Privacy in Inter-Vehicular Networks: Why simple pseudonym change is not enough

Inter-vehicle communication (IVC) systems disclose rich location information about vehicles. State-of-the-art security architectures are aware of the problem and provide privacy enhancing mechanisms, notably pseudonymous authentication. However, the granularity and the amount of location information IVC protocols divulge, enable an adversary that eavesdrops all traffic throughout an area, to reconstruct long traces of the whereabouts of the majority of vehicles within the same area. Our analysis in this paper confirms the existence of this kind of threat. As a result, it is questionable if strong location privacy is achievable in IVC systems against a powerful adversary.\u

Routes for breaching and protecting genetic privacy

We are entering the era of ubiquitous genetic information for research, clinical care, and personal curiosity. Sharing these datasets is vital for rapid progress in understanding the genetic basis of human diseases. However, one growing concern is the ability to protect the genetic privacy of the data originators. Here, we technically map threats to genetic privacy and discuss potential mitigation strategies for privacy-preserving dissemination of genetic data.Comment: Draft for comment

Machine learning for early detection of traffic congestion using public transport traffic data

The purpose of this project is to provide better knowledge of how the bus travel times is affected by congestion and other problems in the urban traffic environment. The main source of data for this study is second-level measurements coming from all buses in the Linköping region showing the location of each vehicle.The main goal of this thesis is to propose, implement, test and optimize a machine learning algorithm based on data collected from regional buses from Sweden so that it is able to perform predictions on the future state of the urban traffic.El objetivo principal de este proyecto es proponer, implementar, probar y optimizar un algoritmo de aprendizaje automático basado en datos recopilados de autobuses regionales de Suecia para que poder realizar predicciones sobre el estado futuro del tráfico urbano.L'objectiu principal d'aquest projecte és proposar, implementar, provar i optimitzar un algoritme de machine learning basat en dades recollides a partir d'autobusos regionals de Suècia de manera per poder realitzar prediccions sobre l'estat futur del trànsit urbà

Comparative epidemiology of highly pathogenic avian influenza virus H5N1 and H5N6 in Vietnamese live bird markets: spatio-temporal patterns of distribution and risk factors

Highly pathogenic avian influenza (HPAI) H5N1 virus has been circulating in Vietnam since 2003, whilst outbreaks of HPAI H5N6 virus are more recent, having only been reported since 2014. Although the spatial distribution of H5N1 outbreaks and risk factors for virus occurrence has been extensively studied, there have been no comparative studies for H5N6. Data collected through active surveillance of Vietnamese live bird markets (LBMs) between 2011 and 2015 were used to explore and compare the spatiotemporal distributions of H5N1- and H5N6-positive LBMs. Conditional autoregressive models were developed to quantify spatiotemporal associations between agroecological factors and the two HPAI strains using the same set of predictor variables. Unlike H5N1, which exhibited a strong north–south divide, with repeated occurrence in the extreme south of a cluster of high-risk provinces, H5N6 was homogeneously distributed throughout Vietnam. Similarly, different agroecological factors were associated with each strain. Sample collection in the months of January and February and higher average maximum temperature were associated with higher likelihood of H5N1-positive market-day status. The likelihood of market days being positive for H5N6 increased with decreased river density, and with successive Rounds of data collection. This study highlights marked differences in spatial patterns and risk factors for H5N1 and H5N6 in Vietnam, suggesting the need for tailored surveillance and control approaches

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Private Communication Detection via Side-Channel Attacks

Private communication detection (PCD) enables an ordinary network user to discover communication patterns (e.g., call time, length, frequency, and initiator) between two or more private parties. Analysis of communication patterns between private parties has historically been a powerful tool used by intelligence, military, law-enforcement and business organizations because it can reveal the strength of tie between these parties. Ordinary users are assumed to have neither eavesdropping capabilities (e.g., the network may employ strong anonymity measures) nor the legal authority (e.g. no ability to issue a warrant to network providers) to collect private-communication records. We show that PCD is possible by ordinary users merely by sending packets to various network end-nodes and analyzing the responses. Three approaches for PCD are proposed based on a new type of side channels caused by resource contention, and defenses are proposed. The Resource-Saturation PCD exploits the resource contention (e.g., a fixed-size buffer) by sending carefully designed packets and monitoring different responses. Its effectiveness has been demonstrated on three commercial closed-source VoIP phones. The Stochastic PCD shows that timing side channels in the form of probing responses, which are caused by distinct resource-contention responses when different applications run in end nodes, enable effective PCD despite network and proxy-generated noise (e.g., jitter, delays). It was applied to WiFi and Instant Messaging for resource contention in the radio channel and the keyboard, respectively. Similar analysis enables practical Sybil node detection. Finally, the Service-Priority PCD utilizes the fact that 3G/2G mobile communication systems give higher priority to voice service than data service. This allows detection of the busy status of smartphones, and then discovery of their call records by correlating the busy status. This approach was successfully applied to iPhone and Android phones in AT&T's network. An additional, unanticipated finding was that an Internet user could disable a 2G phone's voice service by probing it with short enough intervals (e.g., 1 second). PCD defenses can be traditional side-channel countermeasures or PCD-specific ones, e.g., monitoring and blocking suspicious periodic network traffic

Location Privacy for Mobile Crowd Sensing through Population Mapping

Opportunistic sensing allows applications to “task” mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street or users\u27 mobile phones to locate (Bluetooth-enabled) objects in their vicinity. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk: even if identifying information has been removed from a report, the accompanying time and location can reveal sufficient information to de-anonymize the user whose device sent the report. We propose and evaluate a novel spatiotemporal blurring mechanism based on tessellation and clustering to protect users\u27 privacy against the system while reporting context. Our technique employs a notion of probabilistic k-anonymity; it allows users to perform local blurring of reports efficiently without an online anonymization server before the data are sent to the system. The proposed scheme can control the degree of certainty in location privacy and the quality of reports through a system parameter. We outline the architecture and security properties of our approach and evaluate our tessellation and clustering algorithm against real mobility traces

Using Markov Models and Statistics to Learn, Extract, Fuse, and Detect Patterns in Raw Data

Many systems are partially stochastic in nature. We have derived data driven approaches for extracting stochastic state machines (Markov models) directly from observed data. This chapter provides an overview of our approach with numerous practical applications. We have used this approach for inferring shipping patterns, exploiting computer system side-channel information, and detecting botnet activities. For contrast, we include a related data-driven statistical inferencing approach that detects and localizes radiation sources.Comment: Accepted by 2017 International Symposium on Sensor Networks, Systems and Securit