MobChain: Three-Way Collusion Resistance in Witness-Oriented Location Proof Systems Using Distributed Consensus

Smart devices have accentuated the importance of geolocation information. Geolocation identification using smart devices has paved the path for incentive-based location-based services (LBS). A location proof is a digital certificate of the geographical location of a user, which can be used to access various LBS. However, a user full control over a device allows the tampering of location proof. Initially, to resist false proofs, two-party trusted centralized location proof systems (LPS) were introduced to aid the users in generating secure location proofs mutually. However, two-party protocols suffered from the collusion attacks by the participants of the protocol. Consequently, many witness-oriented LPS have emerged to mitigate collusion attacks in two-party protocols. However, witness-oriented LPS presented the possibility of three-way collusion attacks (involving the user, location authority, and the witness). The three-way collusion attacks are inevitable in all existing witness-oriented schemes. To mitigate the inability to resist three-way collusion of existing schemes, in this paper, we introduce a decentralized consensus protocol called as MobChain, where the selection of a witness and location authority is achieved through a distributed consensus of nodes in an underlying P2P network of a private blockchain. The persistent provenance data over the blockchain provides strong security guarantees, as a result, the forging and manipulation become impractical. MobChain provides secure location provenance architecture, relying on decentralized decision making for the selection of participants of the protocol to resist three-way collusion problem. Our prototype implementation and comparison with the state-of-the-art solutions show that MobChain is computationally efficient, highly available while improving the security of LPS.

[1]  Marco Gruteser,et al.  USENIX Association , 1992 .

[2]  Guohong Cao,et al.  APPLAUS: A Privacy-Preserving Location Proof Updating System for location-based services , 2011, 2011 Proceedings IEEE INFOCOM.

[3]  Alec Wolman,et al.  I am a sensor, and I approve this message , 2010, HotMobile '10.

[4]  David Wetherall,et al.  Toward trustworthy mobile sensing , 2010, HotMobile '10.

[5]  R. Monfared,et al.  Blockchain ready manufacturing supply chain using distributed ledger , 2016 .

[6]  MultiChain Private Blockchain — White Paper , 2022 .

[7]  Ragib Hasan,et al.  OTIT: towards secure provenance modeling for location proofs , 2014, AsiaCCS.

[8]  Urs Hengartner,et al.  VeriPlace: a privacy-aware location proof architecture , 2010, GIS '10.

[9]  Randal C. Burns,et al.  Where Have You Been? Secure Location Provenance for Mobile Devices , 2011, ArXiv.

[10]  Markus Breitenbach,et al.  The Directional Attack on Wireless Localization -or- How to Spoof Your Location with a Tin Can , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[11]  Chandramohan A. Thekkath,et al.  StarTrack: a framework for enabling track-based applications , 2009, MobiSys '09.

[12]  Murat Kantarcioglu,et al.  Using Blockchain and smart contracts for secure data provenance management , 2017, ArXiv.

[13]  Reza Curtmola,et al.  LINK: Location Verification through Immediate Neighbors Knowledge , 2010, MobiQuitous.

[14]  Ragib Hasan,et al.  WORAL: A Witness Oriented Secure Location Provenance Framework for Mobile Devices , 2016, IEEE Transactions on Emerging Topics in Computing.

[15]  Ragib Hasan,et al.  'Who, When, and Where?' Location Proof Assertion for Mobile Devices , 2014, DBSec.

[16]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[17]  D. Mohapatra,et al.  Survey of location based wireless services , 2005, 2005 IEEE International Conference on Personal Wireless Communications, 2005. ICPWC 2005..

[18]  Ben A. Amaba,et al.  Blockchain technology innovations , 2017, 2017 IEEE Technology & Engineering Management Conference (TEMSCON).

[19]  Avishai Wool,et al.  How to prove where you are: tracking the location of customer equipment , 1998, CCS '98.

[20]  Michael Kreutzer,et al.  Enhancing applications with approved location stamps , 2001, IEEE Intelligent Network 2001 Workshop. IN 2001 Conference Record (Cat. No.01TH8566).

[21]  Shui Yu,et al.  Blockchain for secure location verification , 2020, J. Parallel Distributed Comput..

[22]  Elaine Shi,et al.  Permacoin: Repurposing Bitcoin Work for Data Preservation , 2014, 2014 IEEE Symposium on Security and Privacy.

[23]  Laurent Bussard,et al.  Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks , 2005, SEC.

[24]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[25]  Jack Brassil,et al.  PROVING THE LOCATION OF A MOBILE DEVICE USER , 2012 .

[26]  Margaret Martonosi,et al.  Location-based trust for mobile user-generated content: applications, challenges and implementations , 2008, HotMobile '08.

[27]  Sachin Shetty,et al.  ProvChain: A Blockchain-Based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability , 2017, 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID).

[28]  Stuart Haber,et al.  Authenticating a mobile device's location using voice signatures , 2012, 2012 IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[29]  Lars Kulik,et al.  Location privacy and location-aware computing , 2006 .

[30]  Sébastien Gambs,et al.  PROPS: A PRivacy-Preserving Location Proof System , 2014, 2014 IEEE 33rd International Symposium on Reliable Distributed Systems.

[31]  Ricardo Neisse,et al.  A Blockchain-based Approach for Data Accountability and Provenance Tracking , 2017, ARES.

[32]  Michele Amoretti,et al.  Blockchain-Based Proof of Location , 2016, 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C).

[33]  Arturo Ribagorda,et al.  Path-Stamps: A Proposal for Enhancing Security of Location Tracking Applications , 2003, CAiSE Workshops.

[34]  Bart Preneel,et al.  Location verification using secure distance bounding protocols , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..

[35]  Shui Yu,et al.  PASPORT: A Secure and Private Location Proof Generation and Verification Framework , 2020, IEEE Transactions on Computational Social Systems.

[36]  Srdjan Capkun,et al.  Secure positioning of wireless devices with application to sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[37]  Dominik Bucher,et al.  Captcha Your Location Proof - A Novel Method for Passive Location Proofs in Adversarial Environments , 2018, LBS.

[38]  Albert Y. Zomaya,et al.  Modeling and Analysis of the Thermal Properties Exhibited by Cyberphysical Data Centers , 2017, IEEE Systems Journal.

[39]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[40]  Adeel Anjum,et al.  Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes , 2017, J. Netw. Comput. Appl..

[41]  Prasant Mohapatra,et al.  STAMP: Enabling Privacy-Preserving Location Proofs for Mobile Users , 2016, IEEE/ACM Transactions on Networking.

[42]  Xue Liu,et al.  Location Cheating: A Security Challenge to Location-Based Social Network Services , 2011, 2011 31st International Conference on Distributed Computing Systems.

[43]  Wang Jun,et al.  Privacy-preserving distributed location proof generating system , 2016, China Communications.

[44]  Matthew K. Franklin,et al.  Privacy-preserving alibi systems , 2012, ASIACCS '12.

[45]  Mohammad A. Hoque,et al.  Blockchain Consensus Algorithms: A Survey , 2020, 2001.07091.

[46]  Paul J. M. Havinga,et al.  Towards Smart Surroundings: Enabling Techniques and Technologies for Localization , 2005, LoCA.

[47]  Qiang Qu,et al.  A Robust Spatio-Temporal Verification Protocol for Blockchain , 2018, WISE.

[48]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[49]  Urs Hengartner,et al.  Proving your location without giving up your privacy , 2010, HotMobile '10.

[50]  Robert A. Malaney Quantum Geo-Encryption , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[51]  Theodora Varvarigou,et al.  QuietPlace: An Ultrasound-Based Proof of Location Protocol with Strong Identities , 2020 .

[52]  Albert Y. Zomaya,et al.  Modeling and Analysis of the Thermal Properties Exhibited by Cyber Physical Data Centers , 2015 .

[53]  Sushmita Ruj,et al.  Retricoin: Bitcoin based on compact proofs of retrievability , 2016, ICDCN.