Poster: Defending against Sybil Devices in Crowdsourced Mapping Services

Crowdsourcing is a unique and practical approach to obtain personalized data and content. Its impact is especially significant in providing commentary, reviews and metadata, on a variety of location based services. In this study, we examine reliability of the Waze mapping service, and its vulnerability to a variety of location-based attacks. Our goals are to understand the severity of the problem, shed light on the general problem of location and device authentication, and explore the efficacy of potential defenses. Our preliminary results already show that a single attacker with limited resources can cause havoc on Waze, producing "virtual" congestion and accidents, automatically re-routing user traffic, and compromising user privacy by tracking users' precise movements via software while staying undetected.

[1]  Alec Wolman,et al.  I am a sensor, and I approve this message , 2010, HotMobile '10.

[2]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[3]  Bogdan Carbunar,et al.  You unlocked the Mt. Everest badge on foursquare! Countering location fraud in Geosocial Networks , 2012, 2012 IEEE 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS 2012).

[4]  Krishna P. Gummadi,et al.  An analysis of social network-based Sybil defenses , 2010, SIGCOMM '10.

[5]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[6]  Reza Curtmola,et al.  LINK: Location Verification through Immediate Neighbors Knowledge , 2010, MobiQuitous.

[7]  Xin Liu,et al.  Exploring social properties in vehicular ad hoc networks , 2012, Internetware.

[8]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[9]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[10]  Guohong Cao,et al.  Toward Privacy Preserving and Collusion Resistance in a Location Proof Updating System , 2013, IEEE Transactions on Mobile Computing.

[11]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[12]  George Danezis,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2009, NDSS.

[13]  Tobias Jeske Floating Car Data from Smartphones : What Google and Waze Know About You and How Hackers Can Control Traffic , 2013 .

[14]  Gang Wang,et al.  Social Turing Tests: Crowdsourcing Sybil Detection , 2012, NDSS.

[15]  Carl D. Meyer,et al.  Deeper Inside PageRank , 2004, Internet Math..

[16]  Thrasyvoulos Spyropoulos,et al.  Know Thy Neighbor: Towards Optimal Mapping of Contacts to Social Graphs for DTN Routing , 2010, 2010 Proceedings IEEE INFOCOM.

[17]  Jan Magne Tjensvold Comparison of the IEEE 802.11, 802.15.1, 802.15.4 and 802.15.6 wireless standards , 2007 .

[18]  Latifur Khan,et al.  SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps , 2014, NDSS.

[19]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[20]  Jack Brassil,et al.  Traffic Signature-Based Mobile Device Location Authentication , 2014, IEEE Transactions on Mobile Computing.

[21]  Voratas Kachitvichyanukul,et al.  Binomial random variate generation , 1988, CACM.

[22]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[23]  Mark E. J. Newman,et al.  Power-Law Distributions in Empirical Data , 2007, SIAM Rev..

[24]  Michael Kaminsky,et al.  SybilGuard: Defending Against Sybil Attacks via Social Networks , 2008, IEEE/ACM Transactions on Networking.

[25]  Gang Wang,et al.  On the validity of geosocial mobility traces , 2013, HotNets.

[26]  V. Vijayalakshmi,et al.  TOWARD PRIVACY PRESERVING AND COLLUSION RESISTANCE IN A LOCATION PROOF UPDATING SYSTEM , 2014 .

[27]  Marco Gruteser,et al.  USENIX Association , 1992 .

[28]  Krishna P. Gummadi,et al.  Exploiting Social Interactions in Mobile Systems , 2007, UbiComp.

[29]  Antonio Alfredo Ferreira Loureiro,et al.  Is it possible to find social properties in vehicular networks? , 2014, 2014 IEEE Symposium on Computers and Communications (ISCC).

[30]  Vitaly Shmatikov,et al.  Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations , 2014, 2014 IEEE Symposium on Security and Privacy.

[31]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[32]  Urs Hengartner,et al.  Proving your location without giving up your privacy , 2010, HotMobile '10.

[33]  Ben Y. Zhao,et al.  Whispers in the dark: analysis of an anonymous social network , 2014, Internet Measurement Conference.

[34]  Roberto Tamassia,et al.  Haze: privacy-preserving real-time traffic statistics , 2013, SIGSPATIAL/GIS.

[35]  Eran Yahav,et al.  Exploiting Social Navigation , 2014, ArXiv.

[36]  Justin Manweiler,et al.  SMILE: encounter-based trust for mobile social services , 2009, CCS.

[37]  Arun Raghuramu,et al.  STAMP: Ad hoc spatial-temporal provenance assurance for mobile users , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[38]  Gang Wang,et al.  Northeastern University , 2021, IEEE Pulse.

[39]  Lakshminarayanan Subramanian,et al.  Sybil-Resilient Online Content Voting , 2009, NSDI.

[40]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[41]  Matthew Smith,et al.  Rethinking SSL development in an appified world , 2013, CCS.

[42]  Xue Liu,et al.  Location Cheating: A Security Challenge to Location-Based Social Network Services , 2011, 2011 31st International Conference on Distributed Computing Systems.

[43]  Claudio Soriente,et al.  Smartphones as Practical and Secure Location Verification Tokens for Payments , 2014, NDSS.

[44]  Sebastien Ardon,et al.  EMO: A statistical encounter-based mobility model for simulating delay tolerant networks , 2008, 2008 International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[45]  Damon McCoy,et al.  Dialing Back Abuse on Phone Verified Accounts , 2014, CCS.

[46]  Iyad Rahwan,et al.  Error and attack tolerance of collective problem solving: The DARPA Shredder Challenge , 2014, EPJ Data Science.

[47]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.