I Know Where You are: Proofs of Presence Resilient to Malicious Provers

In the recent years, new services and businesses leveraging location-based services (LBS) are rapidly emerging. On the other hand this has raised the incentive of users to cheat about their locations to the service providers for personal benefits. Context-based proofs-of-presence (PoPs) have been proposed as a means to enable verification of users' location claims. However, as we show in this paper, they are vulnerable to context guessing attacks. To make PoPs resilient to malicious provers we propose two complementary approaches for making context-based PoPs: one approach focuses on surprisal filtering based on estimating the entropy of particular PoPs in order to detect context measurements vulnerable to such attacks. The other approach is based on utilizing longitudinal observations of ambient modalities like noise level and ambient luminosity. It is capable of extracting more entropy from the context to construct PoPs that are hard to guess by an attacker even in situations in which other context sensor modalities fail to provide reliable PoPs.

[1]  Heikki Mannila,et al.  Fast Discovery of Association Rules , 1996, Advances in Knowledge Discovery and Data Mining.

[2]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[3]  Evangelos P. Markatos,et al.  The man who was there: validating check-ins in location-based services , 2013, ACSAC.

[4]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[5]  Radu Sion,et al.  The Shy Mayor: Private Badges in GeoSocial Networks , 2012, ACNS.

[6]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[7]  Xiang Gao,et al.  Comparing and fusing different sensor modalities for relay attack resistance in Zero-Interaction Authentication , 2014, 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[8]  N. Asokan,et al.  Drone to the Rescue: Relay-Resilient Authentication using Ambient Multi-sensing , 2014, Financial Cryptography.

[9]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[10]  Stephan Sigg,et al.  Secure Communication Based on Ambient Audio , 2013, IEEE Transactions on Mobile Computing.

[11]  Di Ma,et al.  Secure Proximity Detection for NFC Devices Based on Ambient Sensor Data , 2012, ESORICS.

[12]  N. Asokan,et al.  Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[13]  Eyal de Lara,et al.  Amigo: Proximity-Based Authentication of Mobile Devices , 2007, UbiComp.

[14]  Bogdan Carbunar,et al.  You unlocked the Mt. Everest badge on foursquare! Countering location fraud in Geosocial Networks , 2012, 2012 IEEE 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS 2012).

[15]  Justin Manweiler,et al.  SMILE: encounter-based trust for mobile social services , 2009, CCS.