News reports of the last few years indicated that several intelligence agencies are able to monitor large networks or entire portions of the Internet backbone. Such a powerful adversary has only recently been considered by the academic literature. In this paper, we propose a new adversary model for Location Based Services (LBSs). The model takes into account an unauthorized third party, different from the LBS provider itself, that wants to infer the location and monitor the movements of a LBS user. We show that such an adversary can extrapolate the position of a target user by just analyzing the size and the timing of the encrypted traffic exchanged between that user and the LBS provider. We performed a thorough analysis of a widely deployed location based app that comes pre-installed with many Android devices: GoogleNow. The results are encouraging and highlight the importance of devising more effective countermeasures against powerful adversaries to preserve the privacy of LBS users.

No place to hide that bytes won’t reveal: sniffing location-based encrypted traffic to track a user’s position / Ateniese, Giuseppe; Hitaj, Briland; Mancini, Luigi Vincenzo; Verde, NINO VINCENZO; Villani, Antonio. - 9408:(2015), pp. 46-59. (Intervento presentato al convegno 9th International Conference on Network and System Security, NSS 2015 tenutosi a New York; USA) [10.1007/978-3-319-25645-0_4].

No place to hide that bytes won’t reveal: sniffing location-based encrypted traffic to track a user’s position

ATENIESE, GIUSEPPE;HITAJ, BRILAND;MANCINI, Luigi Vincenzo;VERDE, NINO VINCENZO;VILLANI, Antonio
2015

Abstract

News reports of the last few years indicated that several intelligence agencies are able to monitor large networks or entire portions of the Internet backbone. Such a powerful adversary has only recently been considered by the academic literature. In this paper, we propose a new adversary model for Location Based Services (LBSs). The model takes into account an unauthorized third party, different from the LBS provider itself, that wants to infer the location and monitor the movements of a LBS user. We show that such an adversary can extrapolate the position of a target user by just analyzing the size and the timing of the encrypted traffic exchanged between that user and the LBS provider. We performed a thorough analysis of a widely deployed location based app that comes pre-installed with many Android devices: GoogleNow. The results are encouraging and highlight the importance of devising more effective countermeasures against powerful adversaries to preserve the privacy of LBS users.
2015
9th International Conference on Network and System Security, NSS 2015
GoogleNow; location-based services; mobile devices; network traffic analysis; privacy
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
No place to hide that bytes won’t reveal: sniffing location-based encrypted traffic to track a user’s position / Ateniese, Giuseppe; Hitaj, Briland; Mancini, Luigi Vincenzo; Verde, NINO VINCENZO; Villani, Antonio. - 9408:(2015), pp. 46-59. (Intervento presentato al convegno 9th International Conference on Network and System Security, NSS 2015 tenutosi a New York; USA) [10.1007/978-3-319-25645-0_4].
File allegati a questo prodotto
File Dimensione Formato  
Ateniese_No-place_2015.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 377.37 kB
Formato Adobe PDF
377.37 kB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/857020
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? ND
social impact