CREPUSCOLO: A collusion resistant privacy preserving location verification system

In location-sensitive applications (e.g. location-based access control, and location-based social networks), users often benefit from being at a certain location. These benefits are incentives for users to cheat about their current location, in order to get unauthorized access to resources and services provided by location-sensitive applications. To deal with this issue, we propose CREPUSCOLO, a collusion resistant and privacy preserving location verification system. In CREPUSCOLO, we use “location-proofs” collected from co-located mobile devices, which can be endorsed by a “token” acquired from a trusted Token Provider. In fact, location-proofs endorsed by tokens provide the resiliency against collusion attacks, because this combination can prove that a certain mobile device was at a certain location at a specific time. CREPUSCOLO also protects the source location privacy by enforcing the usage of periodically changing pseudonyms. Extensive simulations show that CREPUSCOLO is effective in detecting collusion attacks even under very conservative hypothesis. For instance, with just 11 Token Providers spread over a 121 km2 area characterized by a very low density of cooperating devices, 90% of collusion attacks are detected.