Skip to main content
SpringerLink
Log in

Revisiting Localization Attacks in Mobile App People-Nearby Services

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10656))

Abstract

The widespread use of people-nearby services has spawned the development of social discovery applications that help users make new friends with nearby users (such as WeChat). Unfortunately, malicious third-parties can often deploy trilateration attacks to exploit people-nearby applications to determine the exact locations of target users, therefore compromising their privacy. In this paper, we revisit these localization attacks and propose a new two-step localization method that boosts the accuracy of the state of the art for the contemporary location-based social network (LBSN) services which have adopted the band-distance obfuscation to blur the location information. The basic idea is to first locate the target in a small circle with the radius of the band distance; then, refine the estimated location with sufficient queries which is driven by the required localization accuracy. We theoretically prove that our method is able to converge to pinpoint users with an upper bound of the complexity of our design. We also evaluate the performance of our model when considering different distribution errors, and finally show our localization method is robust with exciting accuracy and limited complexity through extensive simulation experiments. This attack can locate target users within 20 m with over \(95\%\) accuracy in most cases while the query-time is a limited value and can be roughly computed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Noack, R.: Could using gay dating app Grindr get you arrested in Egypt? The Washington Post, 12 September 2014

    Google Scholar 

  2. Paton, C.: Grindr urges LGBT community to hide their identities as Egypt persecutes nation’s gay community. The Independent, 26 September 2014

    Google Scholar 

  3. Li, M., Zhu, H., Gao, Z., Chen, S., Yu, L., Hu, S., Ren, K.: All your location are belong to us: breaking mobile social networks for automated user location tracking. In: 15th ACM International Symposium on Mobile Ad Hoc Networking and Computing, pp. 43–52 (2014)

    Google Scholar 

  4. Polakis, I., Argyros, G., Petsios, T., Sivakorn, S., Keromytis, A.D.: Where’s wally?: Precise user discovery attacks in location proximity services. In: ACM SIGSAC CCS, pp. 817–828 (2015)

    Google Scholar 

  5. Wang, G., Wang, B., Wang, T., Nika, A., Zheng, H., Zhao, B.Y.: Whispers in the dark: analysis of an anonymous social network. In: ACM Internet Measurement Conference, pp. 137–150 (2014)

    Google Scholar 

  6. Ding, Y., Peddinti, S.T., Ross, K.W.: Stalking Beijing from Timbuktu: a generic measurement approach for exploiting location-based social discovery. In: ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (2014)

    Google Scholar 

  7. Xue, M., Liu, Y., Ross, K.W., Qian, H.: I know where you are: thwarting privacy protection in location-based social discovery services. In: IEEE Conference on Computer Communications Workshops (2015)

    Google Scholar 

  8. Xue, M., Liu, Y., Ross, K., Qian, H.: Thwarting location privacy protection in location-based social discovery services. Secur. Commun. Netw. 9(11), 1496–1508 (2016)

    Article  Google Scholar 

  9. Peng, J., Meng, Y., Xue, M., Hei, X., Ross, K.W.: Attacks and defenses in location-based social networks: a heuristic number theory approach. In: International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec), pp. 64–71 (2015)

    Google Scholar 

  10. Cheng, H., Mao, S., Xue, M., Hei, X.: On the impact of location errors on localization attacks in location-based social network services. In: Wang, G., Ray, I., Alcaraz Calero, J.M., Thampi, S.M. (eds.) SpaCCS 2016. LNCS, vol. 10066, pp. 343–357. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49148-6_29

    Google Scholar 

  11. Liu, J., Zhang, Y., Zhao, F.: Robust distributed node localization with error management. In: Proceedings of the 7th ACM International Symposium on Mobile Ad Hoc Networking and Computing, pp. 250–261 (2006)

    Google Scholar 

  12. Qin, G., Patsakis, C., Bouroche, M.: Playing hide and seek with mobile dating applications. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 185–196. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_15

    Chapter  Google Scholar 

  13. Mascetti, S., Bertolaja, L., Bettini, C.: A practical location privacy attack in proximity services. In: IEEE 14th International Conference on Mobile Data Management (MDM), vol. 1, pp. 87–96 (2013)

    Google Scholar 

  14. Correa, D., Silva, L.A., Mondal, M., Benevenuto, F., Gummadi, K.P.: The many shades of anonymity: characterizing anonymous social media content. In: International AAAI Conference on Web and Social Media (2015)

    Google Scholar 

  15. Xue, M., Yang, L., Ross, K.W., Qian, H.: Characterizing user behaviors in location-based find-and-flirt services: anonymity and demographics. Peer-to-Peer Netw. Appl. 10(2), 357–367 (2017)

    Article  Google Scholar 

  16. Wang, R., Xue, M., Liu, K., Qian, H.: Data-driven privacy analytics: a WeChat case study in location-based social networks. In: Xu, K., Zhu, H. (eds.) WASA 2015. LNCS, vol. 9204, pp. 561–570. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21837-3_55

    Chapter  Google Scholar 

  17. Xue, M., Ballard, C., Liu, K., Nemelka, C., Wu, Y., Ross, K., Qian, H.: You can yak but you can’t hide: localizing anonymous social network users. In: ACM IMC, pp. 25–31 (2016)

    Google Scholar 

  18. Chen, Z., Fu, D., Gao, Y., Hei, X.: Performance evaluation for software defined WiFi DCF networks from theory to testbed. In: 16th IEEE International Conference on Ubiquitous Computing and Communications (IUCC) (2017)

    Google Scholar 

Download references

Acknowledgments

This work was supported in part by the National Natural Science Foundation of China (No. 61370231), and in part by the Fundamental Research Funds for the Central Universities (No. HUST:2016YXMS303).

Author information

Authors and Affiliations

  1. Huazhong University of Science and Technology, Wuhan, 430074, China

    Jialin Wang, Hanni Cheng & Xiaojun Hei

  2. East China Normal University, Shanghai, 200062, China

    Minhui Xue

  3. NYU Shanghai, Shanghai, 200122, China

    Minhui Xue

Authors
  1. Jialin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hanni Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Minhui Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaojun Hei
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaojun Hei .

Editor information

Editors and Affiliations

  1. Guangzhou University , Guangzhou, China

    Guojun Wang

  2. Edith Kinney Gaylord Presidential Professor, University of Oklahoma, Norman, Oklahoma, USA

    Mohammed Atiquzzaman

  3. Aalto University, Espoo, Finland

    Zheng Yan

  4. University of Texas at San Antonio, San Antonio, Texas, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, J., Cheng, H., Xue, M., Hei, X. (2017). Revisiting Localization Attacks in Mobile App People-Nearby Services. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10656. Springer, Cham. https://doi.org/10.1007/978-3-319-72389-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72389-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72388-4

  • Online ISBN: 978-3-319-72389-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation