华东师范大学学报(自然科学版) >

2016 , Vol. 2016 >Issue 2: 62 - 72

DOI: https://doi.org/10.3969/j.issn.1000-5641.2016.02.009

计算机科学

基于位置社交网络的高效定位算法

  • 王荣荣 ,
  • 薛旻辉 ,
  • 李祥学 ,
  • 钱海峰
展开
  • 华东师范大学 计算机科学技术系,上海200241
王荣荣,女,硕士研究生,研究方向为信息安全. E-mail: ghghgh8032@126.com.

收稿日期: 2015-02-13

  网络出版日期: 2016-07-25

基金资助

国家自然科学基金(61172085)

收起

An effective localization attack in locationbased social network

  • WANG Rong-Rong ,
  • XUE Min-Hui ,
  • LI Xiang-Xue ,
  • QIAN Hai-Feng
Expand

Received date: 2015-02-13

  Online published: 2016-07-25

Fold

摘要

基于位置社交网络(LocationBased Social Network,LBSN)服务使得用户能够利用位置服务发现附近的人.原始的LBSN服务为用户提供确切的相对距离,而这种做法已被证实易于遭受三角定位攻击.为防御此类攻击,当今LBSN服务普遍采用以带宽的方式来报告距离.本文利用数论,通过技巧性地摆放虚拟探针,伪装地理位置,提出了一种不受地理位置限制、高精度、易于实现的定位目标算法.作为概念验证,本文使用微信进行实验最终验证了该攻击算法在实际部署中的有效性.本文的研究旨在呼吁LBSN服务提供商改进位置隐私保护技术,唤醒公众充分认识LBSN软件所带来的潜在隐私泄露.

关键词: 基于位置社交网络; 定位攻击; 微信

本文引用格式

王荣荣 , 薛旻辉 , 李祥学 , 钱海峰 . 基于位置社交网络的高效定位算法[J]. 华东师范大学学报(自然科学版), 2016 , 2016(2) : 62 -72 . DOI: 10.3969/j.issn.1000-5641.2016.02.009

Abstract

Locationbased social network (LBSN) services enable users to discover nearby people. Original LBSN services provide the exact distances for nearby users. Existing studies have shown that it is easy to localize target users by using trilateration methodology. To defend against the trilateration attack, current LBSN services adopt the concentric bandbased approach when reporting distances. In this paper, by using number theory, we analytically show that by strategically placing multiple virtual probes as fake GPS, one can accurately pinpoint user locations with either accurate or coarse bandbased distances. As a proof of this concept, WeChat is examplified to validate that our attack methodology is effective in a realworld deployment. Our study is expected to draw more public attention to this serious privacy issue and hopefully motivate better privacypreserving LBSN designs.

Key words: locationbased social network; localization attack; WeChat

参考文献

[1]CIW TEAM. Tencent: 438M Wechat users and 645M QZone users by Q2 2014 [EB/OL]. China Internet Watch, 2014 [2015125]. http:∥www.chinainternetwatch.com/8229/tencentq22014/.

[2]XIANG T. Momo: China’s next social conglomerate? [EB/OL]. TechNode, 2014 [2015125]. http:∥technode.com/2014/10/13/momochinanextsocialconglomerate/.

[3]ZANG H, BOLOT J. Anonymization of location data does not work: A largescale measurement study[C]∥Proceedings of the 17th Annual International Conference on Mobile Computing and Networking. ACM, 2011: 145156.

[4]CHEN T, KAAFAR M, BORELI R.The where and when of finding new friends: Analysis of a locationbased social discovery network[C]∥Proceedings of the International AAAI Conference on Weblogs and Social Media. 2013.

[5]XUE M, LIU Y, ROSS K W, et al. I know where you are: Thwarting privacy protection in locationbased social discovery services[C]∥Proceedings of the 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, 2015:179184.

[6]WANG G, WANG B, WANG T, et al. Whispers in the dark: Analysis of an anonymous social network[C]∥Proceedings of the 2014 Conference on Internet Measurement Conference. ACM, 2014: 137150.

[7]LI M, ZHU H, GAO Z, et al. All your location are belong to us: Breaking mobile social networks for automated user location tracking[C]∥Proceedings of the 15th ACM International Symposium on Mobile ad Hoc Networking and Computing. ACM, 2014: 4352.

[8]RUTHS D, PFEFFER J. Social media for large studies of behavior[J]. Science, 2014, (6213)346: 10631064.

[9]BINDSCHAEDLER L, JADLIWALA M, BILOGREVIC I, et al. Track me if you can: On the effectiveness of contextbased identifier changes in deployed mobile networks[C/OL].NDSS, 2012[2015125].http: ∥www.internetsociety.org.

[10]SHOKRI R, THEODORAKOPOULOS G,  BOUDEC J Y L, et al. Quantifying location privacy[J].  IEEE Symposium on Security and Privacy (SP), 2011,42(12): 247262.

[11]XU T, CAI Y. Feelingbased location privacy protection for locationbased services[C]∥Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009: 348357.

[12]ALMUHIMEDI H, SCHAUB F, SADEH N, et al. Your location has been shared 5 398 times! [C]∥Proceedings of the 33rd Annual ACM Conference on Factors in Computing System.ACM, 2015: 787796.

[13]FAWAZ K, SHIN K G. Location privacy protection for smartphone users[C]∥Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014: 239250.

[14]ED N, QUN L. Nearpri: Private, proximity based location sharing[C]∥Proceedings of the IEEE INFOCOM 2014IEEE Conference on Computer Communications. IEEE, 2014: 4352.

[15]SHOUP V. A Computational Introduction to Number Theory and Algebra[M]. London: Cambridge University Press, 2009.

[16]DING Y, PEDDINTI S T, ROSS K W. Stalking Beijing from Timbuktu: A generic measurement approach for exploiting locationbased social discovery[C]∥Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones  and Mobile Devices. ACM, 2014: 7580.
Options
文章导航

/