The surging deployment of WiFi hotspots in public places has been driving the blossoming of location-based services (LBSs) over the past few years. Typically, many service providers delivery dedicated services to mobile users according to their physical locations. However, a recent measurement study reveals that a large portion of the reported location statistics are either forged or superfluous, which calls high attention to the importance of location authentication. However, prior authentication approaches breach user’s location privacy, which is of wide concern of both individuals and governments. Furthermore, existing location privacy preserving mechanisms still have a potential threat in wireless environment. In this paper, we propose PriLa, a privacy-preserving location au...[ Read more ]

The surging deployment of WiFi hotspots in public places has been driving the blossoming of location-based services (LBSs) over the past few years. Typically, many service providers delivery dedicated services to mobile users according to their physical locations. However, a recent measurement study reveals that a large portion of the reported location statistics are either forged or superfluous, which calls high attention to the importance of location authentication. However, prior authentication approaches breach user’s location privacy, which is of wide concern of both individuals and governments. Furthermore, existing location privacy preserving mechanisms still have a potential threat in wireless environment. In this paper, we propose PriLa, a privacy-preserving location authentication protocol that facilitates location authentication without compromising user’s location privacy in WiFi networks. PriLa exploits physical layer information, namely carrier frequency offset (CFO) and multipath profile, from user’s frames. In particular, PriLa leverages CFO to secure wireless transmission between the mobile user and the access point (AP), and meanwhile authenticate the reported locations without leaking the exact location information based on the coarse-grained location proximity being extracted from user’s multipath profile. Existing privacy preservation techniques on upper layers can be applied on top of PriLa to enable various applications. We have implemented PriLa on GNURadio/USRP platform and off-the-shelf Intel 5300 NIC. The experimental results demonstrate the practicality of CFO injection and accuracy of multipath profile based location authentication in a real-world environment.