Security and Privacy Issues in Social Information-Assisted Application Design

Chang, Wei

January 2016

In recent years, social networks and their related theories and applications attract widespread attentions in computer science. Many applications are designed by exploring the social information among users, such as social peer-to-peer systems, mobile cloud, and online recommendation systems. Most of the existing works only focus on how to use social information but ignore the fact that social information itself may cause severe security and privacy problems. In this dissertation, we first present some social information-assisted application systems that we have designed, and then, we present several social information-involved privacy and security risks and their countermeasures. Generally speaking, the design procedure of any social information-assisted application involves three tasks: publishing, accessing, and using social information. However, all of these tasks contain privacy and security issues. Social information can be published from a centralized system or a distributed one. For the centralized scheme, the social information is directly published from online social networking systems, such as Facebook or Twitter. However, we found that the data of a social network essentially is a time-evolving graph. Most of the existing approaches fail to preserve users' identity privacy once a malicious attacker has the external knowledge about the victim's time-varying behaviors. For avoiding the new privacy issue, we propose a time-based anonymization scheme. For the distributed social information-sharing scheme, each user's information is propagated from friend to friend's friends, and so on. We design a new scheme to gradually enhance the privacy protection along a propagation path, in the meanwhile, maximally preserve the overall utility of the user's data. From a data accessing aspect, social information can be used by malicious users for launching new attacks. In this dissertation, we find a friendship-based privacy disclosure attack, and a corresponding defense approach is designed. Location-based service has been widely adopted. In order to preserve location privacy, users usually turn off the corresponding applications when visiting sensitive locations. However, once social relationships are known, attackers are able to infer these hidden locations, which disclose users' location privacy. For preserving the location privacy, we design a fake location-based approach, which efficiently disorders the social-geographic relationships among users. From the data usage aspect, social information and its related data may come from users. A system may lose functioning if some malicious users inject plenty of fake information. Mobile clouds and Friend Locator are two typical systems, which are vulnerable to the fake information-related attacks. Mobile clouds explore the idle computing resources of surrounding devices by recruiting nearby friends to participate in the same task. However, malicious users may inject wrong friendships information to mess up the system. When visiting a new place, Friend Locator provides navigation services for participators by creating a map based their trajectories. The functioning of the system is based on the trust among participators. Once a user's device is controlled by attackers, all other users may receive wrong navigation. For defending these attacks, we provide different countermeasure. / Computer and Information Science

Computer Science

Attack

Privacy

Security

Social Information

System Design and Evaluation

Improving the Privacy, Usability, and Context-Awareness of Smart Speakers

Alrumayh, Abrar S., 0000-0003-2275-0729

January 2022

Smart speakers, such as the Amazon Echo or Google Home, have become ubiquitous in our daily lives due to their convenience, which offers interactive actions through the use of simple voice commands. These devices allow users to issue a wide range of commands for a variety of services. Users can ask in natural language questions about the weather, stock market, online shopping orders, and other general information. These devices can also be used to control lights, and heating systems, and set timers and alarms in the smart home. However, as smart speaker systems become more prevalent, new security and privacy, usability, and context awareness concerns will need to be explored and addressed. In this dissertation, we carry out the effort to understand and mitigate privacy leaks from third-party applications, improve usability testing using interactability metrics, and improve context-awareness in a multi-occupant home using background sounds. We first study the privacy risks resulting from smart speaker apps developed by third-party developers. Having a device permanently on and always listening led to concerns over user privacy. In addition, the use of the third-party app on smart speaker platforms introduces arguably more serious privacy risks than using only the platform's built-in apps, due to the open nature of the app marketplaces. We explore how an adversary can efficiently create a valid smart speaker app to eavesdrop on users. We developed three different strategies for implementing a malicious app. To mitigate this threat, we propose a strategy for users to limit the success of this adversary. We designed a measurement app to look at the effect of various environmental factors in the home impacting what the third party can hear, and therefore provide users with a recommendation to place their smart speaker in locations that limit the success of this adversary. Next, we propose the idea of an interactability score to quantify how well a smart speaker app can accept potentially different ways a user may express their commands. However, voice-generated input data creates many unpredictable test cases since there are many different ways of how someone will express the same intention. In addition, each third-party developer could implement their own voice commands, making it difficult for users to remember what commands a particular app can process. The architecture of current smart speaker apps further complicates the testing process since the app is hosted on the smart speaker platform as a black-box. Therefore, we develop a testing framework to automatically and systematically evaluate the interactability of the smart speaker applications. It measures how well an app has been implemented to accept different kinds of user interaction. We also focus on improving context-awareness access control for smart speakers. The convenience of these devices is tempered by the possibility of performing unintended or intended actions. At home, the device is usually placed in a fixed location and accessed by multiple people with complex relationships between them, and these complex relationships can lead to complex access control requirements, where the context factors and interpersonal relationships should play a significant role. We design a system to be run on a smart speaker that makes use of the sounds in the home to estimate the current state of the house, e.g. number of occupants, activities being engaged, social relation of occupants, etc. This context information is used to decide whether to execute the command, prompt for confirmation or reject the command entirely. We also designed a simple pictorial configuration utility to help non-expert users configure their access rules. / Computer and Information Science

Computer science

Context-awareness

Privacy

Security

Smart speaker

System design and evaluation

Usability

Designing Efficient Routing Protocols in Delay Tolerant Networks

Wang, Yunsheng

January 2013

This thesis presents the design and evaluation of routing protocols for efficient content delivery and dissemination in delay tolerant networks. With the advancement in technology, the communication devices with wireless interfaces become more and more universal. Delay tolerant networks (DTNs) are characterized by intermittent connectivity and limited network capacity. There exist several different application scenarios: connectivity of developing countries, vehicular DTN road communications, and social contact networks. In this thesis, we explore the characteristics in DTNs, such as mobility pattern, contact history information, and social feature information, to design efficient routing schemes. The research reported in this thesis investigates the technical challenges and their solutions of applying different DTN routing protocols. We design multicast schemes to forward the information to a group of destinations in DTN environment. We extend the delegation forwarding scheme in DTN multicasting. An non-replication multicast tree is also studied in this report. We also apply ticket-based and social-tie-based approaches in content distribution systems. We leverage the users' social feature information to study the hypercube-based routing schemes in social contact networks. We also study the resource management problem in DTNs. We design a joint replication-migration-based scheme to solve the storage congestion. These techniques are evaluated comprehensively in realistic simulation studies, by comparing the performance with state-of-the-art approaches in both synthetic and real traces. / Computer and Information Science

Computer Science

Delay Tolerant Networks

Opportunistic Mobile Social Networks

Routing

System Design and Evaluation

Efficient Content-Based Publish/Subscribe Systems for Dynamic and Large-Scale Networked Applications

Zhao, Yaxiong

January 2012

This thesis presents the design and evaluation of content-based publish/subscribe systems for efficient content dissemination and sharing of dynamic and large-scale networked applications. The rapid development of network technologies and the continuous investment in network infrastructure have realized a ubiquitous platform for sharing information. However, there lacks efficient protocol and software that can utilize such resource to support novel networked applications. In this thesis, we explore the possibility of content-based publish/subscribe as an efficient communication substrate for dynamic and large-scale networked applications. Although content-based publish/subscribe has been used extensively in many small-to-medium scale systems, there is no Internet-scale applications that utilize this technology. The research reported in this thesis investigates the technical challenges and their solutions of applying content-based publish/subscribe in various applications in mobile networks and Internet. We apply content-based publish/subscribe in the interest-driven information sharing for smartphone networks. We design efficient approximate content matching algorithms and data structures. We study how to construct optimal overlay publish/subscribe overlay networks. We propose architecture designs that make Internet content-based publish/subscribe robust. We also design a name resolution system that enables content discovery in the Internet. These techniques are evaluated comprehensively in realistic simulation studies, and some of them are further evaluated on PlanetLab testbed with prototype implementations. / Computer and Information Science

Computer Science

System Science

Content-based Publish/subscribe

Fault Tolerance

Human Networks

Overlay Networks

System Design and Evaluation

Implementation Of A Low-cost Smart Camera Apllication On A Cots System

Baykent, Hayri Kerem

01 January 2012

The objective of this study is to implement a low-cost smart camera application on a Commercial off the Shelf system that is based on Texas Instrument&rsquo / s DM3730 System on Chip processor. Although there are different architectures for smart camera applications, ARM plus DSP based System on Chip architecture is selected for implementation because of its different core abilities. Beagleboard-XM platform that has an ARM plus DSP based System on Chip processor is chosen as Commercial off the Shelf platform. During this thesis, firstly to start-up the Commercial off the Shelf platform the design steps of porting an embedded Linux to ARM core of System on Chip processor is described. Then design steps that are necessary for implementation of smart camera applications on both ARM and DSP cores in parallel are given in detail. Furthermore, the real-time image processing performance of the Beagleboard-xM platform for the smart camera applications is evaluated with simple implementations.