Location Security and Privacy: An LTE Based Approach

Abstract

Integrity of location data from smart-phones is essential in several location-dependent applications. Unfortunately it is quite easy to spoof location data on smart phones. Therefore, most mission critical services such as road-side assistance, use location aggregators to supply verified location with user permission. This verified location is purchased from cellular carriers and user permission is required to comply with governmental privacy laws. However, cellular carriers, not aggregators are bound by privacy regulation. Therefore, when there is a breach of confidentiality, as it happened recently in the US, it is the cellular carriers' who were held responsible and must take corrective actions. In this paper, we present a mechanism to obtain location certificates using LTE positioning protocols so that it is possible for cellular carriers to (a) obtain verifiable consent from the mobile user before their location is released, (b) be able to directly provide verified location as a service to businesses rather than selling customer data to third party location aggregators, and (c) enable mobile users to store self-certifiable proofs of their own location to reuse as needed. With this mechanism in place, people can have greater control over their privacy as location-dependent services are assured of integrity.