60 likes | 155 Views
Location Data Signing – Protecting the Integrity and Authenticity of Positioning System Data. Marcy E. Gordon, Sean J. Barbeau , Miguel A. Labrador {megordon, barbeau}@cutr.usf.edu {labrador}@cse.usf.edu Center for Urban Transportation Research
E N D
Location Data Signing – Protecting the Integrity and Authenticity of Positioning System Data Marcy E. Gordon, Sean J. Barbeau, Miguel A. Labrador {megordon, barbeau}@cutr.usf.edu {labrador}@cse.usf.edu Center for Urban Transportation Research and Department of Computer Science and Engineering
Background and Motivation • The integrity and authenticity of location data is increasingly important • Pay-as-you-drive insurance, variable transportation taxes, Connected Vehicle applications, logistics auditing, and fleet tracking • Can GPS data truly determine the historic or real-time location of a device? • Solution: digitally sign the data as it is produced • Digital signatures are a mathematical method for showing the authenticity, integrity, and non-repudiation of a digital message • Previous study showed digital signatures not practical on J2ME devices • TRAC-IT is a mobile application designed to track travel behavior for research and to provide personalized real-time travel info • Objective: modify TRAC-IT system to generate a key pair, send the public key to server for storage, sign each fix, send signature to server with the fix, and then created a validation tool to verify the signatures
Experimentation • Ran key and signature generation tests on an emulator and a HTC G1 phone w/ Android 1.6 • Tests varied the algorithm (RSA, DSA), hashing algorithm (SHA1, MD5, SHA256), and key sizes (512, 1024, 2048-bit) • Results: 2048-bit RSA key takes too long to generate, but 1024-bit RSA, 512-bit DSA are ok; RSA generates key pairs faster, but generates signatures slower than DSA (but both ok) x 1 x Many
Overhead and Conclusions • Avg. power consumption: 1.57 W; with data signing: 1.71 W • UDP packet (sending data to server) with signature is 66% larger • But only 0.17% of possible packet size is filled • Public key and signatures could be overwritten in the database, so database must be trusted portion of system • Location data signing on Android phones is feasible! P = IV CP = Ikt
Questions? Sean J. Barbeau, M.S. Comp.Sci. Research Associate Center for Urban Transportation Research University of South Florida http://locationaware.usf.edu 813.974.7208 barbeau@cutr.usf.edu Battery life experiment data provided by Marcel Muñoz Figueroa