In this paper we investigate the risk of privacy leakage through mobile analytics services and demonstrate the ease with which an external adversary can extract individual's profile and mobile applications usage information, through two major mobile analytics services, i.e. Google Mobile App Analytics and Flurry. We also demonstrate that it is possible to exploit the vulnerability of analytics services, to influence the ads served to users' devices, by manipulating the profiles constructed by these services. Both attacks can be performed without the necessity of having an attacker controlled app on user's mobile device. Finally, we discuss potential countermeasures (from the perspectives of different parties) that may be utilized to mitigate the risk of individual's personal information leakage.
The Analytics companies enable successful targeted advertising via user profiles, derived from the mobile apps installed by specific users, and hence have become an integral part of the mobile advertising industry. This threatens the users' privacy, when profiling is based on apps representing sensitive information, e.g., gambling problems indicated by a game app. In this work, we propose an app-based profile obfuscation mechanism, ProfileGuard, with the objective of eliminating the dominance of private interest categories (i.e. the prevailing private interest categories present in a user profile). We demonstrate, based on wide-range experimental evaluation of Android apps in a nine month test campaign, that the proposed obfuscation mechanism based on similarity with user's existing apps (ensuring that selected obfuscating apps belong to non-private categories) can achieve a good trade-off between efforts required by the obfuscating system and the resulting privacy protection. We also show how the bespoke (customised to profile obfuscation) and bespoke++ (resource-aware) strategies can deliver significant improvements in the level of obfuscation and (particularly bespoke++) in the use of mobile resources, making the latter a good candidate strategy in resource-constrained scenarios e.g., for fixed data use mobile plans. We also implement a POC ProfileGuard app to demonstrate the feasibility of an automated obfuscation mechanism. Furthermore, we provide insights to Google AdMob profiling rules, such as showing how individual apps map to user's interests within their profile in a deterministic way and that AdMob requires a certain level of activity to build a stable user profile.
Underwater Wireless Sensor Networks (UWSNs) are an enabling technology for many applications in commercial, military, and scientific domains. In some emergency response applications of UWSN, data dissemination is more important, therefore these applications are handled differently as compared to energy-focused approaches, which is only possible when propagation delay is minimized and packet delivery at surface sinks is assured. Packet delivery underwater is a serious concern because of harsh underwater environments and the dense deployment of nodes, which causes collisions and packet loss. Resultantly, re-transmission causes energy loss and increases end-to-end delay ( D E 2 E ). In this work, we devise a framework for the joint optimization of sink mobility, hold and forward mechanisms, adoptive depth threshold ( d t h ) and data aggregation with pattern matching for reducing nodal propagation delay, maximizing throughput, improving network lifetime, and minimizing energy consumption. To evaluate our technique, we simulate the three-dimensional (3-D) underwater network environment with mobile sink and dense deployments of sensor nodes with varying communication radii. We carry out scalability analysis of the proposed framework in terms of network lifetime, throughput, and packet drop. We also compare our framework to existing techniques, i.e., Mobicast and iAMCTD protocols. We note that adapting varying d t h based on node density in a range of network deployment scenarios results in a reduced number of re-transmissions, good energy conservation, and enhanced throughput. Furthermore, results from extensive simulations show that our proposed framework achieves better performance over existing approaches for real-time delay-intolerant applications.
The targeted advertising is based on preference profiles inferred via relationships among individuals, their monitored responses to previous advertising and temporal activity over the Internet, which has raised critical privacy concerns. In this paper, we present a novel proposal for a Blockchain-based advertising platform that provides: a system for privacy preserving user profiling, privately requesting ads from the advertising system, the billing mechanisms for presented and clicked ads, the advertising system that uploads ads to the cloud according to profiling interests, various types of transactions to enable advertising operations in Blockchainbased network, and the method that allows a cloud system to privately compute the access policies for various resources (such as ads, mobile user profiles). Our main goal is to design a decentralized framework for targeted ads, which enables private delivery of ads to users whose behavioral profiles accurately match the presented ads, defined by the ad system. We implement a POC of our proposed framework i.e. a Bespoke Miner and experimentally evaluate various components of Blockchain-based in-app advertising system, implementing various critical components; such as, evaluating user profiles, implementing access policies, encryption and decryption of users' profiles. We observe that the processing delay for traversing policies of various tree sizes, the encryption/decryption time of user profiling with various key-sizes and user profiles of various interests evaluates to an acceptable amount of processing time as that of the currently implemented ad systems.
Internet of Things (IoT) devices are widely used in many industries including smart cities, smart agriculture, smart medical, smart logistics, etc. However, Distributed Denial of Service (DDoS) attacks pose a serious threat to the security of IoT. Attackers can easily exploit the vulnerabilities of IoT devices and control them as part of botnets to launch DDoS attacks. This is because IoT devices are resource-constrained with limited memory and computing resources. As an emerging technology, Blockchain has the potential to solve the security issues in IoT. Therefore, it is important to analyse various Blockchain-based solutions to mitigate DDoS attacks in IoT. In this survey, a detailed survey of various Blockchain-based solutions to mitigate DDoS attacks in IoT is carried out. First, we discuss how the IoT networks are vulnerable to DDoS attacks, its impact over IoT networks and associated services, the use of Blockchain as a potential technology to address DDoS attacks, in addition to challenges of Blockchain implementation in IoT. We then discuss various existing Blockchain-based solutions to mitigate the DDoS attacks in the IoT environment. Then, we classify existing Blockchain-based solutions into four categories i.e., Distributed Architecture-based solutions, Access Management-based solutions, Traffic Control-based solutions and the Ethereum Platform-based solutions. All the solutions are critically evaluated in terms of their working principles, the DDoS defense mechanism (i.e., prevention, detection, reaction), strengths and weaknesses. Finally, we discuss future research directions that can be explored to design and develop better Blockchain-based solutions to mitigate DDoS attacks in IoT.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.