Abstract
The smartphone location is the basis for a plethora of popular applications, such as traffic navigation, games, and geotagging. Since the user can manipulate the reported location, it is possible to compromise these applications with fake locations. These attacks generally have a limited impact, but this is changing with the increasing level of trust in the smartphone location. As a prominent example, recent transport e-ticketing applications perform financial transactions based on the assumption that the smartphone location represents that of the user. Unfortunately, this assumption leads to location-based attacks with direct financial implications. We present FreeRide, a real-world attack that allows a malicious user to ride public transports for free. Existing mitigations against FreeRide are either ineffective or impractical since they attempt to enforce the integrity of the smartphone location. Instead of enforcing location integrity, our proposed mitigation, PayRide, establishes the user’s location using the position of the public transport. We have formally verified the PayRide protocol and evaluated its boundary conditions based on a range of possible accuracies reported by the smartphone and public transport.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Basin, D., Cremers, C., Dreier, J., Sasse, R.: Symbolically analyzing security protocols using TAMARIN. ACM SIGLOG News 4(4), 19–30 (2017)
Checkoway, S., Shacham, H.: Iago attacks: why the system call API is a bad untrusted RPC interface. ACM SIGARCH Comput. Archit. News 41(1), 253–264 (2013)
De Oliveira Nunes, I., Ding, X., Tsudik, G.: On the root of trust identification problem. In: ACM IPSN 2021 (2021)
Douceur, J.R.: The Sybil attack. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_24
Eryonucu, C., Papadimitratos, P.: Sybil-based attacks on Google maps or how to forge the image of city life. In: ACM WiSec 2022 (2022)
FAIRTIQ Ltd.: Area of Validity. https://fairtiq.com/en/passengers/area-of-validity
FAIRTIQ Ltd.: Partnership with FAIRTIQ. https://fairtiq.com/en/partner-with-fairtiq/public-transport-agencies
Gambs, S., Killijian, M.O., Roy, M., Traoré, M.: PROPS: a privacy-preserving location proof system. In: IEEE SRDS 2014 (2014)
Hu, H., Chen, Q., Xu, J., Choi, B.: Assuring spatio-temporal integrity on mobile devices with minimum location disclosure. IEEE Trans. Mob. Comput. 16(11), 3000–3013 (2017). https://doi.org/10.1109/TMC.2017.2683492
Hu, Y.C., Perrig, A., Johnson, D.B.: Wormhole attacks in wireless networks. IEEE J. Sel. Areas Commun. 24(2), 370–380 (2006)
Huang, K.L., Kanhere, S.S., Hu, W.: Are you contributing trustworthy data? The case for a reputation system in participatory sensing. In: ACM MSWiM 2010 (2010)
Javali, C., Revadigar, G., Rasmussen, K.B., Hu, W., Jha, S.: I am alice, i was in wonderland: secure location proof generation and verification protocol. In: IEEE LCN 2016 (2016). https://doi.org/10.1109/LCN.2016.126
Larcom, J.A., Liu, H.: Modeling and characterization of GPS spoofing. In: IEEE HST 2013 (2013)
Liu, H., Saroiu, S., Wolman, A., Raj, H.: Software abstractions for trusted sensors. In: ACM HotMobile 2010 (2010). https://doi.org/10.1145/2307636.2307670
Luo, W., Hengartner, U.: Proving your location without giving up your privacy. In: ACM HotMobile 2010 (2010). https://doi.org/10.1145/1734583.1734586
McGillion, B., Dettenborn, T., Nyman, T., Asokan, N.: Open-TEE: an open virtual trusted execution environment. In: IEEE TrustCom 2015, vol. 1 (2015)
Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48
Newsome, J., Shi, E., Song, D., Perrig, A.: The sybil attack in sensor networks: analysis & defenses. In: IEEE IPSN 2004 (2004)
Nosouhi, M.R., Sood, K., Yu, S., Grobler, M., Zhang, J.: PASPORT: a secure and private location proof generation and verification framework. IEEE TCSS 7(2), 293–307 (2020)
Paay, J., Kjeldskov, J., Internicola, D., Thomasen, M.: Motivations and practices for cheating in Pokémon GO. In: ACM MobileHCI 2018 (2018)
Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Modern Computers. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-1460-5
Pham, A., Huguenin, K., Bilogrevic, I., Dacosta, I., Hubaux, J.P.: SecureRun: cheat-proof and private summaries for location-based activities. IEEE Trans. Mob. Comput. 15(8), 2109–2123 (2015). https://doi.org/10.1109/TMC.2015.2483498
Psiaki, M.L., Humphreys, T.E., Stauffer, B.: Attackers can spoof navigation signals without our knowledge. Here’s how to fight back GPS lies. IEEE Spectr. 53(8), 26–53 (2016)
Saroiu, S., Wolman, A.: Enabling new mobile applications with location proofs. In: ACM HotMobile 2009 (2009). https://doi.org/10.1145/1514411.1514414
Saroiu, S., Wolman, A.: I am a sensor, and i approve this message. In: ACM HotMobile 2010 (2010). https://doi.org/10.1145/1734583.1734593
SBB: EasyRide - the ticket that does things your way—SBB. https://www.sbb.ch/en/timetable/mobile-apps/sbb-mobile/easyride.html
SBB: Help with EasyRide
Setiadji, M.Y.B., Aji, B.P., Amiruddin, A.: Deceiving smart lock trusted place in Android smartphones with location spoofing. In: IEEE ICOIACT 2020 (2020)
SNCB: Seamless Ticketing. https://www.belgiantrain.be/en/about-sncb/en-route-vers-mieux/innovation/seamless-ticketing
Swiss Federal Railways: The SBB online portal for trains and public transport—SBB. https://www.sbb.ch/en
Tippenhauer, N.O., Pöpper, C., Rasmussen, K.B., Capkun, S.: On the requirements for successful GPS spoofing attacks. In: ACM CCS 2011 (2011)
Zeng, K.C., Shu, Y., Liu, S., Dou, Y., Yang, Y.: A practical GPS location spoofing attack in road navigation scenario. In: ACM HotMobile 2017 (2017)
Zhu, Z., Cao, G.: Toward privacy preserving and collusion resistance in a location proof updating system. IEEE Trans. Mob. Comput. 12(1), 51–64 (2011)
ÖBB Group: SimplyGo! https://www.oebb.at/en/tickets-kundenkarten/online-mobile-ticketing/oebb-app/simplygo
Acknowledgments
We thank our anonymous reviewers for their valuable feedback and Ralf Sasse for his help with Tamarin. This work was supported by the Swiss National Science Foundation under NCCR Automation, grant agreement 51NF40 180545, and the Swiss State Secretariat for Education, Research and Innovation under contract number MB22.00057 (ERC-StG PROMISE).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
Disclosure of Interests
The authors have no competing interests to declare that are relevant to the content of this article.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Michele, M., Jattke, P., Zibung, J., Razavi, K. (2024). PayRide: Secure Transport e-Ticketing with Untrusted Smartphone Location. In: Maggi, F., Egele, M., Payer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2024. Lecture Notes in Computer Science, vol 14828. Springer, Cham. https://doi.org/10.1007/978-3-031-64171-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-64171-8_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-64170-1
Online ISBN: 978-3-031-64171-8
eBook Packages: Computer ScienceComputer Science (R0)