Ghost Riders: Sybil Attacks on Crowdsourced Mobile Mapping Services

Gang Wang; Bolun Wang; Tianyi Wang; Ana Nika; Haitao Zheng; Ben Y. Zhao

doi:10.1109/TNET.2018.2818073

Ghost Riders: Sybil Attacks on Crowdsourced Mobile Mapping Services

Gang Wang, Bolun Wang, Tianyi Wang, Ana Nika, Haitao Zheng, Ben Y. Zhao

Research output: Contribution to journal › Article › peer-review

Abstract

Real-time crowdsourced maps, such as Waze provide timely updates on traffic, congestion, accidents, and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. To defend against Sybil devices, we propose a new approach based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and how they can be used to dramatically reduce the impact of the attacks. We have informed Waze/Google team of our research findings. Currently, we are in active collaboration with Waze team to improve the security and privacy of their system.

Original language	English (US)
Pages (from-to)	1123-1136
Number of pages	14
Journal	IEEE/ACM Transactions on Networking
Volume	26
Issue number	3
DOIs	https://doi.org/10.1109/TNET.2018.2818073
State	Published - Jun 2018
Externally published	Yes

Keywords

crowdsourcing
location privacy
Online social networks
Sybil attack

ASJC Scopus subject areas

Software
Computer Science Applications
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1109/TNET.2018.2818073

Fingerprint Dive into the research topics of 'Ghost Riders: Sybil Attacks on Crowdsourced Mobile Mapping Services'. Together they form a unique fingerprint.

Cite this

@article{439597d679044192baf946185b18fd4d,

title = "Ghost Riders: Sybil Attacks on Crowdsourced Mobile Mapping Services",

abstract = "Real-time crowdsourced maps, such as Waze provide timely updates on traffic, congestion, accidents, and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. To defend against Sybil devices, we propose a new approach based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and how they can be used to dramatically reduce the impact of the attacks. We have informed Waze/Google team of our research findings. Currently, we are in active collaboration with Waze team to improve the security and privacy of their system.",

keywords = "crowdsourcing, location privacy, Online social networks, Sybil attack",

author = "Gang Wang and Bolun Wang and Tianyi Wang and Ana Nika and Haitao Zheng and Zhao, {Ben Y.}",

note = "Funding Information: Manuscript received September 30, 2016; revised March 27, 2017 and December 14, 2017; accepted March 4, 2018; approved by IEEE/ACM TRANSACTIONS ON NETWORKING Editor Y. Guan. Date of publication April 12, 2018; date of current version June 14, 2018. This work was supported by the NSF under Grant CNS-1527939, Grant CNS-1224100, Grant CNS-1705042, and Grant CNS-1717028. (Corresponding author: Gang Wang.) G. Wang is with the Department of Computer Science, Virginia Tech, Blacksburg, VA 24060 USA (e-mail: gangwang@vt.edu).",

year = "2018",

month = jun,

doi = "10.1109/TNET.2018.2818073",

language = "English (US)",

volume = "26",

pages = "1123--1136",

journal = "IEEE/ACM Transactions on Networking",

issn = "1063-6692",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Ghost Riders

T2 - Sybil Attacks on Crowdsourced Mobile Mapping Services

AU - Wang, Gang

AU - Wang, Bolun

AU - Wang, Tianyi

AU - Nika, Ana

AU - Zheng, Haitao

AU - Zhao, Ben Y.

N1 - Funding Information: Manuscript received September 30, 2016; revised March 27, 2017 and December 14, 2017; accepted March 4, 2018; approved by IEEE/ACM TRANSACTIONS ON NETWORKING Editor Y. Guan. Date of publication April 12, 2018; date of current version June 14, 2018. This work was supported by the NSF under Grant CNS-1527939, Grant CNS-1224100, Grant CNS-1705042, and Grant CNS-1717028. (Corresponding author: Gang Wang.) G. Wang is with the Department of Computer Science, Virginia Tech, Blacksburg, VA 24060 USA (e-mail: gangwang@vt.edu).

PY - 2018/6

Y1 - 2018/6

N2 - Real-time crowdsourced maps, such as Waze provide timely updates on traffic, congestion, accidents, and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. To defend against Sybil devices, we propose a new approach based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and how they can be used to dramatically reduce the impact of the attacks. We have informed Waze/Google team of our research findings. Currently, we are in active collaboration with Waze team to improve the security and privacy of their system.

AB - Real-time crowdsourced maps, such as Waze provide timely updates on traffic, congestion, accidents, and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. To defend against Sybil devices, we propose a new approach based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and how they can be used to dramatically reduce the impact of the attacks. We have informed Waze/Google team of our research findings. Currently, we are in active collaboration with Waze team to improve the security and privacy of their system.

KW - crowdsourcing

KW - location privacy

KW - Online social networks

KW - Sybil attack

UR - http://www.scopus.com/inward/record.url?scp=85045645727&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85045645727&partnerID=8YFLogxK

U2 - 10.1109/TNET.2018.2818073

DO - 10.1109/TNET.2018.2818073

M3 - Article

AN - SCOPUS:85045645727

VL - 26

SP - 1123

EP - 1136

JO - IEEE/ACM Transactions on Networking

JF - IEEE/ACM Transactions on Networking

SN - 1063-6692

IS - 3

ER -