Where Have You Been? Secure Location Provenance for Mobile Devices

TL;DR

This paper addresses the challenge of securing location provenance in mobile devices by proposing collusion-resistant proofs and privacy-preserving schemes, validated through practical Android implementation.

Contribution

It introduces a witness-endorsed scheme for collusion-resistant location proofs and two efficient methods using hash chains and Bloom filters for preserving proof order.

Findings

Schemes are practical on current mobile devices.

Proposed methods effectively prevent tampering and collusion.

Experimental results demonstrate feasibility and efficiency.

Abstract

With the advent of mobile computing, location-based services have recently gained popularity. Many applications use the location provenance of users, i.e., the chronological history of the users' location for purposes ranging from access control, authentication, information sharing, and evaluation of policies. However, location provenance is subject to tampering and collusion attacks by malicious users. In this paper, we examine the secure location provenance problem. We introduce a witness-endorsed scheme for generating collusion-resistant location proofs. We also describe two efficient and privacy-preserving schemes for protecting the integrity of the chronological order of location proofs. These schemes, based on hash chains and Bloom filters respectively, allow users to prove the order of any arbitrary subsequence of their location history to auditors. Finally, we present experimental results from our proof-of-concept implementation on the Android platform and show that our schemes are practical in today's mobile devices.