信息网络安全 ›› 2017, Vol. 17 ›› Issue (5): 51-56.doi: 10.3969/j.issn.1671-1122.2017.05.008

• • 上一篇    下一篇

社交网络中基于定位欺骗的隐私攻击研究

李晴, 叶阿勇(), 许力   

  1. 福建师范大学数学与计算机科学学院,福建福州350007
  • 收稿日期:2016-03-31 出版日期:2017-05-20 发布日期:2020-05-12
  • 作者简介:

    作者简介: 李晴(1992—) ,女,福建,硕士研究生,主要研究方向为网络与通信;叶阿勇(1977—),男,福建,教授,博士,主要研究方向为基于位置的服务、隐私计算、无线定位技术;许力(1970—) ,男,福建,教授,博士,主要研究方向为网络与信息系统。

  • 基金资助:
    国家自然科学基金海峡联合基金重点项目[U1405255];福建省高校自然科学基金青年重点项目[JZ160430];福州科技计划项目[2015-G-51]

Research on Privacy Attack Based on Location Cheating in Social Network

Qing LI, A-yong YE(), Li XU   

  1. College of Mathematics and Computer Science, Fujian Normal University, Fuzhou Fujian 350007, China
  • Received:2016-03-31 Online:2017-05-20 Published:2020-05-12

摘要:

基于位置的社交网络服务(Location-based Social Network Service, LBSNS)被普遍认为是未来社交网络服务发展的重要趋势。LBSNS将信息分享与位置相结合,极大丰富了人们的移动社交内容。然而,由于位置信息与客观世界具有关联性,LBSNS中的位置共享可能泄露用户的身份信息。针对该隐患,文章提出一种基于定位欺骗的隐私攻击。该攻击首先采用Aircrack-ng和MDK3工具伪造AP,将目标用户的定位信息欺骗到指定位置;然后,利用该位置的特殊性以及社交网络的信息共享特点,获得目标用户的身份信息。文章剖析该隐私攻击的原理和实施步骤,并在若干主流社交网络应用中进行验证。验证表明,该攻击可以获取用户在其社交网络中的数字身份信息,从而导致用户隐私泄露。

关键词: 基于位置的社交网络, 无线定位系统, 定位欺骗, 隐私攻击

Abstract:

Location-based social network service (LBSNS) is widely considered to be the important trend of social networking services in the future. LBSNS combines the information sharing with location, which greatly enriches the people’s mobile social contents. However, because the location information is associated with the objective world, location sharing in LBSNS may disclose the identity information of the user. For the hidden danger, this paper proposes a privacy attack based on location cheating. The attack firstly adopts the Aircrack-ng and MDK3 tools to forge the AP, which deceives the target user’s location to a specified location. Then, the identity information of the target user is obtained by using the particularity of the specified location and the characteristic of information sharing in social network. The paper analyzes the principle and implementation steps of the privacy attack, and validates the attack in some mainstream social network applications. Validation shows that the attack can get the digital identity information of the user, which leads to disclosure of user privacy.

Key words: location-based social network, WiFi location system, location cheating, privacy attack

中图分类号: