Look at our videos online
In recent years, location of mobile devices has become an important factor. Mobile device users can easily access various customized applications from the service providers based on the current physical location information. Nonetheless, it is a significant challenge in distributed architectures for users to prove their presence at a particular location in a privacy-protected and secured manner. So far, researchers have proposed multiple schemes to implement a secure location proof collection mechanism. However, such location proof schemes are subject to tampering and not resistant to collusion attacks. Additionally, the location authority providing a location proof is assumed to be honest at all times.
In our project, we are working on the fundamental requirements of any location proof generation scheme, and consider the potential attacks possible in such non-federated environments. Based on our observations, we are designing a concept of witness oriented endorsements, and are working towards a collusion-resistant protocol for asserted location proofs. Our work also includes an exhaustive security analysis of the proposed architecture, based on a collusion model among the user, location authority, and witness.
Personal mobile devices and location based services are gaining popularity every day. Since the location based services are often customized based on the location information, it is important to securely generate, preserve, and validate the claim of presence at a given location at a given time as well as location provenance – the history of locations for a mobile device user over a given time period. Location provenance needs to imply secure and chronological ordering of location proofs, which can be successfully verified at a later time. Otherwise, the location based services can be easily spoofed by falsified location history.
We have created OTIT – a model for designing secure location provenance. We formalized the features and characteristics for the domain of secure location provenance schemes, using formal propositional logic and logical proofs. We are also considering several schemes, which can be used in various modes to provide secure location provenance services. Based on the characteristics defined in OTIT, we are analyzing different schemes to show their adherence to the desired features of secure location provenance. We posit that OTIT will serve as a comprehensive benchmark framework to evaluate the models for secure location provenance.
Fig: Protocol for Secure Location Proof with Provenance Preservation
Fig: WORAL Framework Architecture and Services
We, at SECRETLab, introduce WORAL, a secure, collusion resistant, asserted, and verifiable decentralized framework for location provenance. WORAL is a complete ready-to-deploy framework for generating witness oriented asserted and privacy protected location provenance records. The proofs and the order of the proofs can later be verified by an external authorized auditor. WORAL has been developed for use in low resource devices. The framework features an Android mobile app to request location proofs and manage the provenance records. The app allows profile management and automatically syncs the settings with the server. Users can easily export proofs with personal privacy settings. We also provide a Google Glass and Google Watch extension for WORAL users. The users, location authorities, and auditors are also provided with an easy-to-use and fully featured web-based interface for account management.
Fig: WORAL Android Application Screenshots
PI: Ragib Hasan, Ph.D., Assistant Professor, UAB
Post Doc. Fellow: Munir Haque, Ph.D.
Masters Student: Jinfang Xu
- Ragib Hasan, Rasib Khan, Shams Zawoad, Md Haque, “WORAL: A Witness Oriented Secure Location Provenance Framework for Mobile Devices”, to appear in IEEE Transactions on Emerging Topics in Computing (TETC) SI on Cyber Security, 2015.
- Rasib Khan, Shams Zawoad, Md Munirul Haque and Ragib Hasan, “Who, When, and Where? Location Proof Assertion for Mobile Devices“, DBSEC 2014 Vienna, Austria, July 14-16, 2014. [pdf]
- Rasib Khan, Shams Zawoad, Md. Haque, and Ragib Hasan, “OTIT: Towards Secure Provenance Modeling for Location Proofs“, in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Kyoto, Japan, June 2014. [pdf]
- Rasib Khan, Md Munirul Haque, and Ragib Hasan, “Modeling a Secure Supply Chain Integrity Preservation System”, In Proceedings of IEEE International Conference on Technologies for Homeland Security, Waltham, MA, November, 2013. [pdf]
This research was supported by the Department of Homeland Security Grant #FA8750-12-2-0254 and a Google Faculty Research Award.