PASPORT: A Secure and Private Location Proof Generation and Verification Framework

Recently, there has been a rapid growth in location-based systems and applications in which users submit their location information to service providers in order to gain access to a service, resource, or reward. We have seen that in these applications, dishonest users have an incentive to cheat on their location. Unfortunately, no effective protection mechanism has been adopted by service providers against these fake location submissions. This is a critical issue that causes severe consequences for these applications. Motivated by this, we propose the Privacy-Aware and Secure Proof Of pRoximiTy (PASPORT) scheme in this article to address the problem. Using PASPORT, users submit a location proof (LP) to service providers to prove that their submitted location is true. PASPORT has a decentralized architecture designed for ad hoc scenarios in which mobile users can act as witnesses and generate LPs for each other. It provides user privacy protection as well as security properties, such as unforgeability and nontransferability of LPs. Furthermore, the PASPORT scheme is resilient to prover–prover collusions and significantly reduces the success probability of Prover–Witness collusion attacks. To further make the proximity checking process private, we propose P-TREAD, a privacy-aware distance bounding protocol and integrate it into PASPORT. To validate our model, we implement a prototype of the proposed scheme on the Android platform. Extensive experiments indicate that the proposed method can efficiently protect location-based applications against fake submissions.

[1]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[2]  Reza Curtmola,et al.  LINK: Location Verification through Immediate Neighbors Knowledge , 2010, MobiQuitous.

[3]  Abdelhakim Hafid,et al.  K-anonymous location-based fine-grained access control for mobile cloud , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[4]  Mohamed Grissa,et al.  Location Privacy Preservation in Database-Driven Wireless Cognitive Networks Through Encrypted Probabilistic Data Structures , 2017, IEEE Transactions on Cognitive Communications and Networking.

[5]  Sébastien Gambs,et al.  PROPS: A PRivacy-Preserving Location Proof System , 2014, 2014 IEEE 33rd International Symposium on Reliable Distributed Systems.

[6]  Cédric Lauradoux,et al.  How secret-sharing can defeat terrorist fraud , 2011, WiSec '11.

[7]  Sjouke Mauw,et al.  Distance-Bounding Protocols: Verification without Time and Location , 2018, IEEE Symposium on Security and Privacy.

[8]  Matthew K. Franklin,et al.  Privacy-preserving alibi systems , 2012, ASIACCS '12.

[9]  Dominik Bucher,et al.  Captcha Your Location Proof - A Novel Method for Passive Location Proofs in Adversarial Environments , 2018, LBS.

[10]  Claudio Soriente,et al.  Enforcing Location and Time-Based Access Control on Cloud-Stored Data , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[11]  Serge Vaudenay,et al.  The Bussard-Bagga and Other Distance-Bounding Protocols under Attacks , 2012, Inscrypt.

[12]  Sanjay Jha,et al.  I Am Alice, I Was in Wonderland: Secure Location Proof Generation and Verification Protocol , 2016, 2016 IEEE 41st Conference on Local Computer Networks (LCN).

[13]  Ruchika Gupta,et al.  An Exploration to Location Based Service and Its Privacy Preserving Techniques: A Survey , 2017, Wirel. Pers. Commun..

[14]  Prasant Mohapatra,et al.  STAMP: Enabling Privacy-Preserving Location Proofs for Mobile Users , 2016, IEEE/ACM Transactions on Networking.

[15]  Zhili Sun,et al.  Security and Privacy in Location-Based Services for Vehicular and Mobile Communications: An Overview, Challenges, and Countermeasures , 2018, IEEE Internet of Things Journal.

[16]  Jean-Pierre Hubaux,et al.  SecureRun: Cheat-Proof and Private Summaries for Location-Based Activities , 2016, IEEE Transactions on Mobile Computing.

[17]  Chungang Yan,et al.  Transaction Fraud Detection Based on Total Order Relation and Behavior Diversity , 2018, IEEE Transactions on Computational Social Systems.

[18]  Marc Fischlin,et al.  Terrorism in Distance Bounding: Modeling Terrorist-Fraud Resistance , 2013, ACNS.

[19]  Serge Vaudenay,et al.  Challenges in Distance Bounding , 2015, IEEE Security & Privacy.

[20]  Zhenfu Cao,et al.  Location privacy in database-driven Cognitive Radio Networks: Attacks and countermeasures , 2013, 2013 Proceedings IEEE INFOCOM.

[21]  Serge Vaudenay,et al.  Practical and provably secure distance-bounding , 2013, J. Comput. Secur..

[22]  Roel Wieringa,et al.  Benefits of Location-Based Access Control: A Literature Study , 2010, 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing.

[23]  Urs Hengartner,et al.  VeriPlace: a privacy-aware location proof architecture , 2010, GIS '10.

[24]  Yi Li,et al.  Privacy-Preserving Location Proof for Securing Large-Scale Database-Driven Cognitive Radio Networks , 2016, IEEE Internet of Things Journal.

[25]  Gildas Avoine,et al.  An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement , 2009, ISC.

[26]  Yong Xiang,et al.  SPARSE: Privacy-Aware and Collusion Resistant Location Proof Generation and Verification , 2018, 2018 IEEE Global Communications Conference (GLOBECOM).

[27]  Arjun Mukherjee,et al.  Spotting fake reviewer groups in consumer reviews , 2012, WWW.

[28]  Guohong Cao,et al.  Toward Privacy Preserving and Collusion Resistance in a Location Proof Updating System , 2013, IEEE Transactions on Mobile Computing.

[29]  Srdjan Capkun,et al.  Security of Distance-Bounding , 2018, ACM Comput. Surv..

[30]  Gang Wang,et al.  On the validity of geosocial mobility traces , 2013, HotNets.

[31]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[32]  Yaling Yang,et al.  Location spoofing attack and its countermeasures in database-driven cognitive radio networks , 2014, 2014 IEEE Conference on Communications and Network Security.

[33]  Serge Vaudenay,et al.  Practical & Provably Secure Distance-Bounding , 2013, IACR Cryptol. ePrint Arch..

[34]  Marc Fischlin,et al.  A Formal Approach to Distance-Bounding RFID Protocols , 2011, ISC.

[35]  Serge Vaudenay Private and Secure Public-Key Distance Bounding - Application to NFC Payment , 2015, Financial Cryptography.

[36]  Sébastien Gambs,et al.  A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol , 2017, IACR Cryptol. ePrint Arch..

[37]  Ben Smyth,et al.  Modelling and Analysis of a Hierarchy of Distance Bounding Attacks , 2018, USENIX Security Symposium.

[38]  Chungang Yan,et al.  LORI: A Learning-to-Rank-Based Integration Method of Location Recommendation , 2019, IEEE Transactions on Computational Social Systems.

[39]  Laurent Bussard,et al.  Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks , 2005, SEC.

[40]  Ming Li,et al.  Location Based Handshake and Private Proximity Test with Location Tags , 2017, IEEE Transactions on Dependable and Secure Computing.

[41]  Pradipta De,et al.  A Survey of Fingerprint-Based Outdoor Localization , 2016, IEEE Communications Surveys & Tutorials.

[42]  Sébastien Gambs,et al.  Prover anonymous and deniable distance-bounding authentication , 2014, AsiaCCS.

[43]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.