Mitigating Location Privacy Attacks on Mobile Devices using Dynamic App Sandboxing

We present the design, implementation and evaluation of a system, called MATRIX, developed to protect the privacy of mobile device users from location inference and sensor side-channel attacks. MATRIX gives users control and visibility over location and sensor (e.g., Accelerometers and Gyroscopes) accesses by mobile apps. It implements a PrivoScope service that audits all location and sensor accesses by apps on the device and generates real-time notifications and graphs for visualizing these accesses; and a Synthetic Location service to enable users to provide obfuscated or synthetic location trajectories or sensor traces to apps they find useful, but do not trust with their private information. The services are designed to be extensible and easy for users, hiding all of the underlying complexity from them. MATRIX also implements a Location Provider component that generates realistic privacy-preserving synthetic identities and trajectories for users by incorporating traffic information using historical data from Google Maps Directions API, and accelerations using statistical information from user driving experiments. The random traffic patterns are generated by modeling/solving user schedule using a randomized linear program and modeling/solving for user driving behavior using a quadratic program. We extensively evaluated MATRIX using user studies, popular location-driven apps and machine learning techniques, and demonstrate that it is portable to most Android devices globally, is reliable, has low-overhead, and generates synthetic trajectories that are difficult to differentiate from real mobility trajectories by an adversary

Holistic Collaborative Privacy Framework for Users' Privacy in Social Recommender Service

The current business model for existing recommender services is centered around the availability of users' personal data at their side whereas consumers have to trust that the recommender service providers will not use their data in a malicious way. With the increasing number of cases for privacy breaches, different countries and corporations have issued privacy laws and regulations to define the best practices for the protection of personal information. The data protection directive 95/46/EC and the privacy principles established by the Organization for Economic Cooperation and Development (OECD) are examples of such regulation frameworks. In this paper, we assert that utilizing third-party recommender services to generate accurate referrals are feasible, while preserving the privacy of the users' sensitive information which will be residing on a clear form only on his/her own device. As a result, each user who benefits from the third-party recommender service will have absolute control over what to release from his/her own preferences. We proposed a collaborative privacy middleware that executes a two stage concealment process within a distributed data collection protocol in order to attain this claim. Additionally, the proposed solution complies with one of the common privacy regulation frameworks for fair information practice in a natural and functional way -which is OECD privacy principles. The approach presented in this paper is easily integrated into the current business model as it is implemented using a middleware that runs at the end-users side and utilizes the social nature of content distribution services to implement a topological data collection protocol

Trustware: A Device-based Protocol for Verifying Client Legitimacy

Online services commonly attempt to verify the legitimacy of users with CAPTCHAs. However, CAPTCHAs are annoying for users, often difficult for users to solve, and can be defeated using cheap labor or, increasingly, with improved algorithms. We propose a new protocol for clients to prove their legitimacy, allowing the client's devices to vouch for the client. The client's devices, and those in close proximity, provide a one-time passcode that is verified by the device manufacturer. This verification proves that the client has physical access to expensive and trusted devices, vouching for the client's legitimacy

Framework for Wireless Network Security using Quantum Cryptography

Data that is transient over an unsecured wireless network is always susceptible to being intercepted by anyone within the range of the wireless signal. Hence providing secure communication to keep the user information and devices safe when connected wirelessly has become one of the major concerns. Quantum cryptography provides a solution towards absolute communication security over the network by encoding information as polarized photons, which can be sent through the air. This paper explores on the aspect of application of quantum cryptography in wireless networks. In this paper we present a methodology for integrating quantum cryptography and security of IEEE 802.11 wireless networks in terms of distribution of the encryption keys.Comment: 17 pages, 11 figure

White Paper on Critical and Massive Machine Type Communication Towards 6G

The society as a whole, and many vertical sectors in particular, is becoming increasingly digitalized. Machine Type Communication (MTC), encompassing its massive and critical aspects, and ubiquitous wireless connectivity are among the main enablers of such digitization at large. The recently introduced 5G New Radio is natively designed to support both aspects of MTC to promote the digital transformation of the society. However, it is evident that some of the more demanding requirements cannot be fully supported by 5G networks. Alongside, further development of the society towards 2030 will give rise to new and more stringent requirements on wireless connectivity in general, and MTC in particular. Driven by the societal trends towards 2030, the next generation (6G) will be an agile and efficient convergent network serving a set of diverse service classes and a wide range of key performance indicators (KPI). This white paper explores the main drivers and requirements of an MTC-optimized 6G network, and discusses the following six key research questions: - Will the main KPIs of 5G continue to be the dominant KPIs in 6G; or will there emerge new key metrics? - How to deliver different E2E service mandates with different KPI requirements considering joint-optimization at the physical up to the application layer? - What are the key enablers towards designing ultra-low power receivers and highly efficient sleep modes? - How to tackle a disruptive rather than incremental joint design of a massively scalable waveform and medium access policy for global MTC connectivity? - How to support new service classes characterizing mission-critical and dependable MTC in 6G? - What are the potential enablers of long term, lightweight and flexible privacy and security schemes considering MTC device requirements?Comment: White paper by http://www.6GFlagship.co

Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping

The proliferation of smart home Internet of Things (IoT) devices presents unprecedented challenges for preserving privacy within the home. In this paper, we demonstrate that a passive network observer (e.g., an Internet service provider) can infer private in-home activities by analyzing Internet traffic from commercially available smart home devices even when the devices use end-to-end transport-layer encryption. We evaluate common approaches for defending against these types of traffic analysis attacks, including firewalls, virtual private networks, and independent link padding, and find that none sufficiently conceal user activities with reasonable data overhead. We develop a new defense, "stochastic traffic padding" (STP), that makes it difficult for a passive network adversary to reliably distinguish genuine user activities from generated traffic patterns designed to look like user interactions. Our analysis provides a theoretical bound on an adversary's ability to accurately detect genuine user activities as a function of the amount of additional cover traffic generated by the defense technique.Comment: 21 pages, 9 figures, 4 tables. This article draws heavily from arXiv:1705.06805, arXiv:1705.06809, and arXiv:1708.05044. Camera-ready versio

Learning Differentially Private Recurrent Language Models

We demonstrate that it is possible to train large recurrent language models with user-level differential privacy guarantees with only a negligible cost in predictive accuracy. Our work builds on recent advances in the training of deep networks on user-partitioned data and privacy accounting for stochastic gradient descent. In particular, we add user-level privacy protection to the federated averaging algorithm, which makes "large step" updates from user-level data. Our work demonstrates that given a dataset with a sufficiently large number of users (a requirement easily met by even small internet-scale datasets), achieving differential privacy comes at the cost of increased computation, rather than in decreased utility as in most prior work. We find that our private LSTM language models are quantitatively and qualitatively similar to un-noised models when trained on a large dataset.Comment: Camera-ready ICLR 2018 version, minor edits from previou

Key Generation and Certification using Multilayer Perceptron in Wireless communication(KGCMLP)

In this paper, a key generation and certification technique using multilayer perceptron (KGCMLP) has been proposed in wireless communication of data/information. In this proposed KGCMLP technique both sender and receiver uses an identical multilayer perceptrons. Both perceptrons are start synchronization by exchanging some control frames. During synchronization process message integrity test and synchronization test has been carried out. Only the synchronization test does not guarantee the security for this reason key certification phase also been introduced in KGCMLP technique. After Key generation and certification procedure synchronized identical weight vector forms the key for encryption/decryption. Parametric tests have been done and results are compared with some existing classical techniques, which show comparable results for the proposed technique.Comment: 17 pages, International Journal of Security, Privacy and Trust Management (IJSPTM), Vol. 1, No 5, October 2012. arXiv admin note: substantial text overlap with arXiv:1208.2334; and text overlap with arXiv:0711.2411 by other author