Research on Privacy Attack Based on Location Cheating in Social Network

doi:10.3969/j.issn.1671-1122.2017.05.008

Abstract

Abstract:

Location-based social network service (LBSNS) is widely considered to be the important trend of social networking services in the future. LBSNS combines the information sharing with location, which greatly enriches the people’s mobile social contents. However, because the location information is associated with the objective world, location sharing in LBSNS may disclose the identity information of the user. For the hidden danger, this paper proposes a privacy attack based on location cheating. The attack firstly adopts the Aircrack-ng and MDK3 tools to forge the AP, which deceives the target user’s location to a specified location. Then, the identity information of the target user is obtained by using the particularity of the specified location and the characteristic of information sharing in social network. The paper analyzes the principle and implementation steps of the privacy attack, and validates the attack in some mainstream social network applications. Validation shows that the attack can get the digital identity information of the user, which leads to disclosure of user privacy.

Key words: location-based social network, WiFi location system, location cheating, privacy attack

CLC Number:

TP309

Qing LI, A-yong YE, Li XU. Research on Privacy Attack Based on Location Cheating in Social Network[J]. Netinfo Security, 2017, 17(5): 51-56.

Figures/Tables 10

References 21

[1]	刘树栋,孟祥武.基于位置的社会化网络推荐系统[J].计算机学报,2015,38(2):322-336.
[2]	FERRARO R, AKTIHANOGLU M.Location-Aware Applications[J]. Manning, 2011(4849):377-383.
[3]	王乐,王勇,王东安,等.社交网络中信息传播预测的研究综述[J]. 信息网络安全,2015(5):47-55.
[4]	WANG Xiangyu, ZHAO Yiliang L, Nie Liqiang, et al.Semantic-Based Location Recommendation With Multimodal Venue Semantics[J]. IEEE Transactions on Multimedia, 2015, 17(3):409-419.
[5]	QIAO Xiuquan, SU Jianchong, ZHANG Jinsong, et al.Recommending Friends Instantly in Location-based Mobile Social Networks[J]. China Communications, 2014, 11(2):109-127.
[6]	BROOKER D, CAREY T, WARREN I.Middleware for Social Networking on Mobile Devices[C]// IEEE.ASWEC ‘10 Proceedings of the 2010 21st Australian Software Engineering Conference, April 6 - 9, 2010 .Washington, DC, USA .NJ: IEEE, 2010:202-211.
[7]	TIPPENHAUER N O, RASMUSSEN K B, PÖPPER C,et al. Attacks on Public WLAN-based Positioning Systems[C]//ACM. Proceedings of the 7th International Conference on Mobile Systems, Applications, and Services, June 22 - 25, 2009. Kraków, Poland .New York:ACM, 2009:29-40.
[8]	周傲英,杨彬,金澈清,等.基于位置的服务:架构与进展[J].计算机学报,2011,34(7): 1155-1171.
[9]	梁颖升,王琼霄,马存庆,等. 一种基于移动终端的可信消息传输方案设计[J]. 信息网络安全,2015(9):158-162.
[10]	车延辙. 基于位置服务中用户位置隐私保护关键技术研究[D].杭州:浙江大学,2013.
[11]	BETTINI C, WANG X S, JAJODIA S.Protecting Privacy against Location- based Personal Identification[A]// Secure Data Management[M]. Heidelberg: Springer, Berlin, Heidelberg, 2005:185-199.
[12]	SAPUTRO W U. Analisis Performance Jaringan Nirkabel Menggunakan Aircrack-Ng Dan Wireshark[EB/OL]. .
[13]	ASPj of k2wrlz.mdk3 Package Description[EB/OL]. .
[14]	BAHL P, PADMANABHAN V N.RADAR: An In-building RF-based User Location and Tracking System[J]. Proceedings - IEEE INFOCOM, 2000(2):775-784.
[15]	LI Binghao, SALTER J, DEMPSTER A G, et al. Indoor Positioning Techniques Based on Wireless LAN[EB/OL]. https://www.researchgate.net/publication/228998356_Indoor_positioning_techniques_based_on_wireless_LAN, 2017-3-10.
[16]	WiGLE.WiGLE: Wireless Network Mapping[EB/OL]. /,2017-2-12.
[17]	MATTE C, ACHARA J P, CUNCHE M.Short: Device-to-Identity Linking Attack Using Targeted Wi-Fi Geolocation Spoofing[C]// ACM.Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, June 22 - 26, 2015 . New York . New York :ACM,2015:1-6.
[18]	CUNCHE M.I Know Your MAC Address: Targeted Tracking of Individual Using WiFi[J]. Journal of Computer Virology and Hacking Techniques, 2014,10(4):219-227.
[19]	李凌云,敖吉,乔治,等. 基于微博的安全事件实时监测框架研究 [J].信息网络安全,2015(1):16-23.
[20]	新浪公司.位置服务-微博API [EB/OL]. .
[21]	Twitter. Streaming API Request Parameters-Twitter Developers [EB/OL]., 2010-6-22.