to a system camera and then enter their password as a sequence of selections on live video of the token. Highly distinctive optical features are extracted from these selections and used as the password.We present three feasibility studies of PassBYOP examining its reliability, usability, and security against observation. The reliability study shows that image-feature based passwords are viable and suggests appropriate system thresholds—password items should contain a minimum of seven features, 40% of which must geometrically match originals stored on an authentication server in order to be judged equivalent. The usability study measures task completion times and error rates, revealing these to be 7.5 s and 9%, broadly comparable with prior graphical password systems that use static digital images. Finally, the security study highlights PassBYOP’s resistance to observation attack—three attackers are unable to compromise a password using shoulder surfing, camera based observation, or malware. These results indicate that Pass-BYOP shows promise for security while maintaining the usability of current graphical password schemes.

OUTPUT VIDEO:

EXISTING SYSTEM:

  • Individuals adopt nonsecure coping strategies such as reuse of passwords across systems, noting down passwords, or simply forgetting them entirely. In order to mitigate these problems, researchers have proposed graphical password schemes that rely on input such as selecting portions of an image. These systems have been shown to improve memorability without sacrificing input time or error rates while also maintaining a high resistance to brute force and guessing attacks.
  • Aloul et al. used mobile phones as the hardware token for one-time password generation.
  • Dodson et al. proposed a challenge-response authentication system involving a user snapping a picture of a QR code with a mobile device. The data from this marker generated encrypted data that were used during login.

DISADVANTAGES OF EXISTING SYSTEM:

  • One issue is their susceptibility to intelligent guessing and shoulder-surfing attacks.
  • Such attacks are effective because the sections of images that users select as password items are both easy for an attacker to observe by snooping over shoulders or setting up a camera to record input and also relatively predictable—users tend to choose hotspots such as the eyes in a facial portrait.
  • This issue is particularly problematic as the image contents for graphical password systems are typically stored on authentication servers and readily presented to attackers in response to input of easily accessible user identity information.

PROPOSED SYSTEM:

  • We present a new point-click graphical password system, PassBYOP—Bring Your Own Picture, that increases resistance to observation attack by coupling the user’s password to an image or object physically possessed. This is achieved by using live video of a physical token, such as an object, a photograph, or even an image of a body part (e.g., a palm), as the canvas for entering a graphical password.
  • This physical object replaces easily accessible server-based images, and we argue that attackers will struggle to capture useful replicas of this content.
  • We present an implementation for the scheme based on SIFT image features and a demonstration of its viability through three feasibility studies covering: 1) the reliability and robustness of PassBYOP feature based input; 2) participant task performance times and error rates using Pass-BYOP; and 3) the security of PassBYOP against observation attack.

ADVANTAGES OF PROPOSED SYSTEM:

  • PassBYOP seeks to make graphical passwords more secure against intelligent guessing and shoulder-surfing attacks.
  • PassBYOP transforms a graphical password, which is traditionally a single factor authentication mechanism, to a more secure multifactor authentication method.

SYSTEM ARCHITECTURE:

PassBYOP Bring Your Own Picture for Securing Graphical

MODULES:

  • Locimetric Password Scheme
  • Usability Password Scheme
  • Drawmetric Password Scheme
  • Random attacks

MODULES DESCSRIPTION:

Locimetric Password Scheme

Cued-recall (locimetric) password schemes involve users selecting regions on one or more images. Blonder’s U.S. patent is the earliest example. A seminal example is PassPoints. During login, users are shown a previously selected image, and they enter a password by clicking on a sequence of locations on the image. Authentication is successful if the XY coordinates of these clicks match a previously stored set of password points. A longitudinal study resulted in login times of 8.78–24.25 s and a failed authentication rate of 7–13%. While simple and effective, cued-recall graphical passwords present new security issues. For instance, users typically select hotspots, locations on an image that are highly distinguishable, memorable, and also predictable to attackers

Usability Password Scheme

The second modules in this paper explores user performance with PassBYOP in terms of entry times and error rates for comparison with prior graphical password system schemes. Users in this study authenticated in two conditions: a private image of their choice and a system-provided public image.  The public image depicted a parking lot populated with cars. To acquire images for the private image condition, users were asked to select a personal authentication image in advance. They were given specific requirements: the image should be of high resolution, low granularity, and not to include large monochrome regions such as white walls. Images chosen by the participants included pictures of food, people, places, toys and small objects, and text. All selected images met system requirements in terms of visual richness of the contents.

Drawmetric Password Scheme

In recall based graphical password schemes the user is asked to reproduce something (usually an image) that he or she created or selected during the registration phase. This scheme further has been divided in to two categories: pure recall based and cued recall based techniques. In pure recall based technique the user enter his or her password without any hint or clue. On the other hand in cued recall based technique the image provide some hint to the user in order to enter the password.

Random attacks

In the random attacks module, the user details of who tries to break the password is monitored and collected. We developed a Web Service Module, where the details and collected separately and viewed in the PHP Page, with the user names of those who made the attacks.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1G

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse/Android Studio

REFERENCE:

Andrea Bianchi, Ian Oakley, and Hyoungshick Kim, “PassBYOP: Bring Your Own Picture for Securing Graphical Passwords”, IEEE TRANSACTIONS ON HUMAN-MACHINE SYSTEMS 2016.

MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention

MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention

MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention

ABSTRACT:

Android users are constantly threatened by an increasing number of malicious applications (apps), generically called malware. Malware constitutes a serious threat to user privacy, money, device and file integrity. In this paper we note that, by studying their actions, we can classify malware into a small number of behavioral classes, each of which performs a limited set of misbehaviors that characterize them. These misbehaviors can be defined by monitoring features belonging to different Android levels. In this paper we present MADAM, a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors. MADAM has been designed to take into account those behaviors characteristics of almost every real malware which can be found in the wild. MADAM detects and effectively blocks more than 96% of malicious apps, which come from three large datasets with about 2,800 apps, by exploiting the cooperation of two parallel classifiers and a behavioral signature-based detector. Extensive experiments, which also includes the analysis of a testbed of 9,804 genuine apps, have been conducted to show the low false alarm rate, the negligible performance overhead and limited battery consumption.

OUTPUT VIDEO:

EXISTING SYSTEM:

  • Along with the vast increase of Android malware, several security solutions have been proposed by the research community, spanning from static or dynamic analysis of apps, to applying security policies enforcing data security, to run-time enforcement. However, these solutions still present significant drawbacks.
  • TaintDroid is a security framework for Android devices which tracks information flow to avoid malicious stealing of sensitive information.
  • Alterdroid is a tool that compares the differences in behavior between an original app and automatically generated version that contain modifications (faults) to detect hidden malware, such as in pictures.

DISADVANTAGES OF EXISTING SYSTEM:

  • They are attack-specific, i.e. they usually focus on and tackle a single kind of security attack, e.g. privacy leaking, or privilege escalation (jail-breaking).
  • Moreover, these frameworks generally require a custom OS.
  • Apart from these ad hoc security solutions, in an attempt to limit the set of (dangerous) operations that an app can perform.

PROPOSED SYSTEM:

  • In this paper we present a novel multi-level and behavior based, malware detector for Android devices called MADAM (Multi-Level Anomaly Detector for Android Malware). In particular, to detect app misbehaviors, MADAM monitors the device actions, its interaction with the user and the running apps, by retrieving five groups of features at four different levels of abstraction, namely the kernel level, application-level, user-level and package-level.
  • For some groups of features MADAM applies an anomaly based approach, for other groups it implements a signature based approach that considers behavioral patterns that we have derived from known malware misbehaviors.
  • In fact, MADAM has been designed to detect malicious behavioral patterns extracted from several categories of malware. This multi-level behavioral analysis allows MADAM to detect misbehaviors typical of almost all malware which can be found in the wild.
  • MADAM also has shown efficient detection capabilities as it introduces an 1.4% performance overhead and a 4% battery depletion.
  • Finally, MADAM is usable because it both requires little-to-none user interaction and does not impact the user experience due to its efficiency.

ADVANTAGES OF PROPOSED SYSTEM:

  • The proposed system monitors five groups of Android features, among which system calls (type and amount) globally issued on the device, the security relevant API calls, and the user activity, to detect unusual user and device behavioral patterns; to this end, it exploits two cooperating proximity-based classifiers to detect and alert anomalies.
  • The proposed system intercepts and blocks dangerous actions by detecting specific behavioral patterns which take into account a set of known security hazard for the user and the device.
  • When every time a new app is installed, MADAM assesses its security risk by analyzing the requested permissions and reputation metadata, such as user scores and download number, and it inserts the app in a suspicious list if evaluated as risky.

SYSTEM ARCHITECTURE:

MADAM Effective and Efficient Behavior-based Android

MODULES:

  • App Risk Assessment
  • Global Monitor
  • Per-App Monitor
  • User Interface & Prevention

MODULES DESCSRIPTION:

App Risk Assessment

When a new app is installed on the device (deploy-time), the App Evaluator component intercepts and hijacks the installation event. This component analyzes the metadata of the new app to assess its risk, by retrieving features from the app package, related to critical operations, and from the market, related to app reputation. In detail, these features are: (i) the permissions declared in the manifest, (ii) the market of provenance, (iii) the total number of downloads, (iv) the developer reputation and (v) the user rating. The five parameters are analyzed through a hierarchical algorithm which returns a decision on the riskiness of the app classifying it as safe or risky5. Based on this decision, the user can choose whether to continue the installation (or not) of the new app. If the user chooses to install a risky app, its package name is recorded in the MADAM App Suspicious List and is continuously monitored looking for the known behavioral patterns. Note that MADAM extracts all these pieces of information in a process which is totally transparent to the user. The user can, however, decide whether she prefers to receive a notification of the decision of the App Evaluator, or to keep the process invisible. In the following, we assume that the user chooses the transparent approach (i.e., new apps are always installed, but inserted into the App Suspicious List if risky), as to allow MADAM to enforce security policies on the device. It is worth noting that the App Evaluator is not a detector of malicious apps. Instead, the App Evaluator aims at finding apps which are risky, which should be monitored at run-time by MADAM, improving the overall performance.

Global Monitor

The Global Monitor is at the core of the MADAM framework, since it is responsible of collecting the run-time device behaviors and classifying them as “genuine” or “malicious”. In MADAM, a behavior is represented through a vector of features. For each of them, MADAM records how many times a specific feature has been used in a period of time Tk. The features are extracted from different kinds of dynamic events: User Activity, Critical API (in particular, SMS, i.e. text messages) and System Call (Sys Calls). The Actions Logger is the component that records all these features into a vector, which is then fed to the Classifier. This component is trained to recognize genuine behaviors related to normal device usage, and malicious behavioral patterns deviating from the genuine ones, derived from the seven classes of malware. The classifier correlates features from the three monitored levels, and detects misbehaviors which could pass unnoticed if monitored separately on the single levels. As we will detail in Sect. 5, the Global Monitor is effective in detecting malicious behaviors, especially for SMS Trojan, Rootkit, Installers and Ransomware. For other behavioral classes of malware, MADAM exploits a set of known malicious behavioral pattern.

Per-App Monitor

The Per-App Monitor component is complementary to the Global Monitor since it is aimed at detecting additional, signature-based, known misbehaviors. The Per-App monitor is based on a set of known malicious behavioral patterns which considers the Suspicious App List created by the App Risk Assessment module, the alerts raised by the classifiers and a set of features at application-level not considered by the classifier. The Per-App monitors exploits behavioral patterns which represent suspicious behaviors that have been inferred by analyzing the behavioral classes of malware at API level and kernel level. To consider these behavioral patterns, Per-App Monitor constantly monitors three features, namely: (i) the list of apps with administrator privileges (Admin Apps in Fig. 1), which are those apps that can access a specific set of dangerous security relevant API and that cannot be removed unless the privileges are revoked, (ii) the SMS default app, which is the app that by default handles the operations related to text messages and that can be changed by the user, (iii) the app in foreground, which is the app currently interacting with the user.

User Interface & Prevention

The User Interface & Prevention includes the Prevention module that acts as a security enforcement mechanism by blocking the detected misbehaviors related to behavioral patterns. In such a case, the User Interface (UI) module handles the process for removing the responsible app. The UI conveys to the user all the events which require an active interaction, such as for removing malicious apps, and is also used by the user to select which behaviors should be blocked or allowed. Finally, the UI is exploited by the App Evaluator to communicate to the user the risk score of a new app at deploy-time. In this case, the user can then decide whether to continue the installation (or not) of the app.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram :1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse

REFERENCE:

Andrea Saracino, Daniele Sgandurra, Gianluca Dini and Fabio Martinelli, “MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention”, IEEE Transactions on Dependable and Secure Computing, 2017.

Intelligent Hands Free Speech based SMS System on Android

Intelligent Hands Free Speech based SMS System on Android

Intelligent Hands Free Speech based SMS System on Android

ABSTRACT:

Over the years speech recognition has taken the market. The speech input can be used in varying domains such as automatic reader and for inputting data to the system. Speech recognition can minimize the use of text and other types of input, at the same time minimizing the calculation needed for the process. A decade back speech recognition was difficult to use in any system, but with elevation in technology leading to new algorithms, techniques and advanced tools. Now it is possible to generate the desired speech recognition output. One such method is the hidden markov models which is used in this paper. Voice or signaled input is inserted through any speech device such as microphone, then speech can be processed and convert it to text hence able to send SMS, also Phone number can be entering either by voice or you may select it from contact list. Voice has opened up data input for a variety of user’s such as illiterate, handicapped, as if the person cannot write then the speech input is a boon and other’s too which can lead to better usage of the application.

OUTPUT VIDEO:

EXISTING SYSTEM:

  • Speech Recognition stands majorly on five pillars that are, feature extraction, acoustic models database which is built based on the training data, dictionary, language model and the speech recognition algorithm.
  • The input data i.e. voice is first converted to digital signal and are sampled on time and amplitude axis. This digitalized signal is then processed. For processing the signal is divided into small intervals, which depends on the algorithm used. The generalized timestamp is 20 ms.
  • This division is based on the features of data as those features are compared with database element. Database element contains information of feature of the word found and according the command is created. The basic element can be a phoneme for continuous speech or word for isolated words recognition.

DISADVANTAGES OF EXISTING SYSTEM:

  • NO Accuracy
  • More delay
  • Not Proper reorganization.
  • Fails is less noisy environment

PROPOSED SYSTEM:

  • The system shown here will use SR with google server which uses HMM method. The brief description of how speech is recognized is as follows. Firstly the speech is inputted, sound can be fluctuating set of signals which are recorded. These signals depends on speaker how is his/her voice quality and hold on the language. The input data is divided into words and phrases, i.e. command is divided into several parts. Lastly comes the processing phase where accordingly system understands command and executes it.
  • The system here is divided into small subsystems. In our application the models are as follows. Firstly user has an option to select whether to use voice as an input or select contacts manually. If user selects manual option then a service is called which access all the contacts in contact list present on the cell phone. If voice is selected then the google SR api is called and a dialog box appear which says that speck now and a mic type image is formed. Once the user is done speaking then api takes a few seconds to process the data and output is displayed on the sender’s address block.

ADVANTAGES OF PROPOSED SYSTEM:

  • Developed Speech recognizer system tested for a SMS sending application and found that it recognizes the speech to an accuracy of more than 90%.
  • When user presses the message box user has an option to write the message manually or to import the message via his/her voice. If manual option is chosen then the keyboard appears and the data can be inputted. If voice is chosen then again google api is called and a dialog box appears saying speak now.

SYSTEM ARCHITECTURE:

Intelligent Hands Free Speech

MODULES

  • Voice Recognition
  • Pick Suggestion
  • Pick Contact
  • Send SMS

MODULE DESCRIPTION:

Voice Recognition:

Speech Recognition (SR) is the translation of spoken words into text. It is also known as “automatic speech recognition”, “ASR”. Our system analyze the person’s specific voice and use it to fine tune the recognition of that person’s speech, resulting in more accurate transcription. The best part of the project is user no need to enter the message he want to send, you simply speak the message content then the voice will be converted into the text, In this module we getting voice input from the user and record that voice, after recording user voice, we will process the and recognize the text then show it to user.

Pick Suggestion:

          Even though User speak the English fluently, system can’t recognize the voice 100% because each and every human having different speech speed and pitch, so system cant perfectly translate their voice into text, but it will match the user voice into many different texts and show that to the user to pick user desired output. If the desired text is not displayed in the suggestion, then user can close the suggestion and again speak.

Pick Contact:

          To send SMS we need the message content and the recipient who is going to get the message. So user must give the contact number of his choice to send SMS. He knows the number then he can directly enter the number into recipient textbox. If he can’t remember the number and he saved it in the contacts. Then he can simply choose to pick contact option. If user chose to pick number from contact, all the available contact with their phone number will be displayed in list to the user. Then he can pick any one of the number to send SMS, picked number will be inserted in the recipient field. 

Send SMS:

          In this module, the system will send the SMS to the recipient using SMS Manager in the Telephony Service. In this we have the recipient number and the message to be send. We will first create a object for SMS Manager in the Telephony service, using the method sendTextMessage system will sent the message. After sent SMS to desired recipient we need to update the message content to view and retry the sent SMS in the user SMS database. 

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 gb

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse

REFERENCE:

Gulbakshee Dharmale, Dr. Vilas Thakare, Dr. Dipti D. Patil, “Intelligent Hands Free Speech based SMS System on Android” IEEE CONFERENCE 2016.

Android | EPLQ: Efficient Privacy-Preserving Location-Based Query Over Outsourced Encrypted Data

Android | EPLQ: Efficient Privacy-Preserving Location-Based Query Over Outsourced Encrypted Data

EPLQ: Efficient Privacy-Preserving Location-Based Query Over Outsourced Encrypted Data

ABSTRACT:

With the pervasiveness of smart phones, location based services (LBS) have received considerable attention and become more popular and vital recently. However, the use of LBS also poses a potential threat to user’s location privacy. In this paper, aiming at spatial range query, a popular LBS providing information about points of interest (POIs) within a given distance, we present an efficient and privacy-preserving location-based query solution, called EPLQ. Specifically, to achieve privacy preserving spatial range query, we propose the first predicate-only encryption scheme for inner product range (IPRE), which can be used to detect whether a position is within a given circular area in a privacy-preserving way. To reduce query latency, we further design a privacy-preserving tree index structure in EPLQ. Detailed security analysis confirms the security properties of EPLQ. In addition, extensive experiments are conducted, and the results demonstrate that EPLQ is very efficient in privacy preserving spatial range query over outsourced encrypted data. In particular, for a mobile LBS user using an Android phone, around 0.9 s is needed to generate a query, and it also only requires a commodity workstation, which plays the role of the cloud in our experiments, a few seconds to search POIs.

OUTPUT VIDEO:

EXISTING SYSTEM:

  • Recently, there are already some solutions for privacy preserving spatial range query.
  • Protecting the privacy of user location in LBS has attracted considerable interest. However, significant challenges still remain in the design of privacy-preserving LBS, and new challenges arise particularly due to data outsourcing. In recent years, there is a growing trend of outsourcing data including LBS data because of its financial and operational benefits.
  • Lying at the intersection of mobile computing and cloud computing, designing privacy-preserving outsourced spatial range query faces the challenges.

DISADVANTAGES OF EXISTING SYSTEM:

  • Challenge on querying encrypted LBS data. The LBS provider is not willing to disclose its valuable LBS data to the cloud. The LBS provider encrypts and outsources private LBS data to the cloud, and LBS users query the encrypted data in the cloud. As a result, querying encrypted LBS data without privacy breach is a big challenge, and we need to protect not only the user locations from the LBS provider and cloud but also LBS data from the cloud.
  • Challenge on the resource consumption in mobile devices. Many LBS users are mobile users, and their terminals are smart phones with very limited resources. However, the cryptographic or privacy-enhancing techniques used to realize privacy-preserving query usually result in high computational cost and/or storage cost at user side.
  • Challenge on the efficiency of POI searching. Spatial range query is an online service, and LBS users are sensitive to query latency. To provide good user experiences, the POI search performing at the cloud side must be done in a short time (e.g., a few seconds at most). Again, the techniques used to realize privacy-preserving query usually increase the search latency.
  • Challenge on security. LBS data are about POIs in real world. It is reasonable to assume that the attacker may have some knowledge about original LBS data. With such knowledge, known-sample attacks are possible.

PROPOSED SYSTEM:

  • In this paper, we propose an efficient solution for privacy-preserving spatial range query named EPLQ, which allows queries over encrypted LBS data without disclosing user locations to the cloud or LBS provider.
  • To protect the privacy of user location in EPLQ, we design a novel predicate-only encryption scheme for inner product range (IPRE scheme for short), which, to the best of our knowledge, is the first predicate/predicate-only scheme of this kind. To improve the performance, we also design a privacypreserving index structure named ˆ ss-tree. Specifically, the main contributions of this paper are three folds.
  • We propose IPRE, which allows testing whether the inner product of two vectors is within a given range without disclosing the vectors. In predicate encryption, the key corresponding to a predicate f can decrypt a ciphertext if and only if the attribute of the ciphertext x satisfies the predicate, i.e., f(x) = 1. Predicate-only encryption is a special type of predicate encryption not designed for encrypting/decrypting messages. Instead, it reveals that whether f(x) = 1 or not. Predicate-only encryption schemes supporting different types of predicates have been proposed for privacy-preserving query on outsourced data.
  • We propose EPLQ, an efficient solution for privacy preserving spatial range query. In particular, we show that whether a POI matches a spatial range query or not can be tested by examining whether the inner product of two vectors is in a given range. The two vectors contain the location information of the POI and the query, respectively. Based on this discovery and our IPRE scheme, spatial range query without leaking location information can be achieved. To avoid scanning all POIs to find matched POIs, we further exploit a novel index structure named ˆ ss-tree, which conceals sensitive location information with our IPRE scheme.
  • Our techniques can be used for more kinds of privacypreserving queries over outsourced data. In the spatial range query discussed in this work, we consider Euclidean distance, which is widely used in spatial databases. Our IPRE scheme and ˆ ss-tree may be used for searching records within a given weighted Euclidean distance or great-circle distance as well.Weighted Euclidean distance is used to measure the dissimilarity in many kinds of data, while great-circle distance is the distance of two points on the surface of a sphere.

ADVANTAGES OF PROPOSED SYSTEM:

  • To the best of our knowledge, there does not exist predicate/predicate-only scheme supporting inner product range. Though our scheme is used for privacypreserving spatial range query in this paper, it may be applied in other applications as well.
  • Experiments on our implementation demonstrate that our solution is very efficient.
  • Moreover, security analysis shows that EPLQ is secure under known-sample attacks and ciphertext-only attacks.
  • Using great-circle distance instead of Euclidean distance for long distances on the surface of earth is more accurate. By supporting these two kinds of distances, privacy-preserving similarity query and long spatial range query can also be realized.

SYSTEM ARCHITECTURE:

ANDROID EPLQ

MODULES:

  • System Construction Module
  • LBS User
  • LBS Provider
  • Privacy-Preserving Spatial Range Query

MODULES DESCRIPTION:

System Construction Module

  • The LBS provider has abundant of LBS data, which are POI records. The LBS provider allows authorized users (i.e., LBS users) to utilize its data through location-based queries. Because of the financial and operational benefits of data outsourcing, the LBS provider offers the query services via the cloud. However, the LBS provider is not willing to disclose the valuable LBS data to the cloud. Therefore, the LBS provider encrypts the LBS data, and outsources the encrypted data to the cloud.
  • The cloud has rich storage and computing resources. It stores the encrypted LBS data from the LBS provider, and provides query services for LBS users. So, the cloud has to search the encrypted POI records in local storage to find the ones matching the queries from LBS users.
  • LBS users have the information of their own locations, and query the encrypted records of nearby POIs in the cloud. Cryptographic or privacy-enhancing techniques are usually utilized to hide the location information in the queries sent to the cloud. To decrypt the encrypted records received from the cloud, LBS users need to obtain the decryption key from the LBS provider in advance.

LBS User

  • In this Module, the mobile user sends location-based queries to the LBS provider (or called the LBS server) and receives location-based service from the provider. The mobile user queries the location based service provider about approximate k nearest points of interest on the basis of his current location. In general, the mobile user needs to submit his location to the LBS provider which then finds out and returns to the user the k nearest POIs by comparing the distances between the mobile user’s location and POIs nearby. This reveals the mobile user’s location to the LBS provider.

LBS Provider

  • In this Module, the LBS provider provides location-based services to the mobile user. LBS allows clients to query a service provider in a ubiquitous manner, in order to retrieve detailed information about points of interest (POIs) in their vicinity (e.g., restaurants, hospitals, etc.). The LBS provider processes spatial queries on the basis of the location of the mobile user. Location information collected from mobile users, knowingly and unknowingly, can reveal far more than just a user’s latitude and longitude.

Privacy-Preserving Spatial Range Query

  • In EPLQ, user queries and the sensitive location information are encrypted with IPRE scheme. A query consists of two tokens associated with two predicate vectors, which contains the LBS user’s location information. The LBS user generates two tokens for searching
  • POI records with the proposed IPRE scheme. The two tokens associated with the query area should be generated. Let Ks[0] and Ks[1] be the generated two tokens.
  • The user sends a query to the LBS Service Provider. The LBS Service Provider searches to find all leaf nodes matching the query from the user. The LBS Service Provider returns the corresponding POI records of matched leaf nodes to the user. The LBS user decrypts received POI records with the shared key of the standard encryption scheme.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS: 

  • System : Pentium Dual Core.
  • Hard Disk : 120 GB.
  • Monitor : 15’’ LED
  • Input Devices : Keyboard, Mouse
  • Ram : 1 GB

SOFTWARE REQUIREMENTS: 

  • Operating system : Windows 7.
  • Coding Language : Android,JAVA
  • Toolkit : Android 2.3 ABOVE
  • IDE :         Eclipse/Android Studio

REFERENCE:

Lichun Li, Rongxing Lu, Senior Member, IEEE, and Cheng Huang, “EPLQ: Efficient Privacy-Preserving Location-Based Query Over Outsourced Encrypted Data”, IEEE INTERNET OF THINGS JOURNAL, VOL. 3, NO. 2, APRIL 2016.