Location leaks over the GSM air interface

Cellular phones have become a ubiquitous means of communications with over 5 billion users worldwide in 2010, of which 80% are GSM subscribers. Due to their use of the wireless medium and their mobile nature, those phones listen to broadcast communications that could reveal their physical location to a passive adversary. In this paper, we investigate techniques to test if a user is present within a small area, or absent from a large area by simply listening on the broadcast GSM channels. With a combination of readily available hardware and open source software, we demonstrate practical location test attacks that include circumventing the temporary identifier designed to protect the identity of the end user. Finally we propose solutions that would improve the location privacy of users with low system impact.

[1]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[2]  George Danezis,et al.  GENERAL TERMS , 2003 .

[3]  Mike Y. Chen,et al.  Practical Metropolitan-Scale Positioning for GSM Phones , 2006, UbiComp.

[4]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.

[5]  Steven Myers,et al.  Mobile location tracking in metro areas: malnets and others , 2010, CCS '10.

[6]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[7]  Albert-László Barabási,et al.  Understanding individual human mobility patterns , 2008, Nature.

[8]  George Danezis,et al.  The Traffic Analysis of Continuous-Time Mixes , 2004, Privacy Enhancing Technologies.

[9]  Gordon L. Stüber,et al.  Overview of radiolocation in CDMA cellular systems , 1998, IEEE Commun. Mag..

[10]  Govind Krishnamurthi,et al.  Providing end-to-end location privacy in IP-based mobile communication , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).