Track Me If You Can: On the Effectiveness of Context-based Identifier Changes in Deployed Mobile Networks

Location privacy is a major concern in an increasingly connected and highly pervasive network of mobile users. Novel location-based applications and device-to-device services (on these mobile devices) are gaining popularity, but at the same time, these services allow curious service providers and eavesdroppers to track users and their movements. Earlier research efforts on location-privacy preservation, which were mostly based on identifier-change mechanisms in spatio-temporal de-correlation regions called mix-zones, show that coordinated identifier-change techniques are reasonably effective in a simulation setting, although some smart attacks are still possible. However, a thorough analysis of these mechanisms that takes into consideration communication patterns and mobility from a real-life deployment is missing from these results. In this paper, we evaluate in a real-life setting the effectiveness of standard mix-zone-based privacy protection mechanisms against probabilistic tracking attacks. Our exper- iments involved 80 volunteers carrying smartphones for 4 months and being constantly eavesdropped on an adversarial mesh network of standard wireless Access Points (APs). To the best of our knowledge, this is the first study that provides empirical evidence about the effectiveness of mix-zone-based privacy-preserving mechanisms against practical adversaries in upcoming wireless and mobile systems.

Published in:
Proceedings of the 19th Annual Network & Distributed System Security Symposium (NDSS 2012)
Presented at:
19th Annual Network & Distributed System Security Symposium (NDSS 2012), San Diego, California, USA, February 5-8, 2012
Internet Society

 Record created 2011-10-27, last modified 2018-03-18

Download fulltextPDF
Download fulltextPDF
Rate this document:

Rate this document:
(Not yet reviewed)