Thwarting location privacy protection in location-based social discovery services

Minhui Xue, Yong Liu, Keith Ross, Haifeng Qian

Research output: Contribution to journalArticle

Abstract

Location-based social discovery (LBSD) services enable users to discover their geographic neighborhoods to make new friends. Original LBSD services were designed to provide the exact distances to nearby users. It has been shown that it is easy to pinpoint any target user's location by using trilateration based on the exact distances from three fake Global Positioning System locations to the target user. To defend against the trilateration attack, contemporary LBSD services then began to report distances of nearby users in concentric bands, for example, bands of 100 meters, rather than exact distances. In this paper, we investigate the user location privacy leakage problem in LBSD services reporting distances in discrete bands. Using number theory, we analytically show that by strategically placing multiple virtual probes with fake Global Positioning System locations, one can nevertheless localize user locations in band-based LBSD. Our methodology is guaranteed to localize any reported user within a circle of radius no greater than one meter, even for LBSD services using large bands (such as 100 m as used by WeChat). Eventually, countermeasures are proposed to reduce location privacy leakage to the very minimum. To the best of our knowledge, this is the first work that explicitly exploits and quantifies user location privacy leakage in band-based LBSD services. We expect our study to draw more public attention to this serious privacy issue and expectantly motivate better privacy preserving LBSD designs.

Original languageEnglish (US)
JournalSecurity and Communication Networks
DOIs
StateAccepted/In press - 2016

Fingerprint

Global positioning system
Number theory

Keywords

  • Location privacy
  • Location-based social discovery (LBSD)
  • Number theory

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Cite this

Thwarting location privacy protection in location-based social discovery services. / Xue, Minhui; Liu, Yong; Ross, Keith; Qian, Haifeng.

In: Security and Communication Networks, 2016.

Research output: Contribution to journalArticle

@article{ed8926e8121e4308b7c5ff8d82c56a77,
title = "Thwarting location privacy protection in location-based social discovery services",
abstract = "Location-based social discovery (LBSD) services enable users to discover their geographic neighborhoods to make new friends. Original LBSD services were designed to provide the exact distances to nearby users. It has been shown that it is easy to pinpoint any target user's location by using trilateration based on the exact distances from three fake Global Positioning System locations to the target user. To defend against the trilateration attack, contemporary LBSD services then began to report distances of nearby users in concentric bands, for example, bands of 100 meters, rather than exact distances. In this paper, we investigate the user location privacy leakage problem in LBSD services reporting distances in discrete bands. Using number theory, we analytically show that by strategically placing multiple virtual probes with fake Global Positioning System locations, one can nevertheless localize user locations in band-based LBSD. Our methodology is guaranteed to localize any reported user within a circle of radius no greater than one meter, even for LBSD services using large bands (such as 100 m as used by WeChat). Eventually, countermeasures are proposed to reduce location privacy leakage to the very minimum. To the best of our knowledge, this is the first work that explicitly exploits and quantifies user location privacy leakage in band-based LBSD services. We expect our study to draw more public attention to this serious privacy issue and expectantly motivate better privacy preserving LBSD designs.",
keywords = "Location privacy, Location-based social discovery (LBSD), Number theory",
author = "Minhui Xue and Yong Liu and Keith Ross and Haifeng Qian",
year = "2016",
doi = "10.1002/sec.1438",
language = "English (US)",
journal = "Security and Communication Networks",
issn = "1939-0122",
publisher = "John Wiley and Sons Inc.",

}

TY - JOUR

T1 - Thwarting location privacy protection in location-based social discovery services

AU - Xue, Minhui

AU - Liu, Yong

AU - Ross, Keith

AU - Qian, Haifeng

PY - 2016

Y1 - 2016

N2 - Location-based social discovery (LBSD) services enable users to discover their geographic neighborhoods to make new friends. Original LBSD services were designed to provide the exact distances to nearby users. It has been shown that it is easy to pinpoint any target user's location by using trilateration based on the exact distances from three fake Global Positioning System locations to the target user. To defend against the trilateration attack, contemporary LBSD services then began to report distances of nearby users in concentric bands, for example, bands of 100 meters, rather than exact distances. In this paper, we investigate the user location privacy leakage problem in LBSD services reporting distances in discrete bands. Using number theory, we analytically show that by strategically placing multiple virtual probes with fake Global Positioning System locations, one can nevertheless localize user locations in band-based LBSD. Our methodology is guaranteed to localize any reported user within a circle of radius no greater than one meter, even for LBSD services using large bands (such as 100 m as used by WeChat). Eventually, countermeasures are proposed to reduce location privacy leakage to the very minimum. To the best of our knowledge, this is the first work that explicitly exploits and quantifies user location privacy leakage in band-based LBSD services. We expect our study to draw more public attention to this serious privacy issue and expectantly motivate better privacy preserving LBSD designs.

AB - Location-based social discovery (LBSD) services enable users to discover their geographic neighborhoods to make new friends. Original LBSD services were designed to provide the exact distances to nearby users. It has been shown that it is easy to pinpoint any target user's location by using trilateration based on the exact distances from three fake Global Positioning System locations to the target user. To defend against the trilateration attack, contemporary LBSD services then began to report distances of nearby users in concentric bands, for example, bands of 100 meters, rather than exact distances. In this paper, we investigate the user location privacy leakage problem in LBSD services reporting distances in discrete bands. Using number theory, we analytically show that by strategically placing multiple virtual probes with fake Global Positioning System locations, one can nevertheless localize user locations in band-based LBSD. Our methodology is guaranteed to localize any reported user within a circle of radius no greater than one meter, even for LBSD services using large bands (such as 100 m as used by WeChat). Eventually, countermeasures are proposed to reduce location privacy leakage to the very minimum. To the best of our knowledge, this is the first work that explicitly exploits and quantifies user location privacy leakage in band-based LBSD services. We expect our study to draw more public attention to this serious privacy issue and expectantly motivate better privacy preserving LBSD designs.

KW - Location privacy

KW - Location-based social discovery (LBSD)

KW - Number theory

UR - http://www.scopus.com/inward/record.url?scp=84959017221&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84959017221&partnerID=8YFLogxK

U2 - 10.1002/sec.1438

DO - 10.1002/sec.1438

M3 - Article

JO - Security and Communication Networks

JF - Security and Communication Networks

SN - 1939-0122

ER -