Shweta Jain
ABSTRACT
Integrity of location data from smart-phones is essential in several location-dependent applications. Unfortunately it is quite easy to spoof location data on smart phones. Therefore, most mission critical services such as road-side assistance, use location aggregators to supply verified location with user permission. This verified location is purchased from cellular carriers and user permission is required to comply with governmental privacy laws. However, cellular carriers, not aggregators are bound by privacy regulation. Therefore, when there is a breach of confidentiality, as it happened recently in the US, it is the cellular carriers' who were held responsible and must take corrective actions. In this paper, we present a mechanism to obtain location certificates using LTE positioning protocols so that it is possible for cellular carriers to (a) obtain verifiable consent from the mobile user before their location is released, (b) be able to directly provide verified location as a service to businesses rather than selling customer data to third party location aggregators, and (c) enable mobile users to store self-certifiable proofs of their own location to reuse as needed. With this mechanism in place, people can have greater control over their privacy as location-dependent services are assured of integrity.
- Brian Fung Washington Post. Verizon, AT&T, T-Mobile and Sprint suspend selling of customer location data after prison officials were caught misusing it. https://www.washingtonpost.com/news/the-switch/wp/2018/06/19/verizon-will-suspend-sales-of-customer-location-data-after-a-prison-phone-company-was-caught-misusing-it/, June 19 2018.Google Scholar
- Y. Jin, M. Tomoishi, and S. Matsuura. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), An In-depth Concealed File System with GPS Authentication Adaptable for Multiple Locations. 1:608--613, July 2017.Google Scholar
- W. B. Hsieh and J. S. Leu. Design of a Time and Location Based One-Time Password Authentication Scheme, 2011 7th International Wireless Communications and Mobile Computing Conference. pages 201--206, July 2011.Google ScholarCross Ref
- D. Berbecaru. LRAP: A Location-Based Remote Client Authentication Protocol for Mobile Environments, 2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing. pages 141--145, Feb 2011. Google ScholarDigital Library
- L. Bao. Location Authentication Methods for Wireless Network Access Control. In 2008 IEEE International Performance, Computing and Communications Conference, pages 160--167, Dec 2008.Google Scholar
- Priyanka Samanta and Shweta Jain. E-witness: Preserve and prove forensic soundness of digital evidence. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking, pages 832--834, 2018. Google ScholarDigital Library
- Committee on Rules of Practice and Procedure of the Judicial Conference of the United States. Rule 902(13)(14). Evidence That Is Self-Authenticating. Certified Records Generated by an Electronic Process or System. FEDERAL RULES OF EVIDENCE, August 2015.Google Scholar
- LocationSmart. Enterprise Mobility Solution. https://www.locationsmart.com, 2018.Google Scholar
- Brian Krebs. Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/, May 17 2018.Google Scholar
- Robert Xiao. LocationSmart API Vulnerability. https://www.robertxiao.ca/hacking/locationsmart/, May 17 2018.Google Scholar
- New York Times. Service Meant to Monitor Inmates? Calls Could Track You, Too. https://www.nytimes.com/2018/05/10/technology/cellphone-tracking-law-enforcement.html, May 10 2018.Google Scholar
- Zach Wittaker ZDNet. Senator wants to know how police can locate any phone in seconds without a warrant. https://www.zdnet.com/article/securus-police-cell-phones-warrantless-tracking/, May 11 2018.Google Scholar
- David W Chadwick. Federated identity management. In Foundations of security analysis and design V, pages 96--120. Springer, 2009. Google ScholarDigital Library
- George F Riley and Thomas R Henderson. The ns-3 network simulator. In Modeling and tools for network simulation, pages 15--34. Springer, 2010.Google Scholar
- A. I. Gonzalez-Tablas Ferreres, B. Ramos Alvarez, and A. R. Garnacho. Guaranteeing the Authenticity of Location Information. IEEE Pervasive Computing, 7(3):72--80, July 2008. Google ScholarDigital Library
- Skyhook Wireless. Location Technology and Intelligence, https://www.skyhookwireless.com/.Google Scholar
- The Google Geolocation API, https://developers.google.com/maps/documentation /geolocation/intro.Google Scholar
- Dorothy E. Denning Peter F. MacDoran. Location-Based Authentication: Grounding Cyberspace for Better Security. Elsevier, February 1996.Google Scholar
- Bill Gates, Nathan Myhrvold, Peter Rinearson, and Donald Domonkos. The road ahead. 1995. Google ScholarDigital Library
- Addison M Fischer. Method for Providing Location Certificates, August 19 1997. US Patent 5,659,617.Google Scholar
- Stefan Saroiu and Alec Wolman. Enabling New Mobile Applications with Location Proofs. In Proceedings of the 10th Workshop on Mobile Computing Systems and Applications, HotMobile '09, pages 3:1--3:6, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- Rubin Xu and Dongting Yu. Towards a Stronger Location Integrity. In Cambridge International Workshop on Security Protocols, pages 176--179. Springer, 2013.Google ScholarCross Ref
- W. Wang, Y. Chen, and Q. Zhang. Privacy-Preserving Location Authentication in Wi-Fi Networks Using Fine-Grained Physical Layer Signatures. IEEE Transactions on Wireless Communications, 15(2):1218--1225, Feb 2016. Google ScholarDigital Library
- A. T. Sherman, D. Phatak, B. Sonawane, and V. G. Relan. Location Authentication Through Power Line Communication: Design, Protocol, and Analysis of a New Out-of-Band Strategy. In ISPLC2010, pages 279--284, March 2010.Google ScholarCross Ref
- Bernard Wong, Ivan Stoyanov, and Emin Gün Sirer. Geolocalization on the Internet Through Constraint Satisfaction. In WORLDS, volume 6, pages 1--1, 2006. Google ScholarDigital Library
- I. Niang, B. Gueye, and B. Kasse. GeoHybrid: A Hierarchical Approach for Accurate and Scalable Geographic Localization. In 2010 ITU-T Kaleidoscope: Beyond the Internet? - Innovations for Future Networks and Services, pages 1--8, Dec 2010.Google Scholar
- J. Brassil, P. K. Manadhata, and R. Netravali. Traffic Signature-Based Mobile Device Location Authentication. IEEE Transactions on Mobile Computing, 13(9):2156--2169, Sept 2014.Google ScholarCross Ref
- R. Netravali and J. Brassil. Femtocell-Assisted Location Authentication. In 2011 18th IEEE Workshop on Local Metropolitan Area Networks (LANMAN), pages 1--2, Oct 2011.Google Scholar
- S. Gambs, M. O. Killijian, M. Roy, and M. Traoré. PROPS: A PRrivacy-Preserving Location Proof System. In 2014 IEEE 33rd International Symposium on Reliable Distributed Systems, pages 1--10, Oct 2014. Google ScholarDigital Library
- L. Hua and J. Dai. A Location Authentication Scheme Based on Adjacent Users. In 2014 IEEE International Conference on Progress in Informatics and Computing, pages 158--162, May 2014.Google ScholarCross Ref
- C. M. Chen, X. Zhang, and T. Y. Wu. A Secure Condition-Based Location Authentication Protocol for Mobile Devices. In 2016 Third International Conference on Computing Measurement Control and Sensor Network (CMCSN), pages 146--149, May 2016.Google ScholarCross Ref
- S. Arunkumar, M. Srivatsa, M. Sensoy, and M. Rajarajan. Global Attestation of Location in Mobile Devices. In MILCOM 2015 - 2015 IEEE Military Communications Conference, pages 1612--1617, Oct 2015.Google ScholarDigital Library
- Z. Zhu and G. Cao. APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-Based Services. In 2011 Proceedings IEEE INFOCOM, pages 1889--1897, April 2011.Google Scholar
- 3GPP TS 36.355 V14.5.1 (2018-04) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access (E-UTRA); LTE Positioning Protocol (LPP) (Release 14).Google Scholar
- Ronghai Yang, Wing Cheong Lau, and Tianyu Liu. Signing into one billion mobile app accounts effortlessly with oauth2. 0. Black Hat Europe, 2016.Google Scholar
- 3GPP TS 36.455 V14.4.0 (2017--12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access (E-UTRA); LTE Positioning Protocol A (LPPa) (Release 14).Google Scholar
- Ana Isabel González-Tablas Ferreres, Benjamin Ramos Álvarez, and Arturo Ribagorda Garnacho. Spatial-Temporal Certification Framework and Extension of X. 509 Attribute Certificate Framework and SAML Standard to Support Spatial-Temporal Certificates. In European Public Key Infrastructure Workshop, pages 321--329. Springer, 2007. Google ScholarDigital Library
- Nicola Baldo, Marco Miozzo, Manuel Requena-Esteso, and Jaume Nin-Guerrero. An open source product-oriented lte network simulator based on ns-3. In Proceedings of the 14th ACM international conference on Modeling, analysis and simulation of wireless and mobile systems, pages 293--298, 2011. Google ScholarDigital Library
- George Kingsley Zipf. Human behavior and the principle of least effort. Addison-Wesley press, 1949.Google Scholar
- Jiakai Yu, Tingjun Chen, Craig Gutterman, Shengxiang Zhu, Gil Zussman, Ivan Seskar, and Daniel Kilper. Cosmos: Optical architecture and prototyping. In Optical Fiber Communication Conference. Optical Society of America, 2019.Google Scholar
Index Terms
Location Security and Privacy: An LTE Based Approach
Recommendations
Protecting location privacy using location semantics
KDD '11: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data miningAs the use of mobile devices increases, a location-based service (LBS) becomes increasingly popular because it provides more convenient context-aware services. However, LBS introduces problematic issues for location privacy due to the nature of the ...
A privacy-aware location cloaking technique reducing bandwidth consumption in location-based services
QUeST '12: Proceedings of the Third ACM SIGSPATIAL International Workshop on Querying and Mining Uncertain Spatio-Temporal DataThe explosive growth of location-detection devices, such as GPS (Global Positioning System), continuously increases users' privacy threat in location-based services (LBSs). However, in order to enjoy such services, the user must precisely disclose his/...
Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms
Continued advances in mobile networks and positioning technologies have created a strong market push for location-based applications. Examples include location-aware emergency response, location-based advertisement, and location-based entertainment. An ...
Comments