Track Me If You Can: On the Effectiveness of Context-based Identifier Changes in Deployed Mobile Networks
Location privacy is a major concern in an increasingly connected and highly pervasive network of mobile users. Novel location-based applications and device-to-device services (on these mobile devices) are gaining popularity, but at the same time, these services allow curious service providers and eavesdroppers to track users and their movements. Earlier research efforts on location-privacy preservation, which were mostly based on identifier-change mechanisms in spatio-temporal de-correlation regions called mix-zones, show that coordinated identifier-change techniques are reasonably effective in a simulation setting, although some smart attacks are still possible. However, a thorough analysis of these mechanisms that takes into consideration communication patterns and mobility from a real-life deployment is missing from these results. In this paper, we evaluate in a real-life setting the effectiveness of standard mix-zone-based privacy protection mechanisms against probabilistic tracking attacks. Our exper- iments involved 80 volunteers carrying smartphones for 4 months and being constantly eavesdropped on an adversarial mesh network of standard wireless Access Points (APs). To the best of our knowledge, this is the first study that provides empirical evidence about the effectiveness of mix-zone-based privacy-preserving mechanisms against practical adversaries in upcoming wireless and mobile systems.
Record created on 2011-10-27, modified on 2016-08-09