Bilkent University
Department of Computer Engineering


Protecting Geolocation Data against Brute-Force Attacks


Dorukhan Arslan
MS Student
Computer Engineering Department
Bilkent University

Most of the location based services track geolocation data of their users with mobile devices through the mobile network to control features. Considering the rapid evaluation of computing technology and potential algorithmic advances, brute-force attacks on the encryption schemes of such services under strong passwords should not be considered infeasible in the long term. On the other hand, the use of low-entropy keys, such as passwords, poses serious risks to password-based encryption of geolocation data in the short term as well. In order to provide strong protection for geolocation data both today and in the long term against computationally unbounded adversaries, we propose a cryptographic system that incorporates a new theoretical framework for encryption called honey encryption. This framework can provide information-theoretic confidentiality guarantees for encrypted data. In other words, decryption attempts against the system’s ciphertext under an incorrect key yield a geolocation sequence that appears statistically plausible even to a sophisticated adversary. Our work addresses the problem of applying honey encryption techniques to the highly non-uniform probability distributions that characterize sequences of geolocation data, and offers an appealing approach to the increasing important challenge of protection of geolocation data.


DATE: 17 October, 2016, Monday @ 17:00