CLIP: Continuous Location Integrity and Provenance for Mobile Phones

Many location-based services require a mobile user to continuously prove his location. In absence of a secure mechanism, malicious users may lie about their locations to get these services. Mobility trace, a sequence of past mobility points, provides evidence for the user's locations. In this paper, we propose a Continuous Location Integrity and Provenance (CLIP) Scheme to provide authentication for mobility trace, and protect users' privacy. CLIP uses low-power inertial accelerometer sensor with a light-weight entropy-based commitment mechanism and is able to authenticate the user's mobility trace without any cost of trusted hardware. CLIP maintains the user's privacy, allowing the user to submit a portion of his mobility trace with which the commitment can be also verified. Wireless Access Points (APs) or colocated mobile devices are used to generate the location proofs. We also propose a light-weight spatial-temporal trust model to detect fake location proofs from collusion attacks. The prototype implementation on Android demonstrates that CLIP requires low computational and storage resources. Our extensive simulations show that the spatial-temporal trust model can achieve high (> 0.9) detection accuracy against collusion attacks.

[1]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[2]  Laurent Bussard,et al.  Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks , 2005, SEC.

[3]  Alec Wolman,et al.  Software abstractions for trusted sensors , 2012, MobiSys '12.

[4]  David Wetherall,et al.  Toward trustworthy mobile sensing , 2010, HotMobile '10.

[5]  Ivan Damgård,et al.  Commitment Schemes and Zero-Knowledge Protocols , 1998, Lectures on Data Security.

[6]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[7]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[8]  Ragib Hasan,et al.  OTIT: towards secure provenance modeling for location proofs , 2014, AsiaCCS.

[9]  Jun Han,et al.  ACComplice: Location inference using accelerometers on smartphones , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[10]  Wen Hu,et al.  Towards trustworthy participatory sensing , 2009 .

[11]  Alec Wolman,et al.  I am a sensor, and I approve this message , 2010, HotMobile '10.

[12]  Song Han,et al.  WheelLoc: Enabling continuous location service on mobile phone for outdoor scenarios , 2013, 2013 Proceedings IEEE INFOCOM.

[13]  Randal C. Burns,et al.  Where Have You Been? Secure Location Provenance for Mobile Devices , 2011, ArXiv.

[14]  Guohong Cao,et al.  Toward Privacy Preserving and Collusion Resistance in a Location Proof Updating System , 2013, IEEE Transactions on Mobile Computing.

[15]  Landon P. Cox,et al.  YouProve: authenticity and fidelity in mobile sensing , 2011, SenSys.

[16]  B. Hofmann-Wellenhof,et al.  Global Positioning System , 1992 .

[17]  Adrian Perrig,et al.  Flooding-resilient broadcast authentication for VANETs , 2011, MobiCom.

[18]  Feng Zhao,et al.  A reliable and accurate indoor localization method using phone inertial sensors , 2012, UbiComp.

[19]  He Wang,et al.  I am a smartphone and i can tell my user's walking direction , 2014, MobiSys.

[20]  Urs Hengartner,et al.  VeriPlace: a privacy-aware location proof architecture , 2010, GIS '10.

[21]  Minglu Li,et al.  SenSpeed: Sensing Driving Conditions to Estimate Vehicle Speed in Urban Environments , 2014, IEEE Transactions on Mobile Computing.

[22]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[23]  Moustafa Youssef,et al.  No need to war-drive: unsupervised indoor localization , 2012, MobiSys '12.

[24]  Eyal de Lara,et al.  Location Systems: An Introduction to the Technology Behind Location Awareness , 2008, Location Systems.

[25]  Arun Raghuramu,et al.  STAMP: Ad hoc spatial-temporal provenance assurance for mobile users , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).