Mobile Security Fall 2011

Similar documents
Wireless Network Security Spring 2013

Wireless Network Security Spring 2014

Wireless Network Security Spring 2011

Wireless Network Security Spring 2011

Wireless Network Security Spring 2011

Mobile Security Fall 2013

C1: Define Security Requirements

Wireless Network Security Spring 2011

Wireless Network Security Spring 2011

Wireless Network Security Spring 2013

Wireless Network Security Spring 2013

Making Smart Use of Geo-location Data

Wireless Network Security Spring 2015

Wireless Network Security Spring 2014

Mobile Security Fall 2011

Wireless Network Security Spring 2016

Mobile Security Fall 2012

TOWARD PRIVACY PRESERVING AND COLLUSION RESISTANCE IN A LOCATION PROOF UPDATING SYSTEM

Wireless Network Security Spring 2011

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Ad-hoc Trusted Information Exchange Scheme for Location Privacy in VANET

0x1A Great Papers in Computer Security

IEEE networking projects

Reliable and Efficient flooding Algorithm for Broadcasting in VANET

An Effective Strategy for Trusted Information Scheme for Location Privacy in VANETs

Lecture 9. Quality of Service in ad hoc wireless networks

Wireless Network Security Spring 2014

CSMC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. Fall 2018 CMSC417 Set 1 1

Lecture 8 Wireless Sensor Networks: Overview

AMOEBA: Robust Location Privacy Scheme for VANET

Wireless Network Security Spring 2012

Wireless Network Security Spring 2013

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

Security Philosophy. Humans have difficulty understanding risk

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

5G-ENSURE. Privacy Enablers. (Project Number )

Wireless Network Security Spring 2015

Wireless Network Security

6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014

Cyber Security and Privacy Issues in Smart Grids

Survey on Traffic Pattern Discovery System For MANETs

The Challenges of Measuring Wireless Networks. David Kotz Dartmouth College August 2005

Chapter 13 Location Privacy

Managing Rogue Devices

2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions

The Case for Secure Communications

LOCATION DATA. Location information from mobile devices is typically obtained using the following:

Session 3: Lawful Interception

New World, New IT, New Security

6.9 Summary. 11/20/2013 Wireless and Mobile Networks (SSL) 6-1. Characteristics of selected wireless link standards a, g point-to-point

Protocols for Anonymous Communication

Security of Mobile Ad Hoc and Wireless Sensor Networks

Enhancement of Routing in Urban Scenario using Link State Routing Protocol and Firefly Optimization

CSC 4900 Computer Networks: Wireless Networks

COOPERATIVE DATA SHARING WITH SECURITY IN VEHICULAR AD-HOC NETWORKS

The Common Controls Framework BY ADOBE

Mobile Security Fall 2013

Chapter 5 Ad Hoc Wireless Network. Jang Ping Sheu

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

A REVIEW PAPER ON DETECTION AND PREVENTION OF WORMHOLE ATTACK IN WIRELESS SENSOR NETWORK

Wireless Network Security Spring 2015

Wireless and WiFi. Daniel Zappala. CS 460 Computer Networking Brigham Young University

UNIT 1 Questions & Solutions

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

How Insecure is Wireless LAN?

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

CARAVAN: Providing Location Privacy for VANET

A Scalable and Secure Key Distribution Scheme for Group Signature based Authentication in VANET. Kiho Lim, Kastuv M. Tuladhar, Xiwei Wang, Weihua Liu

Sybil Attack Detection with Reduced Bandwidth overhead in Urban Vehicular Networks

Achieving Privacy in Mesh Networks

CS 134 Winter Privacy and Anonymity

Fall 2005 Joseph/Tygar/Vazirani/Wagner Final

Privacy in Vehicular Ad-hoc Networks. Nikolaos Alexiou, LCN, EE KTH

Quick Start Guide. Magellan SmartGPS

(Geo)Location, Location, Location.!! Matt Blaze University of Pennsylvania

Network Access Control and VoIP. Ben Hostetler Senior Information Security Advisor

Efficient Authentication and Congestion Control for Vehicular Ad Hoc Network

Wi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018

Mitigating the Effects of Position-Based Routing Attacks in Vehicular Ad Hoc Networks

RapidSOS NG911 Clearinghouse Toolkit for Zetron Customers

LBI Public Information. Please consider the impact to the environment before printing this.

Putting People in their Place: An Anonymous and Privacy-Sensitive Approach to Collecting Sensed Data in Location-Based Applications

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Overview of Challenges in VANET

ECE 4450:427/527 - Computer Networks Spring 2017

Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe

Mobile and Sensor Systems

Subject: Adhoc Networks

Wireless LAN Security (RM12/2002)

Swing & Swap: User-Centric Approaches Towards Maximizing Location Privacy

Wireless Network Security Spring 2016

Security by Spatial Reference

IT ACCEPTABLE USE POLICY

Automotive Cyber Security

Pervasive Wireless Scenarios and Research Challenges Spring 08 Research Review Jun 2, 2008

MOBILE COMPUTING 2/11/18. Location-based Services: Definition. Convergence of Technologies LBS. CSE 40814/60814 Spring 2018

1 Wireless Network Architecture

Sarri Gilman Privacy Policy

Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos

Transcription:

Mobile Security 14-829 Fall 2011 Patrick Tague Class #17 Location Security and Privacy

HW #3 is due today Announcements Exam is in-class on Nov 9

Agenda Location security Location privacy

Location, Location, Location Incorporation of location information into various protocols and services has changed the landscape in networked systems across domains. Geo-spatial resource provisioning Location-based applications & services Distributed tracking & monitoring Geographic network services (e.g., routing) Navigation & mapping Social networking

Location Security What does it mean to secure location? Location privacy Location secrecy Selective location disclosure Malicious location estimation service Estimation precision Spoofing Untraceability Misleading, lying, etc.

Secure Localization Is it possible to secure the location estimation process? Process of localization is based on reference data Is the source trustworthy? Can the data be verified? Is the data reliable? Location estimation services can be attacked Vulnerabilities? How to mitigate them? Reference data may be noisy or imprecise How to incorporate redundancy for reliable location estimation? System or devices may be tightly constrained How efficient is the estimation algorithm? What are the trade-offs?

Location in Different Domains Secure location estimation: GPS MANET and WSN WLAN Smartphones

GPS Localization GPS satellites serve as mobile reference points for Earth-based receivers All satellites have high-precision, tightly synchronized clocks and precisely known locations Receivers use timing information to measure distance from multiple satellites (3 is enough, more is better) Location is estimated using 3-D multi-lateration Dist d 2 from (x 2,y 2,z 2 ) Dist d 3 from (x 3,y 3,z 3 ) Dist d 1 from (x 1,y 1,z 1 )

GPS Location Security GPS satellite network is well guarded Physical security: so you want to tamper with a satellite...? Reliability: clocks are closely monitored GPS Spoofing Rogue GPS devices can look like satellites Interfere with time-sync process Spoofing signal

Localization Many different types of localization using infrastructure-based or distributed approaches Many techniques mimic GPS in one way or another Trusted devices can serve as reference points Physical characteristics provide distance estimates or bounds from reference points Resource constraints are limiting factor Algorithms must be fast and efficient GPS is not cost-effective for continual use in batterpowered devices

Relative Localization Each localizing device collects geometric relationships relative to several reference points (x i,y i ) Local presence I can hear you, so I must be near (x,y) Connectivity Rx signal strength RSS = R distance d Time of flight Time t distance d Time-difference Time t 2 -t 1 distance d Angle of arrival q 1 q 2

Securing Relative Measurements Measurements taken with respect to reference points should be: Authentic Measurements from authorized reference points only Verifiable Integrity of measurement should be guaranteed If possible, physical measurement should be unforgeable Highly available Location information should be ready when needed Protected from various forms of attack

Example: SeRLoc [Lazos & Poovendran, 2004] SeRLoc = Secure Range-independent Localization L 2 L 1 L 4 L 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 2 3 3 3 3 4 4 4 3 3 3 3 3 3 1 1 2 2 2 3 4 4 4 4 4 4 4 3 3 2 2 1 1 2 2 4 4 4 4 4 4 4 4 4 4 3 3 2 2 2 2 2 3 4 4 4 4 4 4 4 4 3 2 2 2 2 2 3 3 3 3 4 4 4 4 4 4 3 3 2 2 2 2 2 2 3 3 3 3 4 4 4 4 3 3 2 2 2 2 1 2 2 2 3 3 3 3 4 4 3 2 2 2 3 4 3 2 2 2 3 3 3 3 3 2 2 2 2 1 1 1 1 1 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 L i : { (X i, Y i ) (θ i,1, θ i,2 ) (H n-j (PW i )), j, ID Li } K0

Example: Verifiable Multilateration [Čapkun & Hubaux, 2005] Basic idea of VM: Using distance bounding, an attacker can only increase the measured distance Time of flight N 1 *N 2 N 1 Time t distance d VM benefit: Increasing distance measurements will either have negligible effect on location or be large enough to detect misbehavior

Mobility Helps Localization M i Mobile Node Reference 1 Distance M 4 M 3 2 Compass Estimated New position estimated is centroid position of intersection

WLAN Localization WiFi localization is typically based on received signal strength mappings within buildings This is currently deployed in Bldg 23 With additional assistance from Bluetooth beacons Requires building surveys for training data

Smartphone Localization Hybrid devices can use hybrid localization A-GPS + WiFi localization + cell triangulation A-GPS (assisted GPS) allows a receiver to get additional information from an assistance server to lock on to satellites more quickly to solve time-to-first-fix problems Mobile mesh nodes will be able to use any combination of selective (A-)GPS, mobility information, and relative location

Location Privacy What about location privacy? Why do we care? How to prevent location disclosure? How to prevent location inference?

Location Disclosure Benefits of disclosing one's location e-911 service (gov'tmandated location tracking) Navigation & mapping Location-sensitive ads Local traffic / weather Finder apps Social networking Remote monitoring (e.g., tracking children) Safety (e.g., in VANET) Risks of location disclosure Tracking / linking Surveillance Inferring context: lifestyle, medical condition, political views, preferences Targeted malice (e.g., stalking) Location-sensitive ad spam

Cellular Location Service providers are required by law to track cell phone locations using GPS or tower-based triangulation For emergency use, law enforcement use, etc. Disclosure of location information is tightly regulated Mostly opt-in disclosure only Mobile apps and services using location are not part of this protection

Location Privacy in Apps Third-party apps are subject to different laws and policies regarding location Apps can (and do!) take advantage of unnecessary privileges to record users' location, movement, etc. Location privacy is really in the hands of the mobile developers, not the users or providers Significant number of selected Android apps recently shown to incorrectly manage sensitive info [Enck et al., TaintDroid, USENIX OSDI 2010]

WLAN Location Challenges to location privacy in WLAN Network operators are untrusted High density of APs; many may be malicious Precise (~1m) localization Broadcast IDs (MAC addresses) Very easy to eavesdrop on devices' MAC addresses, even if security features are enabled Static MACs allow for easy tracking of devices/users MAC pseudonyms can be used to prevent tracking As long as previous/current MAC addresses are unlinkable [Gruteser & Grunwald, WMASH 2003]

Mitigating Traceability Preventing packet correlation for tracking In WiFi, RFID, Bluetooth, etc. Synchronization, shared secrets, and PRNG are enough to use pseudonyms effectively (as in WiFi systems) Without sync + PRNGs (such as RFID tags), a trusted authority (RFID database) can store ID-to-pseudonym look-up table [Alomair et al., DSN 2010] Even with ID pseudonymity, attackers can observe and correlate traffic to trace users Location privacy isn't just about the location or the user ID

Traffic Anonymization In multi-hop networks (MANET/WSN), packet linking via traffic analysis can expose source and relay locations Analysis of inter-packet timing reveals correlation Possible approach to source anonymity is to inject dummy traffic and randomize packet timing to reduce correlation [Alomair et al., Globecom 2010]

Leveraging Silence Communication is typically bursty Short-lived sessions of activity, followed by sessions of inactivity, or silence Silent periods can be used instead of synchronization Sender and receiver know to refresh pseudonyms whenever a burst session begins Vehicular networks (VANET) [Sampigethaya et al., ESCAR 2005]

Location Privacy Challenges 1. Understanding the privacy goals What needs to be protected? What are the rules to be enforced? 2. Understanding the threat What are attackers goals, capabilities, methods,? Practicality of attacker assumptions? 3. Metrics How to measure privacy protection and enforcement? How to evaluate and incorporate risk?

Concerns for Developers What can developers do to protect location? Protect explicit location information Secure storage of location data Don't store it at all Protect against location leakage - implicit info Include an anonymization mechanism to protect against tracking, traffic analysis, etc. Develop according to a well-defined attacker model Disclose location usage to users

Concerns with Developers Unfortunately: Malicious developers can scrape location information very easily Users are responsible for checking permissions to see what apps are allowed to do Users are responsible for reading license agreements and disclosure statements to see what developers claim they are doing with user data

What's Next? 11/2: SURVEY on mobile location privacy 11/7: Guest speaker Didier Serra, Inside Secure 11/9: Exam

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback