TY - GEN
T1 - Defending against sybil devices in crowdsourced mapping services
AU - Wang, Gang
AU - Wang, Bolun
AU - Wang, Tianyi
AU - Nika, Ana
AU - Zheng, Haitao
AU - Zhao, Ben Y.
N1 - Publisher Copyright:
© 2016 ACM.
PY - 2016/6/20
Y1 - 2016/6/20
N2 - Real-time crowdsourced maps such as Waze provide timely updates on traffic, congestion, accidents and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc onWaze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. We propose a new approach to defend against Sybil devices based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, colocation edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and discuss how they can be used to dramatically reduce the impact of attacks against crowdsourced mapping services.
AB - Real-time crowdsourced maps such as Waze provide timely updates on traffic, congestion, accidents and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc onWaze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. We propose a new approach to defend against Sybil devices based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, colocation edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and discuss how they can be used to dramatically reduce the impact of attacks against crowdsourced mapping services.
UR - http://www.scopus.com/inward/record.url?scp=84979893735&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84979893735&partnerID=8YFLogxK
U2 - 10.1145/2906388.2906420
DO - 10.1145/2906388.2906420
M3 - Conference contribution
AN - SCOPUS:84979893735
T3 - MobiSys 2016 - Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services
SP - 179
EP - 191
BT - MobiSys 2016 - Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services
PB - Association for Computing Machinery, Inc
T2 - 14th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2016
Y2 - 25 June 2016 through 30 June 2016
ER -