A Location Privacy Attack Based on the Location Sharing Mechanism with Erroneous Distance in Geosocial Networks
Abstract
:1. Introduction
2. Related Work
2.1. Location Sharing Mechanisms of Geosocial Networks
- ◆
- Direct Location Sharing: The users are equipped with smart phone devices that can report Global Positioning System (GPS) locations. Therefore, users can actively report their location directly to GSNs. In this process, after receiving the GPS locations, the GSN service providers return a list of nearby stores to users and users choose one form the list. For example, checking in, tagging, and giving reviews to specific stores are all direct location sharing mechanisms.
- ◆
- Indirect Location Sharing: There are many GSN applications allowing user to share the current location with friends or relatives. With proper permissions, the app can notify users when their friends are close to where they are, so users can see the distances of other users. In order to protect the security and privacy of the individual, two protection mechanisms, Maximal Coverage Limit and Minimal Accuracy Limit, are used in the indirect location sharing.
- Maximal Coverage Limit: Users can only get distance information of other nearby users. When the distance between two users exceeds a certain threshold value called Maximal Coverage Limit, the distance information will not be displayed to users.
- Minimal Accuracy Limit: Almost all current GSNs have implemented the Minimal Accuracy Limit mechanism. When the distance between two users is below a certain threshold value called Minimal Accuracy Limit, the distance provided by GSN apps will only show the fixed threshold value. So, malicious users won’t be able to get real distance when the distance between two users is too close.
2.2. Geosocial Networks Location Attack Algorithms
- ◆
- Search Stage Algorithm with Maximal Coverage Limit: Due to the existence of the Maximal Coverage Limit, if the attacker is out of the range limit, it is impossible to obtain the distance of the targeted user. Therefore, the attacker must first be able to find out which area the targeted user might be in. The following is an overview of the algorithms used in the first stage.
- Scan Algorithm: An attacker attempts to find the area where the targeted user may be located by collecting location information shared by direct location sharing function [7]. Random search is used to pick fake GPS locations and the fake GPS locations are then used to query the GSN until the GSN returns the distance of the targeted user. Because of the random search method, the algorithm is time-consuming.
- Disk Coverage Algorithm: The premise of applying this method is that the GSNs can return a specific area of the targeted user such as Taipei [8]. The disc coverage algorithm covers the returned specific area with unit discs. The distance between the unit discs is set to . Then the minimum dominating set of the unit discs is selected and will be used to find out the specific unit disc where the targeted user is in.
- ◆
- Search Stage Algorithm without Maximal Coverage Limit: Since there is no maximal coverage limit, no matter where the attacker is, the attacker can always get the distance information of the target user. Therefore, iterative trilateration based localization algorithm is the most extensive and effective search algorithm in this case. The iterative trilateration algorithm [7] is mainly modified from the past traditional trilateration algorithm. The traditional trilateration algorithm uses three reference points to calculate the position of the unknown point. As shown in Figure 1, there are three reference points (C1, C2 and C3) and an unknown point O. The distances between the reference points, C1, C2 and C3, and the unknown point O are r1, r2 and r3. Three circles can be drawn using C1, C2 and C3 as centers and r1, r2 and r3 as radii. These three circles intersect, and this intersection is considered to be the estimated position of the unknown node.The Iterative Trilateration-based Localization Algorithm first randomly generates three positions, and finds an estimated point using the traditional trilateration algorithm with the three generated positions, and then replaces the farthest generated position with the estimated point. This trilateration iterates continuously until the termination conditions are met. Figure 2 shows the schematic diagram of the Iterative Trilateration-based Localization Algorithm.
- ◆
- Inference Stage Algorithm: After the search stage, in order to get the position of the target user more accurately, the Minimum Accuracy Limit must be overcome. In the past, the Space Partition Attack Algorithm (SPAA) was adopted in this stage [7,8]. When an attacker finds out the region where the target user might be in, the positioning accuracy is limited by the Minimal Accuracy Limit. For example, the closest distance between two users that can be shown in Skout is 800 m; the closest distance in Wechat is about 100 m. Therefore, in order to overcome the limitation, the Space Partition Attack Algorithm (SPAA) was proposed. The SPAA determine whether the target user is located in the specific area by iterating over the fixed area. The concept is shown in Figure 3. In order to simplify the calculation problem, the Convex Position Estimation (CPE) is used to estimate an rectangle [11]. In CPE, squares instead of circles are used to cover the area. CPE repletely calculates the possible squares where the target user might be located. The intersection of these squares will be used to infer the position of the target user. The calculation ends when the desired detection accuracy is achieved.
- ◆
- Localization Attack Algorithm with Random Location Sharing Mechanism: Since protection mechanisms like space cloaking [12,13,14] have been proposed in the past, the location information returned by GSNs may be randomized to some extent. The distance information returned by GSNs may not be the true distance. Therefore, Maximum Likelihood Estimation was proposed to calculate the true position from uncertain location data [8]. However, this type of attack must collect a large amount of data to verify the feasibility of the model, so this type of attack method is more challenging than the previous two methods.
3. Problem Description
3.1. Problem Definition
3.2. Method Description
Algorithm 1. Error-Adjusted Space Partition Attack Algorithm. |
Input: An estimated point = (Slat, Slon) and its range from target point , given in form |
Output: , the final estimation for |
4. Experimental Analysis and Results
4.1. The Influence of the Rerror on the Positioning Error in the Inference Stage
4.2. The Effect of Threshold on the Positioning Error
5. Conclusions
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
References
- Qin, G.; Patsakis, C.; Bouroche, M. Playing hide and seek with mobile dating applications. In Proceedings of IFIP International Information Security Conference; Springer: Berlin/Heidelberg, Geramny, 2014; pp. 185–196. [Google Scholar]
- Zickuhr, K. Location-based services. Pew Res. 2013, 679, 695. [Google Scholar]
- Madden, M.; Lenhart, A.; Cortesi, S.; Gasser, U. Teens and mobile apps privacy. Pew Internet Am. Life Proj. 2013, 21, 2–86. [Google Scholar]
- Pontes, T.; Vasconcelos, M.; Almeida, J.; Kumaraguru, P.; Almeida, V. We know where you live: Privacy characterization of foursquare behavior. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing, Pittsburgh, PA, USA, 5–8 September 2012; pp. 898–905. [Google Scholar]
- Krumm, J. Inference attacks on location tracks. Pervasive Comput. 2007, 4480, 127–143. [Google Scholar]
- Mondal, M.; Viswanath, B.; Clement, A.; Druschel, P.; Gummadi, K.P.; Mislove, A.; Post, A. Defending against large-scale crawls in online social networks. In Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, Nice, France, 10 December 2012; pp. 325–336. [Google Scholar]
- Li, M.; Zhu, H.; Gao, Z.; Chen, S.; Yu, L.; Hu, S.; Ren, K. All your location are belong to us: Breaking mobile social networks for automated user location tracking. In Proceedings of the 15th ACM International Symposium on Mobile Ad Hoc Networking and Computing, Philadelphia PA, USA, 11–14 August 2014; pp. 43–52. [Google Scholar]
- Polakis, I.; Argyros, G.; Petsios, T.; Sivakorn, S.; Keromytis, A.D. Where’s Wally? Precise User Discovery Attacks in Location Proximity Services. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015; pp. 817–828. [Google Scholar]
- Li, H.; Zhu, H.; Du, S.; Liang, X.; Shen, X. Privacy leakage of location sharing in mobile social networks: Attacks and defense. IEEE Trans. Dependable Secur. Comput. 2016, 15, 646–660. [Google Scholar] [CrossRef]
- Niu, B.; Zhu, X.; Li, Q.; Chen, J.; Li, H. A novel attack to spatial cloaking schemes in location-based services. Future Gener. Comput. Syst. 2015, 49, 125–132. [Google Scholar] [CrossRef]
- Sheu, J.-P.; Chen, P.-C.; Hsu, C.-S. A distributed localization scheme for wireless sensor networks with improved grid-scan and vector-based refinement. IEEE Trans. Mob. Comput. 2008, 7, 1110–1123. [Google Scholar] [CrossRef]
- Chow, C.-Y.; Mokbel, M.F.; Liu, X. A peer-to-peer spatial cloaking algorithm for anonymous location-based service. In Proceedings of the 14th Annual ACM International Symposium on Advances in Geographic Information Systems, Park City, UT, USA, 23–26 September 2008; pp. 171–178. [Google Scholar]
- Chow, C.-Y.; Mokbel, M.F.; Liu, X. Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments. GeoInformatica 2011, 15, 351–380. [Google Scholar] [CrossRef] [Green Version]
- Niu, B.; Li, Q.; Zhu, X.; Cao, G.; Li, H. Achieving k-anonymity in privacy-aware location-based services. In Proceedings of the IEEE INFOCOM 2014—IEEE Conference on Computer Communications, Toronto, ON, Canada, 27 April–2 May 2014; pp. 754–762. [Google Scholar]
- Clark, B.N.; Colbourn, C.J.; Johnson, D.S. Unit disk graphs. Discret. Math. 1990, 86, 165–177. [Google Scholar] [CrossRef] [Green Version]
- Masuyama, S.; Ibaraki, T.; Hasegawa, T. The computational complexity of the m-center problems on the plane. IEICE Trans. 1981, 64, 57–64. [Google Scholar]
- Nieberg, T.; Hurink, J. A PTAS for the minimum dominating set problem in unit disk graphs. In Proceedings of International Workshop on Approximation and Online Algorithms; Springer: Berlin/Heidelberg, Geramny, 2005; pp. 296–306. [Google Scholar]
- Marathe, M.V.; Breu, H.; Hunt, H.B.; Ravi, S.S.; Rosenkrantz, D.J. Simple heuristics for unit disk graphs. Networks 1995, 25, 59–68. [Google Scholar] [CrossRef] [Green Version]
- Huang, M.-S.; Narayanan, R.M. Trilateration-based localization algorithm using the lemoine point formulation. IETE J. Res. 2014, 60, 60–73. [Google Scholar] [CrossRef]
Variable | Definition |
---|---|
u | The target of the attacker |
p | Location of the node on the plane |
pu | Real location of the target |
ηri(p,pu) | Location Sharing Mechanism |
ri | Disk radius |
H | The set of Location Sharing Mechanisms |
n | The number of Location Sharing Mechanisms |
A | The area which the target on |
Final estimated location | |
Dim | Two-dimensional plane dimension(latitude/longitude) |
lat | Latitude dimension |
lon | Longitude dimension |
threshold | Minimum threshold |
rerror | Erroneous distance |
Name | Minimal Accuracy Limit | Maximal Coverage Limit | Number of Downloads | Platform |
---|---|---|---|---|
100 m | 1 km | 300 million | iOS/Android | |
Swarm-Foursquare | 500 m | 65 km | 10 million | iOS/Android |
1 km | 200 km | 1 billion | iOS/Android | |
iPair | 5 km | 1000 km | 1 million | iOS/Android |
Easymeet | 5 km | 1000 km | 0.5 million | iOS/Android |
Skout | 0.5 m | N/A | 5 million | iOS/Android |
Momo | 10 m | N/A | 30 million | iOS/Android |
Whoshere | 100 m | N/A | 5 million | iOS/Android |
MiTalk | 100 m | 0.6 km | 20 million | iOS/Android |
100 m | 1600 m | 500 million | iOS/Android | |
SayHi | 10 m | 1000 km | 500 thousand | iOS/Android |
iAround | 10 m | N/A | 10 million | iOS/Android |
Duimian | 100 m | N/A | 500 thousand | iOS/Android |
Doudou Friend | 10 m | N/A | 1 million | iOS/Android |
U+ | 10 m | N/A | 10 million | iOS/Android |
Topface | 100 m | N/A | 50 million | iOS/Android |
Niupai | 10 m | N/A | 61 thousand | iOS/Android |
KKtalk | 10 m | N/A | 320 thousand | iOS/Android |
Anywhere | 10 m | N/A | 750 thousand | Android |
I Part | 10 m | 1000 m | 8 million | iOS/Android |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Lin, T.-L.; Chang, H.-Y.; Li, S.-L. A Location Privacy Attack Based on the Location Sharing Mechanism with Erroneous Distance in Geosocial Networks. Sensors 2020, 20, 918. https://doi.org/10.3390/s20030918
Lin T-L, Chang H-Y, Li S-L. A Location Privacy Attack Based on the Location Sharing Mechanism with Erroneous Distance in Geosocial Networks. Sensors. 2020; 20(3):918. https://doi.org/10.3390/s20030918
Chicago/Turabian StyleLin, Tu-Liang, Hong-Yi Chang, and Sheng-Lin Li. 2020. "A Location Privacy Attack Based on the Location Sharing Mechanism with Erroneous Distance in Geosocial Networks" Sensors 20, no. 3: 918. https://doi.org/10.3390/s20030918
APA StyleLin, T. -L., Chang, H. -Y., & Li, S. -L. (2020). A Location Privacy Attack Based on the Location Sharing Mechanism with Erroneous Distance in Geosocial Networks. Sensors, 20(3), 918. https://doi.org/10.3390/s20030918