Results 1 - 10
of
38
Game Theory Meets Network Security and Privacy
"... This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by game-theoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address dif ..."
Abstract
-
Cited by 33 (5 self)
- Add to MetaCart
(Show Context)
This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by game-theoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address different forms of security and privacy problems in computer networks and mobile applications. The presented works are classified into six main categories based on their topics: security of the physical and MAC layers, application layer security in mobile networks, intrusion detection systems, anonymity and privacy, economics of network security, and cryptography. In each category, security problems, players, and game models are identified and the main results of selected works, such as equilibrium analysis and security mechanism designs are summarized. In addition, a discussion on advantages, drawbacks, and the future direction of using game theory in this field is provided. In this survey, we aim to provide a better understanding of the different research approaches for applying game theory to network security. This survey can also help researchers from various fields develop game-theoretic solutions to current and emerging security problems in computer networking. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General—
Pseudonym Changing at Social Spots: An Effective Strategy for Location Privacy in VANETs
"... in vehicular ad hoc networks (VANETs), location privacy is imperative for the full flourish of VANETs. Although frequent pseudonym changing provides a promising solution for location privacy in VANETs, if the pseudonyms are changed in an improper time or location, such a solution may become invalid. ..."
Abstract
-
Cited by 32 (15 self)
- Add to MetaCart
(Show Context)
in vehicular ad hoc networks (VANETs), location privacy is imperative for the full flourish of VANETs. Although frequent pseudonym changing provides a promising solution for location privacy in VANETs, if the pseudonyms are changed in an improper time or location, such a solution may become invalid. To cope with the issue, in this paper, we present an effective pseudonym changing at social spots (PCS) strategy to achieve the provable location privacy. Specifically, we first introduce the social spots where many vehicles may gather, e.g., a road intersection when the traffic light turns red or a free parking lot near a shopping mall. By taking the anonymity set size (ASS) as the location privacy metric, we then develop two anonymity set analytic models to quantitatively investigate the location privacy achieved by the PCS strategy. In addition, we use game theoretic techniques to prove the feasibility of PCS strategy in practice. Extensive performance evaluations are conducted to demonstrate that better location privacy can be achieved when a vehicle changes its pseudonyms at some highly social spots, and the proposed PCS strategy can assist vehicles to intelligently change their pseudonyms at the right moment and place.
Evaluating the Privacy Risk of Location-Based Services
"... Abstract. In modern mobile networks, users increasingly share their location with third-parties in return for location-based services. In this way, users obtain services customized to their location. Yet, such communications leak location information about users. Even if users make use of pseudonyms ..."
Abstract
-
Cited by 18 (7 self)
- Add to MetaCart
Abstract. In modern mobile networks, users increasingly share their location with third-parties in return for location-based services. In this way, users obtain services customized to their location. Yet, such communications leak location information about users. Even if users make use of pseudonyms, the operators of location-based services may be able to identify them and thus affect their privacy. In this paper, we provide an analysis of the erosion of privacy caused by the use of location-based services. To do so, we experiment with real mobility traces and measure the dynamics of user privacy. This paper thus details and quantifies the privacy risks induced by the use of location-based services. 1
A Unified Framework for Location Privacy
, 2010
"... Abstract. We introduce a novel framework that provides a logical structure for identifying, classifying and organizing fundamental components, assumptions, and concepts of location privacy. Our framework models mobile networks and applications, threats, location-privacy preserving mechanisms, and me ..."
Abstract
-
Cited by 17 (11 self)
- Add to MetaCart
(Show Context)
Abstract. We introduce a novel framework that provides a logical structure for identifying, classifying and organizing fundamental components, assumptions, and concepts of location privacy. Our framework models mobile networks and applications, threats, location-privacy preserving mechanisms, and metrics. The flow of information between these components links them together and explains their interdependencies. We demonstrate the relevance of our framework by showing how the existing achievements in the field of location privacy are embodied appropriately in the framework. Our framework provides “the big picture ” of research on location privacy and hence aims at paving the way for future research. 1
The Phantom Tollbooth: Privacy-Preserving Electronic Toll Collection in the Presence of Driver Collusion
"... In recent years, privacy-preserving toll collection has been proposed as a way to resolve the tension between the desire for sophisticated road pricing schemes and drivers’ interest in maintaining the privacy of their driving patterns. Two recent systems in particular, VPriv (USENIX Security 2009) a ..."
Abstract
-
Cited by 14 (0 self)
- Add to MetaCart
(Show Context)
In recent years, privacy-preserving toll collection has been proposed as a way to resolve the tension between the desire for sophisticated road pricing schemes and drivers’ interest in maintaining the privacy of their driving patterns. Two recent systems in particular, VPriv (USENIX Security 2009) and PrETP (USENIX Security 2010), use modern cryptographic primitives to solve this problem. In order to keep drivers honest in paying for their usage of the roads, both systems rely on unpredictable spot checks (e.g., by hidden roadside cameras or roaming police vehicles) to catch potentially cheating drivers. In this paper we identify large-scale driver collusion as a threat to the necessary unpredictability of these spot checks. Most directly, the VPriv and PrETP audit protocols both reveal to drivers the locations of spot-check cameras — information that colluding drivers can then use to avoid paying road fees. We describe Milo, a new privacy-preserving toll collection system based on PrETP, whose audit protocol does not have this information leak, even when drivers misbehave and collude. We then evaluate the additional cost of Milo and find that, when compared to naïve methods to protect against cheating drivers, Milo offers a significantly more cost-effective approach. 1
Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information
, 2010
"... A common assumption in security research is that more individual expertise unambiguously leads to a more secure overall network. We present a game-theoretic model in which this common assumption is challenged. Our findings indicate that expert users can be not only invaluable contributors, but also ..."
Abstract
-
Cited by 7 (4 self)
- Add to MetaCart
(Show Context)
A common assumption in security research is that more individual expertise unambiguously leads to a more secure overall network. We present a game-theoretic model in which this common assumption is challenged. Our findings indicate that expert users can be not only invaluable contributors, but also free-riders, defectors, and narcissistic opportunists. A direct application is that user education needs to highlight the cooperative nature of security, and foster the community sense, in particular, of higher skilled computer users. As a technical contribution, this paper represents, to our knowledge, the first formal study to quantitatively assess the impact of different degrees of information security expertise on the overall security of a network.
Toward Privacy Preserving and Collusion Resistance in a Location Proof Updating System
"... Abstract—Today’s location-sensitive service relies on user’s mobile device to determine the current location. This allows malicious users to access a restricted resource or provide bogus alibis by cheating on their locations. To address this issue, we propose A Privacy-Preserving LocAtion proof Upda ..."
Abstract
-
Cited by 6 (0 self)
- Add to MetaCart
Abstract—Today’s location-sensitive service relies on user’s mobile device to determine the current location. This allows malicious users to access a restricted resource or provide bogus alibis by cheating on their locations. To address this issue, we propose A Privacy-Preserving LocAtion proof Updating System (APPLAUS) in which colocated Bluetooth enabled mobile devices mutually generate location proofs and send updates to a location proof server. Periodically changed pseudonyms are used by the mobile devices to protect source location privacy from each other, and from the untrusted location proof server. We also develop user-centric location privacy model in which individual users evaluate their location privacy levels and decide whether and when to accept the location proof requests. In order to defend against colluding attacks, we also present betweenness ranking-based and correlation clustering-based approaches for outlier detection. APPLAUS can be implemented with existing network infrastructure, and can be easily deployed in Bluetooth enabled mobile devices with little computation or power cost. Extensive experimental results show that APPLAUS can effectively provide location proofs, significantly preserve the source location privacy, and effectively detect colluding attacks. Index Terms—Location-based service, location proof, location privacy, pseudonym, colluding attacks Ç 1
On the Age of Pseudonyms in Mobile Ad Hoc Networks
- In IEEE Infocom
, 2010
"... Abstract—In many envisioned mobile ad hoc networks, nodes are expected to periodically beacon to advertise their presence. In this way, they can receive messages addressed to them or participate in routing operations. Yet, these beacons leak information about the nodes and thus hamper their privacy. ..."
Abstract
-
Cited by 6 (2 self)
- Add to MetaCart
(Show Context)
Abstract—In many envisioned mobile ad hoc networks, nodes are expected to periodically beacon to advertise their presence. In this way, they can receive messages addressed to them or participate in routing operations. Yet, these beacons leak information about the nodes and thus hamper their privacy. A classic remedy consists in each node making use of (certified) pseudonyms and changing its pseudonym in specific locations called mix zones. Of course, privacy is then higher if the pseudonyms are short-lived (i.e., nodes have a short distance to confusion), but pseudonyms can be costly, as they are usually obtained from an external authority. In this paper, we provide a detailed analytical evaluation of the age of pseudonyms based on differential equations. We corroborate this model by a set of simulations. This paper thus provides a detailed quantitative framework for selecting the parameters of a pseudonym-based privacy system in peer-to-peer wireless networks. I.
Multilaterally Secure Ubiquitous Auditing
"... Abstract Tracking information of individuals is a useful input to many Ubiquitous Computing (UbiComp) applications. Consider the example of a smart emergency management application: once mobile first responders are continuously tracked, a precise and safe coordination of rescue missions is possible, ..."
Abstract
-
Cited by 5 (5 self)
- Add to MetaCart
(Show Context)
Abstract Tracking information of individuals is a useful input to many Ubiquitous Computing (UbiComp) applications. Consider the example of a smart emergency management application: once mobile first responders are continuously tracked, a precise and safe coordination of rescue missions is possible, and also mission logs can be created for audit purposes. However, continuously tracking users and storing the data for later use is often in conflict with individual privacy preferences. This may ultimately lead to the non-acceptance and rejection of these new technologies by their users. In order to reconcile privacy and accountability requirements in location tracking systems, we introduce and evaluate the approach of using auditing mechanisms on two levels. We illustrate that, by employing carefully designed cryptographic mechanisms for selective pseudonym linkability based on efficient techniques of secure multiparty computation, it is possible to balance the conflicting interests to a certain extent. Our work, motivated by and applied to smart emergency management systems, is a step towards the realization of multilaterally secure and thus multilaterally acceptable UbiComp systems supporting collaborative work. 1
Friendship-based location privacy in Mobile Social Networks
"... Abstract: Location privacy in Mobile Social Networks (MSNs) has generated significant interest in recent years, with many proposed methods to address the problem. Commercial solutions to this problem have suggested designing better ways for users to determine when to report their locations, while ac ..."
Abstract
-
Cited by 5 (0 self)
- Add to MetaCart
(Show Context)
Abstract: Location privacy in Mobile Social Networks (MSNs) has generated significant interest in recent years, with many proposed methods to address the problem. Commercial solutions to this problem have suggested designing better ways for users to determine when to report their locations, while academic researchers have proposed solutions that involve deploying trusted third party servers to protect user privacy. In this paper, we showed that simply omitting location updates does not provide adequate privacy protections, especially in situations where the friendship relationships between users are known. We proposed a fake location update algorithm that allows a user to protect his privacy. A key feature of our approach is that it can be adopted without the use of any third party services, making them more practical. We evaluate our approach using extensive simulation experiments.
