氨纶面料项目经营分析报告(项目总结分析).docx
《氨纶面料项目经营分析报告(项目总结分析).docx》由会员分享,可在线阅读,更多相关《氨纶面料项目经营分析报告(项目总结分析).docx(26页珍藏版)》请在文库网上搜索。
1、Wheres Wally? Precise User Discovery Attacks in Location Proximity Services Iasonas PolakisGeorge Argyros Theofi los Petsios Suphannee SivakornAngelos D. Keromytis Network Security Lab, Computer Science Dept. Columbia University, New York, NY, USA polakis, argyros, theofi los, suphannee, angeloscs.c
2、olumbia.edu Abstract Location proximity schemes have been adopted by social networks and other smartphone apps as a means of balanc- ing user privacy with utility. However, misconceptions about the privacy off ered by proximity services have rendered users vulnerable to trilateration attacks that ca
3、n expose their lo- cation. Such attacks have received major publicity and, as a result, popular service providers have deployed countermea- sures for preventing user discovery attacks. In this paper, we systematically assess the eff ectiveness of the defenses that proximity services have deployed ag
4、ainst adversaries attempting to identify a users location. We pro- vide the theoretical foundation for formalizing the problem under diff erent proximity models, design practical attacks for each case, and prove tight bounds on the number of queries required for carrying out the attacks. To evaluate
5、 the completeness of our approach, we conduct extensive experi- ments against popular services. While we identify a diverse set of defense techniques that prevent trilateration attacks, we demonstrate their ineffi ciency against more elaborate at- tacks. In fact, we pinpoint Facebook users within 5
6、meters of their exact location, and 90% of Foursquare users within 15 meters. Our attacks are extremely effi cient and complete within 3-7 seconds. The severity of our attacks was acknowl- edged by Facebook and Foursquare, both of which have fol- lowed our recommendations and adopted spatial cloakin
7、g to protect their users. Furthermore, our fi ndings have wide implications as numerous popular apps with a massive user base remain vulnerable to this signifi cant threat. 1.INTRODUCTION Location-based services (LBS) have become an integral part of everyday life. However, accessibility to fi ne-gra
8、ined location information has raised signifi cant privacy concerns, as users are exposed to various threats, ranging from the inference of sensitive data 33 (e.g., medical issues, politi- cal inclination and religious beliefs) to physical threats such as stalking 10. Furthermore, apart from the reve
9、lations re- garding mass user surveillance by government agencies, arti- cles have revealed that law enforcement agencies also follow more targeted, and unorthodox, tactics. Fake profi les are used to befriend users and gain access to personal data, as well as track their whereabouts by monitoring t
10、heir check- in behavior 6,8. Therefore, the information accessible by users contacts is a signifi cant aspect of their privacy. Revealing a users location is considered a signifi cant pri- vacy breach 46, and services are adopting the more privacy- preserving approach of location proximity: notifyin
11、g users about who is nearby, and at what distance. However, when the exact distance to a user is revealed by the service, trilat- eration attacks become feasible, with several examples being presented in the media recently. Articles have also reported that the Egyptian government used trilateration
12、to locate and imprison users of gay dating apps 7,9. While the use of trilateration has not been confi rmed, such reports highlight the potential severity of such attacks, and the importance of preserving the locational privacy of users. Naturally, these reports have caught the attention of popular
13、services, which in turn have deployed defense mechanisms to prevent local- ization attacks 2. In this paper, we explore the privacy guarantees of 10 popular social networks and LBS. We audit the services and identify the mechanisms deployed to protect the location privacy of their users. To evaluate
14、 the defenses that have been adopted by the industry, we formalize the problem of locating users as a search problem in the discrete Euclidean plane. To our knowledge, this is the fi rst formal treatment of user discovery attacks in proximity services. We prove tight bounds on the number of queries
15、required to attack a service under diff erent proximity models, and devise optimal algo- rithms that realize those attacks. The lower bounds on the query complexity of our techniques provide useful insight on the eff ectiveness of mitigations against localization attacks, such as rate limiting the n
16、umber of queries. We evaluate our attacks against four of the audited ser- vices that employ a diverse set of countermeasures. We show that user discovery attacks against proximity services may require complex techniques; our attacks include geometric algorithms that gradually reduce the candidate b
17、ounding area where a user resides, the employment of colluding ac- counts for obtaining side channel information on the distance between users, and the utilization of statistical algorithms for coping with the randomization used by services as a de- fense mechanism. Our results demonstrate that, des
18、pite the defense mechanisms in place, our attacks are still very ef- fective and time-effi cient, and practical for use at scale and on a continuous basis (real-time tracking).In particular, using a single account, we pinpoint Facebook users within 5 meters of their actual location in 3 seconds, and
19、 90% of Foursquares Swarm users within 15m in 7 seconds.We even stress-test our attacks and demonstrate the feasibility of tracking moving targets in real time. Due to the recent events 9, Grindr hides the distance information for citizens of oppressive regimes. Even without any distance informa- ti
20、on disclosed, we are able to carry out successful attacks by 1 inferring the distance to our target. Using a pair of collud- ing accounts, and the distance-based ordering of users by Grindr, we pinpoint 67% of the users within 10m of their exact location, and 98% within 19m. Similarly, even though S
21、kout implements a sophisticated randomization defense, we are able to pinpoint its users within 37.4m on average. Our fi ndings reveal that there is no industry standard for ensuring the locational privacy of users; attempts are based on ad-hoc approaches that often exhibit a lack of under- standing
22、 of the technical intricacies of localization attacks. Despite the active eff ort to prevent such threats, every ser- vice we audited was vulnerable to, at least, one of our at- tacks. To provide a robust solution, we revisit an obfuscation mechanism from the literature, namely spatial cloaking 19,
23、and apply it to the domain of distance-based proximity ser- vices. By quantizing the plane and mapping users to points on a grid, the service can prevent adversaries from pinpoint- ing users to a fi ner precision than that of a grid cell. To in- centivize services to adopt this defense, we provide a
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 面料 项目 经营 分析 报告 讲演 呈文 总结