Embed Size (px)
DESCRIPTION
Discussion of digital signature techniques for use in mobile apps to protect and authenticate location data (e.g., GPS data). Also includes benchmarking results to demonstrate the potential impact of such techniques on mobile device performance and battery life.
Citation preview
Location Data Signing – Protecting the Integrity and Authenticity of
Positioning System Data
Marcy E. Gordon, Sean J. Barbeau, Miguel A. Labrador {megordon, barbeau}@cutr.usf.edu
{labrador}@cse.usf.edu
Center for Urban Transportation Researchand Department of Computer Science and Engineering
10/20/2011 1
Background and Motivation• The integrity and authenticity of location data is increasingly important
– Pay-as-you-drive insurance, variable transportation taxes, Connected Vehicle applications, logistics auditing, and fleet tracking
• Can GPS data truly determine the historic or real-time location of a device?– Solution: digitally sign the data as it is produced
• Digital signatures are a mathematical method for showing the authenticity, integrity, and non-repudiation of a digital message
• Previous study showed digital signatures not practical on J2ME devices• TRAC-IT is a mobile application designed to track travel behavior for
research and to provide personalized real-time travel info• Objective: modify TRAC-IT system to generate a key pair, send the public
key to server for storage, sign each fix, send signature to server with the fix, and then created a validation tool to verify the signatures
10/20/2011 2
Experimentation• Ran key and signature generation tests on an emulator and a
HTC G1 phone w/ Android 1.6• Tests varied the algorithm (RSA, DSA), hashing algorithm
(SHA1, MD5, SHA256), and key sizes (512, 1024, 2048-bit)• Results: 2048-bit RSA key takes too long to generate, but
1024-bit RSA, 512-bit DSA are ok; RSA generates key pairs faster, but generates signatures slower than DSA (but both ok)
10/20/2011
x 1 x Many
• Avg. power consumption: 1.57 W; with data signing: 1.71 W• UDP packet (sending data to server) with signature is 66% larger
– But only 0.17% of possible packet size is filled
• Public key and signatures could be overwritten in the database, so database must be trusted portion of system
• Location data signing on Android phones is feasible!
1 4 8 16 30 60 5000
5
10
15
20
25Impact on Battery Life
Without Sign-ing
With Signing
Amount of time between GPS fixes
Estim
ated
Batt
ery
Life
(hou
rs)
Overhead and Conclusions
10/20/2011 41 27 53 79 1051311571832092352612870
0.5
1
1.5
2
2.5
3
3.5TRAC-IT Power Usage
TRAC-IT
TRAC-IT with Lo-cation Data Sign-ing
Time (sec)
Pow
er (w
atts)
CP = IktP = IV
Questions?
Sean J. Barbeau, M.S. Comp.Sci.
Research Associate Center for Urban Transportation Research University of South Florida http://locationaware.usf.edu
[email protected]/20/2011 5Battery life experiment data provided by Marcel Muñoz Figueroa
Figures for Poster
8/5/2011 6
1 30 59 88 1171461752042332622910
0.5
1
1.5
2
2.5
3
3.5TRAC-IT Power Usage
TRAC-ITTRAC-IT with Location Data Signing
Time (sec)
Pow
er (w
atts)
1 4 8 16 30 60 5000
5
10
15
20
25
Impact on Battery Life
Without Signing With Signing
Amount of time between GPS fixes (s)
Estim
ated
Batt
ery
Life
(hou
rs)
