1st International ICST Conference on Mobile Wireless Middleware, Operating Systems and Applications

Research Article

Privacy Guaranteeing Execution Containers: One time use of personal data by location based services

Download413 downloads
  • @INPROCEEDINGS{10.4108/ICST.MOBILWARE2008.2845,
        author={Peter Langendoerfer and Michael Maaser},
        title={Privacy Guaranteeing Execution Containers: One time use of personal data by location based services},
        proceedings={1st International ICST Conference on Mobile Wireless Middleware, Operating Systems and Applications},
        publisher={ICST},
        proceedings_a={MOBILWARE},
        year={2010},
        month={5},
        keywords={privacy enhancing techniques; P3P; location based services},
        doi={10.4108/ICST.MOBILWARE2008.2845}
    }
    
  • Peter Langendoerfer
    Michael Maaser
    Year: 2010
    Privacy Guaranteeing Execution Containers: One time use of personal data by location based services
    MOBILWARE
    ICST
    DOI: 10.4108/ICST.MOBILWARE2008.2845
Peter Langendoerfer1,*, Michael Maaser2,*
  • 1: IHP microelectronics, Im Technologiepark 25 15236 Frankfurt(Oder), Germany. +49-335-5625350
  • 2: IHP microelectronics, Im Technologiepark 25 15236 Frankfurt(Oder), Germany. +49-335-5625
*Contact email: langendoerfer@ihp-microelectronics._com, maaser@ihpmicroelectronics._com

Abstract

Privacy issues are becoming more and more important especially since the cyber and the real world are converging up to certain extent when using mobile devices. Means that really protect privacy are still missing. The problem is, as soon as a user provides data to a service provider the user looses control over her data. The simple solution is not to provide any data but then a lot of useful services e.g. navigation applications cannot be used. In order to remedy this problem we propose privacy guaranteeing execution containers (PGEC). Basically the concept is that the application gets access to the user data in a specially protected and certified environment, the PGEC. PGECs enable applications to access private user data locally and guarantee that the user data is deleted as soon as the service is quit. Thus, the PGEC guarantees a “one time use” of the provided private data. The PGECs also restrict the communication between the application and the service provider to what is explicitly allowed by the service user. In order to highlight the security provided by the PGEC, we discuss potential attacks such as modified execution environments as well as appropriate countermeasures.