A comprehensive definition of location authentication and a review of its threats and possible solutions help provide a better understanding of this young security requirement. N ew and enhanced locationdetermination technologies have allowed ubiquitous computing applications to better exploit location information. In particular, these technologies have improved location-based services, such as emergency and navigation services, tracking and monitoring systems, and location-based billing services. They also apply to more specific contexts-for example, in sensor networks, location information is often crucial for node tracking and packet routing.This increasing use of location information has driven researchers to analyze its specific security requirements. 1 The most important requirements relate to privacy and trust, including authenticity and attestation. Here, we focus on authenticating location information, which is necessary when using such information to grant access to a service or to generate evidence such as a certificate guaranteeing an entity's location at some point in time. It's also useful for accountable tracking of nodes and billing of mobile services. More important, for some services-such as emergency related services-failing to guarantee location information can have fatal consequences.Location authentication is still a relatively young security property. Stefan Brands and David Chaum first addressed location authentication in 1994, 2 followed by Dorothy Denning and Peter MacDoran in 1996. 3 Researchers have since increased their efforts to understand location authentication, proposing several solutions for different contexts. Despite the recent advances, we still need a clearer picture of this property. Here, we extend a survey we published in 2005 4 to provide a more comprehensive definition of location authentication and to describe its main threats in different scenarios. We also give an overview of proposed mechanisms for fulfilling this requirement, taking into account not only location verification but also the related problem of secure location determination.
Location determinationWe start with a brief overview of location determination because of its obvious importance to location authentication. One main approach to location determination is to use an object's internal measurements, such as inertial navigation or odometry techniques. However, the more common approach in ubiquitous computing is to use a reference system that exploits triangulation, proximity, or scene-analysis techniques. 5 Typically, reference-based location determination considers the exchange of signals between a target node (the one being located) and a set