Location Cheating: A Security Challenge to Location- based Social Network Services Wenbo He 1, Xue Liu 2, Mai Ren 1 1 University of Nebraska-Lincoln 2.

Slides:



Advertisements
Similar presentations
LOCATION BASED SOCIAL NETWORKING CHALLENGES AND SOLUTIONS AYESHA BEGUM MOUNIKA KOLLURI SRAVANI DHANEKULA.
Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
GEOSOCIAL The Perfect Storm of Mobile, Location & Social Media... Nick Jones JONES CONSULTING Fall 2011.
CLICK TO EDIT MASTER TITLE STYLE Click to edit Master text styles –Second level Third level –Fourth level »Fifth level creative interactive resorts process.
NIC Configuration and Properties © N. Ganesan, Ph.D.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Authors: Thomas Ristenpart, et at.
2. Setting Up Your Android Development Environment.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Dynamic Network Emulation Security Analysis for Application Layer Protocols.
Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.
Security Tracking and Advising for Taxi Customers Group Member Tanapol Euaungkanakul Chayanin Mukviboonchai Thanachit Viriyayanyongsuk.
Enabling Workflow in UPnP Networks Andreas BobekUniversity of Rostock Faculty of Computer Science and Electrical Engineering Andreas Bobek, Hendrik Bohn,
Module 13: Maintaining Software by Using Windows Server Update Services.
Secure Search Engine Ivan Zhou Xinyi Dong. Introduction  The Secure Search Engine project is a search engine that utilizes special modules to test the.
Honeypot and Intrusion Detection System
ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.
Hiding in the Mobile Crowd: Location Privacy through Collaboration.
EZee iCafe System. Contents Introduction Current Scenario Proposed Solution Architecture / Block Diagram Hardware / Software Requirements Features Benefits.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
EVALUATING SECURITY OF SMART PHONE MESSAGING APPLICATIONS PRESENTED BY SUDHEER AKURATHI.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
MICHALIS POLYCHRONAKIS(COLUMBIA UNIVERSITY,USA), KOSTAS G. ANAGNOSTAKIS(NIOMETRICS, SINGAPORE), EVANGELOS P. MARKATOS(FORTH-ICS, GREECE) ACSAC,2010 Comprehensive.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Unit 9: Distributing Computing & Networking Kaplan University 1.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.
Module 10: Windows Firewall and Caching Fundamentals.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Welcome to Early Bird Class
Privacy-Preserving and Content-Protecting Location Based Queries.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
IBM - ČVUT Student Research Projects Mobile Public Transportation Timetables Petr Podhorský Jakub Zahradník
CCNA1 v3 Module 1 v3 CCNA 1 Module 1 JEOPARDY K. Martin.
By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)
Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.
Gang Wang, Sarita Y. Schoenebeck †, Haitao Zheng, Ben Y. Zhao UC Santa Barbara, † University of Michigan Understanding Bias and Misbehavior on Location-based.
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
Presented by Deepak Varghese Reg No: Introduction Application S/W for server load balancing Many client requests make server congestion Distribute.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
In an increasingly competitive industry is certified by a recognized provider as Microsoft exam will dramatically improve your chances busy. Microsoft.
LOGO Supervisor: Mr.Huỳnh Anh Dũng Students: Nguyễn Công Tuyến Nguyễn Cảnh Phương Phạm Thị Hằng Bùi Thị Huệ Trần Đức Bình Nguyễn.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Geolocation.
Happy Endings: Reengineering Wesleyan’s Software Deployment to Labs and Classrooms Kyle Tousignant 03/22/2016.
SDN challenges Deployment challenges
Under the Guidance of V.Rajashekhar M.Tech Assistant Professor
Backdoor Attacks.
W3 Status Analyzer.
Outline What does the OS protect? Authentication for operating systems
MCSA VCE
Firewalls.
ADVANCED PERSISTENT THREATS (APTs) - Simulation
Outline What does the OS protect? Authentication for operating systems
Advanced Operating Systems
Wireless LAN Security 4.3 Wireless LAN Security.
Practical Rootkit Detection with RAI
Defending against Sybil Devices in Crowdsourced Mapping Services
DDoS Attack Detection under SDN Context
“Location Privacy Protection for Smartphone Users”
Mark Quirk Head of Technology Developer & Platform Group
Presentation transcript:

Location Cheating: A Security Challenge to Location- based Social Network Services Wenbo He 1, Xue Liu 2, Mai Ren 1 1 University of Nebraska-Lincoln 2 McGill University 左昌國 ADLab, NCU-CSIE The 31st Int'l Conference on Distributed Computing Systems (ICDCS 2011)

Outline Introduction Location Cheating Attacks Evaluation of Location Cheating on foursquare Possible Solutions against Location Cheating Conclusions 2

Introduction Location-based Services(LBS) foursquare Gowalla GyPSii Loopt Brightkite foursquare Launch in March million users (August 2010) More than 10,000 new members per day Real world rewards 3

Introduction 4

5

6

7

8

Business Model of foursquare Progressive reward mechanism Points Badges Mayorship Real-world rewards More than 90% of rewards are only for mayors 9

Introduction Possible Location Cheating Scenarios A user may cheat on her location for reasons. Get rewards Impress others by claiming a false location A business owner may use location cheating to check into a competing business, and leaves bad comments. The objectives: Automatically and frequently check into many businesses Venue profile analysis Less competitive “Mayor” selection 10

Introduction Cheater Code foursquare adopted Cheater Code to defend against the location cheating attacks. Verify the location of a device Cheater Code rules Frequent check-ins Super human speed Rapid-fire check-ins Others… 11

Location Cheating Attacks Location Cheating Against GPS Verification foursquare client applications gets the GPS location data from GPS APIs There are several ways for an attacker to pass the GPS verification by providing the application with fake GPS coordinates. Via GPS APIs Modify the GPS-related APIs in the OS Via GPS module Hardware GPS simulator Via server provided APIs Application APIs provided from foursquare Via device emulator Including the simulated GPS module The experiments of this paper adopt this approach 12

Location Cheating Attacks 13

Location Cheating Attacks Via device emulator Use “Dalvik Debug Monitor Server”(DDMS) to connect to the emulator and to set GPS coordinates The cheating process Hack the emulator Install and run foursquare application Find the coordinates of the target venue in Google Earth Use DDMS to set the coordinates in the emulator Find the target venue in the list of nearby venues in the foursquare application Check into the target venue Successfully get the points, badges, and mayorship 14

Location Cheating Attacks Crawling Data From foursquare Website Users’ profiles and venues’ profiles Crawler Multi-thread crawler Download and process over 7 million webpages 3 Windows PCs(C2D 2.0GHz, 1GB RAM) 1 Ubuntu 8.10 server as the database Crawl 100,000 users per hour (14-16 threads per machine) Crawl 50,000 venues per hour (5-6 threads per machine) In total: 1.89 million users and 5.6 million venues  Update all user profiles in less than 2 days  Update all venue profiles in about 5 days 15

Location Cheating Attacks 16

Location Cheating Attacks Automated Cheating To achieve significant benefits from location cheating, attackers need to control a large number of users and make them check in automatically. Find location coordinates of venues Automatically select a list of venues to check into pass the Cheater Code 17

Location Cheating Attacks 18

Location Cheating Attacks Semi-automatic location cheating tool Choose a starting point Set the moving direction and distance The tool will search the nearest location Successfully get the points and badges 19

Location Cheating Attacks Cheating with Venue Profile Analysis An attacker may select the victim venues that provide special offers to their mayors and don’t have a mayor yet (or are less competitive for mayorship) as targets. Around 1000 venues The attack can also target other user. Stop a user from getting any mayorship Interesting finding: A user is the mayor of 865 venues but with total check-ins of Most of the 865 venues have no other visitors during the past 60 days. 20

Evaluation of Location Cheating on foursquare High Check-in Frequency in Recent Visitor List

Evaluation of Location Cheating on foursquare Low Reward Rate %

Evaluation of Location Cheating on foursquare Suspicious Check-in Patterns 23

Possible Solutions against Location Cheating Location Verification Techniques Distance bounding Distance bounding protocols Limitation on transmission range or speed of a communication signal for location verification Requires the deployment of verifiers around the venues. Address mapping Address mapping to geolocate IP addresses Tracert Map Google Location Service Venue side location verification Verify on Wi-Fi router in venues. 24

Possible Solutions against Location Cheating Mitigating Threat from Location Cheating Access control for crawling Limit crawling data to logged-in users only Blocking IP address Hiding information from profiles 25

Conclusions This paper introduced a novel cheating attack to location- based services. Through real word experiments on foursquare, it shows that the attacking approach works as expected. The counter measures against location cheating in current systems are not perfect. 26

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.