基于位置社交网络的高效定位算法

An effective localization attack in location-based social network

基于位置社交网络(Location-Based Social Network,LBSN)服务使得用户能够利用位置服务发现附近的人.原始的LBSN服务为用户提供确切的相对距离,而这种做法已被证实易于遭受三角定位攻击.为防御此类攻击,当今LBSN服务普遍采用以带宽的方式来报告距离.本文利用数论,通过技巧性地摆放虚拟探针,伪装地理位置,提出了一种不受地理位置限制、高精度、易于实现的定位目标算法.作为概念验证,本文使用微信进行实验最终验证了该攻击算法在实际部署中的有效性.本文的研究旨在呼吁LBSN服务提供商改进位置隐私保护技术,唤醒公众充分认识LBSN软件所带来的潜在隐私泄露.

Location-based social network （LBSN） services enable users to discover nearby people. Original LBSN services provide the exact distances for nearby users. Existing studies have shown that it is easy to localize target users by using trilateration methodology. To defend against the trilateration attack, current LBSN services adopt the concentric band-based approach when reporting distances. In this paper, by using number theory, we analytically show that by strategically placing multiple virtual probes as fake GPS, one can accurately pinpoint user locations with either accurate or coarse band-based distances. As a proof of this concept, WeChat is examplified to validate that our attack methodology is effective in a real-world deployment. Our study is expected to draw more public attention to this serious privacy issue and hopefully motivate better privacy-preserving LBSN designs.