STAMP: Enabling Privacy-Preserving Location Proofs for Mobile Users

Location-based services are quickly becoming immensely popular. In addition to services based on users' current location, many potential services rely on users' location history, or their spatial-temporal provenance. Malicious users may lie about their spatial-temporal provenance without a carefully designed security system for users to prove their past locations. In this paper, we present the Spatial-Temporal provenance Assurance with Mutual Proofs (STAMP) scheme. STAMP is designed for ad-hoc mobile users generating location proofs for each other in a distributed setting. However, it can easily accommodate trusted mobile users and wireless access points. STAMP ensures the integrity and non-transferability of the location proofs and protects users' privacy. A semi-trusted Certification Authority is used to distribute cryptographic keys as well as guard users against collusion by a light-weight entropy-based trust evaluation approach. Our prototype implementation on the Android platform shows that STAMP is low-cost in terms of computational and storage resources. Extensive simulation experiments show that our entropy-based trust model is able to achieve high ( > 0.9) collusion detection accuracy.

[1]  Serge Egelman,et al.  It's No Secret. Measuring the Security and Reliability of Authentication via “Secret” Questions , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[2]  Cyril Ray,et al.  Spatial models for context-aware indoor navigation systems: A survey , 2012, J. Spatial Inf. Sci..

[3]  Randal C. Burns,et al.  Where Have You Been? Secure Location Provenance for Mobile Devices , 2011, ArXiv.

[4]  Stuart E. Schechter,et al.  Popularity Is Everything: A New Approach to Protecting Passwords from Statistical-Guessing Attacks , 2010, HotSec.

[5]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[6]  Guohong Cao,et al.  Toward Privacy Preserving and Collusion Resistance in a Location Proof Updating System , 2013, IEEE Transactions on Mobile Computing.

[7]  Jean-Pierre Hubaux,et al.  Secure and private proofs for location-based activity summaries in urban areas , 2014, UbiComp.

[8]  Moshe Zviran,et al.  User authentication by cognitive passwords: an empirical assessment , 1990, Proceedings of the 5th Jerusalem Conference on Information Technology, 1990. 'Next Decade in Information Technology'.

[9]  He Wang,et al.  I am a smartphone and i can tell my user's walking direction , 2014, MobiSys.

[10]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[11]  Joachim M. Buhmann,et al.  The Balanced Accuracy and Its Posterior Distribution , 2010, 2010 20th International Conference on Pattern Recognition.

[12]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[13]  Urs Hengartner,et al.  VeriPlace: a privacy-aware location proof architecture , 2010, GIS '10.

[14]  Ron Henderson,et al.  Cost-effective computer security: cognitive and associative passwords , 1996, Proceedings Sixth Australian Conference on Computer-Human Interaction.

[15]  Ivan Damgård,et al.  Commitment Schemes and Zero-Knowledge Protocols , 1998, Lectures on Data Security.

[16]  Omer Reingold,et al.  Statistically-hiding commitment from any one-way function , 2007, STOC '07.

[17]  Brian S. Peterson,et al.  Bluetooth Inquiry Time Characterization and Selection , 2006, IEEE Transactions on Mobile Computing.

[18]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[19]  Robert W. Reeder,et al.  When the Password Doesn't Work: Secondary Authentication for Websites , 2011, IEEE Security & Privacy.

[20]  Pan Li,et al.  LocaWard: A security and privacy aware location-based rewarding system , 2014, IEEE Transactions on Parallel and Distributed Systems.

[21]  Bart Preneel,et al.  Location verification using secure distance bounding protocols , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..

[22]  Arun Raghuramu,et al.  STAMP: Ad hoc spatial-temporal provenance assurance for mobile users , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[23]  Felix C. Freiling,et al.  Location privacy in urban sensing networks: research challenges and directions [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[24]  Laurent Bussard,et al.  Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks , 2005, SEC.

[25]  Matthew K. Franklin,et al.  Privacy-preserving alibi systems , 2012, ASIACCS '12.

[26]  Rebecca Steinbach,et al.  Look who's walking: social and environmental correlates of children's walking in London. , 2012, Health & place.

[27]  Prasant Mohapatra,et al.  Improving crowd-sourced Wi-Fi localization systems using Bluetooth beacons , 2012, 2012 9th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON).

[28]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[29]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[30]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.