Constrained Proximity Attacks on Mobile Targets

TitleConstrained Proximity Attacks on Mobile Targets
Publication TypeJournal Article
Year of PublicationIn Press
AuthorsX. Wang, X. Hou, R. Rios, N. Ole Tippenhauer, and M. Ochoa
JournalACM Transactions on Privacy and Security (TOPS)
PublisherAssociation for Computer Machinery (ACM)
ISSN Number2471-2566
KeywordsLocation Privacy, mobility pattern, proximity attacks, quantification
Abstract

Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this paper, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.

DOI10.1145/3498543
Citation Keyrios2022cpa

Supported by SAVE SecureEDGE