Location-based services (LBSs) have been emerging in recent years. Mobile devices with built-in GPS receiver (Global Positioning System), called GPS-enabled mobile devices, will also become an important trend in the near future. Location information and authentication of mobile clients are critical for accessing desired LBSs. In this paper, a novel vision-based approach, called VLocAuth, is proposed to incorporate a ubiquitous camera (UbiCam) environment for location authentication. The operation of VLocAuth relies on three kinds of servers, including LBS server, authentication server (AS), and camera server (CS). VLocAuth consists of two phases: initialization and location authentication phases. In the initialization phase, a mobile client requests user identification and related information from LBS server via a secure channel. In the location authentication phase, a temporal identification provided by LBS server is used for data communication among the client, AS, and CS to achieve privacy protection. Then, CS authenticates the location of a mobile client by matching the location and the moving objects in the real-time camera image to ensure the client at the location of the GPS coordinates. The security analysis shows that VLocAuth is secure against replay attack and man-in-the-middle attack. It also satisfies unforgeability, privacy, confidentially, integrity, simplicity, and practicability requirements. A simulation study is designed to show the influence of a node density, type of GPS receiver, and a network delay on VLocAuth. Besides, a matching tool is implemented for measuring the time of the key matching step of VLocAuth in a practical environment. These results show that VLocAuth is feasible for location authentication and meets the trend of UbiCam environment in the near future.
Read full abstract