Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with
fake location data. These attacks have been mostly studied in scenarios where victims remain static and there
are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to
locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more
realistic to consider scenarios where potential victims present a particular mobility pattern. In this paper, we
consider abstract (constrained and unconstrained) attacks on services that provide location information on
other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that
when unconstrained they can practically achieve success with theoretically optimal effort. We then propose
a simple yet effective constraint that may be employed by a proximity service (for example, running in the
cloud or using a suitable two-party protocol) as countermeasure to increase the effort for the attacker several
orders of magnitude both in simulated and real-world cases.
History
Preferred Citation
Xueou Wang, Xiaolu Hou, Ruben Rios, Nils Tippenhauer and Martín Ochoa. Constrained Proximity Attacks on Mobile Targets. In: ACM Transactions on Privacy and Security. 2022.
Primary Research Area
Empirical and Behavioral Security
Legacy Posted Date
2022-04-23
Journal
ACM Transactions on Privacy and Security
Open Access Type
Unknown
Sub Type
Article
BibTeX
@article{cispa_all_3614,
title = "Constrained Proximity Attacks on Mobile Targets",
author = "Wang, Xueou and Hou, Xiaolu and Rios, Ruben and Tippenhauer, Nils Ole and Ochoa, Martín",
journal="{ACM Transactions on Privacy and Security}",
year="2022",
}