Location based services (LBS) are applications that require a client's geographical location to provide a service or a piece of information that is related to the client at that location. Although LBSs promise safety and convenience, they threaten the privacy of their clients in different ways. In 2014, Paulet et al. proposed a variant of 1-out-of-L oblivious transfer protocol based on Elgamal encryption to be employed on location based queries not only for preserving the client's location privacy but also for protecting an LBS server's database security. In other words, they claim that using their protocol, the server cannot determine a client's location, and the clients can only obtain the block of data that is intended to be accessed by them. In this paper, we show that the oblivious transfer protocol proposed by Paulet et al. is not able to protect the security of the LBS server's database. We also suggest an improvement to this protocol to strengthen it against the aforementioned vulnerability. The improved protocol protects both client's location privacy and the server's database security, at the cost of slight performance degradation.

• 出版日期2017-11