TY - GEN
T1 - Attacks and defenses in location-based social networks
T2 - International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2015
AU - Peng, Jiawen
AU - Meng, Yan
AU - Xue, Minhui
AU - Hei, Xiaojun
AU - Ross, Keith W.
N1 - Funding Information:
This work was supported in part by the National Natural Science Foundation of China, under Grant 61370231, in part by the Fundamental Research Funds for the Central Universities under Grant HUST:2014QN156. This work was also supported in part by the Natural Science Foundation, under Grant CNS-1318659.
Publisher Copyright:
© 2015 IEEE.
PY - 2016/1/4
Y1 - 2016/1/4
N2 - The rapid growth of location-based social network (LBSN) applications - such as WeChat, Momo, and Yik Yak - has in essence facilitated the promotion of anonymously sharing instant messages and open discussions. These services breed a unique anonymous atmosphere for users to discover their geographic neighborhoods and then initiate private communications. In this paper, we demonstrate how such location-based features of WeChat can be exploited to determine the user's location with sufficient accuracy in any city from any location in the world. Guided by the number theory, we design and implement two generic localization attack algorithms to track anonymous users' locations that can be potentially adapted to any other LBSN services. We evaluated the performance of the proposed algorithms using Matlab simulation experiments and also deployed real-world experiments for validating our methodology. Our results show that WeChat, and other LBSN services as such, have a potential location privacy leakage problem. Finally, k-anonymity based countermeasures are proposed to mitigate the localization attacks without significantly compromising the quality-of-service of LBSN applications. We expect our research to bring this serious privacy pertinent issue into the spotlight and hopefully motivate better privacy-preserving LBSN designs.
AB - The rapid growth of location-based social network (LBSN) applications - such as WeChat, Momo, and Yik Yak - has in essence facilitated the promotion of anonymously sharing instant messages and open discussions. These services breed a unique anonymous atmosphere for users to discover their geographic neighborhoods and then initiate private communications. In this paper, we demonstrate how such location-based features of WeChat can be exploited to determine the user's location with sufficient accuracy in any city from any location in the world. Guided by the number theory, we design and implement two generic localization attack algorithms to track anonymous users' locations that can be potentially adapted to any other LBSN services. We evaluated the performance of the proposed algorithms using Matlab simulation experiments and also deployed real-world experiments for validating our methodology. Our results show that WeChat, and other LBSN services as such, have a potential location privacy leakage problem. Finally, k-anonymity based countermeasures are proposed to mitigate the localization attacks without significantly compromising the quality-of-service of LBSN applications. We expect our research to bring this serious privacy pertinent issue into the spotlight and hopefully motivate better privacy-preserving LBSN designs.
KW - Localization attack
KW - Location-based social network
KW - Number theory
KW - Privacy
KW - Wechat
UR - http://www.scopus.com/inward/record.url?scp=84964354228&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964354228&partnerID=8YFLogxK
U2 - 10.1109/SocialSec2015.19
DO - 10.1109/SocialSec2015.19
M3 - Conference contribution
AN - SCOPUS:84964354228
T3 - Proceedings - 2015 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2015
SP - 64
EP - 71
BT - Proceedings - 2015 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2015
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 16 November 2015 through 18 November 2015
ER -