12 research outputs found
Longitude : a privacy-preserving location sharing protocol for mobile applications
Location sharing services are becoming increasingly popular. Although many location sharing services allow users to set up privacy policies to control who can access their location, the use made by service providers remains a source of concern. Ideally, location sharing providers and middleware should not be able to access usersā location data without their consent. In this paper, we propose a new location sharing protocol called Longitude that eases privacy concerns by making it possible to share a userās location data blindly and allowing the user to control who can access her location, when and to what degree of precision. The underlying cryptographic algorithms are designed for GPS-enabled mobile phones. We describe and evaluate our implementation for the Nexus One Android mobile phone
Local Messages for Smartphones
This paper describes a new model for local messaging based on the network
proximity. We present a novelty mobile mashup which combines Wi-Fi proximity
measurements with Cloud Messaging. Our mobile mashup combines passive
monitoring for smart phones and cloud based messaging for mobile operational
systems. Passive monitoring can determine the location of mobile subscribers
(mobile phones, actually) without the active participation of mobile users.
This paper describes how to combine the passive monitoring and notifications.Comment: 6 pages. Submitted to CFIC Coimbra 2013 The Conference on Future
Internet Communication
An efficient approach to generating location-sensitive recommendations in ad-hoc social network environments
Social recommendation has been popular and successful in various urban sustainable applications such as online sharing, products recommendation and shopping services. These applications allow users to form several implicit social networks through their daily social interactions. The users in such social networks can rate some interesting items and give comments. The majority of the existing studies have investigated the rating prediction and recommendation of items based on user-item bipartite graph and user-user social graph, so called social recommendation. However, the spatial factor was not considered in their recommendation mechanisms. With the rapid development of the service of location-based social networks, the spatial information gradually affects the quality and correlation of rating and recommendation of items. This paper proposes spatial social union (SSU), an approach of similarity measurement between two users that integrates the interconnection among users, items and locations. The SSU-aware location-sensitive recommendation algorithm is then devised. We evaluate and compare the proposed approach with the existing rating prediction and item recommendation algorithms subject to a real-life data set. Experimental results show that the proposed SSU-aware recommendation algorithm is more effective in recommending items with the better consideration of user's preference and location.This work was supported by the National Natural Science Foundation of China under Grant 61372187. G. Minās work was partly supported by the EU FP7 CLIMBER project under Grant Agreement No. PIRSES-GA-2012-318939. L. T. Yang is the corresponding author
User-Defined Privacy Location-Sharing System in Mobile Online Social Networks
With the fusion of social networks and location-based services, location sharing is one of the most important services in mobile online social networks (mOSNs). In location-sharing services, users have to provide their location information to service provider. However, location information is sensitive to users, which may cause a privacy-preserving issue needs to be solved. In the existing research, location-sharing services, such as friendsā query, does not consider the attacks from friends. In fact, a user may not trust all of his/her friends, so just a part of his/her friends will be allowed to obtain the userās location information. In addition, usersā location privacy and social network privacy should be guaranteed. In order to solve the above problems, we propose a new architecture and a new scheme called User-Defined Privacy Location-Sharing (UDPLS) system for mOSNs. In our scheme, the query time is almost irrelevant to the number of friends. We also evaluate the performance and validate the correctness of our proposed algorithm through extensive simulations
Trust aware system for social networks: A comprehensive survey
Social networks are the platform for the users to get connected with other social network users based on their interest and life styles. Existing social networks have millions of users and the data generated by them are huge and it is difficult to differentiate the real users and the fake users. Hence a trust worthy system is recommended for differentiating the real and fake users. Social networking enables users to send friend requests, upload photos and tag their friends and even suggest them the web links based on the interest of the users. The friends recommended, the photos tagged and web links suggested may be a malware or an untrusted activity. Users on social networks are authorised by providing the personal data. This personal raw data is available to all other users online and there is no protection or methods to secure this data from unknown users. Hence to provide a trustworthy system and to enable real users activities a review on different methods to achieve trustworthy social networking systems are examined in this paper
SafeBox : adaptable spatio-temporal generalization for location privacy protection
Spatial and temporal generalization emerged in the literature as a common approach to preserve location privacy. However, existing solutions have two main shortcomings. First, spatiotemporal generalization can be used with different objectives: for example, to guarantee anonymity or to decrease the sensitivity of the location information. Hence, the strategy used to compute the generalization can follow different semantics often depending on the privacy threat, while most of the existing solutions are specifically designed for a single semantics. Second, existing techniques prevent the so-called inversion attack by adopting a top-down strategy that needs to acquire a large amount of information. This may not be feasible when this information is dynamic (e.g., position or properties of objects) and needs to be acquired from external services (e.g., Google Maps).
In this contribution we present a formal model of the problem that is compatible with most of the semantics proposed so far in the literature, and that supports new semantics as well. Our BottomUp algorithm for spatio-temporal generalization is compatible with the use of online services, it supports generalizations based on arbitrary semantics, and it is safe with respect to the inversion attack. By considering two datasets and two examples of semantics, we experimentally compare BottomUp with a more classical top-down algorithm, showing that BottomUp is efficient and guarantees better performance in terms of the average size (space and time) of the generalized regions
DISCOVERING ANOMALOUS BEHAVIORS BY ADVANCED PROGRAM ANALYSIS TECHNIQUES
As soon as a technology started to be used by the masses, ended
up as a target of the investigation of bad guys that write
malicious software with the only and explicit intent to damage
users and take control of their systems to perform different
types of fraud. Malicious programs, in fact, are a serious threat
for the security and privacy of billions of users. The bad guys
are the main characters of this unstoppable threat which improves
as the time goes by. At the beginning it was pure computer
vandalism, then turned into petty theft followed by cybercrime,
cyber espionage, and finally gray market business. Cybercrime is
a very dangerous threat which consists of, for instance, stealing
credentials of bank accounts, sending SMS to premium number,
stealing user sensitive information, using resources of infected
computer to develop e.g., spam business, DoS, botnets, etc. The
interest of the cybercrime is to intentionally create malicious
programs for its own interest, mostly lucrative. Hence, due to
the malicious activity, cybercriminals have all the interest in
not being detected during the attack, and developing their
programs to be always more resilient against anti-malware
solution. As a proof that this is a dangerous threat, the FBI
reported a decline in physical crime and an increase of
cybercrime. In order to deal with the increasing number of exploits found in
legacy code and to detect malicious code which leverages every
subtle hardware and software detail to escape from malware
analysis tools, the security research community started to
develop and improve various code analysis techniques (static,
dynamic or both), with the aim to detect the different forms of
stealthy malware and to individuate security bugs in legacy
code. Despite the improvement of the research solutions, yet the
current ones are inadequate to face new stealthy and mobile
malware. Following such a line of research, in this dissertation,
we present new program analysis techniques that aim to improve
the analysis environment and deal with mobile malware. To perform
malware analysis, behavior analysis technique is the prominent:
the actions that a program is performing during its real-time
execution are collected to understand its behavior. Nevertheless,
they suffer of some limitations. State-of-the-Art malware
analysis solutions rely on emulated execution environment to
prevent the host to get infected, quickly recover to a pristine
state, and easily collect process information. A drawback of
these solutions is the non-transparency, that is, the execution
environment does not faithfully emulate the physical end-user
environment, which could lead to end up with incomplete
results. In fact, malicious programs could detect when they are
monitored in such environment, and thus modifying their behavior
to mislead the analysis and avoid detection. On the contrary, a
faithful emulator would drastically reduce the chance of
detection of the analysis environment from the analyzed
malware. To this end, we present EmuFuzzer, a novel testing
methodology specific for CPU emulators, based on fuzzing to
verify whether the CPU is properly emulated or not. Another
shortcoming regards the stimulation of the analyzed
application. It is not uncommon that an application exhibit
certain behaviors only when exercised with specific events (i.e.,
button click, insert text, socket connection, etc.). This flaw is
even exacerbated when analyzing mobile application. At this aim,
we introduce CopperDroid, a program analysis tool built on top of
QEMU to automatically perform out-of-the-box dynamic behavior
analysis of Android malware. To this end, CopperDroid presents a
unified analysis to characterize low-level OS-specific and
high-level Android-specific behaviors