Cited By
View all- Almuhaideb AAlgothami S(2022)ECQV-Based Lightweight Revocable Authentication Protocol for Electric Vehicle ChargingBig Data and Cognitive Computing10.3390/bdcc60401026:4(102)Online publication date: 27-Sep-2022
Constrained Proximity Attacks on Mobile Targets
Authors: 
Xueou Wang, Xiaolu Hou, Ruben Rios, Nils Ole Tippenhauer, Martín OchoaAuthors Info & Claims
Article No.: 10, Pages 1 - 29
Abstract
Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this article, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as a countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.
References
[1]
Steve Alpern. 2013. Ten Open Problems in Rendezvous Search. Springer, New York, NY, 223–230. DOI:
[2]
Fan Bai and Ahmed Helmy. 2004. A survey of mobility models. Wireless Adhoc Networks, University of Southern California, USA., 147 pages.
[3]
Tracy Camp, Jeff Boleng, and Vanessa Davies. 2002. A survey of mobility models for ad hoc network research. Wireless Communications and Mobile Computing 2, 5 (2002), 483–502. DOI:
[4]
L. Chen and K. Bian. 2015. The telephone coordination game revisited: From random to deterministic algorithms. IEEE Transactions on Computers 64, 10 (Oct. 2015), 2968–2980. DOI:
[5]
Jorge Cuellar, Martín Ochoa, and Ruben Rios. 2012. Indistinguishable regions in geographic privacy. In Proceedings of the ACM Symposium on Applied Computing. ACM, New York, NY, 1463–1469. DOI:
[6]
Natasha Culzac. 2014. Egypt’s police ‘using social media and apps like Grindr to trap gay people’. Article on The Independent 17, (2014).https://www.independent.co.uk/news/world/africa/egypt-s-police-using-social-media-and-apps-like-grindr-to-trap-gay-people-9738515.html.
[7]
A. Gaudillière. 2009. Collision probability for random trajectories in two dimensions. Stochastic Processes and their Applications 119, 3 (2009), 775–810. DOI:
[8]
Per A. Hallgren, Martín Ochoa, and Andrei Sabelfeld. 2015. InnerCircle: A parallelizable decentralized privacy-preserving location proximity protocol. In Proceedings of the Annual Conference on Privacy, Security and Trust. 1–6. DOI:
[9]
Per A. Hallgren, Martín Ochoa, and Andrei Sabelfeld. 2016. MaxPace: Speed-constrained location queries. In Proceedings of the IEEE Conference on Communications and Network Security. 136–144. DOI:
[10]
J. Harri, F. Filali, and C. Bonnet. 2009. Mobility models for vehicular ad hoc networks: A survey and taxonomy. IEEE Communications Surveys Tutorials 11, 4 (April 2009), 19–41. DOI:
[11]
Ming-Shih Huang and Ram M. Narayanan. 2014. Trilateration-based localization algorithm using the lemoine point formulation. IETE Journal of Research 60, 1 (2014), 60–73.
[12]
Arvind Narayanan, Narendran Thiagarajan, Mugdha Lakhani, Michael Hamburg, and Dan Boneh. 2011. Location privacy via private proximity testing. In Proceedings of the Network and Distributed System Security Symposium.
[13]
Iasonas Polakis, George Argyros, Theofilos Petsios, Suphannee Sivakorn, and Angelos D. Keromytis. 2015. Where’s Wally?: Precise user discovery attacks in location proximity services. In Proceedings of the ACM Conference on Computer and Communications Security. 817–828. DOI:
[14]
Zbigniew Puchala and Tomasz Rolski. 2005. The exact asymptotic of the time to collision. Electronic Journal of Probability 10 (2005), 1359–1380.
[15]
Jaroslav Sedenka and Paolo Gasti. 2014. Privacy-preserving distance computation and proximity testing on earth, done right. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 99–110. DOI:
[16]
Reza Shokri, George Theodorakopoulos, George Danezis, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2011. Quantifying location privacy: The case of sporadic location exposure. In Proceedings of the International Conference on Privacy Enhancing Technologies . Springer-Verlag, Berlin, 57–76.
[17]
Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011. Quantifying location privacy. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 247–262. DOI:
[18]
Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2012. Protecting location privacy: Optimal strategy against localization attacks. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, New York, NY, 617–627. DOI:
[19]
Max Veytsman. 2014. How I was able to track the location of any Tinder user. Retrieved March 2018 from http://blog.includesecurity.com/2014/02/how-i-was-able-to-track-location-of-any.html.
[20]
Xueou Wang, Xiaolu Hou, Ruben Rios, Per Hallgren, Nils Ole Tippenhauer, and Martín Ochoa. 2018. Location proximity attacks against mobile targets: Analytical bounds and attacker strategies. In Proceedings of the Computer Security. Javier Lopez, Jianying Zhou, and Miguel Soriano (Eds.). Springer International Publishing, 373–392.
[21]
Richard Weber. 2012. Optimal symmetric rendezvous search on three locations. Mathematics of Operations Research 37, 1 (Feb. 2012), 111–122. DOI:
[22]
Jing Yuan, Yu Zheng, Xing Xie, and Guangzhong Sun. 2011. Driving with knowledge from the physical world. In Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 316–324.
[23]
Jing Yuan, Yu Zheng, Chengyang Zhang, Wenlei Xie, Xing Xie, Guangzhong Sun, and Yan Huang. 2010. T-drive: Driving directions based on taxi trajectories. In Proceedings of the SIGSPATIAL International Conference on Advances in Geographic Information Systems. ACM, 99–108.
Index Terms
- Constrained Proximity Attacks on Mobile Targets
Recommendations
How secure is your cache against side-channel attacks?
MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on MicroarchitectureSecurity-critical data can leak through very unexpected side channels, making side-channel attacks very dangerous threats to information security. Of these, cache-based side-channel attacks are some of the most problematic. This is because caches are ...
Evaluating the Privacy Guarantees of Location Proximity Services
Location-based services have become an integral part of everyday life. To address the privacy issues that emerge from the use and sharing of location information, social networks and smartphone applications have adopted location proximity schemes as a ...
Location Proximity Attacks Against Mobile Targets: Analytical Bounds and Attacker Strategies
Computer SecurityAbstractLocation privacy has mostly focused on scenarios where users remain static. However, investigating scenarios where the victims present a particular mobility pattern is more realistic. In this paper, we consider abstract attacks on services that ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2022
263 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 04 March 2022
Accepted: 01 November 2021
Revised: 01 September 2021
Received: 01 September 2020
Published in TOPS Volume 25, Issue 2
Check for updates
Author Tags
Qualifiers
- Research-article
- Refereed
Funding Sources
- Spanish Ministry of Science and Innovation and the Regional Ministry of Economy, Knowledge, Business and University of the Junta de Andalucía
- Captación de Talento para la Investigación
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 287Total Downloads
- Downloads (Last 12 months)44
- Downloads (Last 6 weeks)10
Reflects downloads up to 01 Oct 2024
Other Metrics
Citations
Cited By
View all- Almuhaideb AAlgothami S(2022)ECQV-Based Lightweight Revocable Authentication Protocol for Electric Vehicle ChargingBig Data and Cognitive Computing10.3390/bdcc60401026:4(102)Online publication date: 27-Sep-2022
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderFull Text
View this article in Full Text.
Full TextHTML Format
View this article in HTML Format.
HTML Format