A Location Privacy Attack Based on the Location Sharing Mechanism with Erroneous Distance in Geosocial Networks

sensors

Article A Location Privacy Attack Based on the Location Sharing Mechanism with Erroneous Distance in Geosocial Networks

Tu-Liang Lin, Hong-Yi Chang * and Sheng-Lin Li

Department of Management Information Systems, National Chiayi University, Chiayi 60004, Taiwan; [email protected] (T.-L.L.); [email protected] (S.-L.L.) * Correspondence: [email protected]

Received: 31 October 2019; Accepted: 5 February 2020; Published: 9 February 2020

Abstract: Geographical social networks (GSN) is an emerging research area. For example, Foursquare, Yelp, and WeChat are all well-known service providers in this field. These applications are also known as location-based services (LBS). Previous studies have suggested that these location-based services may expose user location information. In order to ensure the privacy of the user’s location data, the service provider may provide corresponding protection mechanisms for its applications, including spatial cloaking, fuzzy location information, etc., so that the user’s real location cannot be easily cracked. It has been shown that if the positioning data provided by the user is not accurate enough, it is still difficult for an attacker to obtain the user’s true location. Taking this factor into consideration, our attack method is divided into two stages for the entire attack process: (1) Search stage: cover the area where the targeted user is located with unit discs, and then calculate the minimum dominating set. Use the triangle positioning method to find the minimum precision disc. (2) Inference phase: Considering the existence of errors, an Error-Adjusted Space Partition Attack Algorithm (EASPAA) was proposed during the inference phase. Improved the need for accurate distance information to be able to derive the user’s true location. In this study, we focus on the Location Sharing Mechanism with Maximal Coverage Limit to implement the whole attack. Experimental results show that the proposed method still can accurately infer the user’s real location even when there is an error in the user’s location information.

Keywords: geosocial networks; location privacy; location-based services; location sharing mechanism

1. Introduction Due to the rapid development of the Internet, social networks can further share each other’s geographical information, so they can also be called Geosocial Networks (GSNs). For example, Facebook, WeChat, Weibo, Swarm, Skout, iPair, and BeeTalk are all well-known applications in this ﬁeld. Due to the rise of mobile devices, the number of users using GSNs is growing rapidly [1]. Because almost all mobile devices are equipped with Internet connectivity and location awareness, GSNs providers are able to get users’ location information through GPS. In order to provide users with more convenient services, many GSNs provide location sharing mechanisms. Users can easily share their current location, or even know the distance information of other users, thus creating privacy issues. According to the past research [2], nearly 75% of the mobile phone users may turn on the GPS of the mobile phones to use these GSN apps conveniently and 51% of these people will avoid downloading the GSN apps due to privacy issues [3] and 46% will turn oﬀ their GPS. From the above data, we can see that most people still care about privacy issues caused by the leakage of location information. Many scholars have suggested the impact of leaking location privacy information. Pontes points out

Sensors 2020, 20, 918; doi:10.3390/s20030918 www.mdpi.com/journal/sensors Sensors 2020, 20, 918 2 of 16 that when using Foursquare’s public location information which contains about nearly 13 million users in the dataset, 78% of users’ home cities can be correctly inferred from the Foursquare’s location dataset [4]. Krumm targeted specific users and tracked GPS location information for two weeks to infer the home locations. The inferred home locations are only 60 m on average away from the real home locations [5]. If this sensitive information is known by a malicious attacker, it may put users at risk. In order to prevent the misuse of location information, many location privacy protection mechanisms based on shared location services have been proposed [6], including the use of encrypted distance information exchange protocols, obfuscation of distance information, generation of cloaking regions or virtual user locations, etc. Although these privacy protection mechanisms can effectively resist the attack methods proposed by scholars in some cases [7,8], they are still some space for improvements. Therefore, this study points out the shortcoming facts and develops attack methods based on the current location sharing mechanisms. The developed attack method can prove that although the service provider has some privacy protection mechanisms, it still cannot effectively prevent malicious attackers from obtaining user location information. This study explores current popular GSNs, including Foursquare Swarm, WeChat, etc. In this study, we first survey the existing location sharing mechanisms to understand the difference between the shared distance and the true distance. After that, attack algorithms for different location sharing mechanisms will be designed, so that the obfuscated distance information can be properly used to estimate the true location of the targeted user. Due to the fact that the distance information returned by GSNs may contain some uncertainty, this kind of uncertainty can protect the real location information in the past. The algorithms proposed in this research can effectively solve the uncertainty problem. The past attack algorithms cannot effectively locate the user’s real location due to the existence of small distance errors generated by GSNs. This study simulates the location sharing mechanisms provided by existing GSNs and demonstrates that despite the existence of location privacy protection mechanisms, the attacker can still locate the real location of the targeted user. There are five sections in this research. In the second section, we will explore the related literature, including the location sharing mechanisms and attack patterns. The third section defines the problem and describes the proposed algorithm called Error-Adjusted Space Partition Attack Algorithm (ESPAA). The experimental results and analysis are presented in the fourth section. The fifth section is the conclusion.

2. Related Work

2.1. Location Sharing Mechanisms of Geosocial Networks In contrast to general social networks, GSN service providers can appropriately share other users’ location information based on the location information provided by users. The location sharing mechanisms currently adopted by GSNs can be roughly divided into two categories, direct location sharing and indirect location sharing [9].

Direct Location Sharing: The users are equipped with smart phone devices that can report Global Positioning System (GPS) locations. Therefore, users can actively report their location directly to GSNs. In this process, after receiving the GPS locations, the GSN service providers return a list of nearby stores to users and users choose one form the list. For example, checking in, tagging, and giving reviews to speciﬁc stores are all direct location sharing mechanisms. Indirect Location Sharing: There are many GSN applications allowing user to share the current location with friends or relatives. With proper permissions, the app can notify users when their friends are close to where they are, so users can see the distances of other users. In order to protect the security and privacy of the individual, two protection mechanisms, Maximal Coverage Limit and Minimal Accuracy Limit, are used in the indirect location sharing. Sensors 2020, 20, 918 3 of 16

i. Maximal Coverage Limit: Users can only get distance information of other nearby users. When the distance between two users exceeds a certain threshold value called Maximal Coverage Limit, the distance information will not be displayed to users. ii. Minimal Accuracy Limit: Almost all current GSNs have implemented the Minimal Accuracy Limit mechanism. When the distance between two users is below a certain threshold value called Minimal Accuracy Limit, the distance provided by GSN apps will only show the ﬁxed threshold value. So, malicious users won’t be able to get real distance when the distance between two users is too close.

The above-mentioned Maximal Coverage Limit and Minimal Accuracy Limit mechanisms can prevent attackers from accurately locating a user’s true location when using indirect location sharing, but the location information still can be used to estimate an user’s activity area.

2.2. Geosocial Networks Location Attack Algorithms In the past, there were three different patterns for indirect location sharing based attacks, namely, location sharing with Maximal Coverage Limit, location sharing without Maximal Coverage Limit and the Random patterns [7,8,10]. Previous proposed attack algorithms all use two-stage attack methods. The first stage is searching. The purpose of searching stage is to find possible areas of the targeted user, and further search for areas formed by the Minimal Accuracy Limit constraints. The second stage is the inference stage. The purpose of the inference stage is to overcome the Minimal Accuracy Limit constraints, so the most likely location can be inferred from the possible areas. The followings explain the past related attack methods for different patterns.

Search Stage Algorithm with Maximal Coverage Limit: Due to the existence of the Maximal Coverage Limit, if the attacker is out of the range limit, it is impossible to obtain the distance of the targeted user. Therefore, the attacker must first be able to find out which area the targeted user might be in. The following is an overview of the algorithms used in the first stage.

i. Scan Algorithm: An attacker attempts to find the area where the targeted user may be located by collecting location information shared by direct location sharing function [7]. Random search is used to pick fake GPS locations and the fake GPS locations are then used to query the GSN until the GSN returns the distance of the targeted user. Because of the random search method, the algorithm is time-consuming. ii. Disk Coverage Algorithm: The premise of applying this method is that the GSNs can return a specific area of the targeted user such as Taipei [8]. The disc coverage algorithm covers the returned specific area with unit discs. The distance between the unit discs is set to √3r. Then the minimum dominating set of the unit discs is selected and will be used to find out the specific unit disc where the targeted user is in.

Search Stage Algorithm without Maximal Coverage Limit: Since there is no maximal coverage limit, no matter where the attacker is, the attacker can always get the distance information of the target user. Therefore, iterative trilateration based localization algorithm is the most extensive and effective search algorithm in this case. The iterative trilateration algorithm [7] is mainly modified from the past traditional trilateration algorithm. The traditional trilateration algorithm uses three reference points to calculate the position of the unknown point. As shown in Figure1, there are three reference points (C1, C2 and C3) and an unknown point O. The distances between the reference points, C1, C2 and C3, and the unknown point O are r1, r2 and r3. Three circles can be drawn using C1, C2 and C3 as centers and r1, r2 and r3 as radii. These three circles intersect, and this intersection is considered to be the estimated position of the unknown node. The Iterative Trilateration-based Localization Algorithm first randomly generates three positions, and finds an estimated point using the traditional trilateration algorithm with the three generated Sensors 2020, 20, x FOR PEER REVIEW 4 of 18

Reference node

Unknown node Sensors 2020, 20, 918 4 of 16

positions, and then replaces the farthest generated position with the estimated point. This trilateration iterates continuouslyC1 until the termination conditions are met. Figure2 shows the C2 schematicSensors 2020 diagram, 20, x FOR of PEER the REVIEW Iterative Trilateration-based Localization Algorithm. 4 of 18 r1 r2 Reference node

O Unknown node

C1 C3 C2 r1 r2

Figure 1. SchematicC3 diagram of triangulation.

The Iterative Trilateration-based Localization Algorithm first randomly generates three positions, and finds an estimated point using the traditional trilateration algorithm with the three generated positions, and then replaces the farthest generated position with the estimated point. This trilateration iterates continuously until the termination conditions are met. Figure 2 shows the schematic diagramFigure Figureof 1. theSchematic 1. Iterative Schematic diagram Trilateration-baseddiagram of of triangulation. triangulation. Localization Algorithm.

The Iterative Trilateration-based Localization Algorithm first randomly generates three positions, and finds an estimated point using the traditional trilateration algorithm with the three generated positions, and then replaces the farthest generated position with the estimated point. This trilateration iterates continuously until the termination conditions are met. Figure 2 shows the schematic diagram of the Iterative Trilateration-based Localization Algorithm.

Figure 2. Schematic diagram of the IterativeIterative Trilateration-basedTrilateration-based LocalizationLocalization Algorithm.Algorithm. (Modified(Modified from [[7]).7]). .  InferenceInference Stage Stage Algorithm Algorithm:: After After the the search search stage, stage, in in order order to to get get the the position position of of the the target user Figure 2. Schematic diagram of the Iterative Trilateration-based Localization Algorithm. (Modified moremore accurately,accurately,from [7]). the the Minimum Minimum Accuracy Accuracy Limit Limit must must be overcome. be overcome. In the past,In the the past, Space the Partition Space PartitionAttack Algorithm Attack Algorithm (SPAA) was (SPAA) adopted was in adopted this stage in [this7,8]. stage When [7,8]. an attackerWhen an finds attacker out the finds region out thewhere region theInference where target Stage userthe targetAlgorithm might user be: After in, might the the positioning besearch in, thstage,e positioning accuracyin order to is accuracyget limited the position byis limited the of Minimal the by target the Accuracy Minimaluser AccuracyLimit. Formore Limit. example, accurately, For example, the closestthe Minimum the distance closest Accuracy betweendistance Limit twobetween must users be two that overcome. users can bethat In shown canthe bepast, in shown Skout the Space isin 800Skout m; Partition Attack Algorithm (SPAA) was adopted in this stage [7,8]. When an attacker finds out isthe 800 closest m; the distance closest indistance Wechat in is Wechat about 100 is ab m.out Therefore, 100 m. Therefore, in order to in overcome order to theovercome limitation, the the region where the target user might be in, the positioning accuracy is limited by the Minimal limitation,the SpaceAccuracy Partitionthe Space Limit. Attack Partition For example, Algorithm Attack the closest (SPAA)Algori distancethm was (SPAA) proposed.between was two The usersproposed. SPAA that can determine The be shown SPAA whetherin determine Skout the whethertarget user isthe 800 is target locatedm; the user closest in is the located distance specific in in areathe Wechat specific by iterating is ab areaout by over100 iteratin m. the Therefore, fixedg over area. inthe order The fixed conceptto area. overcome The is shown conceptthe in isFigure shown3.limitation, Inin order Figure tothe simplify Space3. In Partitionorder the calculationto Attack simplify Algori problem, thethm (SPAA)calculation the Convexwas proposed.problem, Position The the EstimationSPAA Convex determine (CPE)Position is Estimationused to estimatewhether (CPE) the an is rectangletargetused userto estimate [is11 located]. In CPE,an in rectanglthe squares specifice [11]. insteadarea byIn iteratinCPE, of circles squaresg over are the used instead fixed to area. cover of circlesThe the concept area. are used CPE repletelyis calculates shown in theFigure possible 3. In squaresorder to wheresimplify the the target calculation user might problem, be located. the Convex The Position intersection Estimation (CPE) is used to estimate an rectangle [11]. In CPE, squares instead of circles are used of these squares will be used to infer the position of the target user. The calculation ends when

the desired detection accuracy is achieved. Sensors 2020, 20, x FOR PEER REVIEW 5 of 18

to cover the area. CPE repletely calculates the possible squares where the target user might be Sensors 2020, 20located., 918 The intersection of these squares will be used to infer the position of the target user. The 5 of 16 calculation ends when the desired detection accuracy is achieved.

FigureFigure 3. Schematic 3. Schematic diagram diagram of of Space SpacePartition Partition A Attackttack Algorithm. Algorithm. (Modified (Modiﬁed from [7]). from [7]).

Localization Localization Attack Attack Algorithm Algorithm with Randomwith Random Location Location Sharing Sharing Mechanism Mechanism: Since: protectionSince protection mechanisms like spacemechanisms cloaking like [ space12–14 cloaking] have been[12–14] proposed have been inproposed the past, in the the past, location the location information information returned by GSNsreturned may by be GSNs randomized may be randomized to some extent. to some The extent. distance The distance information information returned returned by GSNs by may GSNs may not be the true distance. Therefore, Maximum Likelihood Estimation was proposed not be the true distance. Therefore, Maximum Likelihood Estimation was proposed to calculate to calculate the true position from uncertain location data [8]. However, this type of attack must the truecollect position a large fromamount uncertain of data to verify location the feasib dataility [8]. of However, the model, thisso this type type ofof attack method must collect a largeis amount more challenging of datato than verify the previous the feasibility two methods. of the model, so this type of attack method is more challenging than the previous two methods. Although the location information is protected by some mechanisms, it is still not enough. An Althoughattacker can the infer location the sensitive information information is protected of the target by user some in various mechanisms, ways, even it isif only still partial not enough. An attackerlocation can information infer the is sensitiveleaked. Various information positioning of methods the target can be user adopted in various to infer ways,the users’ even real if only locations. partial location information is leaked. Various positioning methods can be adopted to infer the users’ real locations.3. Problem Description

3. ProblemIn Description the previous section, various GSN location attack algorithms are introduced. Attackers can easily use the location sharing function to obtain distance information, and then locate the positioning Incoordinates the previous of the section, target user various from GSN the obtained location distance attack information. algorithms However, are introduced. past research Attackers did can easily usenot thetake location into account sharing the possibility function tothat obtain GSNs distancemight return information, inaccurate anddistance then information locate the when positioning coordinatesdesigning of the the target inference user stage from in theattack obtained algorithms distance and this information. will lead to However,inaccuracy pastpositioning. research did Therefore, this study will propose an error-tolerant algorithm that can produce more accurate not take into account the possibility that GSNs might return inaccurate distance information when positioning results than previous attack algorithms. designing the inference stage in attack algorithms and this will lead to inaccuracy positioning. Therefore, this study3.1. willProblem propose Definition an error-tolerant algorithm that can produce more accurate positioning results than previousWe attackwill define algorithms. the hypotheses for this study and then explain the threat model. The threat model simulates one attacker attacking another victimized target. A problem called User Discovery Problem 3.1. Problem(UDP) Definition is proposed and the Location Sharing Mechanism (LSM) which is provided by service Weproviders will define is also the defined hypotheses in this section. for this study and then explain the threat model. The threat model simulatesi. oneHypotheses attacker: Previous attacking studies another [9] have victimized shown that target. users Aspend problem most of called their time User in Discovery fixed places, Problem (UDP) is proposedso the concept and the of Top Location N places Sharing is proposed. Mechanism For example, (LSM) home which or isworkplace provided are by the service locations providers that belong to Top 1 and Top 2. In this study, we made the following assumptions. is also defined in this section. i. Hypotheses : Previous studies [9] have shown that users spend most of their time in fixed places, so the concept of Top N places is proposed. For example, home or workplace are the locations that belong to Top 1 and Top 2. In this study, we made the following assumptions.

Hypothesis 1. The user’s real position will not change during the positioning attack. Personal location data can only be protected through the privacy protection mechanisms provided by GSNs.

Besides, according to the literature [7], Current location privacy protection technologies are based on the assumption that locations cannot be forged, so the location privacy protections can only be Sensors 2020, 20, 918 6 of 16 achieved by hiding or confusing distance information. The is due to the fact that when users query these location-based services, they hope that the GSNs can accurately return the real distance of the nearby users.

Hypothesis 2. During the attack, the location of the target user is real instead of fake.

According to Hypothesis 1 and Hypothesis 2, the target user is stationary during the attack period and the location of the target user is not a fake coordinate. The target user can only rely on the pre-designed location protection mechanism provided by the GSNs to protect the location privacy information from being inferred. ii. Threat model: First, two entities, the attacker and the target user, are given in the threat model. An attacker is an arbitrary entity who is interested in the location of the target user. A target user is an entity whose location is tracked by an attacker. Attackers may be the government, law enforcement agencies or third-party groups. Based on the threat model of this study, an attacker can know where the target user is located in a wide range (e.g., the United States). The attacker can only infer the real location of the target from the distance information provided by GSNs using the Location Sharing Mechanism. No other background knowledge is required when inferring the true location of the target user. iii. User Discovery Problem (UDP): UDP is a search problem in the two-dimensional Euclidean coordinate system. The position of the target user is defined as u. The coordinate of any point is p. The coordinate of the target user u in the two-dimensional plane is defined as pu. Given a point p, the attacker can query whether the target user u is in a disc with a certain radius ri through the Location Sharing Mechanism ηri(p,pu) of the GSNs. Current existing Location Sharing Mechanisms usually give different degrees of fuzzy distance based on different ranges. The definition of Location Sharing Mechanism ηri(p,pu) is defined as the following.

Deﬁnition 1. Location Sharing Mechanism: Function ηri(p,pu) can be used to determine whether the target user u is near a given point p and ri is the search radius. The distance between p and pu on the two-dimensional plane and the search radius ri are used to determine the return value. Function ηri(p,pu) can be deﬁned as the following formula (1).   ri, dist(p, pu) ri, (i = 1, ... , (n 1))  ≥ − ( ) =  ηri p, pu ri 1, ri 1 dist(p, pu) ri, (i = 1, ... , n) (1)  − − ≤ ≤  0, dist(p, pu) rn ≥

The dist(p1,p2) function return the distance between two points in the Euclidean plane, and n is the number of the fuzzy distance in the Location Sharing Mechanism. The Location Sharing Mechanism mainly uses distance to confirm whether the target user is nearby. If the distance is less than ri, then ri will be returned. Otherwise, 0 is returned. Figure4 shows the concept of the Location Sharing Mechanism. The user u sends the coordinates pu to the GSN server. The server calculates the distances and returns the friends list (such as a, b, c, and d), so the user u can receive the user’s nearby friends list. Different GSN application services use different location sharing mechanisms. Taking Foursquare- Swarm as an example, the Location Sharing Mechanisms has a range of 0.5, 1.5, 10, 30 and 65 km. Attackers obtain different distance information by forging different positions on a two-dimensional plane. The location sharing mechanism ηri(p,pu) calculates the distances from different faked positions to the target user and the calculated distances can be used to locate the real position of the target user. Next, the User Discovery Problem is defined and algorithms for solving the User Discovery Problem are proposed in this research. Sensors 2020, 20, 918 7 of 16 Sensors 2020, 20, x FOR PEER REVIEW 7 of 18

d r c pu {a,b,c,d} u a b

Geosocial Networks sever FigureFigure 4. 4. SchematicSchematic diagram diagram of of Location Location Sharing Sharing Mechanisms. Mechanisms.

Different GSN application services use different location sharing mechanisms. Taking Foursquare-SwarmDeﬁnition 2. User Discoveryas an example, Problem: the The Location pu is the Sharing real position Mechanisms of the target has user a range u on theof Euclidean0.5, 1.5, 10, plane, 30 andand 65 A iskm. the Attackers area covering obtain the pdifferentu. User Discovery distance Probleminformation is a p ubysearch forging problem. different Therefore, positions given on the a areatwo- A dimensionalwhere the target plane. user The is located location and sharing the Location mechanism Sharing Mechanismsηri(p,pu) calculatesηri(p,pu ),the the distances User Discovery from Problemdifferent is fakedto discover positions the real to positionthe target of theuser target and userthe calculated u in the located distances area A can using be severalused to faked locate GPS the locations. real position of the target user. Next, the User Discovery Problem is defined and algorithms for solving the User Discovery Problem are proposed in this research. 3.2. Method Description

DefinitionThe attack 2. User algorithm Discovery proposed Problem in: The this pu study is the real is designed position of for the the target GSNs user with u on Maximalthe Euclidean Coverage plane, andLimit A is protection. the area covering Because the previous pu. User Discovery attack algorithms Problem is did a p notu search take problem. into account Therefore, the possible given the errors area A in wheredistances. the target In this user study, is located the distanceand the Location errors are Sharing considered Mechanisms in the inferenceηri(p,pu), the stage User so Discovery the shortcomings Problem is of tothe discover past algorithms the real position are overcome. of the target user u in the located area A using several faked GPS locations. There are two main stages, the search stage and the inference stage, in the attack algorithm. 3.2.The Method search Description stage is the first stage and the purpose of this stage is to find the smallest covering disc whereThe the attack target algorithm user is located proposed in. After in this the study smallest is designed disc is found, for the the GSNs exact with location Maximal of the targetCoverage user Limitis then protection. inferred during Because the previous inference attack stage. algorithms This section did mainly not take introduces into account the algorithms the possible used errors in these in distances.two stages. In Inthis search study, stage, the distance the area errorsA where are the considered target user in mightthe inference be located stage in so is roughlythe shortcomings estimated. ofThe the roughly past algorithms estimated are area overcome.A will be used to find out the smallest coverage disc where the target user is locatedThere in.are In two order main to makestages, the the attack search more stage effi andcient, the it inference is necessary stage, to findin the the attack minimum algorithm. number The of searchdiscs thatstage can is coverthe first area stageA. and the purpose of this stage is to find the smallest covering disc where the target user is located in. After the smallest disc is found, the exact location of the target user is Definition 3. The Smallest Disc Search Problem in Search Stage: Given an Euclidean plane region A and then inferred during the inference stage. This section mainly introduces the algorithms used in these the largest disc with radius r , the goal is to find the smallest disc where the target user u is located in with two stages. In search stage, then area A where the target user might be located in is roughly estimated. a minimum number of searches. The smallest disc has a Minimal Accuracy Limit, so it can be called as disc with The roughly estimated area A will be used to find out the smallest coverage disc where the target Minimal Accuracy Limit. When the disc with Minimal Accuracy Limit is locked, proceed to the next inference user is located in. In order to make the attack more efficient, it is necessary to find the minimum stage. In the inference stage, the location sharing mechanisms provided by the GSNs are used to further break the number of discs that can cover area A. Minimum Accuracy Limit constraint to find the real coordinates pu of the target user u. Definition 3. The Smallest Disc Search Problem in Search Stage: Given an Euclidean plane region A and Definition 4. The Real Location Inference Problem in Inference Stage: Given the smallest disc with radius r1 the largest disc with radius rn, the goal is to find the smallest disc where the target user u is located in with a and the Location Sharing Mechanisms η (p,p ), the goal is to infer the real location p of the target user u. minimum number of searches. The smallestr1 discu has a Minimal Accuracy Limit, so it canu be called as disc with Minimal Accuracy Limit. When the disc with Minimal Accuracy Limit is locked, proceed to the next inference Since there are different problems in these two different stages, the problems must be solved in stage. In the inference stage, the location sharing mechanisms provided by the GSNs are used to further break different ways. The following explains how the proposed algorithms solve the problems. the Minimum Accuracy Limit constraint to find the real coordinates pu of the target user u. i. The Problem in Search Stage—The Disc Coverage and Range-Adjusted Weighted Trilateration Algorithm Definitionis proposed 4. The Real to solve Location the problem Inference in theProblem search in stage. Inference In orderStage: to Given meet the the smallest requirements disc with of radius ther1 and reality, the Location this study Sharing assumes Mechanisms that the η attackerr1(p,pu), the only goal has is to the infer rough the locationreal location of thepu of target the target user. user u.For example, an attacker only knows what city the target is in, such as Taipei. Given a big area A where the target user may reside in, the coverage discs with the largest radius rn are generated Since there are different problems in these two different stages, the problems must be solved in different ways. The following explains how the proposed algorithms solve the problems.

Sensors 2020, 20, x FOR PEER REVIEW 8 of 18 i. The Problem in Search Stage—The Disc Coverage and Range-Adjusted Weighted Trilateration Algorithm is proposed to solve the problem in the search stage. In order to meet the requirements of the reality, this study assumes that the attacker only has the rough location of the target user. SensorsFor2020 example,, 20, 918 an attacker only knows what city the target is in, such as Taipei. Given a big8 area of 16 A where the target user may reside in, the coverage discs with the largest radius rn are generated using Location Sharing Mechanism ηrn,u(p,pu) to cover the entire area A and then the algorithm using Location Sharing Mechanism η (p,p ) to cover the entire area A and then the algorithm attempts to find out which disc the targetrn,u useru u is in. The algorithm first covers the area A with attempts to find out which disc the target user u is in. The algorithm first covers the area A the unit discs and then the Unit disc Graph (UDG) can be obtain from the coverage result. The with the unit discs and then the Unit disc Graph (UDG) can be obtain from the coverage result. Minimum Dominating Set (MDS) is derived from UDG. The MDS is then served as the starting The Minimum Dominating Set (MDS) is derived from UDG. The MDS is then served as the point of the disc search. The Unit Disc Graph and the Minimum Dominating Set are defined as starting point of the disc search. The Unit Disc Graph and the Minimum Dominating Set are follows [15]. defined as follows [15]. Definition 5. Minimum Dominating Set: Given an undirected graph GVE= (, ). V is the set of nodes and DefinitionE is the set of 5. edgesMinimum in the graph Dominating G. The Set:Minimum Given anDominating undirected Set graph D is Ga node= (V subset, E). V of is V the( DV set⊆ of nodes), and and for Eevery is the node set in of edgesD ( uD∈ in the), graphthere is G. a Thenode Minimum vV∈ adjacent Dominating to it, Setand Dan is edge a node (,)uv subset∈ ofE V exists.(D VIf ),any and node for ⊆ every node in D (u D), there is a node v V adjacent to it, and an edge (u, v) E exists. If any node in D is in D is removed, then∈ the new set is no longer∈ a dominating set. ∈ removed, then the new set is no longer a dominating set. DefinitionDefinition 6.6. UnitUnit DiscDisc Graph:Graph: Given a set of n points in the EuclideanEuclidean plane. The n points form a set L. A = ∈ Unit Disc Graph is is an an undirected undirected graph graph G G and and can can be be represented represented as as GLEG =(, (L, E )). All All edges edges ((,)uuv, v) E Ein in G ∈ satisfiesG satisfies the the distant distant constraint constraint dist (distu, v(,)) u vk and≤ k k and> 0. k > 0. ≤ Finding the MDS in a UDG has been extensively studiedstudied in the past and it has been proved that this problemproblem is is a NP-harda NP-hard problem problem [16 ].[16]. Due Due to the to large the large number number of nodes of innodes this research,in this research, the previous the proposedprevious proposed algorithm algorithm [17] is not [17] suitable is not for suitable this study. for this Because study. the Because number the of nodesnumber in thisof nodes study in is this too large,study itis istoo too large, time-consuming it is too time-consuming to find the MDS.to find Therefore, the MDS. inTherefore, this study, in wethis usestudy, a linear we use algorithm a linear providedalgorithm by provided the previous by the literature previous [ 18literature]. The linear [18]. algorithmThe linear repeatedlyalgorithm repeatedly selects a random selects point a random from thepoint undirected from the graphundirected and adds graph the and selected adds pointthe select to theed dominating point to the set, dominating and removes set, alland the removes nodes that all havethe nodes been that covered have from been the covered remaining from node the remainin set, the repetitiong node set, ends the when repetition no node ends is remained.when no node In this is study,remained. the discsIn this with study, radius ther isdiscs used with to cover radius the r areais used and to the cover distance the area between and twothe nearbydistance discs between is set totwo√ 3nearbyr. Figure discs5 shows is set the to concept 3r . Figure of the 5 unit shows disc the coverage. concept The of linearthe unit algorithm disc coverage. [ 18] is used The tolinear find thealgorithm dominating [18] is set. used The to reasonfind the of dominating finding the dominatingset. The reason set of is becausefinding the there dominating is less likely set to is havebecause the samethere areais less of likely coverage to have when the searching same area the of area. coverage The setwhen of green searching discs the in Figurearea. The5 is aset dominating of green discs set andin Figure can be 5 usedis a dominating as the starting set and point can for be the used subsequent as the starting search. point for the subsequent search.

Figure 5. The unit disk covers the target region.

The dominating set set can can be be used used to to find find out out which which di discsc the the target target user user is islocated located in. in. However, However, in inthis this step, step, the the disc disc may may not not be be the the smallest smallest disc disc with with Minimal Minimal Accuracy Accuracy Limit. Limit. Therefore, Therefore, the the Range- Range- Adjusted WeightedWeighted Trilateration Trilateration [19 [19]] is used is used to further to further find out find the out smallest the smallest disc with disc Minimal with AccuracyMinimal p r Limit.Accuracy As Limit. shown As in shown Figure 6in, Figure0 is the 6, centerp0 is the of center the disc of withthe disc radius with nradiuswhich rn is which the maximum is the maximum radius andradius the and disc the is founddisc is usingfound unit usin discg unit coverage disc coverage and dominating and dominating set. Three set. random Three random points p points1, p2 and p1, pp32 in the disc are chosen. Given the random points, the discs with different radius can be obtained using

location sharing mechanism. Then three discs intersection pints t12, t13 and t23 can be found and three intersection points form a triangle and the gravity center of the triangle is the center of smallest disc where the target user located in. The smallest disc is a disc with Minimal Accuracy Limit. Sensors 2020, 20, x FOR PEER REVIEW 9 of 18

and p3 in the disc are chosen. Given the random points, the discs with different radius can be obtained using location sharing mechanism. Then three discs intersection pints t12, t13 and t23 can be found and Sensorsthree2020 intersection, 20, 918 points form a triangle and the gravity center of the triangle is the center of smallest9 of 16 disc where the target user located in. The smallest disc is a disc with Minimal Accuracy Limit.

FigureFigure 6. 6.Range-Adjusted Range-Adjusted Weighted Trilateration. ii.ii. TheThe Problem Problem in in Inference Inference Stage Stage—The - TheError-Adjusted Error-Adjusted Space Partition Partition Attack Attack Algorithm Algorithm isis proposed proposed to to solvesolve the the problem problem in in the the inference inference stage.stage. Table Algorithm 1 shows 1 shows the pseudo the pseudo code of codeError-Adjusted of Error-Adjusted Space SpacePartition Partition Attack Attack Algorithm Algorithm and Table and 2 Tabledefines1 definesall the variables all the variablesused in the used proposed in the algorithm. proposed After finding out the smallest disc with a minimum radius of r1, the goal in the inference stage algorithm. After finding out the smallest disc with a minimum radius of r1, the goal in the is to infer the final coordinate pˆ of the target user u. Although space partition algorithms have inference stage is to infer the finalu coordinate pû of the target user u. Although space partition algorithmsbeen proposed have beenin the proposedpast to solve in the problem past to solve in inference the problem stage, in reality, inference the stage,GSNs inmay reality, return the inaccurate distance with error rerror, thus producing deviations in the positioning results. GSNs may return inaccurate distance with error rerror, thus producing deviations in the positioning Sensorsresults. 2020Therefore,, 20 Therefore,, x FOR the PEER inaccurate the REVIEW inaccurate distances distances returned returned by GSNs by GSNswill make will makethe posi thetioning positioning results results of11 the of of18 past algorithms incorrect. the past algorithms incorrect. Table 1. The Pseudo-code of Error-Adjusted Space Partition Attack Algorithm. As shown in Figure 7, due to the influence of rerror, previous proposed space partition attack algorithms might incorrectlyError-Adjusted assume that Space the realPart itionlocation Attack of Algorithmthe target user pu is inside the disc Algorithm 1. Error-Adjusted Space Partition Attack Algorithm error centered at pû . The yellow arealat inlon Figure 7 is the intersection of the r disc and the pû disc. Input: An estimated point pû = (S , S ) and its range from target point pu , given in form InputTherefore,(): An estimated ≤+it is impossible point pû = to(S lataccurately, Slon) and infer its range the fromtrue targetlocation point of ptheu, given target in formuser in the inference dist pû, p ur1 r error dist(pû, pu) r + rerror process. Although≤ 1 the distance fuzzy is adopted by GSNs, as long as this fuzzy error rerror is taken into OutputOutput:: pûpˆ, the, the final final estimation estimation for forpu p account, thereu is still a great chance tou locate the target user’s real location. Actually, the fuzzy error Dimrerror = doeslat; exist in the real environment. In the past there have been a lot of research on the spatial μ + cloakinglat = rr1 technology,error ; so the previous results show that the cloaking area can be obtained using μstatistical+ methods. Therefore, the algorithm proposed in this research first adds rerror to or subtracts lon = rr1 error ; rerror from the original moving distance r1, as shown in Figure 8. Therefore, the distance mistake can μ ≥ μ ≥ whilebe avoid, lat andthreshold the exact orlocation lon ofthreshold the pu can dobe correctly inferred, as shown in Figure 8. ' Shift pˆ u in Dim dimension by r1 to T ≤+ if Distance from GSN rr1 error then

Dim Dim μ S = S + Dim /2; end else μ SDim = SDim − Dim /2; end μ = μ Dim Dim /2; Dim = {lat, lon}/Dim;

pˆu = (Slat, Slon); end

Output pˆu ;

Table 2. The variables in ESPAA.

Variable Definition u The target of the attacker p Location of the node on the plane pu Real location of the target ηri (p,pu) Location Sharing Mechanism ri Disk radius Η The set of Location Sharing Mechanisms n The number of Location Sharing Mechanisms A The area which the target on

pˆu Final estimated location Dim Two-dimensional plane dimension(latitude/longitude) lat Latitude dimension lon Longitude dimension threshold Minimum threshold rerror Erroneous distance

4. Experimental Analysis and Results We simulate the location sharing mechanisms of GSNs, and implement previous proposed Space Partition Attack Algorithm (SPAA) and the proposed Error-Adjusted Space Partition Algorithm (ESPAA). The Table 3 shows current popular GSNs. The information presented in Table 3 includes Minimal Accuracy Limit, Maximal Coverage Limit, Number of downloads, and supported platforms. Number of downloads: The number of users who have downloaded this software from the Google Play Store. This indicator also reflects the popularity of the GSNs. Minimal Accuracy Limit: In order to protect the user’s real location from being easily inferred, the minimal accuracy limit is the minimum threshold for distance information returned by GSNs. When

Sensors 2020, 20, 918 10 of 16

Table 1. The variables in ESPAA.

Variable Deﬁnition u The target of the attacker p Location of the node on the plane

pu Real location of the target

ηri (p,pu) Location Sharing Mechanism

ri Disk radius H The set of Location Sharing Mechanisms n The number of Location Sharing Mechanisms A The area which the target on

pˆu Final estimated location Two-dimensional plane Dim dimension(latitude/longitude) lat Latitude dimension lon Longitude dimension threshold Minimum threshold

rerror Erroneous distance

As shown in Figure7, due to the influence of rerror, previous proposed space partition attack algorithms might incorrectly assume that the real location of the target user pu is inside the disc centered at pû. The yellow area in Figure7 is the intersection of the rerror disc and the pû disc. Therefore, it is impossible to accurately infer the true location of the target user in the inference process. Although the distance fuzzy is adopted by GSNs, as long as this fuzzy error rerror is taken into account, there is still a great chance to locate the target user’s real location. Actually, the fuzzy error rerror does exist in the real environment. In the past there have been a lot of research on the spatial cloaking technology, so the previous results show that the cloaking area can be obtained using statistical methods. Therefore, the algorithm proposed in this research first adds rerror to or subtracts rerror from the original moving distance r1, as shown in Figure8. Therefore, the distance mistake can be avoid, and the exact location Sensors 2020, 20, x FOR PEER REVIEW 10 of 18 of the pu can be correctly inferred, as shown in Figure8.

Figure 7. The effect of rerror on the localization results of SPAA. Figure 7. The eﬀect of rerror on the localization results of SPAA.

Figure 8. The effect of rerror on the localization results of ESPAA.

Table 1. The Pseudo-code of Error-Adjusted Space Partition Attack Algorithm.

Error-Adjusted Space Partition Attack Algorithm

lat lon Input: An estimated point pˆu = (S , S ) and its range from target point pu , given in form ()≤+ dist pˆu, p ur1 r error

Output: pˆu , the final estimation for pu Dim = lat; μ + lat = rr1 error ; μ + lon = rr1 error ;

Sensors 2020, 20, x FOR PEER REVIEW 10 of 18

Sensors 2020, 20, 918 11 of 16

Figure 7. The effect of rerror on the localization results of SPAA.

FigureFigure 8. The 8. The eﬀ ecteffect of ofrerror rerroron on the localization results results of ofESPAA. ESPAA.

4. Experimental AnalysisTable 1. The and Pseudo-code Results of Error-Adjusted Space Partition Attack Algorithm. We simulate the location sharingError-Adjusted mechanisms Space Part ofition GSNs, Attack and Algorithm implement previous proposed Space Input: An estimated point pˆ = (Slat, Slon) and its range from target point p , given in form Partition Attack Algorithm (SPAA)u and the proposed Error-Adjustedu Space Partition Algorithm ()ˆ ≤+ (ESPAA).dist The pu, p Table ur12 shows r error current popular GSNs. The information presented in Table2 includes

MinimalOutput Accuracy: pˆu , the Limit, final estimation Maximal for Coverage pu Limit, Number of downloads, and supported platforms. Dim = lat; μ + Table 2. List of the existing geosocial networks. lat = rr1 error ; μ + lon = rr1 error ; Minimal Accuracy Maximal Number of Name Platform Limit Coverage Limit Downloads Wechat 100 m 1 km 300 million iOS/Android Swarm-Foursquare 500 m 65 km 10 million iOS/Android Facebook 1 km 200 km 1 billion iOS/Android iPair 5 km 1000 km 1 million iOS/Android Easymeet 5 km 1000 km 0.5 million iOS/Android Skout 0.5 m N/A 5 million iOS/Android Momo 10 m N/A 30 million iOS/Android Whoshere 100 m N/A 5 million iOS/Android MiTalk 100 m 0.6 km 20 million iOS/Android Weibo 100 m 1600 m 500 million iOS/Android SayHi 10 m 1000 km 500 thousand iOS/Android iAround 10 m N/A 10 million iOS/Android Duimian 100 m N/A 500 thousand iOS/Android Doudou Friend 10 m N/A 1 million iOS/Android U+ 10 m N/A 10 million iOS/Android Topface 100 m N/A 50 million iOS/Android Niupai 10 m N/A 61 thousand iOS/Android KKtalk 10 m N/A 320 thousand iOS/Android Anywhere 10 m N/A 750 thousand Android I Part 10 m 1000 m 8 million iOS/Android Sensors 2020, 20, 918 12 of 16

Number of downloads: The number of users who have downloaded this software from the Google Play Store. This indicator also reflects the popularity of the GSNs. Minimal Accuracy Limit: In order to protect the user’s real location from being easily inferred, the minimal accuracy limit is the minimum threshold for distance information returned by GSNs. When the real distance between users is below the threshold, the distance returned by the GSNs is the minimum threshold value, namely Minimal Accuracy Limit. Maximal Coverage Limit: If the distance is larger than the Maximal Coverage Limit, GSNs will not return distance information. This research selected Swarm6.3.8.65 to carry out the experiment (Figure9 right), mainly using mobile phones with Android operating system version 5.0 or above. In order to facilitate the experiment, this study adopted Fake GPS App 1.5.3 (Figure9 left) for location forgery. In addition, the positioning errorSensors is used 2020, to 20, comparex FOR PEER diREVIEWfferent algorithms. The positioning error is the distance between13 of 18 the estimated position pû and the real position pu.

FigureFigure 9. 9.Fake Fake GPS GPS ( left(left)) and Foursquare-Swarm (right). (right ).

4.1. The4.1. InfluenceThe Influence of the of the Rerror rerror on the the Positioning Positioning Error Error in the in theInference Inference Stage Stage In thisIn section,this section, we we discuss discuss the the e ffeffectect of of the ther rerror onon the the positioning positioning error error in different in different algorithms. algorithms. ε error The positioningThe positioning error error value valueε is calculated is calculated as follows:as follows: ε = dist(,) puu pˆ (2) ε = dist(pu, pû) (2) The positioning error is the distance between the real position of the target user and the final estimated coordinates pˆ predicted by the algorithm. Assuming that the location of the target user The positioning error isu the distance between the real position of the target user and the final pu is roughly known by the attacker before the experiment, it is possible to calculate an initial guessed estimated coordinates pû predicted by the algorithm. Assuming that the location of the target user pu distance. We simulated the Location Sharing Mechanisms of the Swarm-Foursquare, and carried out is roughly known by the attacker before the experiment, it is possible to calculate an initial guessed 150 attack experiments. The initial distance is from 0.2 km to 0.6 km, and the interval is set to 0.1 km distance. We simulated the Location Sharing Mechanisms of the Swarm-Foursquare, and carried and 30 attacks are performed in each interval. The average positioning error is calculated every 30 out 150 attack experiments. The initial distance is from 0.2 km to 0.6 km, and the interval is set to attacks, so the results can be divided into five groups. In addition, we take rerror = 0.1 km, rerro r= 0.2 km 0.1 kmand and rerror 30 = attacks0.4 km to are execute performed the attacks in each respectively. interval. The y average-axis label positioning “distance” errorin Figures is calculated 10 and 11 every 30 attacks,represents so the the results positioning can be error. divided As shown into five in Fi groups.gures 10a–c, In addition, it can be we found take thatrerror the= 0.1 proposed km, rerror = 0.2 kmalgorithm and rerror ESPAA= 0.4 is km obviously to execute more the effective attacks than respectively. the previous The algorithmy-axis label SPAA. “distance” This is because in Figures the 10 and 11proposed represents algorithm the positioning ESPAA has error.considered As shown the existe innce Figure of distance 10a–c, errors it can and be found made improvements that the proposed algorithmto reduce ESPAA the errors. is obviously Although, more in Figure effective 10a, thanthe av theerage previous distance algorithm error of SPAA SPAA. is a little This bit is becausesmaller the proposedthan ESPAA algorithm when ESPAA initial has distance considered is 0.6 km, the this existence is probably of distance due to a errors small andrerror and made the improvements small rerror is to not greater enough to affect the SPAA to make wrong inference. However, when the rerror increases, ESPAA perform significantly better than SPAA.

Sensors 2020, 20, 918 13 of 16 reduce the errors. Although, in Figure 10a, the average distance error of SPAA is a little bit smaller than ESPAA when initial distance is 0.6 km, this is probably due to a small rerror and the small rerror is not greater enough to aﬀect the SPAA to make wrong inference. However, when the rerror increases, Sensors 2020, 20, x FOR PEER REVIEW 14 of 18 ESPAA perform signiﬁcantly better than SPAA.

(a). rerror = 0.1.

Sensors 2020, 20, x FOR PEER REVIEW 15 of 18

Figure 10. Cont. (b). rerror = 0.2.

Figure 10. The effect of different rerror on positioning errors (a) rerror = 0.1 (b) rerror = 0.2 (c) rerror = 0.4. Figure 10. The eﬀect of diﬀerent rerror on positioning errors (a) rerror = 0.1 (b) rerror = 0.2 (c) rerror = 0.4.

4.2. The Effect of Threshold on the Positioning Error

The threshold will affect the number of searches in the algorithms, and then further affect the final positioning results. The coefficients of the experiment are set as follows: rerror = 0.2(m) and r1 = 0.5(m). The following experiments were conducted with three different thresholds, threshold = 0.25 km, threshold = 0.01 km and threshold = 0.001 km. As Figure 11 shows, it can be found that when threshold becomes larger, the positioning errors of both SPAA and ESPAA are significantly reduced. This is because threshold can affect the number of searches. When given a smaller threshold, the positioning error of the ESPAA is smaller than SPAA, thus showing the effectiveness of the proposed ESPAA. The results of threshold = 0.01 and threshold = 0.001 did not show much improvement, so the attack algorithm still has its limit. In sum, if the threshold can be set properly, the best positioning effect can be achieved with the least number of searches.

(a). threshold = 0.001.

Sensors 2020, 20, x FOR PEER REVIEW 15 of 18

Figure 10. Cont.

Figure 10. The effect of different rerror on positioning errors (a) rerror = 0.1 (b) rerror = 0.2 (c) rerror = 0.4.

4.2. The Effect of Threshold on the Positioning Error The threshold will affect the number of searches in the algorithms, and then further affect the final positioning results. The coefficients of the experiment are set as follows: rerror = 0.2(m) and r1 = 0.5(m). The following experiments were conducted with three different thresholds, threshold = 0.25 km, threshold = 0.01 km and threshold = 0.001 km. As Figure 11 shows, it can be found that when threshold becomes larger, the positioning errors of both SPAA and ESPAA are significantly reduced. This is because threshold can affect the number of searches. When given a smaller threshold, the positioning error of the ESPAA is smaller than SPAA, thus showing the effectiveness of the proposed ESPAA. The results of threshold = 0.01 and threshold = 0.001 did not show much improvement, so the attack algorithm still has its limit. In sum, if the threshold can be set properly, the best positioning effect can Sensorsbe 2020achieved, 20, 918 with the least number of searches. 14 of 16

Sensors 2020, 20, x FOR PEER REVIEW 16 of 18

Figure 11. Cont. (a). threshold = 0.001.

(b). threshold = 0.01.

(c). threshold = 0.25.

FigureFigure 11. 11.The The eﬀect effect of di ofﬀerent different threshold threshold on the on positioning the positioning error valueerror (valuea) threshold (a) threshold= 0.001 = ( b0.001) threshold (b) = 0.01threshold (c) threshold = 0.01 (c=) 0.25.threshold = 0.25.

5. Conclusions In this paper, we discuss location sharing mechanisms that currently exist in GSNs. This study takes into account the existence of distance errors and improves the attack algorithms proposed in the past. In the search stage, a Range-Adjusted Weighted Trilateration algorithm is proposed to effectively reduce the number of searches. In the inference stage, distance errors are considered in each search. Due to the error control in the inference stage, the positioning error is further reduced. The results show that despite the existence of the random distance error produced by the GSNs, the protection mechanism still cannot effectively resist the attacks.

Author Contributions: T.-L.L. is responsible for the writing, literature review, experimental design, problem definition, research architecture design and algorithm design. H.-Y.C. is responsible for the experimental process design and proofreading. S.-L.L. is responsible for the system implementation, programming and conducting the experiments.

Sensors 2020, 20, 918 15 of 16

4.2. The Effect of Threshold on the Positioning Error The threshold will affect the number of searches in the algorithms, and then further affect the final positioning results. The coefficients of the experiment are set as follows: rerror = 0.2(m) and r1 = 0.5(m). The following experiments were conducted with three different thresholds, threshold = 0.25 km, threshold = 0.01 km and threshold = 0.001 km. As Figure 11 shows, it can be found that when threshold becomes larger, the positioning errors of both SPAA and ESPAA are significantly reduced. This is because threshold can affect the number of searches. When given a smaller threshold, the positioning error of the ESPAA is smaller than SPAA, thus showing the effectiveness of the proposed ESPAA. The results of threshold = 0.01 and threshold = 0.001 did not show much improvement, so the attack algorithm still has its limit. In sum, if the threshold can be set properly, the best positioning effect can be achieved with the least number of searches.

5. Conclusions In this paper, we discuss location sharing mechanisms that currently exist in GSNs. This study takes into account the existence of distance errors and improves the attack algorithms proposed in the past. In the search stage, a Range-Adjusted Weighted Trilateration algorithm is proposed to eﬀectively reduce the number of searches. In the inference stage, distance errors are considered in each search. Due to the error control in the inference stage, the positioning error is further reduced. The results show that despite the existence of the random distance error produced by the GSNs, the protection mechanism still cannot eﬀectively resist the attacks.

Author Contributions: T.-L.L. is responsible for the writing, literature review, experimental design, problem definition, research architecture design and algorithm design. H.-Y.C. is responsible for the experimental process design and proofreading. S.-L.L. is responsible for the system implementation, programming and conducting the experiments. All authors have read and agreed to the published version of the manuscript. Funding: This research was funded by Ministry of Science and Technology (MOST) of Taiwan grant numbers are MOST-107-2321-B-415-004 and 107-2221-E-415-007. Acknowledgments: This paper is supported by the Ministry of Science and Technology (MOST) of Taiwan. MOST provides the research funding and devices. Conflicts of Interest: The authors declare no conflict of interest.

References

1. Qin, G.; Patsakis, C.; Bouroche, M. Playing hide and seek with mobile dating applications. In Proceedings of IFIP International Information Security Conference; Springer: Berlin/Heidelberg, Geramny, 2014; pp. 185–196. 2. Zickuhr, K. Location-based services. Pew Res. 2013, 679, 695. 3. Madden, M.; Lenhart, A.; Cortesi, S.; Gasser, U. Teens and mobile apps privacy. Pew Internet Am. Life Proj. 2013, 21, 2–86. 4. Pontes, T.; Vasconcelos, M.; Almeida, J.; Kumaraguru, P.; Almeida, V. We know where you live: Privacy characterization of foursquare behavior. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing, Pittsburgh, PA, USA, 5–8 September 2012; pp. 898–905. 5. Krumm, J. Inference attacks on location tracks. Pervasive Comput. 2007, 4480, 127–143. 6. Mondal, M.; Viswanath, B.; Clement, A.; Druschel, P.; Gummadi, K.P.; Mislove, A.; Post, A. Defending against large-scale crawls in online social networks. In Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, Nice, France, 10 December 2012; pp. 325–336. 7. Li, M.; Zhu, H.; Gao, Z.; Chen, S.; Yu, L.; Hu, S.; Ren, K. All your location are belong to us: Breaking mobile social networks for automated user location tracking. In Proceedings of the 15th ACM International Symposium on Mobile Ad Hoc Networking and Computing, Philadelphia PA, USA, 11–14 August 2014; pp. 43–52. 8. Polakis, I.; Argyros, G.; Petsios, T.; Sivakorn, S.; Keromytis, A.D. Where’s Wally? Precise User Discovery Attacks in Location Proximity Services. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015; pp. 817–828. Sensors 2020, 20, 918 16 of 16

9. Li, H.; Zhu, H.; Du, S.; Liang, X.; Shen, X. Privacy leakage of location sharing in mobile social networks: Attacks and defense. IEEE Trans. Dependable Secur. Comput. 2016, 15, 646–660. [CrossRef] 10. Niu, B.; Zhu, X.; Li, Q.; Chen, J.; Li, H. A novel attack to spatial cloaking schemes in location-based services. Future Gener. Comput. Syst. 2015, 49, 125–132. [CrossRef] 11. Sheu, J.-P.; Chen, P.-C.; Hsu, C.-S. A distributed localization scheme for wireless sensor networks with improved grid-scan and vector-based reﬁnement. IEEE Trans. Mob. Comput. 2008, 7, 1110–1123. [CrossRef] 12. Chow, C.-Y.; Mokbel, M.F.; Liu, X. A peer-to-peer spatial cloaking algorithm for anonymous location-based service. In Proceedings of the 14th Annual ACM International Symposium on Advances in Geographic Information Systems, Park City, UT, USA, 23–26 September 2008; pp. 171–178. 13. Chow, C.-Y.; Mokbel, M.F.; Liu, X. Spatial cloaking for anonymous location-based services in mobile peer-to-peer environments. GeoInformatica 2011, 15, 351–380. [CrossRef] 14. Niu, B.; Li, Q.; Zhu, X.; Cao, G.; Li, H. Achieving k-anonymity in privacy-aware location-based services. In Proceedings of the IEEE INFOCOM 2014—IEEE Conference on Computer Communications, Toronto, ON, Canada, 27 April–2 May 2014; pp. 754–762. 15. Clark, B.N.; Colbourn, C.J.; Johnson, D.S. Unit disk graphs. Discret. Math. 1990, 86, 165–177. [CrossRef] 16. Masuyama, S.; Ibaraki, T.; Hasegawa, T. The computational complexity of the m-center problems on the plane. IEICE Trans. 1981, 64, 57–64. 17. Nieberg, T.; Hurink, J. A PTAS for the minimum dominating set problem in unit disk graphs. In Proceedings of International Workshop on Approximation and Online Algorithms; Springer: Berlin/Heidelberg, Geramny, 2005; pp. 296–306. 18. Marathe, M.V.; Breu, H.; Hunt, H.B.; Ravi, S.S.; Rosenkrantz, D.J. Simple heuristics for unit disk graphs. Networks 1995, 25, 59–68. [CrossRef] 19. Huang, M.-S.; Narayanan, R.M. Trilateration-based localization algorithm using the lemoine point formulation. IETE J. Res. 2014, 60, 60–73. [CrossRef]

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).