Upload
urbana
View
25
Download
0
Tags:
Embed Size (px)
DESCRIPTION
USC. Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations. Presented By : Anand Dipakkumar Joshi. USC. Paper. Vincent Lenders Emmanouil Koukoumidis Pei Zhang Margaret Martonosi DEPT. of Electrical Engineering Princeton University. USC. - PowerPoint PPT Presentation
Citation preview
Location Based Trust for Mobile User – Generated Content : Applications, Challenges and Implementations
Presented By : Anand Dipakkumar Joshi
USC
PaperVincent Lenders
Emmanouil Koukoumidis
Pei Zhang
Margaret Martonosi
DEPT. of Electrical Engineering
Princeton University
USC
Agenda Introduction
Application
Verification System for Mobile contents
Localization / Certificate Services Implementation
USC
Introduction Advance in Web 2.0
You Tube , Facebook , Flickr , Wikipedia , Blogger , Orkut etc ….
Advance in Gadgets Mobiles , PDA , Camcorder , High end cameras etc ….
User generated contents Blogs Podcasts Sharing of video on you tube etc ….
Social Networking with sharing of videos , pictures , data etc ….
USC
Introduction (cont …)
YOU TUBE
Content Producer Content Consumer
USC
Introduction (cont …)How to trust authenticity and quality of
published information ?
How to provide consumer a level of trust for the content provided by the mobile user ?
How to protect the identity and privacy of the content producer ?
Protection from malicious producers
Protection from malicious consumers
USC
Introduction (cont …)Solution :
Application of traditional identity based security. Application of trusted geotagging service.
Benefits Consumers know where and when the data has been actually
published. Trust relation between the content providers and consumers in this
open system. Protection from Sybil attack.
USC
ApplicationNEWS
Photo Sharing
Distributed Sensing
Filtering Email Spam
Mapping Data
Traffic Updates
USC
Verification System for mobile contentsDesign Goals
Generality Scalability Retain user privacy / anonymity Support for user’s mobility Support for content mobility
USC
Verification System for mobile contents (cont …)System Overview
SHA
Untrusted Network
Content Producer
Localization / Certificate Authorities
Content Consumer
DLT Certificate
Ask to verify certificate / CA’s public key
USC
Verification System for mobile contents (cont …) Trust Model
Content producers They can verify the location from the certificate issued to them by CA. They trust the certificate issuing authority that they do not store and revel information
about the content producers and maintain their privacy and anonymity. Content consumers
They trust the certificate issuing authority that they only issue certificate to genuine content producers.
Privacy Issues Producer at risk of potential attack
Producer has lot of contents Content created is not at heavily populated location.
Solution Needs to specify the level of accuracy and anonymity for location and time values. Accuracy of coordinates depends on privacy E.g.: blurring of coordinates and time values.
USC
Verification System for mobile contents (cont …)Possible Attacks
Mobility Attack Botnet Attack Delay Attack
Mobility Considerations Assign multiple DLT to content, allowing one to track
the mobility of the content over the creation time. Helps to know the path on which the content is
captured before its delivered to content consumers.
USC
Verification System for mobile contents (cont …)Alternative Certificate Mechanisms
SHA
Untrusted Network
Content Producer Content Consumer
Verify Data
USC
Localization Service ImplementationSecure Wireless Location
Satellite Based positioning GPS based systems to determine location
Tower localization Use of cell phone towers to determine location.
802.11 access points Hybrid
GPS / infer location information from past data using cell location Used by Yahoo!‘s ZoneTag
USC
Certificate Service ImplementationCertificate Authority
Centralized Implicit trust given to central authority. Central server is responsible for verifying the location the
generator is claiming to have and issues corresponding DLT certificate.
It assumes that the content producer have an access to the server by any means.
The certificate makes possible for the authority to track him and invade his privacy.
More susceptible to denial of service attack.
S
USC
Certificate Service Implementation (cont …) Certificate Authority
Decentralized Users ask multiple devices to obtain multiple DLT certificate. The generating device will keep track of the trustworthy level of the other
nodes. Receivers of the data query the DLT certificate source nodes to validate the
data, or simply work offline if the certificate resources are known. Here the public key is device specific and not user specific. System more scalable than the centralized method. Difficult to fake an authentication. Overhead of the system is high. Prone to Sybil attack if the community contains more fake devices. To verify the certificate the receiver device must be online as well as the
sender device also must be online
USC
Certificate Service Implementation (cont …)Certificate Authority
Community Model Somewhat similar to distributed method. Community of devices will vote and decide on trust level of
certificates. Multiple certificate issuers are voted on by its users. This decides different weights and trust levels associated with
them Scheme adopted by Digg and reputation scheme in eBay. Community gets votes on each other’s trust level. Super Users can boast or reduce the trust level.
USC
ConclusionBeneficial to many applications where trust is associated with
time and location.
Tagging of a content is done using location and time and not on user’s identity. Hence user privacy is maintained.
System increases the difficulty to tag the contents with false locations unless they move to that location to tag it.
Thus by limiting various attack, it proves to be a good verification service based on location and time for user generated data.
USC
ReferencesPaper : "Location-based Trust for Mobile User-
Generated Contents: Applications, Challenges and Implementations”, Vincent Lenders, Emmanouil Koukoumidis, Pei Zhang and Margaret Martonosi, The 9th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2008), Feb 2008
Web Resources http://www.flickr.com/tour/maps/ http://www.wunderground.com/wundermap/ http://www.wikipedia.org/
USC
Questions ???