A Scur Wb Srvics for Location Basd Srvics in Wirlss Ntworks* Minsoo L 1, Jintak Kim 1, Shyun Park 1, Jail L 2 and Sokla L 21 1 School of Elctrical and Elctronics Enginring, Chung-Ang Univrsity, 221, HukSuk-Dong, DongJak-Gu, Soul, Kora lmins@wm.cau.ac.kr, groundiv@ms.cau.ac.kr, shpark@cau.ac.kr http://bkmodm.cau.ac.kr/main.htm 2 Kora Information Scurity Agncy 78, Karak dong, Songpa-Gu, Soul, Kora {jil, sll}@kisa.or.kr http://www.kisa.or.kr Abstract. Whil Location Basd Srvics (LBS) can mak our livs mor comfortabl and productiv, it may caus an invasion of privacy by disclosur and commrcial us of location information. In this papr, w discuss privacy and scurity problms that may happn in th currnt LBS systm and propos solutions. W propos a nw scur Wb srvics architctur for LBS in wirlss ntwork. Our architctur allows mobil usrs to crat and nforc dynamic policy for saf and consistnt LBS. W also dscrib som practical scnarios in which our architctur protcts usr s location privacy and scurity. Kywords. Location Basd Srvic, Privacy, Scurity, Introprability 1 Introduction With th dvlopmnt of mobil communication tchnologis, LBS ar bginning to attract attntion as a nw rsarch ara of ntworking. LBS can offr much convninc to dynamic usrs in wirlss ntwork as wll as provid significant rvnu to mobil oprators and contnt providrs. But th dark sid of LBS, it also involvs th thrat of an invasion of privacy and scurity causd by indiscrt location tracking [1, 2, 21, 22, 23]. For xampl, if a company is using location tracking srvic to grasp whr ach mploy is on duty hours, it must not obsrv thir positions anymor off duty hours. If th tracking is continud, it will bring about a violation of privacy for th mploys of th company. As anothr xampl, lt s considr th cas in which a LBS providr advrtiss to arbitrary usrs in a spcific rgion. This may b also an incidnt of privacy violation if mobil usrs in th ara do not want to rciv ths advrtismnts. Crims that us * This Rsarch was supportd by th Chung-Ang Univrsity Rsarch Grants in 2003. Th corrsponding author 1
illgal location tracking may also b possibl. So, LBS rlatd groups [16, 17] ar considring privacy problms in various aspcts. Th problm which w hav to considr nxt is location scurity. Sinc LBS ar basd on mssag xchang in wirlss ntwork, thr ar always scurity risks as location information could b stoln, lost, or modifid. Thrfor, w must concrn th scurity mchanism for location information. Th scurity mchanism must liminat or minimiz th potntial for attacks against LBS ntitis and must rduc xposur of th usr s idntity and location. Th last point that w should discuss is introprability problm. On of th concrns about national and global LBS roaming is nsuring th introprability of LBS platforms. Most of LBS platform hav optional and propritary faturs that can intrfr with introprability. Thr is no guarant that usr s location privacy policis and authorization ruls ar obsrvd through various LBS platforms. In ordr to nsur a robust, consistnt LBS nvironmnt, w nd a scur architctur that is capabl of supporting dynamic nforcmnt of usr privacy policis, scurity mchanisms and convrgnc of srvics. Thrfor, this papr idntifis ths LBS problms and outlins th rquirmnts for scuring th LBS. And w propos a scur Wb srvics architctur to protct th location information. W dsign LBS Policy Authority to rsolv privacy problms and LBS Brokr to solv authntication and authorization problms. Th proposd architctur can ovrcom diffrncs in LBS platforms, location information, and positioning tchnologis and ntwork architcturs. Th architctur nhancs introprability among various LBS providrs building Global LBS srvic on various platforms in th ubiquitous nvironmnt. Our modl also guarants Singl Sign-On (SSO) among multi-vndor topologis by xchanging authntication and authorization information using Scurity Assrtion Markup Languag (SAML) tokn. Th rst of this papr is organizd as follow. Sction 2 idntifis th problms of currnt LBS and rquirmnts to solv thm. Sction 3 suggsts a nw wb srvic architctur nhancing privacy, scurity and introprability of LBS. Sction 4 shows som of LBS scnarios applying th proposd architctur. Sction In sction 5, w discuss th simulation nvironmnt and th rsults. Finally, w conclud in Sction 6. 2 Motivations and Rquirmnts 2.1 Privacy Problms LBS ar considrd as on of th main rvnu gnrators for nxt gnration wirlss srvics. Howvr, LBS do rais nw privacy issus [1, 2, 27, 28, 29] intgral to LBS. Th major problm ariss whn location information is rquird in ordr to obtain a srvic and at th sam tim th usr dos not want to rval mor prsonal idntifiabl information. Usrs wish to hav complt control ovr th visibility of thir location, but in th most part of LBS scnarios usrs ar not in full control. 2
Aftr all, location privacy will hav to b carfully managd and w nd systmatic mthod as wll as tchnological mthod [3, 4]. On of th ways to solv th location privacy problm is to provid fin-graind privacy policis in usr control. Policis that rquir srvic providr to adhr to strong privacy practics ar ndd to countrbalanc th invisibl natur of location collction in th wirlss world. In this papr, w prsnt classifid usr profils and location policy to accss location information to cop with th privacy problm. Th usr s policy is cratd with th agrmnt of usr and is ffctivly usd by dynamic condition for accss to usr s location information. 2.2 Scurity Problms Bsid location privacy problms, thr ar som risks about location information itslf. Location information may b sniffd, modifid or stoln by attackr from communication channl btwn LBS ntitis. Scurity rquirmnts and mchanisms must b addrssd to nsur th safty of location information xchang among various location srvr that support diffrnt positioning mthods. Th mchanism should provid confidntiality against avsdropprs and intgrity to assur that th location information was not modifid accidntally or dlibratly in transit. Th mchanism should provid mutual authntication guarants that accss to LBS applications is rstrictd to only thos who can provid th appropriat proof of idntity. Ths rquirmnts can b satisfid by using digital signatur and ncryption of location data bcaus thy concrn how to protct communicatd data. Apart from ths mchanisms, w also hav to considr th protction of location information so that only appropriat ntitis ar allowd to accss location information. Authorization procss is rquird to dcid whthr or not th ntity can accss th particular location information. Ths cryptographic oprations could crat so many burdns of usr s mobil trminal in LBS nvironmnts whr ntwork rsourcs and computing powr ar usually limitd. To ffctivly prform ths tasks, Agnt or Brokr could b dployd. Th agnt may provid combination faturs such as bttr communication facilitis, high spd cryptographic ngin and mmory mchanism. In ordr to nsur a robust, consistnt LBS nvironmnt, our modl uss two agnts on bhalf of mobil trminal for nhancing scurity opration lik scur ky managmnt, authntication and authorization. 2.3 Introprability Problms Anothr issu of LBS community is that LBS ar challngd by th disparat location tchnology implmntd by wirlss infrastructur providrs, srvic providrs and quipmnt vndors. Most of LBS community ar facd with having to support multipl, disparat location-dtrmining tchnologis (LDT), and contnt implmntations, and multipl data transport protocols. This is simply cost prohibitiv. Thus th LBS tchnologis usd must vary with th srvic contxt i.. tim constraints, location positioning mthod, ntwork connction status. 3
Th ky to introprability will b th dvlopmnt and adoption of a ubiquitous st of intrconnctd wirlss communications and Intrnt location srvic standards. Opn and scalabl LBS architcturs and common data structurs ar ncssary for various typs of location information. Ths common structurs could b dfind by XML. Location Intr-Oprability Forum (LIF) dvlopd th XML basd Mobil Location Protocol (MLP) [15] standard, which is concrnd with th intgration of position or location information. And Opn GIS Consortium (OGC) issus Rqust for Tchnology for Wb Srvics Initiativ [18] to provid introprabl Spatial Wb Srvics. Howvr, in som complicatd srvics, such as LBS roaming which includs srvic continuity and hand-off issus, mor consistnt scurity faturs should b partnrd with ths fforts for introprability. In th futur of LBS nvironmnt, LBS roaming scnario is likly widsprad whr many LBS srvic providrs ar usd to implmnt functionality bhind th scns. If a usr dos not know whthr or not th location information is broadly scur in various LBS platform, whn roaming across boundaris within intrconnctd wirlss ntworks, LBS roaming may crat nw scurity and privacy challngs. Thrfor, w should figur out how to samlssly provid scur location information utilizing htrognous wirlss ntworks without rauthnticating ach tim. In this papr, w considr ths introprabl and consistnt scurity nds as addrssd by Wb srvic scurity mchanisms, and map ach of th rquirmnts onto th construct of futur global LBS nvironmnts. 3 Scur Wb Srvics Architctur for LBS In this sction, w propos a scur Wb Srvics architctur which is dsignd to mt th rquirmnts in prvious sctions. Th objctiv of th proposd architctur is to as th dvlopmnt of scur LBS by providing customizd privacy and scurity profils which can b assmbld to crat concrt LBS applications. Th Figur 1 shows proposd LBS privacy and scurity Enhancd Wb Srvics architctur. 3.1 Enhancd Introprability with Wb Srvics Th nd to intgrat disparat LBS applications that run across th Intrnt on htrognous wirlss ntworks, and th ralization that propritary approachs would not solv th intgration problm, gav ris to us of Wb Srvics for LBS. Wb srvics ar going to play a big rol in th volution of mobil businss. A Wb Srvics supports dirct intractions with othr softwar applications using XML basd mssags via intrnt-basd protocols such as HTTP, SMTP, and FTP, including Simpl Objct Accss Protocol (SOAP). For asir configuration, Wb Srvics intrfacs could b dfind and modifid by Wb Srvics Dscription Languag (WSDL). Th dfind Wb Srvics can b rgistrd and discovrd at Univrsal Dscription, Discovry, and Intgration (UDDI) rgistry. Consquntly, ths advantags of Wb Srvics could bring maximum fficincy and introprability to th LBS in nxt gnration wirlss ntworks whr loosly 4
coupld and highly dynamic nvironmnts ar xpctd. Global LBS [5] also could b providd by coopration of LBS providrs in diffrnt country. Fig. 1. LBS Privacy and Scurity Enhancd Wb Srvic Architctur 3.2 Wb Srvics Scurity for LBS Th Scur Sockt Layr (SSL) is usd to provid an ncryptd mans of data xchang btwn a wb browsr and a wb srvr. Although SSL is widly tratd as a standard, SSL is insufficint for Wb Srvics Scurity in svral ways. SSL only supports data in transit, not in storag. SSL dos not support multi-party transactions and non-rpudiation. SSL is not granular nough bcaus it ncrypts vrything. To ovrcom th limitd faturs of SSL, XML Signatur [6] and XML Encryption [7] ar usd to forming a strong foundation for th dvlopmnt of scurd wb srvics by nabling partial signatur and partial ncryption rspctivly. Ths XML scurity spcifications could provid authntication, ncryption and non-rpudiation in multipl participants from diffrnt location srvic domains. Additionally, distributd authorization and fdratd idntity managmnt lik SSO ar among th grat 5
challngs for LBS. Authorization policis for location information and othr QoS paramtrs. To mt such scurity rquirmnts, location information could b partnrd with SAML [8] as addrssd in [14]. SAML provid th basis for introprabl authntication, authorization and attributs among disparat systms including a SSO facility [9]. In our architctur, w took th advantag of incorporating location information with ths Wb Srvics scurity mchanisms to nhanc th scurity and privacy of location basd srvics. 3.3 LBS brokr W dsign a LBS Brokr to solv scurity problms of LBS. In som architctur, it may b usful to us a Brokr to improv prformanc or scurity [19, 20]. LBS brokr plays ky rol in protcting usr s location information from unauthorizd LBS srvic providr or malicious usrs. Th LBS brokr act as a Policy Enforcmnt Point (PEP) that chcks prmission with th LBS policy authority, th Policy Dcision Point (PDP) by xchanging SAML mssag bfor making dcision and rlasing th scurd location information to th LBS srvic providrs. LBS brokr could provid usrs th gratst amount of control ovr thir prsonal information, sinc th usr is in control to choos whthr thir location is transmittd to th srvr for othrs to accss. LBS brokr supports XML signatur and XML ncryption to validating th signatur of th SOAP mssags. To validat th kys usd in XML signatur, it intracts with XML Ky Managmnt Spcification (XKMS) [11] srvrs. XKMS hlps to rmov th complxity of working with PKI. SAML assrtions ar mployd to for xchanging authntication and authorization tokn across diffrnt LBS ntitis lik LBS brokrs, LBS policy authoritis, LBS srvic providrs and mobil portals ovr Intrnt. 3.4 LBS Policy Authority for LBS Privacy LBS Policy Authority acts as a Policy Administration Point (PAP) in LBS privacy agrmnt stp and a PDP in LBS srvic stp. As a PAP, it crats a LBS policy st to LBS Srvic Lvl Agrmnts (SLAs) with usrs using prdfind XML Schma. Th policy includs usr profils and othr LBS srvic attributs. 3.4.1 Profils for LBS Privacy A simpl st of location privacy ruls is insufficint to nforc dynamic and consistnt privacy whn usrs roam. In Figur 2, w propos classifid privacy and scurity profils to accommodat mor adaptiv and optimal LBS nvironmnts. A ky advantag that profils offr is that LBS can b customizd to fit usr s spcific nds. Customization of LBS is prformd through th classification of profils. Th classification of scurity nds to provid a wid scop for various LBS usrs. LBS Clint adaptivly modifis its profil for htrognous wirlss ntworks. This mchanism could bring minimizd lakag of privacy information that usrs wantd. 6
Fig. 2. Profil typs and classs for LBS Privacy 3.4.2 Policy Stting Th policy modl proposd in this papr provids dirct control function to a usr through policy dcision procdurs with LBS Policy Authority which prforms ffctiv policy nforcmnt. Figur 3 shows LBS SLAs procdurs and xampls of SAML mssag about usr privacy. Fig. 3. Scur Mssaging for LBS policy stting 7
4 Scnarios 4.1 A Scur LBS Push Scnario Th push scnario happns whn LBS srvic providr rqusts usr's location information for providing location srvics to usr. Whn LBS srvic providr rqusts usr's location information to LBS brokr, Figur 4 prsnts a scnario in which validation of usr's privacy, authntication and authorization ar nforcd. In th scnario, XML basd protocol is usd for introprability btwn all typ of systm. LBS Policy Authority could prvnt impropr usags of location srvic in spcific ara, tim or usrs. Th modl with LBS Brokr can improv fficincy and prformanc of authorization and authntication validation. Fig. 4. A Scur LBS Wb Srvic Scnario 4.2 A Convrgnc Modl In this scnario, w propos a convrgnc modl for mor consistnt LBS nvironmnts. For futur global LBS roaming, location information of usrs, which xist in various LBS platform, should b managd on scur introprabl mannr. Figur 5 dpicts th intgratd LBS architctur using LBS Brokrs. Our modl supports multipl, disparat LDT and supports SSO functionality with LBS Brokrs. 8
Fig. 5. Th intgratd LBS architctur using LBS Brokrs 5 Simulations W hav modld our architctur as a closd quuing systm as in Figur 6, and w analyzd of approximat Man Valu Analysis (MVA) as dscribd in [24, 25]. In th scnario of Figur 4, th scur LBS procdur has two job classs, initial scur location updat stp and scur LBS roaming stp. r im,jn mans th probability that a class m job movs to class n at nod j aftr complting srvic at nod i. And ratio rprsnts a ratio of total usrs to scur LBS roaming usrs. Analyz stps of class switching closd quuing systm ar following. Stp1: Calculat th numbr of visits in original ntwork by using (1) ir = K j= 1 C s= 1 js r js, ir (1) whr K = total numbr of quus, C = total numbr of classs. Stp 2: Transform th quuing systm to chain. Stp 3: Calculat th numbr of visits for ach chain by using (2) * iq = * iq r π r π q q ir 1r (2) whr r = quu numbr in chain q, π q = total quu numbr 9
Stp 4: Calculat th scal factor s iq = s ir r π q αir and srvic tims s iq by using (3) with (1). ir α ir, α ir = (3) s π Stp 5: Calculat th prformanc paramtrs for ach chain using MVA. q is Fig. 6. Multipl class quuing systm in th scur LBS push scnario Tabl 1. Bas paramtr sttings of th quuing modl Entity Opration in scnario Dscription Prformanc Mobil Nod LBS Brokr LBS Brokr XKMS PKI LBS Brokr with Initial scur location updat Tokn Rqust with Usr s Privat ky Signatur vrification using Usr s Public ky SCVP(OCSP) Rqust Mssag - signatur of LBS Brokr s Privat Ky RSA with SHA-1 signatur sign with a 512 bit ky RSA with SHA-1 signatur vrify with a 512 bit ky RSA with SHA-1 signatur sign with a 1024 bit ky 5.5 ms 0.1 ms 7.4 ms X.509 Crtificat validation Validat usr crtificat 30.3 ms OCSP Rspons Mssag validation RSA with SHA-1 signatur vrify with a 1024 bit ky LBS Brokr SAML Authorization Rqust XML Parsing and RSA 1024 signatur 27.4 ms LBS Policy Authority LBS Policy Authority SAML Authorization Rspons SAML Authntication Tokn gnration (and rspons to MN) XML Parsing and RSA with SHA-1 1024 bit ky signatur vrify 3DES Symmtric ky ncryption 0.4 ms 20.4 ms 7.702 MB/s LBS Brokr Tokn Rspons with Location information RSA ncrypt on 512 bit kys 31.201 KB/s LBS SP Mobil Nod Dcrypt Tokn Rspons with Location Updat Rspons Scur LBS roaming RSA dcrypt on 512 bit kys 8.517 KB/s Location Rqust with Scurity Tokn Avrag hand-off latncy 30 ms LBS Brokr Tokn vrification 3DES Symmtric ky dcryption 1.090MB/sc LBS Brokr Tokn Rspons with Location information RSA ncrypt on 512 bit kys 31.201 KB/s LBS Providr Dcrypt Tokn Rspons with Location Updat Rspons RSA dcrypt on 512 bit kys 8.517 KB/s Tabl 1 summarizs th bas paramtr sttings undrlying th prformanc xprimnts. LBS Brokr and LBS Policy Authority usd Solaris 8 machin with Pntium III 933 MHz, 512 MB RAM. Mobil nod usd Pntium III 500 MHz, 128MB RAM, WindowsXP as oprating systm with Lucnt Orinoco IEEE 802.11b wirlss 10
LAN card. Th cryptographic library was Opnssl 0.9.7a [12], and SAML Library was OpnSAML 0.9.1 [13]. Data siz was 1KB in digital signatur. Figur 7(a) shows avrag throughput at high scurity lvl whn th roaming ratio r varis. As th initial scur location updat nds mor cryptographic opration, our scur Wb srvic architctur show bttr prformanc in scur LBS roaming nvironmnts whr usrs mov fast. Figur 7(b) shows throughputs of scur location updat with thr scurity lvls. Our scur Wb srvic architctur could manag 12 usrs at high scurity lvl and up to 45 at on scond. Ths simulation rsults could b usful to provid guidlins as to how th scurity lvl is st to mts th usr nds. As w can s, th advantags of protcting privacy and scurity could far outwigh its ovrhad in spcifying scurity assrtions in XML. 0.06 0.016 0.05 0.015 0.014 0.04 0.013 0.03 Th h t (t / 0.012 0.011 0.010 r=0.2 r=0.5 0.009 r=0.9 0.008 0 10 20 30 40 50 60 70 80 90 100 110 Usrs Th h t (t / ) 0.02 0.01 0.00 0 10 20 30 40 50 60 70 80 90 100 110 Usrs High Lvl Scurity with Policy Authority (LBS Brokr uss 1024 bit ky) Mdium Lvl Scurity with LBS Policy Authority (LBS Brokr uss 512 bit ky) Low Lvl Scurity without LBS Policy Authority(LBS Brokr uss 512 bit ky) (a) Throughput of scur location updat (b) Throughputs of scur location updat at high lvl scurity with various scurity lvls Fig. 7. Simulations rsults of th scur Wb Srvics architctur 6 Conclusion In this papr, w analyz privacy and scurity issus on location basd srvic and giv our viw on th futur prospcts of LBS for th nxt gnration wirlss ntwork. Usrs ar incrasingly concrnd with th disclosur of location information to third partis and th potntial consquncs for thir privacy. As th location privacy and scurity is mrging as on of th ky issus that will hav to manag bfor fulfilling th LBS rvnu promis, w propos a scur Wb Srvic architctur for location basd srvic. Th architctur taks advantags of Wb Srvics and is dsignd to maximiz th fficincy and introprability for th LBS in wirlss ntworks whr loosly coupld and highly dynamic nvironmnts ar xpctd. W dsign a LBS Brokr to ffctivly solv privacy, authntication and authorization problms. W introduc LBS Policy Authority with classifid privacy and scurity profils. Our modl also guarants SSO among LBS srvic providrs by xchanging authntication and authorization information using SAML tokn. W also hav shown som practical scnarios in which strong authntication and authorization ar providd whil prsrving usr s 11
location privacy. And th simulation rsults could b usful to provid guidlins as to undr which circumstancs on scurity schm may b usd in prfrnc to anothr. Rfrncs 1. Jorg Cullar, John B. Morris, Dirdr Mulligan, Jon Ptrson and Jams Polk, Gopriv Rquirmnts, draft-itf-gopriv-rqs-0.3, 3, 2003-07-30 2. WLIA, Adoptd WLIA Privacy Policy (First Rvision), http://www.wliaonlin.com/ indstandard/privacy.html 3. Dan Grning, Location Privacy, location introprability forum, 2002 4. Shrn Fink, Th Fin Lin Btwn LOCATION-BASED SERVICES & PRIVACY, http://www.sun.com/aboutsun/mdia/prsskits/sp/ 5. Ulf Lonhardt and Jff Mag., Scurity Considrations for a Distributd Location Srvic, Journal of Ntwork and Systm Managmnt, Vol 6(1):51-70, March 1998. 6. W3C Rcommndation. D. Eastlak, J. Ragl, and D. Solo., XML-Signatur Syntax and Procssing, Fbruary 2002. 7. W3C Rcommndation T. Imamura, B. Dillaway, J. Schaad, E. Simon., XML Encryption Syntax and Procssing, Dcmbr 2002. 8. OASIS Standard, Scurity Assrtion Markup Languag (SAML) 1.0, Novmbr 2002. 9. Bn Galbraith, t. al., Profssional Wb Srvics Scuirty, Wrox Prss, 2002. 10. Albrto Escudro-Pascual, Grald Q. Maguir Jr., Rol(s) of a proxy in location basd srvics 13 th IEEE Intrnational Symposium on Prsonal, Indoor and Mobil Radio Communications. PIMRC2002. Lisbon. Portugal. Sptmbr 2002. 11. W3C working draft, XML Ky Managmnt Spcification (XKMS) v 2.0, April 2003. 12. OpnSSL, http://www.opnssl.org/ 13. OpnSAML, http://www.opnsaml.org/ 14. Harsha Srivatsa, Location, location, location-basd srvics, IBM, Novmbr 2002. 15. Location Intr-oprability Forum (LIF), Mobil Location Protocol (MLP), TS 101 Spcification Vrsion 3.0.0 6, Jun 2002. 16. Location Intr-oprability Forum (LIF), "Privacy Guidlins", LIF TR 101 Rport, 2002 17. 3GPP, Enhancd support for Usr Privacy in location srvics, TR 23.871, 18. Opn GIS Consortium (OGC), "A Rqust for Tchnology In Support of an OGC Wb Srvics Initiativ, 2003 19. Michal Brgr, t. al., An Approach to Agnt-Basd Srvic Composition and Its Application to Mobil Businss Procsss, IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 2, NO. 3, JULY-SEPTEMBER 2003. 20. Aura Ganz, S Hyun Park, and Zvi Ganz, "Scurity Brokr for multimdia wirlss LANs", Computr Communications, Vol.23, issu 5-6, pp. 588-592, March 2000. 21. Albrto Escudro-Pascual, Thijs Hollboom, and Simon Fischr-Hiibnr, Privacy for Location Data in mobil ntworks 22. Euro Binat, Privacy and Location-basd Stating th Policis Clarly, GEO Informatics, Volum 4, Sptmbr 2001 23. Alastair R. Brsford and Frank Stajano, Location Privacy in Prvasiv Computing, PERVASIVE computing, JANUARY-MARCH 2003. 24. Boudwijn R. Havrkort John, Prformanc of Computr Communication Systms : A Modl-Basd Approach, Wily & Sons, Octobr 1999. 25. Guntr Bolch, Stfan Grinr, Kishor Trvdi, A Gnralizd Analysis tchniqu for quuing ntworks with mixd priority stratgy and class switching, Tchnical Rport TR- I4-95-08, Oct. 1995. 12