WORAL: A Witness Oriented Secure Location Provenance Framework for Mobile Devices

Location-based services allow mobile device users to access various services based on the users' current physical location information. Path-critical applications, such as supply chain verification, require a chronological ordering of location proofs. It is a significant challenge in distributed and user-centric architectures for users to prove their presence and the path of travel in a privacy-protected and secure manner. So far, proposed schemes for secure location proofs are mostly subject to tampering, not resistant to collusion attacks, do not offer preservation of the provenance, and are not flexible enough for users to prove their provenance of location proofs. In this paper, we present WORAL, a complete ready-to-deploy framework for generating and validating witness oriented asserted location provenance records. The WORAL framework is based on the asserted location proof protocol and the OTIT model for generating secure location provenance on the mobile devices. WORAL allows user-centric, collusion resistant, tamper-evident, privacy protected, verifiable, and provenance preserving location proofs for mobile devices. This paper presents the schematic development, feasibility of usage, comparative advantage over similar protocols, and implementation of WORAL for android device users including a Google Glass-based client for enhanced usability.

[1]  Avishai Wool,et al.  How to prove where you are: tracking the location of customer equipment , 1998, CCS '98.

[2]  A. Soliman,et al.  Author Biography , 2018, Understanding Language Use in the Classroom.

[3]  Arun Raghuramu,et al.  STAMP: Ad hoc spatial-temporal provenance assurance for mobile users , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[4]  Ivan Martinovic,et al.  Phishing in the Wireless: Implementation and Analysis , 2007, SEC.

[5]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[6]  Stuart Haber,et al.  Authenticating a mobile device's location using voice signatures , 2012, 2012 IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[7]  Ghassan O. Karame,et al.  Integrity Regions: Authentication through Presence in Wireless Networks , 2006, IEEE Transactions on Mobile Computing.

[8]  Margo I. Seltzer,et al.  Provenance-Aware Storage Systems , 2006, USENIX ATC, General Track.

[9]  Marco Gruteser,et al.  USENIX Association , 1992 .

[10]  Yogesh L. Simmhan,et al.  A survey of data provenance in e-science , 2005, SGMD.

[11]  Chandramohan A. Thekkath,et al.  StarTrack: a framework for enabling track-based applications , 2009, MobiSys '09.

[12]  Urs Hengartner,et al.  Proving your location without giving up your privacy , 2010, HotMobile '10.

[13]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[14]  Sam Ruby,et al.  RESTful Web Services , 2007 .

[15]  Vladimiro Sassone,et al.  A Formal Model of Provenance in Distributed Systems , 2009, Workshop on the Theory and Practice of Provenance.

[16]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[17]  Michael Kreutzer,et al.  Enhancing applications with approved location stamps , 2001, IEEE Intelligent Network 2001 Workshop. IN 2001 Conference Record (Cat. No.01TH8566).

[18]  Dan S. Wallach,et al.  Wireless LAN location-sensing for security applications , 2003, WiSe '03.

[19]  Alec Wolman,et al.  I am a sensor, and I approve this message , 2010, HotMobile '10.

[20]  Matthew K. Franklin,et al.  Privacy-preserving alibi systems , 2012, ASIACCS '12.

[21]  Ragib Hasan,et al.  'Who, When, and Where?' Location Proof Assertion for Mobile Devices , 2014, DBSec.

[22]  Thomas F. La Porta,et al.  Constructing Secure Localization Systems with Adjustable Granularity Using Commodity Hardware , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[23]  Arturo Ribagorda,et al.  Path-Stamps: A Proposal for Enhancing Security of Location Tracking Applications , 2003, CAiSE Workshops.

[24]  Per Enge,et al.  Special Issue on Global Positioning System , 1999, Proc. IEEE.

[25]  Wang Chiew Tan,et al.  An annotation management system for relational databases , 2004, The VLDB Journal.

[26]  Marianne Winslett,et al.  The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance , 2009, FAST.

[27]  David Gray,et al.  A three-party architecture and protocol that supports users with multiple identities for use with location based services , 2008, ICPS '08.

[28]  Yih-Chun Hu,et al.  Secure and precise location verification using distance bounding and simultaneous multilateration , 2009, WiSec '09.

[29]  David Wetherall,et al.  Toward trustworthy mobile sensing , 2010, HotMobile '10.

[30]  Markus Breitenbach,et al.  The Directional Attack on Wireless Localization -or- How to Spoof Your Location with a Tin Can , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[31]  Ernesto Damiani,et al.  Location Privacy Protection Through Obfuscation-Based Techniques , 2007, DBSec.

[32]  Chuck Rieger,et al.  PinPoint: An Asynchronous Time-Based Location Determination System , 2006, MobiSys '06.

[33]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[34]  Gene Tsudik,et al.  Privacy-Preserving Location-Based On-Demand Routing in MANETs , 2011, IEEE Journal on Selected Areas in Communications.

[35]  Ragib Hasan,et al.  OTIT: towards secure provenance modeling for location proofs , 2014, AsiaCCS.

[36]  Gene Tsudik,et al.  ALARM: Anonymous Location-Aided Routing in Suspicious MANETs , 2007, IEEE Transactions on Mobile Computing.

[37]  Guohong Cao,et al.  Toward Privacy Preserving and Collusion Resistance in a Location Proof Updating System , 2013, IEEE Transactions on Mobile Computing.

[38]  Justin Manweiler,et al.  SMILE: encounter-based trust for mobile social services , 2009, CCS.

[39]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[40]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[41]  Margaret Martonosi,et al.  Location-based trust for mobile user-generated content: applications, challenges and implementations , 2008, HotMobile '08.

[42]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[43]  Srdjan Capkun,et al.  iPhone and iPod Location Spoofing: Attacks on Public WLAN-based Positioning Systems , 2012 .

[44]  Prathima Agrawal,et al.  A low-cost robust localization scheme for WLAN , 2006, WICON '06.

[45]  Ernesto Damiani,et al.  Supporting location-based conditions in access control policies , 2006, ASIACCS '06.