2011 ITS World Congress - Location Data Signing – Protecting the Integrity and Authenticity of...
Click here to load reader
-
Upload
sean-barbeau -
Category
Technology
-
view
66 -
download
1
description
Transcript of 2011 ITS World Congress - Location Data Signing – Protecting the Integrity and Authenticity of...
Location Data Signing – Protecting the Integrity and Authenticity of
Positioning System Data
Marcy E. Gordon, Sean J. Barbeau, Miguel A. Labrador {megordon, barbeau}@cutr.usf.edu
{labrador}@cse.usf.edu
Center for Urban Transportation Researchand Department of Computer Science and Engineering
10/20/2011 1
Background and Motivation• The integrity and authenticity of location data is increasingly important
– Pay-as-you-drive insurance, variable transportation taxes, Connected Vehicle applications, logistics auditing, and fleet tracking
• Can GPS data truly determine the historic or real-time location of a device?– Solution: digitally sign the data as it is produced
• Digital signatures are a mathematical method for showing the authenticity, integrity, and non-repudiation of a digital message
• Previous study showed digital signatures not practical on J2ME devices• TRAC-IT is a mobile application designed to track travel behavior for
research and to provide personalized real-time travel info• Objective: modify TRAC-IT system to generate a key pair, send the public
key to server for storage, sign each fix, send signature to server with the fix, and then created a validation tool to verify the signatures
10/20/2011 2
Experimentation• Ran key and signature generation tests on an emulator and a
HTC G1 phone w/ Android 1.6• Tests varied the algorithm (RSA, DSA), hashing algorithm
(SHA1, MD5, SHA256), and key sizes (512, 1024, 2048-bit)• Results: 2048-bit RSA key takes too long to generate, but
1024-bit RSA, 512-bit DSA are ok; RSA generates key pairs faster, but generates signatures slower than DSA (but both ok)
10/20/2011
x 1 x Many
• Avg. power consumption: 1.57 W; with data signing: 1.71 W• UDP packet (sending data to server) with signature is 66% larger
– But only 0.17% of possible packet size is filled
• Public key and signatures could be overwritten in the database, so database must be trusted portion of system
• Location data signing on Android phones is feasible!
1 4 8 16 30 60 5000
5
10
15
20
25Impact on Battery Life
Without Sign-ing
With Signing
Amount of time between GPS fixes
Estim
ated
Batt
ery
Life
(hou
rs)
Overhead and Conclusions
10/20/2011 41 27 53 79 1051311571832092352612870
0.5
1
1.5
2
2.5
3
3.5TRAC-IT Power Usage
TRAC-IT
TRAC-IT with Lo-cation Data Sign-ing
Time (sec)
Pow
er (w
atts)
CP = IktP = IV
Questions?
Sean J. Barbeau, M.S. Comp.Sci.
Research Associate Center for Urban Transportation Research University of South Florida http://locationaware.usf.edu
[email protected]/20/2011 5Battery life experiment data provided by Marcel Muñoz Figueroa
Figures for Poster
8/5/2011 6
1 30 59 88 1171461752042332622910
0.5
1
1.5
2
2.5
3
3.5TRAC-IT Power Usage
TRAC-ITTRAC-IT with Location Data Signing
Time (sec)
Pow
er (w
atts)
1 4 8 16 30 60 5000
5
10
15
20
25
Impact on Battery Life
Without Signing With Signing
Amount of time between GPS fixes (s)
Estim
ated
Batt
ery
Life
(hou
rs)