Defending against Sybil Devices in Crowdsourced Mapping Services

Real-time crowdsourced maps such as Waze provide timely updates on traffic, congestion, accidents and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based {\em Sybil devices} that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. We propose a new approach to defend against Sybil devices based on {\em co-location edges}, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large {\em proximity graphs} that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and discuss how they can be used to dramatically reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio

New Conditional Privacy-preserving Encryption Schemes in Communication Network

Nowadays the communication networks have acted as nearly the most important fundamental infrastructure in our human society. The basic service provided by the communication networks are like that provided by the ubiquitous public utilities. For example, the cable television network provides the distribution of information to its subscribers, which is much like the water or gas supply systems which distribute the commodities to citizens. The communication network also facilitates the development of many network-based applications such as industrial pipeline controlling in the industrial network, voice over long-term evolution (VoLTE) in the mobile network and mixture reality (MR) in the computer network, etc. Since the communication network plays such a vital role in almost every aspect of our life, undoubtedly, the information transmitted over it should be guarded properly. Roughly, such information can be categorized into either the communicated message or the sensitive information related to the users. Since we already got cryptographical tools, such as encryption schemes, to ensure the confidentiality of communicated messages, it is the sensitive personal information which should be paid special attentions to. Moreover, for the benefit of reducing the network burden in some instances, it may require that only communication information among legitimated users, such as streaming media service subscribers, can be stored and then relayed in the network. In this case, the network should be empowered with the capability to verify whether the transmitted message is exchanged between legitimated users without leaking the privacy of those users. Meanwhile, the intended receiver of a transmitted message should be able to identify the exact message sender for future communication. In order to cater to those requirements, we re-define a notion named conditional user privacy preservation. In this thesis, we investigate the problem how to preserve user conditional privacy in pubic key encryption schemes, which are used to secure the transmitted information in the communication networks. In fact, even the term conditional privacy preservation has appeared in existing works before, there still have great differences between our conditional privacy preservation definition and the one proposed before. For example, in our definition, we do not need a trusted third party (TTP) to help tracing the sender of a message. Besides, the verification of a given encrypted message can be done without any secret. In this thesis, we also introduce more desirable features to our redefined notion user conditional privacy preservation. In our second work, we consider not only the conditional privacy of the message sender but also that of the intended message receiver. This work presents a new encryption scheme which can be implemented in communication networks where there exists a blacklist containing a list of blocked communication channels, and each of them is established by a pair of sender and receiver. With this encryption scheme, a verifier can confirm whether one ciphertext is belonging to a legitimated communication channel without knowing the exact sender and receiver of that ciphertext. With our two previous works, for a given ciphertext, we ensure that no one except its intended receiver can identify the sender. However, the receiver of one message may behave dishonest when it tries to retrieve the real message sender, which incurs the problem that the receiver of a message might manipulate the origin of the message successfully for its own benefit. To tackle this problem, we present a novel encryption scheme in our third work. Apart from preserving user conditional privacy, this work also enforces the receiver to give a publicly verifiable proof so as to convince others that it is honest during the process of identifying the actual message sender. In our forth work, we show our special interest in the access control encryption, or ACE for short, and find this primitive can inherently achieve user conditional privacy preservation to some extent. we present a newly constructed ACE scheme in this work, and our scheme has advantages over existing ACE schemes in two aspects. Firstly, our ACE scheme is more reliable than existing ones since we utilize a distributed sanitizing algorithm and thus avoid the so called single point failure happened in ACE systems with only one sanitizer. Then, since the ciphertext and key size of our scheme is more compact than that of the existing ACE schemes, our scheme enjoys better scalability

KALwEN: A New Practical and Interoperable Key Management Scheme for Body Sensor Networks

Key management is the pillar of a security architecture. Body sensor networks(BSNs) pose several challenges -- some inherited from wireless sensor networks(WSNs), some unique to themselves -- that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new lightweight scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports global broadcast, local broadcast and neighbor-to-neighbor unicast, while preserving past key secrecry and future key secrecy. The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case

Constant-size dynamic k-times anonymous authentication

Dynamic k-times anonymous authentication (k-TAA) schemes allow members of a group to be authenticated anonymously by application providers for a bounded number of times, where application providers can independently and dynamically grant or revoke access right to members in their own group. In this paper, we construct a dynamic k-TAA scheme with space and time complexities of O(log(k)) and a variant, in which the authentication protocol only requires constant time and space complexities at the cost of O(k) -sized public key. We also describe some tradeoff issues between different system characteristics. We detail all the zero-knowledge proof-of-knowledge protocols involved and show that our construction is secure in the random oracle model under the q-strong Diffie-Hellman assumption and q-decisional Diffie-Hellman inversion assumption. We provide a proof-of-concept implementation, experiment on its performance, and show that our scheme is practical