Privacy-Preserving Proof-of-Location With Security Against Geo-Tampering
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
A Proof-of-Location (POL) system is used to issue a proof-of-location token ( <inline-formula><tex-math notation="LaTeX">$pol$</tex-math></inline-formula> ) to a user who has been present at a location <inline-formula><tex-math notation="LaTeX">$\ell oc$</tex-math></inline-formula> , such that it can be later presented to a verifier to assure the presence of the user at <inline-formula><tex-math notation="LaTeX">$\ell oc$</tex-math></inline-formula> . Basic POL security requirements are <i>unforgeability</i> of <inline-formula><tex-math notation="LaTeX">$pol$</tex-math></inline-formula> , and its <i>non-transferability</i> (a <inline-formula><tex-math notation="LaTeX">$pol$</tex-math></inline-formula> issued to user <inline-formula><tex-math notation="LaTeX">$u_1$</tex-math></inline-formula> cannot be used by <inline-formula><tex-math notation="LaTeX">$u_2$</tex-math></inline-formula> ). An additional important property of POL systems is <i>user privacy</i> against the issuers and verifiers. We make two contributions. First, we formalize the POL security and privacy properties, and construct the first system providing provable security and privacy against the issuer and the verifier, both. Second, we introduce a <i>geo-tampering attack</i> that completely breaks POL system security, by simply changing the location of a <inline-formula><tex-math notation="LaTeX">$pol$</tex-math></inline-formula> issuing node. The attack applies to portable infrastructure nodes that are not continually monitored. We propose an algorithm that is used by a <inline-formula><tex-math notation="LaTeX">$pol$</tex-math></inline-formula> issuer to provide a location integrity “proof”, that will be embedded in a <inline-formula><tex-math notation="LaTeX">$pol$</tex-math></inline-formula> to protect against this attack. The proof relies on a novel application of euclidean Distance Matrices. We implemented our POL on an off-the-shelf Android smartphone to show the practicality of the proposed algorithms.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.000 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.001 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.001 |
| Open science | 0.000 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it