skip to main content
research-article

Constrained Proximity Attacks on Mobile Targets

Published:04 March 2022Publication History
Skip Abstract Section

Abstract

Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this article, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as a countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.

REFERENCES

  1. [1] Alpern Steve. 2013. Ten Open Problems in Rendezvous Search. Springer, New York, NY, 223230. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  2. [2] Bai Fan and Helmy Ahmed. 2004. A survey of mobility models. Wireless Adhoc Networks, University of Southern California, USA., 147 pages.Google ScholarGoogle Scholar
  3. [3] Camp Tracy, Boleng Jeff, and Davies Vanessa. 2002. A survey of mobility models for ad hoc network research. Wireless Communications and Mobile Computing 2, 5 (2002), 483502. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  4. [4] Chen L. and Bian K.. 2015. The telephone coordination game revisited: From random to deterministic algorithms. IEEE Transactions on Computers 64, 10 (Oct. 2015), 29682980. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. [5] Cuellar Jorge, Ochoa Martín, and Rios Ruben. 2012. Indistinguishable regions in geographic privacy. In Proceedings of the ACM Symposium on Applied Computing. ACM, New York, NY, 14631469. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. [6] Culzac Natasha. 2014. Egypt’s police ‘using social media and apps like Grindr to trap gay people’. Article on The Independent 17, (2014). https://www.independent.co.uk/news/world/africa/egypt-s-police-using-social-media-and-apps-like-grindr-to-trap-gay-people-9738515.html.Google ScholarGoogle Scholar
  7. [7] Gaudillière A.. 2009. Collision probability for random trajectories in two dimensions. Stochastic Processes and their Applications 119, 3 (2009), 775810. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  8. [8] Hallgren Per A., Ochoa Martín, and Sabelfeld Andrei. 2015. InnerCircle: A parallelizable decentralized privacy-preserving location proximity protocol. In Proceedings of the Annual Conference on Privacy, Security and Trust. 16. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  9. [9] Hallgren Per A., Ochoa Martín, and Sabelfeld Andrei. 2016. MaxPace: Speed-constrained location queries. In Proceedings of the IEEE Conference on Communications and Network Security. 136144. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  10. [10] Harri J., Filali F., and Bonnet C.. 2009. Mobility models for vehicular ad hoc networks: A survey and taxonomy. IEEE Communications Surveys Tutorials 11, 4 (April 2009), 1941. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. [11] Huang Ming-Shih and Narayanan Ram M.. 2014. Trilateration-based localization algorithm using the lemoine point formulation. IETE Journal of Research 60, 1 (2014), 6073.Google ScholarGoogle ScholarCross RefCross Ref
  12. [12] Narayanan Arvind, Thiagarajan Narendran, Lakhani Mugdha, Hamburg Michael, and Boneh Dan. 2011. Location privacy via private proximity testing. In Proceedings of the Network and Distributed System Security Symposium.Google ScholarGoogle Scholar
  13. [13] Polakis Iasonas, Argyros George, Petsios Theofilos, Sivakorn Suphannee, and Keromytis Angelos D.. 2015. Where’s Wally?: Precise user discovery attacks in location proximity services. In Proceedings of the ACM Conference on Computer and Communications Security. 817828. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. [14] Puchala Zbigniew and Rolski Tomasz. 2005. The exact asymptotic of the time to collision. Electronic Journal of Probability 10 (2005), 13591380.Google ScholarGoogle ScholarCross RefCross Ref
  15. [15] Sedenka Jaroslav and Gasti Paolo. 2014. Privacy-preserving distance computation and proximity testing on earth, done right. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 99110. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. [16] Shokri Reza, Theodorakopoulos George, Danezis George, Hubaux Jean-Pierre, and Boudec Jean-Yves Le. 2011. Quantifying location privacy: The case of sporadic location exposure. In Proceedings of the International Conference on Privacy Enhancing Technologies . Springer-Verlag, Berlin, 5776.Google ScholarGoogle ScholarCross RefCross Ref
  17. [17] Shokri Reza, Theodorakopoulos George, Boudec Jean-Yves Le, and Hubaux Jean-Pierre. 2011. Quantifying location privacy. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 247262. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. [18] Shokri Reza, Theodorakopoulos George, Troncoso Carmela, Hubaux Jean-Pierre, and Boudec Jean-Yves Le. 2012. Protecting location privacy: Optimal strategy against localization attacks. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, New York, NY, 617627. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. [19] Veytsman Max. 2014. How I was able to track the location of any Tinder user. Retrieved March 2018 from http://blog.includesecurity.com/2014/02/how-i-was-able-to-track-location-of-any.html.Google ScholarGoogle Scholar
  20. [20] Wang Xueou, Hou Xiaolu, Rios Ruben, Hallgren Per, Tippenhauer Nils Ole, and Ochoa Martín. 2018. Location proximity attacks against mobile targets: Analytical bounds and attacker strategies. In Proceedings of the Computer Security. Lopez Javier, Zhou Jianying, and Soriano Miguel (Eds.). Springer International Publishing, 373392.Google ScholarGoogle ScholarCross RefCross Ref
  21. [21] Weber Richard. 2012. Optimal symmetric rendezvous search on three locations. Mathematics of Operations Research 37, 1 (Feb. 2012), 111122. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. [22] Yuan Jing, Zheng Yu, Xie Xing, and Sun Guangzhong. 2011. Driving with knowledge from the physical world. In Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 316324.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. [23] Yuan Jing, Zheng Yu, Zhang Chengyang, Xie Wenlei, Xie Xing, Sun Guangzhong, and Huang Yan. 2010. T-drive: Driving directions based on taxi trajectories. In Proceedings of the SIGSPATIAL International Conference on Advances in Geographic Information Systems. ACM, 99108.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Constrained Proximity Attacks on Mobile Targets

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Privacy and Security
        ACM Transactions on Privacy and Security  Volume 25, Issue 2
        May 2022
        263 pages
        ISSN:2471-2566
        EISSN:2471-2574
        DOI:10.1145/3505216
        Issue’s Table of Contents

        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 4 March 2022
        • Accepted: 1 November 2021
        • Revised: 1 September 2021
        • Received: 1 September 2020
        Published in tops Volume 25, Issue 2

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Full Text

      View this article in Full Text.

      View Full Text

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!