Locationbased social network (LBSN) services enable users to discover nearby people. Original LBSN services provide the exact distances for nearby users. Existing studies have shown that it is easy to localize target users by using trilateration methodology. To defend against the trilateration attack, current LBSN services adopt the concentric bandbased approach when reporting distances. In this paper, by using number theory, we analytically show that by strategically placing multiple virtual probes as fake GPS, one can accurately pinpoint user locations with either accurate or coarse bandbased distances. As a proof of this concept, WeChat is examplified to validate that our attack methodology is effective in a realworld deployment. Our study is expected to draw more public attention to this serious privacy issue and hopefully motivate better privacypreserving LBSN designs.
WANG Rong-Rong
,
XUE Min-Hui
,
LI Xiang-Xue
,
QIAN Hai-Feng
. An effective localization attack in locationbased social network[J]. Journal of East China Normal University(Natural Science), 2016
, 2016(2)
: 62
-72
.
DOI: 10.3969/j.issn.1000-5641.2016.02.009
[1]CIW TEAM. Tencent: 438M Wechat users and 645M QZone users by Q2 2014 [EB/OL]. China Internet Watch, 2014 [2015125]. http:∥www.chinainternetwatch.com/8229/tencentq22014/.
[2]XIANG T. Momo: China’s next social conglomerate? [EB/OL]. TechNode, 2014 [2015125]. http:∥technode.com/2014/10/13/momochinanextsocialconglomerate/.
[3]ZANG H, BOLOT J. Anonymization of location data does not work: A largescale measurement study[C]∥Proceedings of the 17th Annual International Conference on Mobile Computing and Networking. ACM, 2011: 145156.
[4]CHEN T, KAAFAR M, BORELI R.The where and when of finding new friends: Analysis of a locationbased social discovery network[C]∥Proceedings of the International AAAI Conference on Weblogs and Social Media. 2013.
[5]XUE M, LIU Y, ROSS K W, et al. I know where you are: Thwarting privacy protection in locationbased social discovery services[C]∥Proceedings of the 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, 2015:179184.
[6]WANG G, WANG B, WANG T, et al. Whispers in the dark: Analysis of an anonymous social network[C]∥Proceedings of the 2014 Conference on Internet Measurement Conference. ACM, 2014: 137150.
[7]LI M, ZHU H, GAO Z, et al. All your location are belong to us: Breaking mobile social networks for automated user location tracking[C]∥Proceedings of the 15th ACM International Symposium on Mobile ad Hoc Networking and Computing. ACM, 2014: 4352.
[8]RUTHS D, PFEFFER J. Social media for large studies of behavior[J]. Science, 2014, (6213)346: 10631064.
[9]BINDSCHAEDLER L, JADLIWALA M, BILOGREVIC I, et al. Track me if you can: On the effectiveness of contextbased identifier changes in deployed mobile networks[C/OL].NDSS, 2012[2015125].http: ∥www.internetsociety.org.
[10]SHOKRI R, THEODORAKOPOULOS G, BOUDEC J Y L, et al. Quantifying location privacy[J]. IEEE Symposium on Security and Privacy (SP), 2011,42(12): 247262.
[11]XU T, CAI Y. Feelingbased location privacy protection for locationbased services[C]∥Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009: 348357.
[12]ALMUHIMEDI H, SCHAUB F, SADEH N, et al. Your location has been shared 5 398 times! [C]∥Proceedings of the 33rd Annual ACM Conference on Factors in Computing System.ACM, 2015: 787796.
[13]FAWAZ K, SHIN K G. Location privacy protection for smartphone users[C]∥Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014: 239250.
[14]ED N, QUN L. Nearpri: Private, proximity based location sharing[C]∥Proceedings of the IEEE INFOCOM 2014IEEE Conference on Computer Communications. IEEE, 2014: 4352.
[15]SHOUP V. A Computational Introduction to Number Theory and Algebra[M]. London: Cambridge University Press, 2009.
[16]DING Y, PEDDINTI S T, ROSS K W. Stalking Beijing from Timbuktu: A generic measurement approach for exploiting locationbased social discovery[C]∥Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 2014: 7580.