Скачать презентацию USC Location Based Trust for Mobile User Скачать презентацию USC Location Based Trust for Mobile User

e88597e65b50ca7acc76eeee3457c5ca.ppt

  • Количество слайдов: 20

USC Location Based Trust for Mobile User – Generated Content : Applications, Challenges and USC Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations Presented By : Anand Dipakkumar Joshi

USC Paper ¡ Vincent Lenders ¡ Emmanouil Koukoumidis ¡ Pei Zhang ¡ Margaret Martonosi USC Paper ¡ Vincent Lenders ¡ Emmanouil Koukoumidis ¡ Pei Zhang ¡ Margaret Martonosi ¡ DEPT. of Electrical Engineering ¡ Princeton University

USC Agenda ¡ Introduction ¡ Application ¡ Verification System for Mobile contents ¡ Localization USC Agenda ¡ Introduction ¡ Application ¡ Verification System for Mobile contents ¡ Localization / Certificate Services Implementation

USC Introduction ¡ Advance in Web 2. 0 ¡ You Tube , Facebook , USC Introduction ¡ Advance in Web 2. 0 ¡ You Tube , Facebook , Flickr , Wikipedia , Blogger , Orkut etc …. ¡ Advance in Gadgets ¡ Mobiles , PDA , Camcorder , High end cameras etc …. ¡ User generated contents ¡ ¡ Blogs Podcasts Sharing of video on you tube etc …. ¡ Social Networking with sharing of videos , pictures , data etc ….

USC Introduction (cont …) YOU TUBE Content Producer Content Consumer USC Introduction (cont …) YOU TUBE Content Producer Content Consumer

USC Introduction (cont …) ¡ How to trust authenticity and quality of published information USC Introduction (cont …) ¡ How to trust authenticity and quality of published information ? Protection from malicious producers ¡ How to provide consumer a level of trust for the content provided by the mobile user ? ¡ How to protect the identity and privacy of the content producer ? Protection from malicious consumers

USC Introduction (cont …) ¡ Solution : ¡ Application of traditional identity based security. USC Introduction (cont …) ¡ Solution : ¡ Application of traditional identity based security. ¡ Application of trusted geotagging service. ¡ Benefits ¡ Consumers know where and when the data has been actually published. ¡ Trust relation between the content providers and consumers in this open system. ¡ Protection from Sybil attack.

USC Application ¡ NEWS ¡ Photo Sharing ¡ Distributed Sensing ¡ Filtering Email Spam USC Application ¡ NEWS ¡ Photo Sharing ¡ Distributed Sensing ¡ Filtering Email Spam ¡ Mapping Data ¡ Traffic Updates

Verification System for mobile contents ¡ Design Goals ¡ ¡ ¡ Generality Scalability Retain Verification System for mobile contents ¡ Design Goals ¡ ¡ ¡ Generality Scalability Retain user privacy / anonymity Support for user’s mobility Support for content mobility USC

Verification System for mobile contents (cont …) USC ¡ System Overview Localization / Certificate Verification System for mobile contents (cont …) USC ¡ System Overview Localization / Certificate Authorities Ask to verify certificate / CA’s public key SHA DLT Certificate Content Producer Untrusted Network Content Consumer

Verification System for mobile contents (cont …) USC ¡ Trust Model ¡ Content producers Verification System for mobile contents (cont …) USC ¡ Trust Model ¡ Content producers ¡ They can verify the location from the certificate issued to them by CA. ¡ They trust the certificate issuing authority that they do not store and revel information about the content producers and maintain their privacy and anonymity. ¡ Content consumers ¡ They trust the certificate issuing authority that they only issue certificate to genuine content producers. ¡ Privacy Issues ¡ Producer at risk of potential attack ¡ Producer has lot of contents ¡ Content created is not at heavily populated location. ¡ Solution ¡ Needs to specify the level of accuracy and anonymity for location and time values. ¡ Accuracy of coordinates depends on privacy E. g. : blurring of coordinates and time values.

Verification System for mobile contents (cont …) ¡ Possible Attacks ¡ Mobility Attack ¡ Verification System for mobile contents (cont …) ¡ Possible Attacks ¡ Mobility Attack ¡ Botnet Attack ¡ Delay Attack ¡ Mobility Considerations ¡ Assign multiple DLT to content, allowing one to track the mobility of the content over the creation time. ¡ Helps to know the path on which the content is captured before its delivered to content consumers. USC

Verification System for mobile contents (cont …) USC ¡ Alternative Certificate Mechanisms Verify Data Verification System for mobile contents (cont …) USC ¡ Alternative Certificate Mechanisms Verify Data SHA Untrusted Network Content Producer Content Consumer

Localization Service Implementation USC ¡ Secure Wireless Location ¡ Satellite Based positioning ¡ GPS Localization Service Implementation USC ¡ Secure Wireless Location ¡ Satellite Based positioning ¡ GPS based systems to determine location ¡ Tower localization ¡ Use of cell phone towers to determine location. ¡ 802. 11 access points ¡ Hybrid ¡ GPS / infer location information from past data using cell location ¡ Used by Yahoo!‘s Zone. Tag

Certificate Service Implementation USC ¡ Certificate Authority ¡ Centralized ¡ Implicit trust given to Certificate Service Implementation USC ¡ Certificate Authority ¡ Centralized ¡ Implicit trust given to central authority. ¡ Central server is responsible for verifying the location the generator is claiming to have and issues corresponding DLT certificate. ¡ It assumes that the content producer have an access to the server S by any means. ¡ The certificate makes possible for the authority to track him and invade his privacy. ¡ More susceptible to denial of service attack.

Certificate Service Implementation (cont …) USC ¡ Certificate Authority ¡ Decentralized ¡ Users ask Certificate Service Implementation (cont …) USC ¡ Certificate Authority ¡ Decentralized ¡ Users ask multiple devices to obtain multiple DLT certificate. ¡ The generating device will keep track of the trustworthy level of the other nodes. ¡ Receivers of the data query the DLT certificate source nodes to validate the data, or simply work offline if the certificate resources are known. ¡ Here the public key is device specific and not user specific. ¡ System more scalable than the centralized method. ¡ Difficult to fake an authentication. ¡ Overhead of the system is high. ¡ Prone to Sybil attack if the community contains more fake devices. ¡ To verify the certificate the receiver device must be online as well as the sender device also must be online

Certificate Service Implementation (cont …) USC ¡ Certificate Authority ¡ Community Model ¡ Somewhat Certificate Service Implementation (cont …) USC ¡ Certificate Authority ¡ Community Model ¡ Somewhat similar to distributed method. ¡ Community of devices will vote and decide on trust level of certificates. ¡ Multiple certificate issuers are voted on by its users. ¡ This decides different weights and trust levels associated with them ¡ Scheme adopted by Digg and reputation scheme in e. Bay. ¡ Community gets votes on each other’s trust level. ¡ Super Users can boast or reduce the trust level.

USC Conclusion ¡ Beneficial to many applications where trust is associated with time and USC Conclusion ¡ Beneficial to many applications where trust is associated with time and location. ¡ Tagging of a content is done using location and time and not on user’s identity. Hence user privacy is maintained. ¡ System increases the difficulty to tag the contents with false locations unless they move to that location to tag it. ¡ Thus by limiting various attack, it proves to be a good verification service based on location and time for user generated data.

USC References ¡ Paper : USC References ¡ Paper : "Location-based Trust for Mobile User-Generated Contents: Applications, Challenges and Implementations”, Vincent Lenders, Emmanouil Koukoumidis, Pei Zhang and Margaret Martonosi, The 9 th IEEE Workshop on Mobile Computing Systems and Applications (Hot. Mobile 2008), Feb 2008 ¡ Web Resources ¡ http: //www. flickr. com/tour/maps/ ¡ http: //www. wunderground. com/wundermap/ ¡ http: //www. wikipedia. org/

Questions ? ? ? Questions ? ? ?