Metric Strand Spaces for Locale Authentication Protocols

Location-dependent services are services that adapt their behavior based on the locations of mobile devices. For many applications, it is critical that location-dependent services use trustworthy device locations, namely locations that are both accurate and recent. These properties are captured by a security goal called locale authentication whereby an entity can authenticate the physical location of a device, even in the presence of malicious adversaries. In this paper, we present a systematic technique for verifying that location discovery protocols satisfy this security goal. We base our work on the strand space theory which provides a framework for determining which security goals a cryptographic protocol achieves. We extend this theory with a metric that captures the geometric properties of time and space. We use the extended theory to prove that several prominent location discovery protocols including GPS do not satisfy the locale authentication goal. We also analyze a location discovery protocol that does satisfy the goal under some reasonable assumptions.

[1]  Joshua D. Guttman,et al.  Authentication tests and the structure of bundles , 2002, Theor. Comput. Sci..

[2]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[3]  Radha Poovendran,et al.  Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks , 2006, Advances in Information Security.

[4]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[5]  Radha Poovendran,et al.  Distance Bounding Protocols: Authentication Logic Analysis and Collusion Attacks , 2007, Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks.

[6]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[7]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[8]  Seth J. Teller,et al.  The cricket compass for context-aware mobile applications , 2001, MobiCom '01.

[9]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[10]  Adrian Perrig,et al.  Proceedings of the 2nd ACM workshop on Wireless security , 2003 .

[11]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[12]  B. Hofmann-Wellenhof,et al.  Global Positioning System , 1992 .

[13]  Joshua D. Guttman,et al.  Mixed strand spaces , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.