Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ProLoc: Robust Location Proofs in Hindsight

Roberta De Viti, Pierfrancesco Ingo, Isaac Sheff, Peter Druschel, Deepak Garg

TL;DR

ProLoc presents an infrastructure-free location-proof system that outputs region proofs $S$ a posteriori by fusing near-range BLE encounters with device trajectories and map-based isochrones. It introduces a TrustRank-based defense to counter retroactive collusion by fictitious devices without requiring additional infrastructure. The evaluation on simulated Copenhagen mobility data and the SensibleDTU BLE dataset shows that practical proof precision in the hundreds of meters is achievable with modest witness counts and that TrustRank robustly separates honest devices from attackers, even under Sybil pressure. This work enables reliable, post-hoc verification of geo-tagged citizen reports and extends location-proof concepts to flexible, region-based proofs in hostile environments.

Abstract

Many online services rely on self-reported locations of user devices like smartphones. To mitigate harm from falsified self-reported locations, the literature has proposed location proof services (LPSs), which provide proof of a device's location by corroborating its self-reported location using short-range radio contacts with either trusted infrastructure or nearby devices that also report their locations. This paper presents ProLoc, a new LPS that extends prior work in two ways. First, ProLoc relaxes prior work's proofs that a device was at a given location to proofs that a device was within distance "d" of a given location. We argue that these weaker proofs, which we call "region proofs", are important because (i) region proofs can be constructed with few requirements on device reporting behavior as opposed to precise location proofs, and (ii) a quantitative bound on a device's distance from a known epicenter is useful for many applications. For example, in the context of citizen reporting near an unexpected event (earthquake, violent protest, etc.), knowing the verified distances of the reporting devices from the event's epicenter would be valuable for ranking the reports by relevance or flagging fake reports. Second, ProLoc includes a novel mechanism to prevent collusion attacks where a set of attacker-controlled devices corroborate each others' false locations. Ours is the first mechanism that does not need additional infrastructure to handle attacks with made-up devices, which an attacker can create in any number at any location without any cost. For this, we rely on a variant of TrustRank applied to the self-reported trajectories and encounters of devices. Our goal is to prevent retroactive attacks where the adversary cannot predict ahead of time which fake location it will want to report, which is the case for the reporting of unexpected events.

ProLoc: Robust Location Proofs in Hindsight

TL;DR

ProLoc presents an infrastructure-free location-proof system that outputs region proofs a posteriori by fusing near-range BLE encounters with device trajectories and map-based isochrones. It introduces a TrustRank-based defense to counter retroactive collusion by fictitious devices without requiring additional infrastructure. The evaluation on simulated Copenhagen mobility data and the SensibleDTU BLE dataset shows that practical proof precision in the hundreds of meters is achievable with modest witness counts and that TrustRank robustly separates honest devices from attackers, even under Sybil pressure. This work enables reliable, post-hoc verification of geo-tagged citizen reports and extends location-proof concepts to flexible, region-based proofs in hostile environments.

Abstract

Many online services rely on self-reported locations of user devices like smartphones. To mitigate harm from falsified self-reported locations, the literature has proposed location proof services (LPSs), which provide proof of a device's location by corroborating its self-reported location using short-range radio contacts with either trusted infrastructure or nearby devices that also report their locations. This paper presents ProLoc, a new LPS that extends prior work in two ways. First, ProLoc relaxes prior work's proofs that a device was at a given location to proofs that a device was within distance "d" of a given location. We argue that these weaker proofs, which we call "region proofs", are important because (i) region proofs can be constructed with few requirements on device reporting behavior as opposed to precise location proofs, and (ii) a quantitative bound on a device's distance from a known epicenter is useful for many applications. For example, in the context of citizen reporting near an unexpected event (earthquake, violent protest, etc.), knowing the verified distances of the reporting devices from the event's epicenter would be valuable for ranking the reports by relevance or flagging fake reports. Second, ProLoc includes a novel mechanism to prevent collusion attacks where a set of attacker-controlled devices corroborate each others' false locations. Ours is the first mechanism that does not need additional infrastructure to handle attacks with made-up devices, which an attacker can create in any number at any location without any cost. For this, we rely on a variant of TrustRank applied to the self-reported trajectories and encounters of devices. Our goal is to prevent retroactive attacks where the adversary cannot predict ahead of time which fake location it will want to report, which is the case for the reporting of unexpected events.
Paper Structure (14 sections, 1 theorem, 3 equations, 6 figures, 1 table)

This paper contains 14 sections, 1 theorem, 3 equations, 6 figures, 1 table.

Table of Contents

  1. Introduction
  2. Design preliminaries
  3. Key Insights
  4. ProLoc Service
  5. Defending Against Retroactive Collusion Attacks
  6. ProLoc's Defense
  7. Datasets
  8. Evaluation
  9. Location Proof Precision
  10. TrustRank
  11. Computational resources
  12. Related Work
  13. Conclusion
  14. Edge-weighting scheme

Key Result

theorem 1

The sum of the TrustRank of attacker devices is at most proportional to the sum of the TrustRank of corrupt devices.

Figures (6)

  • Figure 1: User device trajectories (colored lines) containing location reports, connected by encounters.
  • Figure 2: Pseudocode of $\hbox{prove_loc}$. $\hbox{\color{D}\normalfont Dbase}$ is ProLoc's internal database, and $\hbox{\color{map}\normalfont Map}$ is the map service.
  • Figure 3: Feasible region (shaded) w.r.t. one witness $w$.
  • Figure 4: Precision radius ($R$) as a function of the number of independent witnesses ($N$) for different location reporting frequencies, encounter densities and adoption rates. [Legend: 10-th percentile, median, 90-th percentile].
  • Figure 4: CDF of TrustRank values for honest and attacker devices (corrupt and fictitious). Our threshold (the vertical red line) is computed using data from many simulated attacks.
  • ...and 1 more figures

Theorems & Definitions (1)

  • theorem 1