Anand S. Gajparia (2007) On User Privacy for Location-based Services.
Full text access: Open
This thesis investigates user privacy concerns associated with the use of location based services. We begin by introducing various privacy schemes relevant to the use of location based services. We introduce the notion of constraints, i.e. statements limiting the use and dis tribution of Location Information (LI), i.e. data providing information regarding a subject's location. Constraints can be securely bound to LI, and are designed to reduce threats to privacy by controlling its dissemination and use. The various types of constraint which may be required are also considered. The issues and risks with the possible use of constraints are discussed, as are possible solutions to these hazards. To address some of the problems that have been identified with the use of constraints, we introduce the notion of an LI Preference Authority (LIPA). A LIPA is a trusted party which can examine LI constraints and make decisions about LI distribution without revealing the constraints to the entity requesting the LI. This is achieved by encrypting both the LI and the constraints with a LIPA encryption key, ensuring that the LI is only revealed at the discretion of the LIPA. We further show how trusted computing can be used to enhance privacy for LI. We focus on how the mechanisms in the Trusted Computing Group specifications can be used to enable the holder of LI to verify the trustworthiness of a remote host before transferring the LI to that remote device. This provides greater assurance to end users that their expressed preferences for the handling of personal information will be respected. The model for the control of LI described in this thesis has close parallels to models controlling the dissemination and use of other personal information. In particular, Park and Sandhu have developed a general access control model intended to address issues such as Digital Rights Management, code authorisation, and the control of personal data. We show how our model for LI control fits into this general access control model. We present a generic service which allows a device to discover the location of other devices in ad hoc networks. The advantages of the service are discussed in several scenarios, where the reliance on an infrastructure such as GPS satellites or GSM cellular base stations is not needed. An outline of the technology which will be needed to realise the service is given, along with a look at the security issues which surround the use of this location discovery service. Finally, we provide conclusions and suggestions for future work.
This is a Published version This version's date is: 06/06/2007 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/029e2966-707e-ae98-2e17-fdd0ec402f05/1/
Deposited by () on 28-Jun-2010 in Royal Holloway Research Online.Last modified on 14-Dec-2010
[1] 104th Congress, Senate and House of Representatives of the United States ofAmerica. Telecommunications Act of 1996, 1996.
[2] 3rd Generation Partnership Project. 3GPP TS 03.71 V8.7.0 Technical Speci-¯cation Group Services and System Aspects; Location Services (LCS); (Func-tional description) Stage 2 (Release 1999), September 2002.
[3] 3rd Generation Partnership Project. Characteristics of the USIM application,v7.7.0 edition, November 2006.
[4] L. Ackerman, J. Kempf, and T. Miki. Wireless location privacy: Law andpolicy in the US, EU and Japan. ISOC Member Brie¯ng 15, Internet Society,November 2003.
[5] A. Adams. Users' perception of privacy in multimedia communication. In CHI'99 extended abstracts on Human factors in computing systems, pages 53{54.ACM Press, New York, NY, USA, May 1999.
[6] H. Alvestrand. A mission statement for the IETF. RFC 3935, Internet Engi-neering Task Force, October 2004.
[7] W. A. Arbaugh, D. J. Farber, and J. M. Smith. A secure and reliable bootstraparchitecture. In Proceedings of the 1997 IEEE Symposium on Security andPrivacy, pages 65{71, 1997.
[8] J. Arkko, V. Devarapalli, and F. Dupont. Using IPsec to protect mobileIPv6 signaling between mobile nodes and home agents. RFC 3776, InternetEngineering Task Force, June 2004.
[9] P. Bahl and V. N. Padmanabhan. RADAR: An in-building RF-based userlocation and tracking system. In Proceedings of the Nineteenth Annual JointConference of the IEEE Computer and Communications Societies (INFOCOM2000), volume 2, pages 775{784, March 2000.
[10] B. Balache®, L. Chen, S. Pearson, D. Plaquin, and G. Proudler. Trusted com-puting platforms: TCPA technology in context. Hewlett-Packard professionalbooks. Prentice-Hall, Englewood Cli®s, NJ, USA, 2002.
[11] B. Balache®, L. Chen, D. Plaquin, and G. Proudler. A trusted process to dig-itally sign a document. In Proceedings of the 2001 Workshop on New SecurityParadigms (NSPW '01), pages 79{86, September 2001.
[12] L. Barkhuus and A. Dey. Location-based services for mobile telephony: a studyof users privacy concerns. In G. W. M Rauterberg, M. Menozzi, and J.Wesson,editors, Human-Computer Interaction INTERACT '03: IFIP TC13 Interna-tional Conference on Human-Computer Interaction. IOS Press, Amsterdam,Netherlands, September 2003.
[13] M. Bauer, C. Becker, and K. Rothermel. Location models from the perspec-tive of context-aware applications and mobile ad hoc networks. Personal andUbiquitous Computing, 6:322{328, 2002.
[14] R. Beckwith. Designing for ubiquity: The perception of privacy. IEEE Per-vasive Computing, 2(2):40{46, April 2003.
[15] D. E. Bell and L. J. La Padula. Secure computer systems: Uni¯ed exposi-tion and multics interpretation. Technical Report ESD-TR-75-306, The MitreCorporation, March 1976.
[16] B. Bellur and R. Ogier. A reliable, e±cient topology broadcast protocol fordynamic networks. In Proceedings of the Eighteenth Annual Joint Confer-ence of the IEEE Computer and Communications Societies (INFOCOM '99),volume 1, pages 178{186. IEEE Press, Piscataway, NJ, USA, March 1999.
[17] A. R. Beresford and F. Stajano. Location privacy in pervasive computing.IEEE Pervasive Computing, 2(1):46{55, 2003.
[18] A. R. Beresford and F. Stajano. Mix zones: User privacy in location-awareservices. In Proceedings of the Second IEEE Annual Conference on PervasiveComputing and Communications Workshops, pages 127{131. IEEE ComputerSociety Press, Los Alamitos, CA, USA, March 2004.
[19] T. Bray, J. Paoli, C. M. Sperberg-McQueen, E. Maler, and F. Yergeau. Ex-tensible markup language (XML) 1.0 (third edition). W3C recommendation,World Wide Web Consortium, February 2004.
[20] A. Burak and T. Sharon. Analyzing usage of location based services. InExtended abstracts on Human factors in computing systems (CHI '03), pages970{971. ACM Press, New York, NY, USA, April 2003.
[21] S. Byers and D. Kormann. 802.11b access point mapping. Communicationsof the ACM, 46(5):41{46, May 2003.
[22] S. Capkun, M. Hamdi, and J. Hubaux. GPS-free positioning in mobile ad-hocnetworks. Cluster Computing Journal, 5(2):157{167, 2002.
[23] D. Chaum. Achieving electronic privacy. Scienti¯c American, 267:96{101,1992.
[24] D. L. Chaum. Untraceable electronic mail, return addresses, and digitalpseudonyms. Communications of the ACM, 24(3):84 { 90, February 1981.
[25] L. Chen and S. Pearson. A trusted biometric system. Technical Report HPL-2002-185, HP Laboratories Bristol, July 2002.
[26] B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan. Private informationretrieval. Journal of the ACM, 45(6):965{981, November 1998.
[27] Cingular Wireless II LLC, http://www.cingular.com/mmode/mmode net.Features and Services Information for Former AT&T Wireless Users, Septem-ber 2005.
[28] Cingular Wireless II LLC, http://www.cingular.com/privacy/privacy policy.Privacy Policy, September 2005.
[29] P. C. Clark and Lance J. Ho®man. BITS: A smartcard protected operatingsystem. Communications of the ACM, 37(11):66{70, November 1994.
[30] T. Clausen, G. Hansen, L. Christensen, and G. Behrmann. The optimizedlink state routing protocol, evaluation through experiments and simulation.In Proceedings 4th International Symposium on Wireless Personal MultimediaCommunications, pages 841{846. IEEE Press, Piscataway, NJ, USA, Septem-ber 2001.
[31] L. Cranor, B. Dobbs, S. Egelman, G. Hogben, J. Humphrey, M. Langheinrich,M. Marchiori, M. Presler-Marshall, J. Reagle, M. Schunter, D. A. Stampley,and R.Wenning. The platform for privacy preferences. W3C recommendation,World Wide Web Consortium, November 2006.
[32] L. F. Cranor and B. A. La Macchia. Spam! Communications of the ACM,41(8):74{83, August 1998.
[33] J. Cuellar, J. Morris, D. Mulligan, J. Peterson, and J. Polk. Geopriv require-ments. RFC 3693, Internet Engineering Task Force, February 2004.
[34] M. Danley, D. Mulligan, J. Morris, and J. Peterson. Threat analysis of thegeopriv protocol. RFC 3694, Internet Engineering Task Force, February 2004.
[35] S. Deering and R. Hinden. Internet protocol, version 6 (ipv6) speci¯cation.RFC 2460, IETF, December 1998.
[36] D. E. Denning and P. F. MacDoran. Location-based authentication: Ground-ing cyberspace for better security. In D. E. Denning and P. J. Denning, ed-itors, Internet Besieged, Countering Cyberspace Sco²aws, chapter 12, pages167{174. ACM Press, New York, NY, USA, 2nd edition, February 2001.
[37] A. W. Dent and C. J. Mitchell. User's Guide to Cryptography and Standards.Artech House, London, UK, 2004.
[38] R. Dingledine and N. Mathewson. Tor: The second-generation onion router.In Proceedings of the Thirteenth USENIX security symposium, pages 303{320.USENIX, Berkeley, CA, USA, August 2004.
[39] L. Doherty, K. S. J. Pister, and L. El Ghaoui. Convex position estimationin wireless sensor networks. In Proceedings of the Twentieth Annual JointConference of the IEEE Computer and Communications Societies (INFOCOM2001), volume 3, pages 165{1663, April 2001.
[40] R. Droms. Dynamic host con¯guration protocol. RFC 2131, Internet Engi-neering Task Force, March 1997.
[41] J. Dunlop, R. C. Atkinson, J. Irvine, and D. Pearce. A personal distributedenvironment for future mobile systems. In Proceedings of the IST Mobileand Wireless Communications Summit, pages 705{709. Instituto de Teleco-munica»c~oes, Portugal, June 2003.
[42] S. Duri, M. Gruteser, X. Liu, P. Moskowitz, R. Perez, M. Singh, and J.-M.Tang. Framework for security and privacy in automotive telematics. In Pro-ceedings of the 2nd International Workshop on Mobile Commerce (WMC'02),pages 25{32. ACM Press, New York, NY, USA, September 2002.
[43] S. Dusse, P. Ho®man, B. Ramsdell, L. Lundblade, and L. Repka. S/mimeversion 2 message speci¯cation. RFC 2311, IETF, March 1998.
[44] Senator J. Edwards. Location privacy protection act of 2001. Bill S.1167, USSenate, July 11, 2001.
[45] P. Enge and P. Misra. Special issue on global positioning system. Proceedingsof the IEEE, 87(1):3{15, 1999.
[46] P. England, B. Lampson, J. Manferdelli, M. Peinado, and B. Willman. Atrusted open platform. Computer, 36(7):55{62, July 2003.
[47] P. England and M. Peinado. Authenticated operation of open computing de-vices. In L. Batten and J. Seberry, editors, Proceedings of the 7th AustralasianConference on Information Security and Privacy (ACISP 2002), Melbourne,Australia, July 3-5, 2002, volume 2384 of Lecture Notes in Computer Science,pages 346{361. Springer-Verlag, Berlin, Germany, July 2002.
[48] M. Epstein and S. Vergani. History unwired: mobile narrative in historic cities.In Proceedings of the working conference on Advanced visual interfaces (AVI'06), pages 302{305. ACM Press, New York, NY, USA, May 2006.
[49] A. Escudero-Pascual and G. Q. Maguire Jr. Role(s) of a proxy in locationbased services. In Proceedings of the 13th IEEE International Symposium onPersonal, Indoor and Mobile Radio Communications, volume 3, pages 1252{1256. IEEE, September 2003.
[50] Federal Communications Commission. ORDER DA 02-2423, Revision of theCommission's Rules to Ensure Compatibility with Enhanced 911 EmergencyCalling Systems, 2002.
[51] E. W. Felten. Understanding trusted computing: Will its bene¯ts outweighits drawbacks? IEEE Security and Privacy, 1(3):60{62, May 2003.
[52] W. Ford. Computer Communications Security. Prentice-Hall, EnglewoodCli®s, NJ, USA, 1994.
[53] D. Fox, J. Hightower, L. Liao, and D. Schulz. Bayesian ¯ltering for locationestimation. IEEE Pervasive Computing, 2(3):24{33, 2003.
[54] N. Freed and N. Borenstein. Multipurpose internet mail extensions (mime)part one: Format of internet message bodies. RFC 2045, IETF, November1996.
[55] A. S. Gajparia. On location-based services and the usage control model (ex-tended abstract). In Western European Workshop on Research in Cryptology,pages 74{77. WEWoRC Conference Records, Leuven, Belgium, July 2005.
[56] A. S. Gajparia and C. J. Mitchell. Enhancing user privacy using trustedcomputing. In C. J. Mitchell, editor, Trusted Computing, chapter 8, pages239{249. IEE, Hertfordshire, UK, 2005.
[57] A. S. Gajparia, C. J. Mitchell, and C. Y. Yeun. Using constraints to protectpersonal location information. In Proceedings of the 58th IEEE VehicularTechnology Conference (VTC 2003-Fall), volume 3, pages 2112{2116. IEEEPress, Piscataway, NJ, USA, October 2003.
[58] A. S. Gajparia, C. J. Mitchell, and C. Y. Yeun. The location informationpreference authority: Supporting user privacy in location based services. InS. Liimatainen and T. Virtanen, editors, Proceedings of Nordsec 2004, the 9thNordic Workshop on Secure IT systems, pages 91{96. Helsinki University ofTechnology, Finland, November 2004.
[59] A. S. Gajparia, C. J. Mitchell, and C. Y. Yeun. Supporting user privacy inlocation based services. IEICE Transactions, E88-B(7):2848{2855, July 2005.
[60] E. Gallery. An overview of trusted computing technology. In C. J. Mitchell,editor, Trusted Computing, chapter 3, pages 29{112. IEE, Hertfordshire, UK,2005.
[61] P. B. Gibbons, B. Karp, Y. Ke, S. Nath, and S. Seshan. Irisnet: An archi-tecture for a worldwide sensor web. IEEE Pervasive Computing, 2(4):22{33,October { November 2003.
[62] D. Gollmann. Computer Security. John Wiley and Sons, Chicester, UK, 1999.
[63] M. Gruteser and D. Grunwald. Anonymous usage of location-based servicesthrough spatial and temporal cloaking. In Proceedings of the First Interna-tional Conference on Mobile Systems, Applications, and Services, pages 31{42.USENIX, Berkeley, CA, USA, May 2003.
[64] Ceki GulcÄu and Gene Tsudik. Mixing e-mail with BABEL. In Proceedingsof the 1996 Symposium on Network and Distributed System Security (SNDSS'96), pages 2{16. ACM Press, New York, NY, USA, February 1996.
[65] V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation | virtualmachine directed approach to trusted computing. In Proceedings of the 3rdVirtual Machine Research and Technology Symposium, pages 29{41. USENIX,Berkeley, CA, USA, May 2004.
[66] A. Harter, A. Hopper, P. Steggles, A.Ward, and P.Webster. The anatomy of acontext-aware application. In Proceedings of the 5th Annual ACM/IEEE Inter-national Conference on Mobile Computing and Networking (Mobicom 1999),pages 59{68. ACM Press, New York, NY, USA, August 1999.
[67] A. Harter, A. Hopper, P. Steggles, A. Ward, and P. Webster. The anatomy ofa context-aware application. Wireless Networks, 8(2/3):187{197, 2002.
[68] D. N. Hat¯eld. A report on technical and operational issues impacting theprovision of wireless enhanced 911 services. Technical report, Federal Com-munications Commission, 2002.
[69] M. Hazas and A. Ward. A high performance privacy-oriented location system.In Proceedings of the First IEEE International Conference on Pervasive Com-puting and Communications (PerCom'03), pages 216{223. IEEE ComputerSociety Press, Los Alamitos, CA, USA, March 2003.
[70] U. Hengartner and P. Steenkiste. Implementing access control to people lo-cation information. In Proceedings of the Ninth ACM Symposium on AccessControl Models and Technologies (SACMAT '04), pages 11{20. ACM Press,New York, NY, USA, June 2004.
[71] R. Hes and J. J. Borking. Privacy Enhancing Technologies: The path toanonymity. The Hague, The Hague, Netherlands, revised edition, 1998.
[72] J. Hightower and G. Borriello. Location systems for ubiquitous computing.Computer, 34(8):57{66, 2001.
[73] IETF Secretariat. Geographic Location/Privacy (geopriv) Charter. Avail-able at http://www.ietf.org/html.charters/geopriv-charter.html, Internet En-gineering Task Force, August 2001.
[74] A. Iliev and S. Smith. Protecting client privacy with trusted computing at theserver. IEEE Security and Privacy, 3(2):20{28, March 2005.
[75] T. Imielinski and J. C. Navas. GPS-based geographic addressing, routing, andresource discovery. Communications of the ACM, 42(4):86{92, April 1999.
[76] International Organisation for Standardization. ISO 7498-2: Information pro-cessing systems { Open Systems Interconnection { Basic Reference Model {Part 2: Security Architecture, 1989.
[77] International Organization for Standardization. ISO/TC 211/WG 4/PT19136: Geographic Information -- Geography Markup Language (GML), com-mittee draft edition, February 2004.
[78] International Telecommunication Union. Standard-frequency and time-signalemissions { annex I, 1986.
[79] J.Hightower and G. Boriello. A survey and taxonomy of location systemsfor ubiquitous computing. Technical Report UW-CSE 01-08-03, University ofWashington, August 2001.
[80] X. Jiang and J. A. Landay. Modeling privacy control in context-aware systems.IEEE Pervasive Computing, 1(3):59{93, July 2002.
[81] D. Johnson, D. Maltz, and J. Broch. DSR | The dynamic source routingprotocol for multihop wireless ad hoc networks. In C. Perkins, editor, Ad HocNetworking, chapter 5, pages 139{172. Addison-Wesley, 2001.
[82] A. Juels, R. Rivest, and M. Szydlo. The blocker tag: selective blocking ofr¯d tags for consumer privacy. In Proceedings of the 10th ACM Conferenceon Computer and Communications Security (CCS'03), pages 103{111. ACMPress, New York, NY, USA, 2003.
[83] E. Kaasinen. User needs for location-aware mobile services. Personal andUbiquitous Computing, 7(1):70{79, May 2003.
[84] S. Kent and R. Atkinson. Security architecture for the internet protocol. RFC2401, IETF, November 1998.
[85] R. Koodli. Ip address location privacy and mobile ipv6: Problem state-ment. MIP6 Working Group Internet Draft draft-ietf-mip6-location-privacy-ps-00.txt, Internet Engineering Task Force, October 2005.
[86] J. Krumm, S. Harris, B. Meyes, B. Brummitt, M. Hale, and S. Shafer. Multi-camera multi-person tracking for easyliving. In Proceedings of the Third IEEEInternational Workshop onVisual Surveillance, pages 3{10. IEEE Press, Pis-cataway, NJ, USA, July 2000.
[87] B. W. Lampson. Protection. ACM SIGOPS Operating Systems Review,8(1):18{24, January 1974.
[88] U. Leonhardt and J. Magee. Towards a general location service for mobileenvironments. In Proceedings of Third International Workshop on Servicesin Distributed and Networked Environments, pages 43{51. IEEE ComputerSociety Press, Los Alamitos, CA, USA, June 1996.
[89] U. Leonhardt and J. Magee. Security considerations for a distributed locationservice. Journal of Network Systems Management, 6(1):51{70, March 1998.
[90] X.-Y. Li, C.-X. Shen, and X.-D. Zuo. An e±cient attestation for trustworthi-ness of computing platform. In Proceeding of the Second International Con-ference on Intelligent Information Hiding and Multimedia Signal Processing(IIH-MSP 2006), Pasadena, California, USA, December 18-20, 2006, pages625{630. IEEE Computer Society Press, Los Alamitos, CA, USA, December2006.
[91] T. Liu, P. Bahl, and I. Chlamtac. Mobility modeling, location tracking andtrajectory prediction in wireless ATM networks. IEEE Journal on SelectedAreas in Communications, 16(6):922{936, August 1998.
[92] The Local Data Company Limited, http://www.e-street.com. Retail Intelli-gence, April 2006.
[93] R. Mahy. A document format for ¯ltering and reporting location notications inthe presence information document format location object. Geopriv Internet-Draft draft-ietf-geopriv-loc-¯lters-00.txt (work in progress), Internet Engineer-ing Task Force, March 20, 2006.
[94] M. Maxim and D. Pollino. Wireless Security. McGraw-Hill/Osborne, 2002.
[95] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of appliedcryptography. CRC Press Series on Discrete Mathematics and its Applications.CRC Press, Boca Raton, FL, USA, 1997.
[96] R. P. Minch. Privacy issues in location-aware mobile devices. In Proceed-ings of the 37th Annual Hawaii International Conference on System Sciences(HICSS'04) { Track 5. IEEE Computer Society Press, Los Alamitos, CA,USA, January 2004.
[97] C. J. Mitchell, editor. Trusted Computing. IEE, Hertfordshire, UK, 2005.
[98] G. Myles, A. Friday, and N. Davies. Preserving privacy in environments withlocation-based applications. IEEE Pervasive Computing, 2(1):56{64, 2003.
[99] National Institute of Standards and Technology. Speci¯cation for the advancedencryption standard (AES). Federal Information Processing Standards Publi-cation 197 (FIPS PUB 197), NIST, November 2001.
[100] J. Park and R. Sandhu. Originator control in usage control. In Proceedings ofthe Third IEEE International Workshop on Policies for Distributed Systemsand Networks (POLICY'02), pages 60{67. IEEE Computer Society Press, LosAlamitos, CA, USA, June 2002.
[101] J. Park and R. Sandhu. Towards usage control models: beyond traditionalaccess control. In Proceedings of the Seventh ACM Symposium on AccessControl Models and Technologies (SACMAT'02), pages 57{64. ACM Press,New York, NY, USA, June 2002.
[102] J. Park and R. Sandhu. The UCONABC usage control model. ACM Transac-tions on Information and System Security, 7(1):128{174, February 2004.
[103] A. Pashalidis and C. J. Mitchell. Single sign-on using trusted platforms. InC. Boyd and W. Mao, editors, Procceedings of the 6th International Conferenceon Information Security (ISC 2003) Bristol, UK, October 1-3, 2003, pages 54{68. Springer-Verlag, Berlin, Germany, 2003.
[104] M. Peinado, Y. Chen, P. England, and J. Manferdelli. NGSCB: A trusted opensystem. In H. Wang, J. Pieprzyk, and V. Varadharajan, editors, Proccedings ofthe 9th Australasian Conference on Information Security and Privacy (ACISP2004), Sydney, Australia, July 13-15, 2004, volume 3108 of Lecture Notes inComputer Science, pages 86{97. Springer-Verlag, Berlin, Germany, July 2004.
[105] M. Peinado, P. England, and Y. Chen. An overview of NGSCB. In C. J.Mitchell, editor, Trusted Computing, chapter 4, pages 115{142. IEE, Hertford-shire, UK, 2005.
[106] C. Perkins and E. Royer. The Ad Hoc On-Demand Distance-Vector Protocol,chapter 6, pages 173{219. Addison-Wesley, 2001.
[107] C. E. Perkins. Ad Hoc Networking. Addison-Wesley, Boston, MA, USA, 2001.
[108] J. Peterson. A presence architecture for the distribution of geopriv locationobjects. RFC 4079, Internet Engineering Task Force, July 2005.
[109] J. Peterson. A presence-based geopriv location object format. RFC 4119,Internet Engineering Task Force, December 2005.
[110] J. Peterson. A presence-based GEOPRIV location object format. GeoprivInternet-Draft draft-ietf-geopriv-pidf-lo-03.txt (work in progress), Internet En-gineering Task Force, 2004 September 9,.
[111] A. P¯tzmann and M. KÄohntopp. Anonymity, unobservability, andpseudonymity | a proposal for terminology. In H. Federrath, editor, Pro-ceedings of Designing Privacy Enhancing Technologies: International Work-shop on Design Issues in Anonymity and Unobservability, Berkeley, CA, USA,July 2000, volume 2009 of Lecture Notes in Computer Science, pages 141{160.Springer-Verlag, Berlin, Germany, 2001.
[112] J. Polk, J. Schnizlein, and M. Linsner. Dynamic host con¯guration protocoloption for coordinate-based location con¯guration information. RFC 3825,Internet Engineering Task Force, 2004 July.
[113] N. Priyantha, A. Chakraborty, and H. Balakrishnan. The cricket locationsupport system. In Proceedings of the 6th Annual International Conference onMobile Computing and Networking (MobiCom'00), pages 32{43. ACM Press,New York, NY, USA, August 2000.
[114] N. Priyantha, A. Miu, H. Balakrishnan, and S. Teller. The cricket compassfor context-aware mobile applications. In Proceedings of the 7th Annual In-ternational Conference on Mobile Computing and Networking (MobiCom'01),pages 1{14. ACM Press, New York, NY, USA, July 2001.
[115] N. B. Priyantha, A. Chakraborty, and H. Balakrishnan. The cricket location-support system. In Proceedings of the 6th Annual International Conference onMobile Computing and Networking (MobiCom '00), pages 32{43. ACM Press,New York, NY, USA, August 2000.
[116] R. Ramanathan. On the performance of ad hoc networks with beamformingantennas. In Proceedings of the 2nd ACM International Symposium on MobileAd Hoc Networking & Computing (MobiHoc '01), pages 95{105. ACM Press,New York, NY, USA, October 2001.
[117] C. Randell and H. L. Muller. Low cost indoor positioning system. In G. D.Abowd, B. Brumitt, and S. Shafer, editors, Proceedings of the Third In-ternational Conference on Ubiquitous Computing (Ubicomp 2001), Atlanta,Georgia, USA, September 30 - October 2, 2001, pages 42{48. Springer-Verlag,Berlin, Germany, September / October 2001.
[118] J. Reed, K. Krizman, B. Woerner, and T. Rappaport. An overview of thechallenges and progress in meeting the e-911 requirement for location service.IEEE Communications Magazine, 36(4):30{37, April 1998.
[119] C. Rigney, A. Rubens, W. Simpson, and S. Willens. Remote authenticationdial in user service (RADIUS). RFC 2138, Internet Engineering Task Force,April 1997.
[120] R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining dig-ital signatures and public-key cryptosystems. Communications of the ACM,26(1):96{99, January 1983.
[121] J. Rosenberg. Presence authorization rules. Internet-Draft draft-ietf-simple-presence-rules-04.txt, Internet Engineering Task Force, October 2005.
[122] A.-R. Sadeghi and C. StÄuble. Property-based attestation for computing plat-forms: caring about properties, not mechanisms. In Proceedings of the 2004workshop on new security paradigms (NSPW '04), pages 67{77. ACM Press,New York, NY, USA, September 2004.
[123] R. Sandhu and J. Park. Usage control: A vision for next generation accesscontrol. In V. Gorodetsky, L. J. Popyack, and V. A. Skormin, editors, Proceed-ings of the Second International Workshop on Mathematical Methods, Models,and Architectures for Computer Network Security (MMM-ACNS 2003), St.Petersburg, Russia, September 21-23, 2003, volume 2776 of Lecture Notes inComputer Science, pages 17{31. Springer-Verlag, Berlin, Germany, September2003.
[124] N. Sastry, U. Shankar, and D. Wagner. Secure veri¯cation of location claims.In Proceedings of the 2003 ACM Workshop on Wireless Security (WiSe '03),pages 1{6. ACM Press, New York, NY, USA, July 2001.
[125] H. Schulzrinne. Dynamic host con¯guration protocol (DHCPv4 and DHCPv6)option for civic addresses con¯guration information. Geopriv Internet-Draftdraft-ietf-geopriv-dhcp-civil-09.txt (work in progress), Internet EngineeringTask Force, January 16, 2006.
[126] H. Schulzrinne, J. Morris, H. Tschofenig, J. Cuellar, J. Polk, and J. Rosen-berg. Common policy: An XML document format for expressing privacypreferences. Geopriv Internet-Draft draft-ietf-geopriv-common-policy-10.txt(work in progress), Internet Engineering Task Force, May 21, 2006.
[127] H. Schulzrinne and H. Tschofenig. Location types registry. Geopriv Internet-Draft draft-ietf-geopriv-location-types-registry-06.txt (work in progress), In-ternet Engineering Task Force, May 21, 2006.
[128] H. Schulzrinne, H. Tschofenig, J. Morris, J. Cuellar, and J. Polk. A documentformat for expressing privacy preferences for location information. GeoprivInternet-Draft draft-ietf-geopriv-policy-08.txt (work in progress), Internet En-gineering Task Force, February 11, 2006.
[129] C. Schwingenschogl and T. Kosch. Geocast enhancements of AODV for vehic-ular networks. ACM SIGMOBILE Mobile Computing and CommunicationsReview, 6(3):96{97, July 2002.
[130] R. Shankaran, V. Varadharajan, and M. Hitchens. Secure distributed locationmanagement scheme for mobile hosts. In Proceedings of the 26th Annual IEEEConference on Local Computer Networks (LCN 2001), pages 296{305. IEEEComputer Society Press, Los Alamitos, CA, USA, November 2001.
[131] A. Smailagic and D. Kogan. Location sensing and privacy in a context-awarecomputing environment. IEEE Wireless Communications, 9(5):10{17, Octo-ber 2002.
[132] E. Snekkenes. Concepts for personal location privacy policies. In Proceedingsof the 3rd ACM conference on Electronic Commerce (EC '01), pages 48{57.ACM Press, New York, NY, USA, October 2001.
[133] M. Spreitzer and M. Theimer. Architectural considerations for scalable, secure,mobile computing with location lnformation. In Proceedings of the 14th Inter-national Conference on Distributed Computing Systems, pages 29{38. IEEEComputer Society Press, Los Alamitos, CA, USA Press, June 1994.
[134] V. Stanford. Pervasive computing goes the last hundred feet with RFID sys-tems. IEEE Pervasive Computing, 2(2):9{14, 2003.
[135] W. Richard Stevens. TCP/IP Illustrated, Volume 1. Addison-Wesley Pro®es-sional Computing Series. Addison-Wesley, Indianapolis, IN, USA, 1994.
[136] H. Sugano, S. Fujimoto, G. Klyne, A. Bateman, W. Carr, and J. Peterson.Presence information data format (pidf). RFC 3863, Internet EngineeringTask Force, September 2004.
[137] P. Tao, A. Rudys, A. Ladd, and D. S. Wallach. Wireless LAN location-sensingfor security applications. In Proceedings of the 2003 ACM Workshop on Wire-less Security (WiSe '03), pages 11{20. ACM Press, New York, NY, USA,September 2003.
[138] M. Thomson and J. Winterbottom. Revised civic location format for pidf-lo. Internet-Draft draft-ietf-geopriv-revised-civic-lo-02.txt, Internet Engineer-ing Task Force, April 28, 2006.
[139] Tomtom International BV, http://www.tomtom.com. Portable GPS car nav-igation Systems, April 2006.
[140] Trusted Computing Group. TPM Main: Part 1 design principles, 1.2 edition,March 2006.
[141] Trusted Computing Group. TPM Main: Part 2 TPM Structures, 1.2 edition,March 2006.
[142] Trusted Computing Group. TPM Main: Part 3 Commands, 1.2 edition, March2006.
[143] H. Tschofenig, F. Adrangi, M. Jones, and A. Lior. Carrying location objectsin RADIUS. Geopriv Internet-Draft draft-ietf-geopriv-radius-lo-06.txt (workin progress), Internet Engineering Task Force, March 6, 2006.
[144] Y. Tseng, S. Wu, W. Laio, and C. Chao. Location awareness in ad hoc wirelessmobile networks. Computer, 34(6):46{52, June 2001.
[145] J.D. Tygar and B.S. Yee. Dyad: A system for using physically secure coproces-sors. Technical Report CMU-CS-91-140R, Carnegie Mellon University, May1991.
[146] US Department of Defense. Global Positioning System Standard PositioningService Signal Speci¯cation. US Department of Defense, 2nd edition, June1995.
[147] V. Varadharajan. Trustworthy computing (extended abstract). In X. Zhou,S. Su, M. P. Papazoglou, M. E. Orlowska, and K. G. Je®ery, editors, Proceed-ings of the 5th International Conference on Web Information Systems Engi-neering (WISE 2004) Brisbane, Australia, November 22-24, 2004, volume 3306of Lecture Notes in Computer Science, pages 13{16. Springer-Verlag, Berlin,Germany, November 2004.
[148] U. Varshney. Location management support for mobile commerce applica-tions. In Proceedings of the 1st International Workshop on Mobile Commerce(WMC'01), pages 1{10. ACM Press, New York, NY, USA, September 2003.
[149] R. Want, A. Hopper, V. Falcao, and J. Gibbons. The active badge locationsystem. ACM Transactions on Information Systems, 10(1):91{102, 1992.
[150] J. Winterbottom, M. Thomson, and H. Tschofenig. GEOPRIV PIDF-LO us-age clari¯cation, considerations and recommendations. Geopriv Internet-Draftdraft-ietf-geopriv-pdif-lo-pro¯le-04.txt (work in progress), Internet Engineer-ing Task Force, May 2, 2006.
[151] P. Yau and C. J. Mitchell. 2HARP: A secure routing protocol to detect failedand sel¯sh nodes in mobile ad hoc networks. In Proceedings of the 5th WorldWireless Congress, pages 1{6. Delson Group Inc., San Francisco, CA, USA,May 2004.
[152] J. Zagami, S. A. Parl, J. Bussgang, and K. D. Melillo. Providing universal loca-tions services using a wireless E911 location network. IEEE CommunicationsMagazine, 36(4):66{71, April 1998.
[153] X. Zhang, F. Parisi-Presicce, R. Sandhu, and J. Park. Formal model andpolicy speci¯cation of usage control. ACM Transactions on Information andSystem Security (TISSEC), 8:351{387, 2005.
[154] F. Zhu, M. W. Mutka, and L. M. Ni. Splendor: A secure, private, and location-aware service discovery protocol supporting mobile services. In Proceedings ofthe First IEEE International Conference on Pervasive Computing and Com-munications, pages 235{242. IEEE Computer Society Press, Los Alamitos,CA, USA, March 2003.