Nowadays mobile phones and PDAs are part and parcel of our lives. By carrying a portable mobile device with us all the time we are already living in partial Ubiquitous Computing Environment (UCE) that is waiting to be exploited very soon. One of the advantages of ubiquitous computing is that it strongly supports the deployment of Location-Based Service(s) (LBSs). In UCE, there would be many competitive service provider(s) (SPs) trying to sell different or similar LBSs to users. In order to avail a particular service, it becomes very difficult and burdensome for a low-computing and resource-poor mobile device to handle many such service providers at a time, and to identify and securely communicate with only genuine ones.
Our protocol establishes a convincing trust model through which secure job delegation is accomplished. As a result, a low-computing device can delegate its job to a trusted high-computing device/entity. Secure Job delegation and cost effective cryptographic techniques (like symmetric-key implementations and hash functions) largely help in reducing the burden on the mobile device in order to securely communicate with trusted service providers. The protocol extends our trust in the Mobile Operator (MO) to secure LBS transactions. Mobile operator takes responsibility on behalf of its subscribers to select, identify, and authenticate the genuine service providers and also maintains a list of services they offer at a particular location. Mobile operator behaving like a "proxy" receives the user's requests and preferences and processes the same on behalf of him, thus greatly reducing the burden on the user's mobile device.
Our protocol provides users privacy protection. During a LBS transaction, mobile operator conceals the identity of the user and sends only the location details of the user to the service provider. Service provider cannot maintain the user's detailed profile, as it does not know to whom the service is being offered to.
Our Protocol includes a simple and secure payment option. Here mobile operator pays the service provider and later the user can settle this amount with mobile operator via his monthly mobile phone bill. This option is very simple and can easily be implemented through our protocol. In this payment approach we made sure that the user does not carry out any of the expensive PKI implementations, thereby reducing the computational burden on the user's mobile phone.
Apart from the above salient features, our protocol also provides replay protection, entity authentication, and message authentication, integrity, and confidentiality. This thesis explains our protocol by suggesting one of the location-based services namely "Secure Automated Taxi Calling Service".