Skip to main content
SpringerLink
Log in

No Place to Hide that Bytes Won’t Reveal: Sniffing Location-Based Encrypted Traffic to Track a User’s Position

  • Conference paper
  • First Online:
Network and System Security (NSS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9408))

Included in the following conference series:

Abstract

News reports of the last few years indicated that several intelligence agencies are able to monitor large networks or entire portions of the Internet backbone. Such a powerful adversary has only recently been considered by the academic literature.

In this paper, we propose a new adversary model for Location Based Services (LBSs). The model takes into account an unauthorized third party, different from the LBS provider itself, that wants to infer the location and monitor the movements of a LBS user. We show that such an adversary can extrapolate the position of a target user by just analyzing the size and the timing of the encrypted traffic exchanged between that user and the LBS provider. We performed a thorough analysis of a widely deployed location based app that comes pre-installed with many Android devices: GoogleNow. The results are encouraging and highlight the importance of devising more effective countermeasures against powerful adversaries to preserve the privacy of LBS users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Man in the middle proxy. https://mitmproxy.org/

  2. Protocol buffers - google’s data interchange format (2008). https://github.com/google/protobuf

  3. Meet the machines that steal your phone’s data — ars technica (2013). http://tinyurl.com/o9vd4u9

  4. Schneier on security: How the nsa attacks tor/firefox users with quantum and foxacid (2013). http://tinyurl.com/n84axpz

  5. For sale: Systems that can secretly track where cellphone users go around the globe - the washington post (2014). http://tinyurl.com/kuazdjs

  6. Your location has been shared 5398 times (2015). http://tinyurl.com/nuh6w4e

  7. Andrés, M.E., Bordenabe, N.E., Chatzikokolakis, K., Palamidessi, C.: Geo-indistinguishability: differential privacy for location-based systems. In: Proc. of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 901–914. ACM, New York (2013)

    Google Scholar 

  8. Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: An obfuscation-based approach for protecting location privacy. IEEE Transactions on Dependable and Secure Computing 8(1), 13–27 (2011)

    Article  Google Scholar 

  9. Berthold, O., Federrath, H., Köhntopp, M.: Project anonymity and unobservability in the internet. In: Proc. of the Tenth Conference on Computers, Freedom and Privacy: Challenging the Assumptions, CFP 2000, pp. 57–65. ACM, New York (2000)

    Google Scholar 

  10. Chow, C.-Y., Mokbel, M.F., Liu, X.: A peer-to-peer spatial cloaking algorithm for anonymous location-based service. In: Proc. of the 14th Annual ACM International Symposium on Advances in Geographic Information Systems, GIS 2006, pp. 171–178. ACM, New York (2006)

    Google Scholar 

  11. Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Can’t you hear me knocking: Identification of user actions on android apps via traffic analysis. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, pp. 297–304. ACM, New York (2015)

    Google Scholar 

  12. Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In: Proc. of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 332–346. IEEE Computer Society, Washington (2012)

    Google Scholar 

  13. Google.com. Add or remove now cards (2015). http://tinyurl.com/ppy4svc

  14. Google.com. Google now (2015). https://www.google.com/landing/now

  15. Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. of the 1st International Conference on Mobile Systems, Applications and Services, MobiSys 2003, pp. 31–42. ACM, New York (2003)

    Google Scholar 

  16. Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naive-bayes classifier. In: Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, pp. 31–42. ACM, New York (2009)

    Google Scholar 

  17. Liberatore, M., Levine, B.N.: Inferring the source of encrypted http connections. In: Proc. of the 13th ACM Conference on Computer and Communications Security. ACM, New York (2006)

    Google Scholar 

  18. Luo, X., Zhou, P., Chan, E.W.W., Lee, W., Chang, R.K.C., Perdisci, R.: Httpos: Sealing information leaks with browser-side obfuscation of encrypted flows. In: Proc. Network and Distributed Systems Symposium (NDSS). The Internet Society (2011)

    Google Scholar 

  19. Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proc. of the 10th Annual ACM Workshop on Privacy in the Electronic Society, WPES 2011, pp. 103–114. ACM, New York (2011)

    Google Scholar 

  20. Raymond, J.-F.: Traffic analysis: protocols, attacks, design issues, and open problems. In: Federrath, H. (ed.) Anonymity 2000. LNCS, vol. 2009, pp. 10–29. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  21. Riboni, D., Villani, A., Vitali, D., Bettini, C., Mancini, L.V.: Obfuscation of sensitive data for incremental release of network flows. IEEE/ACM Transactions on Networking 23(2), 672–686 (2015)

    Article  Google Scholar 

  22. Stöber, T., Frank, M., Schmitt, J., Martinovic, I.: Who do you sync you are?: smartphone fingerprinting via application behaviour. In: Proc. of ACM WiSec (2013)

    Google Scholar 

  23. Verde, N.V., Ateniese, G., Gabrielli, E., Mancini, L.V., Spognardi, A.: No nat’d user left behind: fingerprinting users behind nat from netflow records alone. In: Proc. of the 2014 IEEE 34th International Conference on Distributed Computing Systems, ICDCS 2014, pp. 218–227. IEEE Computer Society, Madrid (2014)

    Google Scholar 

  24. Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., Masson, G.M.: Spot me if you can: Uncovering spoken phrases in encrypted voip conversations. In: Proc. of the 2008 IEEE Symposium on Security and Privacy, SP 2008, pp. 35–49. IEEE Computer Society, Washington (2008)

    Google Scholar 

  25. Wright, C.V., Coull, S.E., Monrose, F.: Traffic morphing: an efficient defense against statistical traffic analysis. In: Proc. of the 16th Network and Distributed Security Symposium, pp. 237–250. IEEE (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università di Roma “La Sapienza”, Via Salaria 113, 00198, Rome, Italy

    Giuseppe Ateniese, Briland Hitaj, Luigi Vincenzo Mancini, Nino Vincenzo Verde & Antonio Villani

Authors
  1. Giuseppe Ateniese
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Briland Hitaj
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luigi Vincenzo Mancini
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nino Vincenzo Verde
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Antonio Villani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Briland Hitaj .

Editor information

Editors and Affiliations

  1. Apt. 2A, NEW YORK, New York, USA

    Meikang Qiu

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Dept. of Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  4. University of Otago, Dunedin, New Zealand

    Haibo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ateniese, G., Hitaj, B., Mancini, L.V., Verde, N.V., Villani, A. (2015). No Place to Hide that Bytes Won’t Reveal: Sniffing Location-Based Encrypted Traffic to Track a User’s Position. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation