IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 243-248

International Journal of Research in Information Technology (IJRIT)

www.ijrit.com

ISSN 2001-5569

Location Proof Updating System with Collusion Resistance Siddesh V M Student, Dept. of CS&E AKIT, Tumkur Harish H K Asst Prof, Dept. of CS&E AKIT, Tumkur

Abstract—Todays location-sensitive service relies on users mobile device to determine the current location. This allows malicious users to access a restricted resource or provide bogus alibis by cheating on their locations. To address this issue, we propose A Privacy-Preserving LocAtion proof Updating System (APPLAUS) in which colocated Bluetooth enabled mobile devices mutually generate location proofs and send updates to a location proof server. Periodically changed pseudonyms are used by the mobile devices to protect source location privacy from each other, and from the untrusted location proof server. We also develop user-centric location privacy model in which individual users evaluate their location privacy levels and decide whether and when to accept the location proof requests. In order to defend against colluding attacks, we also present betweenness rankingbased and correlation clustering-based approaches for outlier detection. APPLAUS can be implemented with existing network infrastructure, and can be easily deployed in Bluetooth enabled mobile devices with little computation or power cost. Extensive experimental results show that APPLAUS can effectively provide location proofs, significantly preserve the source location privacy, and effectively detect colluding attacks. Keywords : Location-based service, location proof, location privacy, pseudonym, colluding attacks.

1. Introduction LOCATION-BASED services provide mobile users with various resources and services depending on user’s mobile device location information. Nowadays, more and more locationbased applications and services require users to provide location proofs at a particular time. For example, Google Latitude and Loopt are two services that enable users to track their friends locations in real time. These applications are location-sensitive since location proof plays a critical role in enabling these applications. There are many kinds of location-sensitive applications. One category is location-based access control. For example, a hospital may allow patient information access only when doctors or nurses can prove that they are in a particular room of the hospital . Another class of location-sensitive applications require users to provide past location proofs , such as auto insurance quote in which auto insurance companies offer discounts to drivers who can prove that they take safe routes during their daily commutes, police investigations in which detectives are interested in finding out if a person was at a murder scene at some time, and location-based social networking in which a user can ask for a location proof from the service requester and accepts the request only if the sender is able to present a valid location proof. The common theme across these location sensitive applications is that they offer a reward or benefit to users located in a certain geographical location at a certain time. Thus, users have the incentive to cheat on their locations. Location-sensitive applications require users to prove that they really are (or were) at the claimed locations. Most mobile users have devices capable of discovering their locations,some users may cheat on their locations and there is a lack of secure

Siddesh V M, IJRIT

243

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 243-248

mechanism to provide their current or past locations to applications and services. One possible solution is to build a trusted computing module on each mobile device to make sure trusted GPS data is generated and transmitted. For example, Lenders proposed such a solution which can be used to generate unforgeable geotags for mobile content such as photos and video; however, it relies on the expensive trusted computing module on mobile devices to generate proofs. Although cellular service providers have tracking services that can help verify the locations of mobile users in real time, the accuracy is not good enough and the location history can not be verified. In this paper, we propose A Privacy-Preserving LocAtion proof Updating System (APPLAUS), which does not rely on the wide deployment of network infrastructure or the expensive trusted computing module. In APPLAUS, Bluetooth enabled mobile devices in range mutually generate location proofs, which are uploaded to a untrusted location proof server that can verify the trust level of each location proof. An authorized verifier can query and retrieve location proofs from the server. Moreover, our location proof system guarantees user location privacy from every party. More specifically, we use statistically updated pseudonyms at each mobile device to protectlocation privacy from each other, and from the untrusted location proof server. We develop a user-centric location privacy model in which individual users evaluate their location privacy levels in real time and decide whether and when to accept a location proof request. In order to defend against colluding attacks, we also present betweenness ranking-based and correlation clustering-based approaches for outlier detection. Extensive experimental and simulation results based on multiple data sets show that APPLAUS can effectively provide location proofs, significantly preserve the source location privacy, and effectively detect colluding attacks In this section, we introduce APPLAUS architecture and message flow in the system, and the Location proof updating protocol.

2. Architecture In APPLAUS, mobile nodes communicate with neighboring nodes through Bluetooth, and communicate with the untrusted server through the cellular network interface. Based on different roles they play in the process of location proof updating, they are categorized as Prover, Witness, Location Proof Server, Certificate Authority or Verifier. The architecture and message flow of APPLAUS is shown in Fig. 1.

Fig.1 Architecture and message flow. Prover: the node who needs to collect location proofs from its neighboring nodes. When a location proof is needed at time t, the prover will broadcast a location proof request to its neighboring nodes through Bluetooth. If no positive response is received, the prover will generate a dummy location proof and submit it to the location proof server. Witness: Once a neighboring node agrees to provide location proof for the prover, this node becomes a witness of the prover. The witness node will generate a location proof and send it back to the prover. Location proof server: As our goal is not only to monitor real-time locations, but also to retrieve history location proof information when needed, a location proof server is necessary for storing the history records of the location proofs. It communicates directly with the prover nodes who submit their location proofs. As the source identities of the location proofs are

Siddesh V M, IJRIT

244

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 243-248

stored as pseudonyms, the location proof server is untrusted in the sense that even though it is compromised and monitored by attackers, it is impossible for the attacker to reveal the real source of the location proof. Certificate authority: As commonly used in many networks, we consider an online CA which is run by an independent trusted third party. Every mobile node registers with the CA and pre-loads a set of public/private key pairs the mapping between the real identity and pseudonyms (public keys), and works as a bridge between the verifier and the location proof server. It can retrieve location proof from the server and forward it to the verifier. Verifier: a third-party user or an application who is au-thorized to verify a provers location within a specific time period. The verifier usually has close relationship with the prover, e.g., friends or colleagues, to be trusted enough to gain authorization. 2.1 Location proof updating protocol When a prover needs to collect location proofs at time t, it executes the protocol in Fig. 2 to obtain location proofs from the neighboring nodes within its Bluetooth communication range. Each node uses its M pseudonyms P M i = 1 as its identity throughout the communication.

Fig.2 Location proof updating protocol 1. The prover broadcasts a location proof request to its neighboring nodes through Bluetooth according to its update scheduling. The request should contain the provers current pseudonym Pprov, and a random number Rprov. 2. The witness decides whether to accept the location proof request according to its witness scheduling. Once agreed, it will generate a location proof for both prover and itself and send the proof back to the prover. This location proof includes the provers pseudonym Pprov, provers random number Rprov, witness current time stamp Twitt, witnesss pseudonym Pwitt, and their shared location L. This proof is signed and hashed by the witness to make sure that no attacker or prover can modify the location proof and the witness cannot deny this proof. It is also encrypted by the servers public key to prevent from traffic monitoring or eavesdropping. 3. After receiving the location proof, the prover is responsible for submitting this proof to the location proof server. The message also includes provers pseudonym Pprov and random number Rprov, or its own location for verification purpose. 4. An authorized verifier can query the CA for location proofs of a specific prover. This query contains a real identity and a time interval. The CA first authenticates the verifier, and then converts the real identity to its corresponding pseudonyms during that time period and retrieves their location proofs from the server. In order not to expose correlation 5. The location proof server only returns hashed location rather than the real location to the CA, who then forwards to the verifier. The verifier compares the hashed location with the claimed location acquired from the prover to decide if the claimed location is authentic

3. Preliminaries In this paper, we focus on mobile networks where mobile devices such as cellular phones communicate with each other through Bluetooth. In our implementation, mobile devices periodically initiate location proof requests to all neighboring devices through Bluetooth. After receiving a request, a mobile node decides whether to exchange location proof, based on its own location proof updating requirement and its own privacy consideration. Given its appropriate range (about 10 m) and low power

Siddesh V M, IJRIT

245

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 243-248

consumption, Bluetooth is a natural choice for mutual encounters and location proof exchange. A. Pseudonym As commonly used in many networks, we consider an online Certification Authority (CA) run by independent trusted third party which can preestablish credentials for the mobile devices. Similar to many pseudonym approaches, to protect location privacy, every mobile node i registers with the CA by preloading a set of M public/private key pairs KPub i ;KPrv i M i1 before entering the network. The public key KPub i is used to serve as the pseudonym of node i. The private key KPrv i enables node i to digitally sign messages so that the receiver can validate the signature authenticity. Due to the broadcast nature of wireless communication, probes are used for mobile nodes to discover their neighbors. When a node i receives a probe from another node, it checks the certificate of the public key of the sender and the physical identity, e.g., Bluetooth MAC address. After that, i verifies the signature of the probe message. Subsequently, if confidentiality is required, a security association is established (e.g., with Diffie-Hellman). B. Threat Model We assume that an adversary aims to track the location of a mobile node. An adversary can have the same credential as a mobile node and is equipped to eavesdrop communications. We assume that the adversary is internal, passive, and global. By internal, we mean that the adversary is able to compromise or control individual mobile device and then communicate with others to explore private information, or individual devices may collude with each other to generate false proofs, which will be discussed in detail in Section 5. We assume that the number of colluders is small compared with that of valid devices. In the worst case, the adversary could compromise the location proof server to get the stored location proof records. However, it is not able to take control of the server to work as a colluder, since once compromised, the attack will be detected promptly and the location proof server will be replaced by a back-up server. The same assumption applies to the CA. By passive, we assume the adversary cannot perform active channel jamming, mobile worm attacks or other denial-ofservice attacks, since these attacks are not related to location privacy. By global, we assume the adversary can monitor, eavesdrop, and analyze all the traffic in its neighboring area, or even monitor all the traffic around the server. In practice, the adversary can thus be a rogue individual, a set of malicious mobile nodes, or eavesdropping devices in the network. In the worst case, it is possible that the untrusted location proof server may be compromised by the adversary and the location information can then be easily inferred by examining the records of location proofs, e.g., the adversary could apply statistical testing such as K-S test to identify a user although no real identity is included. Therefore, we need to appropriately design and arrange the location proof records in the untrusted server so that no private information related to individual users will be revealed even after it is compromised. Hence, the problem we address in this paper consists of collecting a set of location proofs for each peer node and protecting the location privacy of peer nodes from each other, from the adversary, or even from the untrusted location proof server to prevent other parties from learning a nodes past and current location information.

4. Location Privacy Level In this paper, we use multiple pseudonyms to preserve location privacy; i.e., mobile nodes periodically change the pseudonym used to sign messages, thus reducing their long term linkability. To avoid spatial correlation of their location, mobile nodes in proximity coordinate pseudonym changes by using silent mix zones or regions where the adversary has no coverage . Without loss of generality, we assume each node changes its pseudonyms from time to time according to its privacy requirement. If this node changes its pseudonym at least once during a time period (mix zone), a mix of its identity and location occurs, and the mix zone becomes a confusion point for the adversary. Consider a mobile network composed of N mobile nodes and each node has M pseudonyms. At time t, for each node i there are a group of mt pseudonyms observed at the location proof server. Each pseudonym among the mt pseudonyms can involve multiple location proofs across various locations l1; l2; . . . ; ln at different time t1; t2; . . . ; tn. An adversary is able to correlate the location and time distribution of each pseudonym to see if two pseudonyms belong to the same node. For example, the adversary can observe a series of location proofs with mT pseudonyms during time T. He then compares the distribution of location proof set B of pseudonym b with the distribution of location proof set D of pseudonym d to determine if the two pseudonyms can be linked. Let pdb Pr (distribution D of pseudonym corresponds to distribution B of pseudonym b),the location privacy level of node i (i.e., the uncertainty of the adversary) at time T.

Siddesh V M, IJRIT

246

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 243-248

A. Cryptographic Puzzle Hiding Scheme (CPHS) We present a packet-hiding scheme based on cryptographic puzzles. The main idea behind such puzzles is to force the recipient of a puzzle execute a predefined set of computations before he is able to extract a secret of interest. The time required for obtaining the solution of a puzzle depends on its hardness and the computational ability of the solver. The advantage of the puzzle-based scheme is that its security does not rely on the PHY-layer parameters. However, it has higher computation and communication overheads. Let a sender S have a packet m for transmission. The senders select a random key k of desired length. S generates a puzzle P = puzzle(k; tp), where puzzle() denotes the puzzle generator function, and tp denotes the time required for the solution of the puzzle. Parameter tp is measured in units of time, and it is directly dependent on the assumed computational capability of the adversary , denoted by N and measured in computational operations per second. After generating the puzzle P, the sender broadcasts (C,P), where C = Ek( 1(m)) At the receiver side, any receiver R solves the received puzzleP 1to recover key k1 and then computes m1 = 1 1(Dk(C)). If the decrypted packet m1 is meaningful (i.e., is in the proper format, has a valid CRC code, and is within the context of the receivers communication), the receiver accepts that m1 = m. Else, the receiver discards m1. Below expression shows the details of CPHS. its inverse are efficiently computable. Packets are preprocessed by an AONT before transmission but remain unencrypted. The jammer cannot perform packet classification until all pseudo messages corresponding to the original packet have been received and the inverse transformation has been applied. Below expression shows the details of AONTHS.

An AONT-Based Hiding Scheme (AONT-HS) We propose a solution based on All-or-Nothing Transformations that introduces a modest communication and computation overhead. Such transformations were originally proposed by Rivets to slow down brute force attacks against block encryption algorithms. An AONT serves as a publicly known and completely invertible pre-processing step to a plain-text before it is passed to an ordinary block encryption algorithm. A transformation f, mapping message m = (m1::mx) to a sequence of pseudo messages m1 = (m1::mx), is an AONT if 1) f is a bijection, 2) it is computationally infeasible to obtain any part of the original plaintext, if one of the pseudo messages is unknown, and 3) f 1 andits inverse are efficiently computable. Packets are preprocessed by an AONT before transmission but remain unencrypted. The jammer cannot perform packet classification until all pseudo messages corresponding to the original packet have been received and the inverse transformation has been applied. Below expression shows the details of AONTHS

Siddesh V M, IJRIT

247

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 7, July 2014, Pg. 243-248

5. Conclusion In this paper, we proposed a privacy-preserving location proof updating system called APPLAUS, where colocated Bluetooth enabled mobile devices mutually generate loca-tion proofs and upload to the location proof server. We use statistically changed pseudonyms for each device to protect source location privacy from each other, and from the un-trusted location proof server. To deal with Jamming attacks in APPLAUS, We propose three schemes they are Strong Hiding Commitment Schemes (SHCS), Cryptographic Puzzles Hiding Schemes (CPHS), All- Or-Nothing Transformation Hiding Schemes (AONTSHS).

6. References 1) W. Luo and U. Hengartner, Proving Your Location Without Giving Up Your Privacy, Proc. ACM 11th Workshop Mobile Computing Systems and Applications (HotMobile 10), , 2010 2) S. Saroiu and A. Wolman, Enabling New Mobile Applications with Location Proofs,Proc. ACM 10th Workshop Mobile Computing Systems and Applications (HotMobile 09), , 2009 3) V. Lenders, E. Koukoumidis, P. Zhang, and M. Martonosi, Location-Based Trust for Mobile User-Generated Content: Applications Chal-lenges and Implementations,Proc. Ninth Workshop Mobile Computing Systems and Applications,, 2008 4) T. Jiang, H.J. Wang, and Y.-C. Hu, Location Privacy in Wireless Networks,Proc. ACM MobiSys,, 2007 5) Z. Zhu, G. Cao, S. Zhu, S. Ranjan, and A. Nucci, A Social Network Based Patching Scheme for Worm Containment in Cellular Networks, 6) Proc. IEEE INFOCOM,, 2009 7) Z. Zhu and G. Cao, APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-Based Services, Proc. IEEE INFOCOM,, 2011 8) Z. Zhu and G. Cao, Toward Privacy Preserving and Collusion Resistance in a Location Proof Updating System, Proc. IEEE INFOCOM,, 2013 9) T.X. Brown, J.E. James, and A. Sethi, Jamming and Sensing of Encrypted Wireless Ad Hoc Networks, Proc. ACM Intl Symp. Mobile Ad Hoc Networking and Computing (MobiHoc), pp. 120-130,, 2006 10) Ngangbam Herojit Singh 1, A.Kayalvizhi, Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless Networks, Proc. IEEE INFOCOM,, 2013 11) Ngangbam Herojit Singh 1, A.Kayalvizhi, Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless Networks, Proc. IEEE INFOCOM,, 2013 12) Z. Zhu and G. Cao, APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-Based Services, Proc. IEEE INFOCOM,, 2011 13) W. Luo and U. Hengartner, Proving Your Location Without Giving Up Your Privacy, Proc. ACM 11th Workshop Mobile Computing Systems and Applications (HotMobile 10), , 2010

Siddesh V M, IJRIT

248

Location Proof Updating System with Collusion ...

These applications are location-sensitive since location proof plays a critical role in ... Location proof server: As our goal is not only to monitor real-time locations, ...
Download PDF
196KB Sizes 0 Downloads 188 Views
Report

Recommend Documents

Weak Cartels and Collusion-Proof Auctions
Dec 12, 2016 - †Che: Department of Economics, Columbia University (email: ...... letting the cartel maintain ad-hoc beliefs on the value of bidders who refuse to ...
Auction Design with Tacit Collusion - Semantic Scholar
Jun 16, 2003 - Page 1 ... payoff, here an optimal auction should actually create positive externalities among bidders in the sense that when one ..... bidder's contribution decision can only be measurable with respect to his own valuation but.
Updating Beliefs With Causal Models
Gordon was developing Markov models of memory processes before the field was old enough to say “rehearsal buffer.” Indeed, as a new student of Gordon's, ...
Surface position location system and method
Sep 18, 2003 - British Micro, “Operating Guide to Grafpad”, 1982, 28 pp. Primary ExamineriVijay Shankar. (74) Attorney ..... memory of an associated microprocessor subsystem. That location, or address may in-tum be used to ... and the structural
System Integration Test Location: Bangalore ... -
Role: System Integration Test. Location: Bangalore. Experience: 2- 5 yrs. Tasks: - Strong experience in Automotive Embedded Software Development using C ...
The Cricket Location-Support System
The Cricket Location-Support. System. N.B. Priantha, A. Chakraborty, H. Balakrishnan ... Interest in demonstrating that nearest beacon is “good enough” for ...
Industry Structure and Collusion with Uniform Yardstick ...
Sep 7, 2016 - increase in the number of symmetric firms may facilitate collusion. Our laboratory ... ‡Department of Economics, Econometrics and Finance, University of Groningen, P.O. Box 800, 9700 ... Smaller firms have stronger incentives to devia
Learning and Collusion in New Markets with Uncertain ...
Mar 25, 2013 - try Costs; Collusion; Private Information; Market Uncertainty. ∗For helpful ... Workshop (AETW), the 2nd Workshop 'Industrial Organization: Theory, Empirics and Experiments', the .... (1985) model of technology adoption with preempti
Updating Beliefs With Causal Models: Violations of ...
that it does not trace back in one way or another to Gordon Bower. Gordon is like ... Call that set of relevant states R. Then mental states prior to the critical states ...
TrueSkill - Updating player skills in tennis with Expectation ... - GitHub
Mar 21, 2013 - and matching players on Xbox Online Games, it is a general rating model ... The expected skill value m is accompanied by a level of uncertainty v, which ... tennis match and computing marginal distributions for skill variables of both
Collusion Constrained Equilibrium
Jan 16, 2017 - (1986).4 In political economy Levine and Modica (2016)'s model of ...... instructions - they tell them things such as “let's go on strike” or “let's ...
Collusion on Exclusion
Oct 12, 2012 - contract deterrence strategy is less costly for a duopoly: an entrant into a ...... but the rate of buyer turnover is too high to support collusion, ...
GETA sandals: a footstep location tracking system
Feb 1, 2007 - ministic method [5, 6, 9, 10]. Systems ..... Figure 9 shows the floor map of our exper- ..... processing on the notebook with a small embedded.
Learning and Collusion in New Markets with ...
Rossella Argenziano, Federico Boffa, Nisvan Erkal, Emeric Henry, Leo Fulvio Minervini,. Hodaka Morita, Jose Rodrigues-Neto, and Francisco Ruiz Aliseda for their help and sup- port. .... Gordon (2011) and Akcigit and Liu. (2011) study patent races wit
Updating Contact Information.pdf
Jun 5, 2017 - Network Participation. ○ Disclosure information. ○ ACC opt-in changes. 1. Login to Provider Web Portal. 2. Click Provider Maintenance.
Updating Affiliations.pdf
Page 1 of 17. UPDATED 03/12/17. Page 1 of 17. Provider Maintenance - Provider Web Portal Cheat Sheet: Individual within a Group Provider Maintenance .
Regular updating - Springer Link
Published online: 27 February 2010. © Springer ... updating process, and identify the classes of (convex and strictly positive) capacities that satisfy these ... available information in situations of uncertainty (statistical perspective) and (ii) r
GETA sandals: a footstep location tracking system - National Taiwan ...
Feb 1, 2007 - Department of Computer Science and Information. Engineering ..... In the first scenario the five subjects for GETA sandals walked over a ...
pdf-1448\world-place-location-learning-system-workbook-by-richard ...
Connect more apps... Try one of the apps below to open or edit this item. pdf-1448\world-place-location-learning-system-workbook-by-richard-m-mackinnon.pdf.
A User Location and Tracking System using Wireless Local Area ...
A User Location and Tracking System using Wireless Local Area Network. Kent Nishimori ... Area Network signal strength and Geographical. Information ..... The initial K-nearest neighbor algorithm [1] takes all of the K selected reference points and a
Plant location with minimum inventory - Springer Link
fractional solution we were able to derive integer solutions within 4% of optimality. ... F. Barahona, D. Jensen / Mathematical Programming 83 (1998) 101-111.