Paper in a peer-reviewed national conference
Location Proof, Context-Awareness, Mobile Security, Internet of Things
Gabriel A. Maia, Miguel L. Pardal
INForum. Guimarães, Portugal. 2019
Many mobile applications are location-aware, but do not verify the location information they consume, making them vulnerable to location spoofing attacks. Location proof systems aim to solve this problem by allowing devices to interact with location-specific resources and issue proof that they have been at specific locations on specific times.
In this paper we introduce CROSS, a system that performs location verification using techniques compatible with off-the-shelf Android smartphones. We present three strategies for the production of location proofs with increasing tamper-resistance, two of which are based on Wi-Fi and a third based on physical interaction with kiosk-like devices. Our system was designed with user privacy and security in mind, minimizing the amount of connections between devices. A prototype application was implemented to assess the feasibility and reliability of the architecture and location proof strategies. The application allows rewarding users who complete a touristic route, with proofs of visit collected along the way.