Abstract
Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this article, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as a countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.
- [1] . 2013. Ten Open Problems in Rendezvous Search. Springer, New York, NY, 223–230.
DOI: Google ScholarCross Ref
- [2] . 2004. A survey of mobility models. Wireless Adhoc Networks, University of Southern California, USA., 147 pages.Google Scholar
- [3] . 2002. A survey of mobility models for ad hoc network research. Wireless Communications and Mobile Computing 2, 5 (2002), 483–502.
DOI: Google ScholarCross Ref
- [4] . 2015. The telephone coordination game revisited: From random to deterministic algorithms. IEEE Transactions on Computers 64, 10 (
Oct. 2015), 2968–2980.DOI: Google ScholarDigital Library
- [5] . 2012. Indistinguishable regions in geographic privacy. In Proceedings of the ACM Symposium on Applied Computing. ACM, New York, NY, 1463–1469.
DOI: Google ScholarDigital Library
- [6] . 2014. Egypt’s police ‘using social media and apps like Grindr to trap gay people’.
Article on The Independent 17, (2014). https://www.independent.co.uk/news/world/africa/egypt-s-police-using-social-media-and-apps-like-grindr-to-trap-gay-people-9738515.html.Google Scholar - [7] . 2009. Collision probability for random trajectories in two dimensions. Stochastic Processes and their Applications 119, 3 (2009), 775–810.
DOI: Google ScholarCross Ref
- [8] . 2015. InnerCircle: A parallelizable decentralized privacy-preserving location proximity protocol. In Proceedings of the Annual Conference on Privacy, Security and Trust. 1–6.
DOI: Google ScholarCross Ref
- [9] . 2016. MaxPace: Speed-constrained location queries. In Proceedings of the IEEE Conference on Communications and Network Security. 136–144.
DOI: Google ScholarCross Ref
- [10] . 2009. Mobility models for vehicular ad hoc networks: A survey and taxonomy. IEEE Communications Surveys Tutorials 11, 4 (April 2009), 19–41.
DOI: Google ScholarDigital Library
- [11] . 2014. Trilateration-based localization algorithm using the lemoine point formulation. IETE Journal of Research 60, 1 (2014), 60–73.Google Scholar
Cross Ref
- [12] . 2011. Location privacy via private proximity testing. In Proceedings of the Network and Distributed System Security Symposium.Google Scholar
- [13] . 2015. Where’s Wally?: Precise user discovery attacks in location proximity services. In Proceedings of the ACM Conference on Computer and Communications Security. 817–828.
DOI: Google ScholarDigital Library
- [14] . 2005. The exact asymptotic of the time to collision. Electronic Journal of Probability 10 (2005), 1359–1380.Google Scholar
Cross Ref
- [15] . 2014. Privacy-preserving distance computation and proximity testing on earth, done right. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 99–110.
DOI: Google ScholarDigital Library
- [16] . 2011. Quantifying location privacy: The case of sporadic location exposure. In Proceedings of the International Conference on Privacy Enhancing Technologies . Springer-Verlag, Berlin, 57–76.Google Scholar
Cross Ref
- [17] . 2011. Quantifying location privacy. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 247–262.
DOI: Google ScholarDigital Library
- [18] . 2012. Protecting location privacy: Optimal strategy against localization attacks. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, New York, NY, 617–627.
DOI: Google ScholarDigital Library
- [19] . 2014. How I was able to track the location of any Tinder user. Retrieved March 2018 from http://blog.includesecurity.com/2014/02/how-i-was-able-to-track-location-of-any.html.Google Scholar
- [20] . 2018. Location proximity attacks against mobile targets: Analytical bounds and attacker strategies. In Proceedings of the Computer Security. , , and (Eds.). Springer International Publishing, 373–392.Google Scholar
Cross Ref
- [21] . 2012. Optimal symmetric rendezvous search on three locations. Mathematics of Operations Research 37, 1 (
Feb. 2012), 111–122.DOI: Google ScholarDigital Library
- [22] . 2011. Driving with knowledge from the physical world. In Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 316–324.Google Scholar
Digital Library
- [23] . 2010. T-drive: Driving directions based on taxi trajectories. In Proceedings of the SIGSPATIAL International Conference on Advances in Geographic Information Systems. ACM, 99–108.Google Scholar
Digital Library
Index Terms
Constrained Proximity Attacks on Mobile Targets
Recommendations
How secure is your cache against side-channel attacks?
MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on MicroarchitectureSecurity-critical data can leak through very unexpected side channels, making side-channel attacks very dangerous threats to information security. Of these, cache-based side-channel attacks are some of the most problematic. This is because caches are ...
Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel ProcessingAbstractWith the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...
Evaluating the Privacy Guarantees of Location Proximity Services
Location-based services have become an integral part of everyday life. To address the privacy issues that emerge from the use and sharing of location information, social networks and smartphone applications have adopted location proximity schemes as a ...






Comments