5,960 research outputs found
LOCATION CHEATING: A SECURITY CHALLENGE TO LOCATION-BASED SOCIAL NETWORK SERVICES
Location-based mobile social network services such as Foursquare and Gowalla have grown exponentially over the past several years. These location-based services utilize the geographical position to enrich user experiences in a variety of contexts, including location-based searching and location-based mobile advertising. To attract more users, the location-based mobile social network services provide real-world rewards to the user, when a user checks in at a certain venue or location. This gives incentives for users to cheat on their locations
Location Cheating: A Security Challenge to Location-based Social Network Services
Location-based mobile social network services such as foursquare and Gowalla
have grown exponentially over the past several years. These location-based
services utilize the geographical position to enrich user experiences in a
variety of contexts, including location-based searching and location-based
mobile advertising. To attract more users, the location-based mobile social
network services provide real-world rewards to the user, when a user checks in
at a certain venue or location. This gives incentives for users to cheat on
their locations. In this report, we investigate the threat of location cheating
attacks, find the root cause of the vulnerability, and outline the possible
defending mechanisms. We use foursquare as an example to introduce a novel
location cheating attack, which can easily pass the current location
verification mechanism (e.g., cheater code of foursquare). We also crawl the
foursquare website. By analyzing the crawled data, we show that automated large
scale cheating is possible. Through this work, we aim to call attention to
location cheating in mobile social network services and provide insights into
the defending mechanisms.Comment: 10 pages, 8 figures, accepted by the 31st International Conference on
Distributed Computing Systems (ICDCS 2011
Byzantine Attack and Defense in Cognitive Radio Networks: A Survey
The Byzantine attack in cooperative spectrum sensing (CSS), also known as the
spectrum sensing data falsification (SSDF) attack in the literature, is one of
the key adversaries to the success of cognitive radio networks (CRNs). In the
past couple of years, the research on the Byzantine attack and defense
strategies has gained worldwide increasing attention. In this paper, we provide
a comprehensive survey and tutorial on the recent advances in the Byzantine
attack and defense for CSS in CRNs. Specifically, we first briefly present the
preliminaries of CSS for general readers, including signal detection
techniques, hypothesis testing, and data fusion. Second, we analyze the spear
and shield relation between Byzantine attack and defense from three aspects:
the vulnerability of CSS to attack, the obstacles in CSS to defense, and the
games between attack and defense. Then, we propose a taxonomy of the existing
Byzantine attack behaviors and elaborate on the corresponding attack
parameters, which determine where, who, how, and when to launch attacks. Next,
from the perspectives of homogeneous or heterogeneous scenarios, we classify
the existing defense algorithms, and provide an in-depth tutorial on the
state-of-the-art Byzantine defense schemes, commonly known as robust or secure
CSS in the literature. Furthermore, we highlight the unsolved research
challenges and depict the future research directions.Comment: Accepted by IEEE Communications Surveys and Tutoiral
Defending against Sybil Devices in Crowdsourced Mapping Services
Real-time crowdsourced maps such as Waze provide timely updates on traffic,
congestion, accidents and points of interest. In this paper, we demonstrate how
lack of strong location authentication allows creation of software-based {\em
Sybil devices} that expose crowdsourced map systems to a variety of security
and privacy attacks. Our experiments show that a single Sybil device with
limited resources can cause havoc on Waze, reporting false congestion and
accidents and automatically rerouting user traffic. More importantly, we
describe techniques to generate Sybil devices at scale, creating armies of
virtual vehicles capable of remotely tracking precise movements for large user
populations while avoiding detection. We propose a new approach to defend
against Sybil devices based on {\em co-location edges}, authenticated records
that attest to the one-time physical co-location of a pair of devices. Over
time, co-location edges combine to form large {\em proximity graphs} that
attest to physical interactions between devices, allowing scalable detection of
virtual vehicles. We demonstrate the efficacy of this approach using
large-scale simulations, and discuss how they can be used to dramatically
reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio
Collusion in Peer-to-Peer Systems
Peer-to-peer systems have reached a widespread use, ranging from academic and industrial applications to home entertainment. The key advantage of this paradigm lies in its scalability and flexibility, consequences of the participants sharing their resources for the common welfare. Security in such systems is a desirable goal. For example, when mission-critical operations or bank transactions are involved, their effectiveness strongly depends on the perception that users have about the system dependability and trustworthiness. A major threat to the security of these systems is the phenomenon of collusion. Peers can be selfish colluders, when they try to fool the system to gain unfair advantages over other peers, or malicious, when their purpose is to subvert the system or disturb other users. The problem, however, has received so far only a marginal attention by the research community. While several solutions exist to counter attacks in peer-to-peer systems, very few of them are meant to directly counter colluders and their attacks. Reputation, micro-payments, and concepts of game theory are currently used as the main means to obtain fairness in the usage of the resources. Our goal is to provide an overview of the topic by examining the key issues involved. We measure the relevance of the problem in the current literature and the effectiveness of existing philosophies against it, to suggest fruitful directions in the further development of the field
The Organizational Design of Intelligence Failures
While the detection, and prevention, of the September 11, 2001 plot would have been ideal, I argue that the more major intelligence failures occurred after the attacks of September 11. The erroneous intelligence concerning the WMD presence in Iraq permitted the Bush Administration to order the invasion of Iraq. Systematic underestimates of the budgetary costs and personnel requirements of the war meant that Congress did not give the matter the debate that it warranted. Finally, incorrect (or incomplete) intelligence concerning the extent of the informal opposition to the U.S. led forces resulted in inadequate numbers of allied forces being deployed and a protracted period of conflict and disruption in Iraq. These facts are all well known to anyone who reads newspapers. I make three arguments in this paper. First, the collection of the intelligence data and its evaluation does not occur in a vacuum. There must always be an organizing theory that motivates the collection and evaluation of the data and that this theory is formulated at the highest levels of the decision making process. Second, it is not possible to construct a truly neutral or objective (analytical) hierarchy. Third, it is impossible to separate the analytical evaluation of the data from the decision that will be based on such evaluation. As an inevitable consequence of these arguments, intelligence analysis and the resulting conclusions are driven by top-down considerations rather than bottom-up as has been argued by some reviewers of recent intelligence failures. Key Words: stable coalitions, self-enforcing agreements, compliance, enforcement, public goods
- …