Revocation Games in Ephemeral Networks

An ephemeral network is usually defined by the very short-lived and heterogeneous nature of interactions among self-organizing wireless devices. The wide penetration in everyday gadgets of radio technologies operating in unlicensed frequency spectrum, such as Bluetooth or 802.11 WLANs, accentuates the risk involved in communicating with unknown nodes, especially in hostile environments. Thus, misbehavior in ephemeral networks poses a serious threat to both well-behaving nodes and the network itself. The lack of centralized infrastructure and control makes such networks vulnerable to abuses, resulting in local service degradations and interruptions. Due to the short-lived and heterogeneous contacts among nodes, the reputation mechanisms based on repeated interactions are hard to establish and thus local revocation schemes seem to better cope with the highly volatile network model. In this report, we present a fully distributed scheme for local revocation of public-key certificates using a game-theoretic approach, in which each node selfishly decides on its actions and where, for each action, there is an associated cost and benefit. By providing incentives, dynamic costs and thanks to the history of previous behavior, our payoff model establishes the best course of actions for all the involved devices on-the-fly, such that the resulting revocation generates the least cost for the collectivity of players, i.e. a successful revocation that is also socially optimal. Based on the analytical results, we then formally define such algorithm and evaluate its performance through simulations. We show that our scheme is both accurate and effective in quickly removing malicious devices from the network

Optimizing Mix-zone Coverage in Pervasive Wireless Networks

Location privacy is a major concern in pervasive networks where static device identifiers enable malicious eavesdroppers to continuously track users and their movements. In order to prevent such identifier-based tracking, devices could coordinate regular identifier change operations in special areas called mix-zones. Although mix-zones provide spatio-temporal de-correlation between old and new identifiers, depending on the position of the mix-zone, identifier changes can generate a substantial inconvenience (or ``cost") to the users in terms of lost communications and increased energy consumption. In this paper, we address this trade-off between privacy and cost by studying the problem of determining an optimal set of mix-zones such that the degree of mixing in the network is maximized and the overall network-wide mixing cost is minimized. We follow a graph-theoretic approach and model the optimal mixing problem as a novel generalization of the vertex cover problem, called the \textit{Mix Cover (MC)} problem. We propose three approximation algorithms for the MC problem and derive a lower bound on the solution quality guaranteed by them. We also outline two other heuristics for solving the MC problem, which are simple but do not provide any guarantees on the solution quality. By means of extensive empirical evaluation using real data, we compare the performance and solution quality of these algorithms. The combinatorics-based approach used in this work enables us to study the feasibility of determining optimal mix-zones regularly and under dynamic network conditions

A Study on the Use of Checksums for Integrity Verification of Web Downloads

App stores provide access to millions of different programs that users can download on their computers. Developers can also make their programs available for download on their websites and host the program files either directly on their website or on third-party platforms, such as mirrors. In the latter case, as users download the software without any vetting from the developers, they should take the necessary precautions to ensure that it is authentic. One way to accomplish this is to check that the published file’s integrity verification code – the checksum – matches that (if provided) of the downloaded file. To date, however, there is little evidence to suggest that such process is effective. Even worse, very few usability studies about it exist. In this paper, we provide the first comprehensive study that assesses the usability and effectiveness of the manual checksum verification process. First, by means of an in-situ experiment with 40 participants and eye-tracking technology, we show that the process is cumbersome and error-prone. Second, after a 4-month long in-the-wild experiment with 134 participants, we demonstrate how our proposed solution – a Chrome extension that verifies checksums automatically – significantly reduces human errors, improves coverage, and has only limited impact on usability. It also confirms that, sadly, only a tiny minority of websites that link to executable files in our sample provide checksums (0.01%), which is a strong call to action for web standards bodies, service providers and content creators to increase the use of file integrity verification on their properties

OREN: Optimal Revocations in Ephemeral Networks

Public-key certificates allow a multitude of entities to securely exchange and verify the authenticity of data. However, the ability to effectively revoke compromised or untrustworthy certificates is of great importance when coping with misbehavior. In this paper, we design a fully distributed local certificate revocation scheme for ephemeral networks - a class of extremely volatile wireless networks with short-duration and short-range communications - based on a game-theoretic approach. First, by providing incentives, we can guarantee the successful revocation of the malicious nodes even if they collude. Second, thanks to the records of past behavior, we dynamically adapt the parameters to nodes' reputations and establish the optimal Nash equilibrium (NE) on-the-fly, minimizing the social cost of the revocation. Third, based on the analytical results, we define OREN, a unique optimal NE selection protocol, and evaluate its performance through simulations. We show that our scheme is effective in quickly and efficiently removing malicious devices from the network

Inferring Social Ties in Pervasive Networks: An On-Campus Comparative Study

International audienceWiFi base stations are increasingly deployed in both public spaces and private companies, and the increase in their density poses a significant threat to the privacy of users. Prior studies have shown that it is possible to infer the social ties between users from their (co-)location traces but they lack one important component: the comparison of the inference accuracy between an internal attacker (e.g., a curious application running on the device) and a realistic external eavesdropper (e.g., a network of snifing stations) in the same field trial. We experimentally show that such an eavesdropper can infer the type of social ties between mobile users better than an internal attacker

"Once Upon a Place": Compute Your Meeting Location Privately

Popular services such as Doodle Mobile and Tymelie are extremely useful planning tools that enable mobile-phone users to determine common meeting time(s) for events. Similar planning tools for determining optimal meeting locations, based on the location preferences of the users, are highly desirable for event planning and management in popular mobile phone applications, such as taxi sharing, route planning and mobile participatory sensing. Yet, they have received very little attention by researchers. An important, and often overlooked, facet of such planning applications is the privacy of the participating users and their preferences; users want to agree on a meeting location without necessarily revealing their location preferences to the service provider or to the other users. In this paper, we address the problem of privacy-preserving optimal meeting-location computation, especially focusing on its applicability to current mobile devices and applications. We first define the notion of privacy in such computations. Second, we model the problem of optimal meeting-location computation as a privacy-preserving k-center problem and we design two solutions; both solutions take advantage of the homomorphic properties of well-known cryptosystems by Boneh-Goh-Nissim, ElGamal and Paillier in order to perform oblivious computations. Third, we implement the proposed solutions on a testbed of the latest generation Nokia mobile devices and study their performance. Finally, we assess the utility and expectations, in terms of privacy and usability, of the proposed solutions by means of a targeted survey and user-study of mobile-phone users

Privacy in Mobile Computing for Location-Sharing-Based Services

Location-Sharing-Based Services (LSBS) complement Location-Based Services by using locations from a group of users, and not just individuals, to provide some contextualized service based on the locations in the group. However, there are growing concerns about the misuse of location data by third-parties, which fuels the need for more privacy controls in such services. We address the relevant problem of privacy in LSBSs by providing practical and effective solutions to the privacy problem in one such service, namely the fair rendez-vous point (FRVP) determination service. The privacy preserving FRVP (PPFRVP) problem is general enough and nicely captures the computations and privacy requirements in LSBSs. In this paper, we propose two privacy-preserving algorithms for the FRVP problem and analytically evaluate their privacy in both passive and active adversarial scenarios. We study the practical feasibility and performance of the proposed approaches by implementing them on Nokia mobile devices. By means of a targeted user-study, we attempt to gain further understanding of the popularity, the privacy and acceptance of the proposed solutions

Secure and Private Proofs for Location-Based Activity Summaries in Urban Areas

Activity-based social networks, where people upload and share information about their location-based activities (e.g., the routes of their activities), are increasingly popular. Such systems, however, raise privacy and security issues: the service providers know the exact locations of their users; the users can report fake location information to, for example, unduly brag about their performance. In this paper, we propose a secure privacy-preserving system for reporting location-based activity summaries (e.g., the total distance covered and the elevation gain). Our solution is based on a combination of cryptographic techniques and geometric algorithms, and it relies on existing Wi-Fi access point networks deployed in urban areas. We evaluate our solution by using real data-sets from the FON community networks and from the Garmin Connect activity-based social network, and show that it can achieve tight (up to a median accuracy of 79%) verifiable lower-bounds of the distance covered and of the elevation gain, while protecting the location privacy of the users with respect to both the social network operator and the access point network operator(s)

Adaptive Information-Sharing for Privacy-Aware Mobile Social Networks

Personal and contextual information are increasingly shared via mobile social networks. Users' locations, activities and their co-presence can be shared easily with online ``friends'', as their smartphones already access such information from embedded sensors and storage. Yet, people usually exhibit selective sharing behavior depending on contextual attributes, thus showing that privacy, utility, and usability are paramount to the success of such online services. In this paper, we present SPISM, a novel information-sharing system that decides (semi-)automatically whether to share information with others, whenever they request it, and at what granularity. Based on active machine learning and context, SPISM adapts to each user's behavior and it predicts the level of detail for each sharing decision, without revealing any personal information to a third-party. Based on a personalized survey about information sharing involving 70 participants, our results provide insight into the most influential features behind a sharing decision. Moreover, we investigate the reasons for the users' decisions and their confidence in them. We show that SPISM significantly outperforms other kinds of global and individual policies, by achieving up to 90% of correct decisions