Modern automobiles are equipped with connectivity features to enhance the user's comfort.Bluetooth is one such communication technology that is used to pair a personal device with an automotive infotainment unit.U...Modern automobiles are equipped with connectivity features to enhance the user's comfort.Bluetooth is one such communication technology that is used to pair a personal device with an automotive infotainment unit.Upon pairing,the user could access the personal information on the phone through the automotive head unit with minimum distraction while driving.However,such connectivity introduces a possibility for privacy attacks.Hence,performing an in-depth analysis of the system with privacy constraints is extremely important to prevent unauthorized access to personal information.In this work,we perform a systematic analysis of the Bluetooth network of an automotive infotainment unit to exploit security and privacy-related vulnerabilities.We model the identifed threat with respect to privacy constraints of the system,emphasize the severity of attacks through a standardized rating metric and then provide potential countermeasures to prevent the attack.We perform System Theoretic Process Analysis for Privacy as a part of the systematic analysis and use the Common Vulnerability Scoring System to derive attack severity.The identifed vulnerabilities are due to design flaws and assumptions on Bluetooth protocol implementation on automotive infotainment systems.We then elicit the vulnerability by performing a privacy attack on the Automotive system in an actual vehicle.We use Android Open-Source Project to report our findings and propose defense strategies.展开更多
Contents such as audios,videos,and images,contribute most of the Internet traffic in the current paradigm.Secure content sharing is a tedious issue.The existing security solutions do not secure data but secure the com...Contents such as audios,videos,and images,contribute most of the Internet traffic in the current paradigm.Secure content sharing is a tedious issue.The existing security solutions do not secure data but secure the communicating endpoints.Named data networking(NDN)secures the data by enforcing the data publisher to sign the data.Any user can verify the data by using the public key of the publisher.NDN is resilient to most of the probable security attacks in the TCP/IP model due to its new architecture.However,new types of attacks are possible in NDN.This article surveys the most significant security attacks in NDN such as interest flooding attacks,cache privacy attacks,cache pollution attacks,and content poisoning attacks.Each attack is classified according to their behavior and discussed for their detection techniques,countermeasures,and the affected parameters.The article is an attempt to help new researchers in this area to gather the domain knowledge of NDN.The article also provides open research issues that could be addressed by researchers.展开更多
Mobile big data collected by mobile network operators is of interest to many research communities and industries for its remarkable values.However,such spatiotemporal information may lead to a harsh threat to subscrib...Mobile big data collected by mobile network operators is of interest to many research communities and industries for its remarkable values.However,such spatiotemporal information may lead to a harsh threat to subscribers’privacy.This work focuses on subscriber privacy vulnerability assessment in terms of user identifiability across two datasets with significant detail reduced mobility representation.In this paper,we propose an innovative semantic spatiotemporal representation for each subscriber based on the geographic information,termed as daily habitat region,to approximate the subscriber’s daily mobility coverage with far lesser information compared with original mobility traces.The daily habitat region is realized via convex hull extraction on the user’s daily spatiotemporal traces.As a result,user identification can be formulated to match two records with the maximum similarity score between two convex hull sets,obtained by our proposed similarity measures based on cosine distance and permutation hypothesis test.Experiments are conducted to evaluate our proposed innovative mobility representation and user identification algorithms,which also demonstrate that the subscriber’s mobile privacy is under a severe threat even with significantly reduced spatiotemporal information.展开更多
文摘Modern automobiles are equipped with connectivity features to enhance the user's comfort.Bluetooth is one such communication technology that is used to pair a personal device with an automotive infotainment unit.Upon pairing,the user could access the personal information on the phone through the automotive head unit with minimum distraction while driving.However,such connectivity introduces a possibility for privacy attacks.Hence,performing an in-depth analysis of the system with privacy constraints is extremely important to prevent unauthorized access to personal information.In this work,we perform a systematic analysis of the Bluetooth network of an automotive infotainment unit to exploit security and privacy-related vulnerabilities.We model the identifed threat with respect to privacy constraints of the system,emphasize the severity of attacks through a standardized rating metric and then provide potential countermeasures to prevent the attack.We perform System Theoretic Process Analysis for Privacy as a part of the systematic analysis and use the Common Vulnerability Scoring System to derive attack severity.The identifed vulnerabilities are due to design flaws and assumptions on Bluetooth protocol implementation on automotive infotainment systems.We then elicit the vulnerability by performing a privacy attack on the Automotive system in an actual vehicle.We use Android Open-Source Project to report our findings and propose defense strategies.
文摘Contents such as audios,videos,and images,contribute most of the Internet traffic in the current paradigm.Secure content sharing is a tedious issue.The existing security solutions do not secure data but secure the communicating endpoints.Named data networking(NDN)secures the data by enforcing the data publisher to sign the data.Any user can verify the data by using the public key of the publisher.NDN is resilient to most of the probable security attacks in the TCP/IP model due to its new architecture.However,new types of attacks are possible in NDN.This article surveys the most significant security attacks in NDN such as interest flooding attacks,cache privacy attacks,cache pollution attacks,and content poisoning attacks.Each attack is classified according to their behavior and discussed for their detection techniques,countermeasures,and the affected parameters.The article is an attempt to help new researchers in this area to gather the domain knowledge of NDN.The article also provides open research issues that could be addressed by researchers.
基金This work was in part supported by the National Natural Science Foundation of China(Nos.61622101 and 61571020)in part by the Natural Science Foundation(Nos.DMS-1521746 and DMS-1737795.
文摘Mobile big data collected by mobile network operators is of interest to many research communities and industries for its remarkable values.However,such spatiotemporal information may lead to a harsh threat to subscribers’privacy.This work focuses on subscriber privacy vulnerability assessment in terms of user identifiability across two datasets with significant detail reduced mobility representation.In this paper,we propose an innovative semantic spatiotemporal representation for each subscriber based on the geographic information,termed as daily habitat region,to approximate the subscriber’s daily mobility coverage with far lesser information compared with original mobility traces.The daily habitat region is realized via convex hull extraction on the user’s daily spatiotemporal traces.As a result,user identification can be formulated to match two records with the maximum similarity score between two convex hull sets,obtained by our proposed similarity measures based on cosine distance and permutation hypothesis test.Experiments are conducted to evaluate our proposed innovative mobility representation and user identification algorithms,which also demonstrate that the subscriber’s mobile privacy is under a severe threat even with significantly reduced spatiotemporal information.
