Abstract
In recent years, location of mobile devices has become an important factor. Mobile device users can easily access various customized applications from the service providers based on the current physical location information. Nonetheless, it is a significant challenge in distributed architectures for users to prove their presence at a particular location in a privacy-protected and secured manner. So far, researchers have proposed multiple schemes to implement a secure location proof collection mechanism. However, such location proof schemes are subject to tampering and not resistant to collusion attacks. Additionally, the location authority providing a location proof is assumed to be honest at all times. In this paper, we present the fundamental requirements of any location proof generation scheme, and illustrate the potential attacks possible in such non-federated environments. Based on our observations, we introduce a concept of witness oriented endorsements, and describe a collusion-resistant protocol for asserted location proofs.We provide an exhaustive security analysis of the proposed architecture, based on all possible collusion models among the user, location authority, and witness. We also present a prototype implementation and extensive experimental results to adjust different threshold values and illustrate the feasibility of deploying the protocol in regular devices for practical use.
Chapter PDF
Similar content being viewed by others
References
Saroiu, S., Wolman, A.: Enabling new mobile applications with location proofs. In: Proc. of HotMobile, pp. 1–6 (2009)
VanGrove, J.: Foursquare cracks down on cheaters (April 2010), http://mashable.com/2010/04/07/foursquare-cheaters/
Maduako, I.: Wanna hack a drone? possible with geo-location spoofing! (July 26, 2012), http://geoawesomeness.com/?p=893
Tippenhauer, N.O., Rasmussen, K.B., Popper, C., Capkun, S.: iPhone and iPod location spoofing: Attacks on public WLAN-based positioning systems. SysSec Technical Report, ETH Zurich (April 2008)
Blumberg, A.J., Eckersley, P.: On locational privacy, and how to avoid losing it forever (August 2009), https://www.eff.org/wp/locational-privacy
Davis, B., Chen, H., Franklin, M.: Privacy-preserving alibi systems. In: Proc. of ASIACCS, pp. 34–35. ACM (2012), http://doi.acm.org/10.1145/2414456.2414475
Gilbert, P., Cox, L.P., Jung, J., Wetherall, D.: Toward trustworthy mobile sensing. In: Proc. of HotMobile, pp. 31–36. ACM (2010)
Luo, W., Hengartner, U.: Proving your location without giving up your privacy. In: Proc. of HotMobile, pp. 7–12 (2010)
Waters, B.R., Felten, E.W.: Secure, private proofs of location. Technical report TR-667-03, Princeton University (January 2003)
Brands, S., Chaum, D.: Distance bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Chiang, J.T., Haas, J.J., Hu, Y.-C.: Secure and precise location verification using distance bounding and simultaneous multilateration. In: Proc. of WiSec, pp. 181–192. ACM (2009)
Rasmussen, K.B., Čapkun, S.: Realization of RF distance bounding. In: Proceedings of the USENIX Security Symposium (2010)
Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: Proc. of NDSS (2011)
Traynor, P., Schiffman, J., La Porta, T., McDaniel, P., Ghosh, A.: Constructing secure localization systems with adjustable granularity using commodity hardware. In: Proc. of GLOBECOM 2010, pp. 1–6 (2010)
Brassil, J., Netravali, R., Haber, S., Manadhata, P., Rao, P.: Authenticating a mobile device’s location using voice signatures. In: Proc. of WiMob, pp. 458–465. IEEE (October 2012)
Enge, P., Misra, P.: Special issue on global positioning system. Proceedings of the IEEE 87(1), 3–15 (1999)
Gabber, E., Wool, A.: How to prove where you are: tracking the location of customer equipment. In: Proc. of ACM CCS, pp. 142–149. ACM (1998)
Denning, D.E., MacDoran, P.F.: Location-based authentication: Grounding cyberspace for better security. Computer Fraud & Security 1996(2), 12–16 (1996)
Capkun, S., Hubaux, J.: Secure positioning of wireless devices with application to sensor networks. In: Proc. of INFOCOM, vol. 3, pp. 1917–1928. IEEE (2005)
Sastry, N., Shankar, U., Wagner, D.: Secure verification of location claims. In: Proceedings of the 2nd ACM Workshop on Wireless Security (WiSe), pp. 1–10. ACM (2003)
Čapkun, S., Čagalj, M.: Integrity regions: authentication through presence in wireless networks. In: Proc. of ACM WiSe, pp. 1–10. ACM (2006)
Aruba Networks, Inc., Dedicated air monitors? you decide (2006), http://www.arubanetworks.com/technology/tech-briefs/dedicated-air-monitors/
Pandey, S., Anjum, F., Kim, B., Agrawal, P.: A low-cost robust localization scheme for wlan. In: Proc. of WICON, p. 17. ACM (2006)
Tao, P., Rudys, A., Ladd, A.M., Wallach, D.S.: Wireless lan location-sensing for security applications. Computing Reviews 45(8), 489–490 (2004)
Youssef, M., Youssef, A., Rieger, C., Shankar, U., Agrawala, A.: Pinpoint: An asynchronous time-based location determination system. In: Proceedings of the 4th International Conference on Mobile Systems, Applications and Services, pp. 165–176. ACM (2006)
Saroiu, S., Wolman, A.: I am a sensor, and i approve this message. In: Proc. of HotMobile, pp. 37–42 (2010)
Khan, R., Zawoad, S., Haque, M., Hasan, R.: OTIT: Towards secure provenance modeling for location proofs. In: Proc. of ASIACCS. ACM (2014)
Martinovic, I., Zdarsky, F., Bachorek, A., Jung, C., Schmitt, J.: Phishing in the wireless: Implementation and analysis. In: Proceedings of IFIP SEC, pp. 145–156 (2007)
Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Khan, R., Zawoad, S., Haque, M.M., Hasan, R. (2014). ‘Who, When, and Where?’ Location Proof Assertion for Mobile Devices. In: Atluri, V., Pernul, G. (eds) Data and Applications Security and Privacy XXVIII. DBSec 2014. Lecture Notes in Computer Science, vol 8566. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43936-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-662-43936-4_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43935-7
Online ISBN: 978-3-662-43936-4
eBook Packages: Computer ScienceComputer Science (R0)