Abstract. We discuss ways to enhance the location privacy of Bluetooth. The principal weakness of Bluetooth with respect to location privacy lies in its disclosure of a device’s permanent identifier, which makes location tracking easy. Bluetooth’s permanent identifier is often disclosed and it is also tightly integrated into lower layers of the Bluetooth stack, and hence susceptible to leakage. We survey known location privacy attacks against Bluetooth, generalize a lesser-known attack, and describe and quantify a more novel attack. The second of these attacks, which recovers a 28-bit identifier via the device’s frequency hop pattern, requires just a few packets and is practicable. Based on a realistic usage scenario, we develop an enhanced privacy framework with stronger unlinkability, using protected stateful pseudonyms and simple primitives.

We investigate how to obtain a balance between privacy and audit requirements in vehicular networks. Challenging the current trend of relying on asymmetric primitives within VANETs, our investigation is a feasibility study of the use of symmetric primitives, resulting in some efficiency improvements of potential value. More specifically, we develop a realistic trust model, and an architecture that supports our solution. In order to ascertain that most users will not find it meaningful to disconnect or disable transponders, we design our solution with several types of user incentives as part of the structure. Examples of resulting features include anonymous toll collection; improved emergency response; and personalized and route-dependent traffic information.

Abstract-Recent years have seen a large number of proposals affect personal security and mobility. Most recently, we have for anonymity mechanisms operating on the application layer. seen a remarkable upswing of privacy intrusions driven by Given that anonymity is no stronger than its weakest link, attempts to perform identity theft. It is evident that location such proposals are only meaningful if one can offer anonymity information may be used to better target victims of such guarantees on the communication layer as well. ANODR-or ANonymous On Demand Routing- is one of the leading attacks, as well as attacks in the entire spectrum mentioned proposals to deal with this issue. In this paper, we propose a above. To limit the success of such attacks- without having novel technique to address the same problem, but at a lower to re-engineer our entire communication infrastructure- it cost. Our proposal, which we dub Discount-ANODR, is buit is important to develop techniques that implement sufficient around the same set of techniques as ANODR is. Our proposal is im prtantt deveop tehnique stattimlementesuf has the benefit of achieving substantially lower computation and levelsof privac,thoutandingsubstantialschanes of communication complexities at the cost of a slight reduction the network orthe computationalrequirements associatedwith of privacy guarantees. In particular, Discount-ANODR achieves performing routing. source anonymity and routing privacy. A route is "blindly gener- The motivation for this paper is to design a lightweight ated " by the intermediaries on the path between an anonymous

In this paper we investigate and provide solutions for security threats in the context of hybrid networks consisting of a cellular base station and mobile devices equipped with dual cellular and ad-hoc (802.11b) cards. The cellular connection is used for receiving services (i.e. Internet access) from the base station, while the ad-hoc links are used to improve the quality of the connection. We provide detailed descriptions of several attacks that arbitrarily powerful adversaries, whether outsiders or insiders, can mount against wellbehaved members of the network. We introduce a secure routing protocol called JANUS, that focuses on the establishment of secure routes between the base station and mobile devices, and the secure routing of the data. We show that our protocol is secure against the attacks described and experimentally compare the message overhead introduced by JANUS and UCAN.

Abstract—The secure operation of ad hoc networks faces the novel challenge of location verification on top of the security challenges that wireline networks face. The novelty lies in the fact that a node can correctly validate who it is, but lie about its location and exploit this to create problems to the network. There are three main factors that make ad hoc networks more vulnerable: (a) nodes can overhear other nodes announcements, (b) nodes can lie about their location, and (c) nodes can avoid detection and isolation by moving. As a result, malicious nodes can fake their position and this way obstruct the routing. In this work, we explain how location and topology related malice can affect the security of wireless ad hoc networks. First, we present the most important attacks that can stem from misuse of location information. Second, we provide an overview of security routing approaches. Although several of the current techniques are promising, we conclude that there does not exist a bulletproof approach as of yet.

Abstract — We propose to secure location aware services over vehicular ad-hoc networks (VANET) with our geographical secure path routing protocol (GSPR). GSPR is an infrastructure free geographic routing protocol, which is resilient to disruptions caused by malicious or faulty nodes. Geographic locations of anonymous nodes are authenticated in order to provide location authentication and location privacy simultaneously. Our protocol also authenticates the routing paths taken by individual messages. This paper presents the design of the GSPR secure geographic routing protocol. The overhead of location authentication is investigated under various scenarios through network simulation. Results show that although the presence of malicious nodes increases the routing path length, a data delivery rate of larger than 80 % is sustained even if 40 % of the nodes are malicious. I.

We present geographical secure path routing, an infrastructure free geographic routing protocol, that is resilient to disruptions caused by malicious or faulty nodes. Geographic locations of anonymous nodes are authenticated in order to provide location authentication and location privacy simultaneously. Our protocol also authenticates the routing paths taken by individual messages. This provides a basis for geographic security policies. This paper discusses the design and attack resistance of the secure geographic routing protocol. The overhead of location authentication is investigated under various scenarios through network simulation. Results show that the presence of malicious nodes increases the routing path length. A data delivery rate of better than 80 % is sustained even if 40 % of the nodes are malicious. 1

We present a novel hybrid communication protocol that guarantees mobile users’ k-anonymity against a wide-range of adversaries by exploiting the capability of handheld devices to connect to both WiFi and cellular networks. Unlike existing anonymity schemes, we consider all parties that can intercept communications between the mobile user and a server as potential privacy threats. We formally quantify the privacy exposure and the protection of our system in the presence of malicious neighboring peers, global WiFi eavesdroppers, and omniscient mobile network operators. We show how our system provides an automatic incentive for users to collaborate, since by forwarding packets for other peers users gain anonymity for their own traffic.

Abstract. The proliferation of mobile devices has given rise to novel user-centric applications and services. In current mobile systems, users gain access to remote servers over mobile network operators. These operators are typically assumed to be trusted and to manage the information they collect in a privacy-preserving way. Such information, however, is extremely sensitive and coveted by many companies, which may use it to improve their business. In this context, safeguarding the users ’ privacy against the prying eyes of the network operators is an emerging requirement. In this chapter, we first present a survey of existing state-of-the-art protection mechanisms and their challenges when deployed in the context of wired and wireless networks. Moreover, we illustrate recent and ongoing research that attempts to address different aspects of privacy in mobile applications. Furthermore, we present a new proposal to ensure private communication in the context of hybrid mobile networks, which integrate wired, wireless and cellular technologies. We conclude by outlining open problems and possible future research directions. 1

Abstract — Hybrid networks consisting of cellular and Wi-Fi networks were proposed as a high-throughput architecture for cellular services. In such networks, devices equipped with cellular and Wi-Fi network cards access Internet services through the cellular base station. The Wi-Fi interface is used to provide a better service to clients that are far away from the base station, via multihop, ad hoc paths. The modified trust model of hybrid networks generates a set of new security challenges as clients rely on intermediate nodes to participate effectively in the resource reservation process and data forwarding. In this paper we introduce JANUS, a framework for scalable, secure and efficient routing for hybrid cellular and Wi-Fi networks. JANUS uses a scalable routing algorithm with multiple channel access, for improved network throughput. In addition, it provides protection against selfish nodes through a secure crediting protocol and protection against malicious nodes through secure route establishment and data forwarding mechanisms. We evaluate JANUS experimentally and show that its performance is 85 % of the optimum algorithm, improving with a factor greater than 50 % over previous work. We evaluate the security overhead of JANUS against two type of attacks: less aggressive, but sufficient for some applications, selfish attacks, and purely malicious attacks.