Title: SUCAS: smart-card-based secure user-centric attestation framework for location-based services

Authors: Lee Fueng Yap; Takeshi Yashiro; Masahiro Bessho; Tomonori Usaka; M. Fahim Ferdous Khan; Noboru Koshizuka; Ken Sakamura

Addresses: Interfaculty Initiative in Information Studies, The University of Tokyo, 7-3-1 Hongo, Bunyo-ku, Tokyo, 113-0033, Japan. ' Interfaculty Initiative in Information Studies, The University of Tokyo, 7-3-1 Hongo, Bunyo-ku, Tokyo, 113-0033, Japan. ' Interfaculty Initiative in Information Studies, The University of Tokyo, 7-3-1 Hongo, Bunyo-ku, Tokyo, 113-0033, Japan. ' The University Museum, The University of Tokyo, 7-3-1 Hongo, Bunyo-ku, Tokyo, 113-0033, Japan. ' Interfaculty Initiative in Information Studies, The University of Tokyo, 7-3-1 Hongo, Bunyo-ku, Tokyo, 113-0033, Japan. ' Interfaculty Initiative in Information Studies, The University of Tokyo, 7-3-1 Hongo, Bunyo-ku, Tokyo, 113-0033, Japan. ' Interfaculty Initiative in Information Studies, The University of Tokyo, 7-3-1 Hongo, Bunyo-ku, Tokyo, 113-0033, Japan

Abstract: This work proposes a secure user-centric attestation service (SUCAS) framework that enables user of location-based services to create, share, and verify spatial-temporal evidence incorporated with user's action information using tamper-resistant device such as the smart-card. The generated evidences can be used for protecting the owner's rights in times of need. The SUCAS framework preserves user's privacy by granting control to the user while protecting the integrity and authenticity of the evidences by using tamper-resistant device. The SUCAS protocol covers the process for evidence generation, evidence attestation, evidence sharing and evidence verification. A train delay certificate application was developed to evaluate the SUCAS framework. The results indicate that the evidences generated by SUCAS are trustable, verifiable and adhere to user's privacy. Furthermore, the SUCAS framework can be applied to other applications that require attestation services provisioning. Attestation service has great potential in the information age as it provides a mechanism to certify the reliability of digital information.

Keywords: user privacy; user-centric applications; location-based services; tamper-resistant devices; secure attestation services; security; smart cards; trust; trustworthiness; reliability.

DOI: 10.1504/IJIPSI.2012.046131

International Journal of Information Privacy, Security and Integrity, 2012 Vol.1 No.2/3, pp.160 - 183

Available online: 23 Mar 2012 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article