Defending against Sybil Devices in Crowdsourced Mapping Services

Wang, Gang; Wang, Bolun; Wang, Tianyi; Nika, Ana; Zheng, Haitao; Zhao, Ben Y.

doi:10.1145/2906388.2906420

Cited by 76 publications

(30 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is not efficient [24][25][26]. For example, at to the NS app, one may randomize some items of his/her profiles (e.g., nickname, user ID) to disconnect the linkage between user IDs and locations each time when he/she looks for nearby strangers [27], hence preventing an attacker from inferring the privacy even if the location is leaked.…”

Section: Recommendations On Countermeasuresmentioning

confidence: 99%

Exploiting Proximity-Based Mobile Apps for Large-Scale Location Privacy Probing

Zhao

Wang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Proximity-based apps have been changing the way people interact with each other in the physical world. To help people extend their social networks, proximity-based nearby-stranger (NS) apps that encourage people to make friends with nearby strangers have gained popularity recently. As another typical type of proximity-based apps, some ridesharing (RS) apps allowing drivers to search nearby passengers and get their ridesharing requests also become popular due to their contribution to economy and emission reduction. In this paper, we concentrate on the location privacy of proximity-based mobile apps. By analyzing the communication mechanism, we find that many apps of this type are vulnerable to large-scale location spoofing attack (LLSA). We accordingly propose three approaches to performing LLSA. To evaluate the threat of LLSA posed to proximity-based mobile apps, we perform real-world case studies against an NS app named Weibo and an RS app called Didi. The results show that our approaches can effectively and automatically collect a huge volume of users' locations or travel records, thereby demonstrating the severity of LLSA. We apply the LLSA approaches against nine popular proximity-based apps with millions of installations to evaluate the defense strength. We finally suggest possible countermeasures for the proposed attacks.

show abstract

Section: Recommendations On Countermeasuresmentioning

confidence: 99%

Exploiting Proximity-Based Mobile Apps for Large-Scale Location Privacy Probing

Zhao

Wang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…AnonySense was one of the earliest solutions that utilize group signatures for crowdsensing. As pointed in [59], the way AnonySense [28] employs group signatures renders it vulnerable to Sybil attacks [60]. Because in AnonySense, it is impossible to identify signatures from the same participant, without opening the signatures of all data reports.…”

Section: Privacy In Crowdsensingmentioning

confidence: 99%

“…In addition, SRBE makes typical Sybil attacks [60,76] harder on GROUPSENSE, by restricting participants to use one pseudoID at a given time interval. In Sybil attack [60], a participatory node illegitimately claims multiple identities.…”

Section: Groupsense Operationsmentioning

confidence: 99%

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation

Rahaman

Cheng

Yao

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Group signature schemes enable anonymous-yetaccountable communications. Such a capability is extremely useful for applications, such as smartphone-based crowdsensing and citizen science. However, the performance of modern group signature schemes is still inadequate to manage large dynamic groups. In this paper, we design the first provably secure verifier-local revocation (VLR) -based group signature scheme that supports sublinear revocation, named Sublinear Revocation with Backward unlinkability and Exculpability (SRBE). To achieve this performance gain, SRBE introduces time bound pseudonyms for the signer. By introducing lowcost short-lived pseudonyms with sublinear revocation checking, SRBE drastically improves the efficiency of the groupsignature primitive. The backward-unlinkable anonymity of SRBE guarantees that even after the revocation of a signer, her previously generated signatures remain unlinkable across epochs. This behavior favors the dynamic nature of real-world crowdsensing settings. We prove its security and discuss parameters that influence its scalability. Using SRBE, we also implement a prototype named GROUPSENSE for anonymousyet-accountable crowdsensing, where our experimental findings confirm GROUPSENSE's scalability. We point out the open problems remaining in this space.

show abstract

“…By moving the window, the attacker tracks the victim. In the Waze DDoS Attack, the malicious customer impersonates multiple WAZE vehicles in a small area, simulating traffic bottleneck [12].…”

Section: Security Problem: Privacy Violations In V2i Communicationsmentioning

confidence: 99%

Privacy Risks in Vehicle Grids and Autonomous Cars

Joy

Gerla

2017

Proceedings of the 2nd ACM International Workshop on Smart, Autonomous, and Connected Vehicular Systems and Services

View full text Add to dashboard Cite

Traditionally, the vehicle has been the extension of the manual ambulatory system, docile to the drivers' commands. Recent advances in communications, controls and embedded systems have changed this model, paving the way to the Intelligent Vehicle Grid. The car is now a formidable sensor platform, absorbing information from the environment, from other cars (and from the driver) and feeding it to other cars and infrastructure to assist in safe navigation, pollution control and traffic management. The next step in this evolution is just around the corner: the Internet of Autonomous Vehicles. Like other important instantiations of the Internet of Things (e.g., the smart building, etc), the Internet of Vehicles will not only upload data to the Internet with V2I. It will also use V2V communications, storage, intelligence, and learning capabilities to anticipate the customers' intentions and learn from other peers. V2I and V2V are essential to the autonomous vehicle, but carry the risk of attacks. This paper will address the privacy attacks to which vehicles are exposed when they upload private data to Internet Servers. It will also outline efficient methods to preserve privacy.

show abstract

Defending against Sybil Devices in Crowdsourced Mapping Services

Cited by 76 publications

References 42 publications

Exploiting Proximity-Based Mobile Apps for Large-Scale Location Privacy Probing

Exploiting Proximity-Based Mobile Apps for Large-Scale Location Privacy Probing

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation

Privacy Risks in Vehicle Grids and Autonomous Cars

Contact Info

Product

Resources

About