23 research outputs found
DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification
Copresence verification based on context can improve usability and strengthen
security of many authentication and access control systems. By sensing and
comparing their surroundings, two or more devices can tell whether they are
copresent and use this information to make access control decisions. To the
best of our knowledge, all context-based copresence verification mechanisms to
date are susceptible to context-manipulation attacks. In such attacks, a
distributed adversary replicates the same context at the (different) locations
of the victim devices, and induces them to believe that they are copresent. In
this paper we propose DoubleEcho, a context-based copresence verification
technique that leverages acoustic Room Impulse Response (RIR) to mitigate
context-manipulation attacks. In DoubleEcho, one device emits a wide-band
audible chirp and all participating devices record reflections of the chirp
from the surrounding environment. Since RIR is, by its very nature, dependent
on the physical surroundings, it constitutes a unique location signature that
is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR
data with various mobile devices and in a range of different locations. We show
that DoubleEcho mitigates context-manipulation attacks whereas all other
approaches to date are entirely vulnerable to such attacks. DoubleEcho detects
copresence (or lack thereof) in roughly 2 seconds and works on commodity
devices
Impact of Positioning Technology on Human Navigation
In navigation from one place to another, spatial knowledge helps us establish a destination and route while travelling. Therefore, sufficient spatial knowledge is a vital element in successful navigation. To build adequate spatial knowledge, various forms of spatial tools have been introduced to deliver spatial information without direct experience (maps, descriptions, pictures, etc.). An innovation developed in the 1970s and available on many handheld platforms from the early 2000s is the Global Position System (GPS) and related map and text-based navigation support systems.
Contemporary technical achievements, such as GPS, have made navigation more effective, efficient, and comfortable in most outdoor environments. Because GPS delivers such accurate information, human navigation can be supported without specific spatial knowledge. Unfortunately, there is no universal and accurate navigation system for indoor environments. Since smartphones have become increasingly popular, we can more frequently and easily access various positioning services that appear to work both indoors and outdoors. The expansion of positioning services and related navigation technology have changed the nature of navigation. For example, routes to destination are progressively determined by a “system,” not the individual. Unfortunately we only have a partial and nascent notion of how such an intervention affects spatial behaviour. The practical purpose of this research is to develop a trustworthy positioning system that functions in indoor environments and identify those aspects those should be considered before deploying Indoor Positioning System (IPS), all towards the goal of maintaining affordable positioning accuracy, quality, and consistency. In the same way that GPS provides worry free directions and navigation support, an IPS would extend such opportunities to many of our built environments. Unfortunately, just as we know little about how GPS, or any real time navigation system, affects human navigation, there is little evidence suggesting how such a system (indoors or outdoors) changes how we find our way. For this reason, in addition to specifying an indoor position system, this research examines the difference in human’s spatial behaviour based on the availability of a navigation system and evaluates the impact of varying the levels of availability of such tools (not available, partially available, or full availability). This research relies on outdoor GPS, but when such systems are available indoors and meet the accuracy and reliability or GPS, the results will be generalizable to such situations
Security of GPS/INS based On-road Location Tracking Systems
Location information is critical to a wide-variety of navigation and tracking
applications. Today, GPS is the de-facto outdoor localization system but has
been shown to be vulnerable to signal spoofing attacks. Inertial Navigation
Systems (INS) are emerging as a popular complementary system, especially in
road transportation systems as they enable improved navigation and tracking as
well as offer resilience to wireless signals spoofing, and jamming attacks. In
this paper, we evaluate the security guarantees of INS-aided GPS tracking and
navigation for road transportation systems. We consider an adversary required
to travel from a source location to a destination, and monitored by a INS-aided
GPS system. The goal of the adversary is to travel to alternate locations
without being detected. We developed and evaluated algorithms that achieve such
goal, providing the adversary significant latitude. Our algorithms build a
graph model for a given road network and enable us to derive potential
destinations an attacker can reach without raising alarms even with the
INS-aided GPS tracking and navigation system. The algorithms render the
gyroscope and accelerometer sensors useless as they generate road trajectories
indistinguishable from plausible paths (both in terms of turn angles and roads
curvature). We also designed, built, and demonstrated that the magnetometer can
be actively spoofed using a combination of carefully controlled coils. We
implemented and evaluated the impact of the attack using both real-world and
simulated driving traces in more than 10 cities located around the world. Our
evaluations show that it is possible for an attacker to reach destinations that
are as far as 30 km away from the true destination without being detected. We
also show that it is possible for the adversary to reach almost 60-80% of
possible points within the target region in some cities
I know your MAC address: targeted tracking of individual using Wi-Fi
International audienceThis work is about wireless communications technologies embedded in portable devices, namely Wi-Fi, Bluetooth and GSM. Focusing on Wi-Fi, we study the privacy issues and potential missuses that can affect the owners of wireless-enabled portable devices. Wi-Fi enable-devices periodically broadcast in plain-text their unique identifier along with other sensitive information. As a consequence, their owners are vulnerable to a range of privacy breaches such as the tracking of their movement and inference of private information (Cunche et al. in Pervasive Mobile Comput, 2013; Greenstein in Proceedings of the 11th USENIX workshop on hot topics in operating systems, pp 10:1-10:6. USENIX Association, Berkeley, 2007). As serious as those information leakage can be, linking a device with an individual and its real world identity is not a straightforward task. Focusing on this problem, we present a set of attacks that allow an attacker to link a Wi-Fi device to its owner identity. We present two methods that, given an individual of interest, allow identifying the MAC address of its Wi-Fi enabled portable device. Those methods do not require a physical access to the device and can be performed remotely, reducing the risks of being noticed. Finally we present scenarios in which the knowledge of an individual MAC address could be used for mischief
Third party positioning services: novel challenges for location privacy in LBS
Acommon assumption in the research community working on location privacy in locationbased
services (LBS) is that the location sources are trusted. In this paper we present a different perspective. We argue that, because of the deployment of wifi-based/hybrid positioning techniques
and web-based LBSs, the user\u2019s location is increasingly computed by third-party location providers which may be not fully trusted. This change of perspective challenges the effectiveness of current
location privacy-preserving techniques. To support this thesis we present an empirical investigation of the privacy issues raised by web-based LBSs. Moreover, following a holistic approach, we present the problem from three different and complementary angles, i.e., technical, user-based, and legal.
The overall picture suggests a novel direction of research
Taming the Golden Goose: Private Companies, Consumer Geolocation Data, and the Need for a Class Action Regime for Privacy Protection
With the implementation of new geolocation technologies, the boundaries between private versus commercial and secret versus easily ascertainable have vanished. Consumer information that was once very difficult and prohibitively expensive to ascertain, catalogue, and recall is available to companies at the click of a button. Not only that, but the collecting company can share consumer information with other companies even more easily than it can initially collect the information. Today, with the widespread use of smartphone and location-enabled tablet devices, it is possible for location services to determine and plot the location and travel of the device and thereby the travel and habits of the owner. Companies can use the collected customer information to sell products, and they can sell the information to third parties for a variety of both benign and malicious purposes. Meanwhile, skilled hackers can steal consumer information.
After analyzing the current legal landscape of consumer privacy law as it relates to geolocation services, this Note argues that US and global consumers need the United States to act. In order to foster trust in corporations and the market, Congress should enact a framework that assures consumers of sufficient protection of those details that consumers hold intrinsically private, such as their personal locations. This Note concludes by examining the bills currently under consideration by Congress and their respective deficiencies