Witness Proof Generation with Security and Verification for Passport Approval

Abstract

Users give their location information to service providers in order to obtain access to a service, resource, or incentive, and location-based systems and applications have exploded in popularity recently. We've seen that dishonest users have an incentive to lie about their whereabouts in these apps. Unfortunately, service providers have not implemented any effective protection methods against these faked location entries. This is a crucial issue with serious implications for these applications. Motivated by this, we present in this paper the Privacy-Aware and Secure Proof Of pRoximiTy (PASPORT) scheme as a solution to the problem. Users submit a location proof (LP) to service providers using PASPORT to prove that the location they provided is valid. PASPORT includes a decentralized architecture that allows mobile users to act as witness and create LPs for one another in ad hoc scenarios. It protects user privacy while also providing security features such as LP unforgeability and non-transferability. Furthermore, the PASPORT method is strong to prover-prover collusions and lowers the risk of Prover-Witness collusion attacks. We propose P-TREAD, a privacy-aware distance bounding mechanism, and incorporate it into PASPORT to make the proximity verification process even more private. We implement a prototype of the proposed method using the Android platform to validate our approach. Extensive testing has shown that the suggested solution effectively protects location-based systems from bogus submissions.