SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks (2014) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.926 SPECIAL ISSUE PAPER A mobile phone-based physical-social location proof system for mobile social network service Xudong Ni 1 *, Junzhou Luo 1 , Boying Zhang 2 , Jin Teng 2 , Xiaole Bai 3 , Bo Liu 1 and Dong Xuan 2 1 School of Computer Science and Engineering, Southeast University, Nanjing, China 2 Department of Computer Science and Engineering, The Ohio State University, OH, U.S.A. 3 Dunnhummby, Cincinnati, U.S.A. ABSTRACT Location-related mobile social network services are popular nowadays, and their methods to obtain end users’ location information are based on people’s self-report location claims, using mobile devices to check positions and send them back to the service providers. However, this mechanism has a serious vulnerability that makes malicious users be able to access restricted resource by transmitting fake locations. Both academic and industrial researchers are recently aware of this problem’s importance since the commercialized trend of location-related mobile social network services. To address this issue, we propose mobile phone-based physical-social location, a mobile phone-based location proof system to verify users’ location claims and defend various fake location information. Our core idea is that a user’s location claim can be proved by a set of selective physical encountered people serving as “witnesses” who are co-located with him/her in that area. The system is composed of proof generation and verification. In the proof generation phase, we leverage a certain number of co-located people to generate certificates as location proofs during their encounters via bluetooth interface. In the verification phase, we propose an efficient verification scheme to make our system accurate and adaptive. We have implemented the MPSL system using real world Nokia N82 (Nokia, Espoo, Finland) phones. Our experimental results show that our mobile phone-based system can achieve high verification accuracy and good performance. Copyright © 2014 John Wiley & Sons, Ltd. KEYWORDS physical-social location (PSL); location proof; mobile phone; mobile social network service *Correspondence Xudong Ni, School of Computer Science and Engineering, Southeast University, Nanjing, China. E-mail: xd_ni@seu.edu.cn Received 29 September 2012; Revised 21 April 2013; Accepted 13 October 2013 1. INTRODUCTION As mobile phones, such as smartphones and personal dig- ital assistants, are becoming prevalent, location-related mobile social network services (MSNSs), for example, Foursquare [1], Yelp [2], Google Latitude [3], Gowalla [4], Loopt [5], and EveryTrial [6], are playing an increas- ingly important role in people’s life. Foursquare provides a location-based social networking platform through which users can “check in” at places that are visiting and learn their friends location. Yelp allows users to post and read reviews about their interested places. Online social net- work services also take advantage of location informa- tion, for example, geographic profile to provide friend recommendation service. All these services require user to report their current or long-term location information, for example, global positioning system (GPS) coordinates, trajectory, or geography profile. Often, users can obtain rewards or benefits from being at a given location. For example, Foursquare has the user who checks in the most often at a location become the “mayor”. In turn, the owner of the location (e.g., a mall) might offer a reward to this user (e.g., a coupon). Besides, online social services often offer exclusive recommendation services or reviews based on users’ geographic profiles or previous visited places. So people have the incentive to lie about their locations in these location-sensitive services. Unfortunately, current MSNSs are based on user’s self-reported location claims, which make them easily being cheated. Although most mobile users have devices capable of discovering their locations, they lack a mecha- nism to prove their current of past locations to applications and services. Spammers and attackers may report a fake location to convince other users that he presented at some Copyright © 2014 John Wiley & Sons, Ltd.