Tag Archives: privacy

Smartphone Accelerometers Distinguish Between Different Motorized Transportation Modalities

Smartphone Accelerometers Distinguish Between Different Motorized Transportation Modalities

 

Science Daily
November 13, 2013

 

Smartphone Accelerometers Distinguish Between Different Motorized Transportation Modalities
Smartphone Accelerometers Distinguish Between Different Motorized Transportation Modalities

 

Identifying the individual’s transportation behavior is a fundamental problem, as it reveals information about the user’s physical activity, personal CO2 -footprint and preferred transit type. On a larger scale, this information could be aggregated to discover information about the utilization of different transportation options to aid urban planning.

Researchers from the University of Helsinki have developed methods for extracting information about vehicular movement patterns from measurements of a smartphone accelerometer. The key idea is to extract characteristic acceleration and breaking patterns and to use these as a kind of signature to separate between different vehicular transportation modes.

The main researcher, Samuli Hemminki, explains: “Extracting vehicular movement information from smartphone accelerometers is challenging as the placement of the device can vary, users interact with the phone spontaneously, and as the orientation of the phone can change dynamically. We overcame these challenges by developing novel algorithms for processing and analyzing accelerometer measurements.”

Experimental evaluations demonstrate that the technique can detect most common public transportation types (bus, tram, metro, train, car, walking) with over 80 per cent accuracy. The benefits of the method are particularly pronounced in daily monitoring as the system has low power consumption and works robustly in continuous detection tasks.

Dr. Petteri Nurmi from University of Helsinki adds: “Our work enables fine-grained modeling of human transportation behavior and serves as an important building block for new kinds of mobile applications. For example, our methods would be beneficial to an application that provides feedback to encourage drivers towards more ecological driving style or to map deviations in public transportation.”

Professor Sasu Tarkoma explains: “This research shows that it is possible to accurately detect the transportation mode on smartphones in an energy efficient manner. The system enables a whole new breed of mobility-aware applications and services.”

|

Story Source:

The above story is based on materials provided by University of Helsinki, via EurekAlert!, a service of AAAS.

Note: Materials may be edited for content and length. For further information, please contact the source cited above.

 

 

Direct Link:  http://www.sciencedaily.com/releases/2013/11/131113125835.htm

Creating Accountable Anonymity Online: Systems That Currently Allow Users Complete Anonymity Are Being Abused

Creating Accountable Anonymity Online: Systems That Currently Allow Users Complete Anonymity Are Being Abused

 

Science Daily
November 7, 2013

 

 

Iowa State University's Yong Guan is working to add accountability to Internet anonymity. (Credit: Photo by Bob Elbert/Iowa State University.)
Iowa State University’s Yong Guan is working to add accountability to Internet anonymity. (Credit: Photo by Bob Elbert/Iowa State University.)

The World Wide Web is, in many ways, still the Wild West. Though a large portion of internet traffic is monitored and traceable, systems like the Tor Project allow users to post and share anything anonymously. Anonymous systems provide enormous public benefits by helping journalists, activists, and others communicate in private, away from the prying eyes of the Internet at-large.

These systems, however, have been degraded by criminals who use them to support unlawful activities. Tor reportedly has been used to aid in the selling of illegal drugs and in the proliferation of child pornography, among other crimes. With complete anonymity, criminals are often free to do whatever they like with little or no repercussions.

Researchers at Iowa State University are working to solve this problem with an approach they call accountable anonymity. Yong Guan, an associate professor of electrical and computer engineering, and his students, have devised a system that offers anonymity for honest users, and accountability for dishonest users.

“The lack of accountability on these anonymous services is easy to exploit,” Guan says. “Criminals use anonymous systems to commit crimes against innocent people online and in the real world. I thought there was a real need for accountability within these systems to protect honest users that just wish to exchange lawful information anonymously.”

Tor works by sending information through a series of nodes and using layers of encryption at each stop. When the information arrives at its destination, the encrypted messages are unlocked with a key and the original message becomes readable. The layers of encryption disguise the origin of the message, thus providing anonymity, but at a high computing cost. Bouncing messages around a network, and adding a layer of encryption with each bounce, takes time and computing power. If a criminal uses the service to send a malicious message, the network expends the same computing power to send that message, and the victim has limited ways to trace it.

Guan’s system, named THEMIS, is designed to minimize the computing power used to send messages and provide a way to track the source of the message, should it be thought of as malicious. By its very design, the system avoids expending computing power to send illegal and harmful messages.

“With a level of accountability, criminal activity online will decrease,” Guan says. “By that measurement, computing power expended to support criminal activity will also decrease. That’s a good thing.”

The system aims to offer four features:

First and foremost, the system must provide anonymity under normal circumstances. Users looking to exchange information in a lawful manner without being tracked will be able to do so without problems.

“Providing reliable anonymity is the first step,” Guan says. “Without it, users won’t use the system.”

Second, the system must, under certain circumstances, allow for the identification of sources without impairing other users’ anonymity. This involves a number of steps, including notifying law enforcement. This feature would be used to find senders of malicious messages, and requires the cooperation of the system’s key generator and internet service provider’s registration database.

“Our system provides law enforcement with the means to catch criminals who wish to distribute illegal or harmful messages,” Guan says. “Without some kind of accountability, users tend to show an absence of restraint.”

Third, the system must be incentive compatible. This means users must have an incentive to use the system as it is intended to be used. Without incentive compatibility, users can simply bypass attributes of the system they don’t wish to comply with.

Fourth, the system must make framing or impersonating an honest user impossible. THEMIS achieves this by using digital signatures that are computationally infeasible to generate without source keys.

“Forging keys is computationally difficult,” Guan says. “If a node wishes to obtain a signing key, or sign a message without the source’s signing key, it would have to solve a problem that is incredibly difficult, even for the fastest computers.”

THEMIS is composed of two separate proxy re-encryption based schemes. Scheme one, a multi-hop proxy re-encryption-based scheme, provides an anonymous communication channel between the source of a message and its destination. Much like with Tor, messages in THEMIS are bounced through several proxies. However, instead of adding layers of encryption, THEMIS converts the original message at each stop using XAG encryption. Each proxy along the path knows only its predecessor and successor, and proxy re-encryption keys to corresponding channels are hidden in the message in an onion header. The layers of the onion header contain the information for the corresponding node.

Scheme two provides for accountability when malicious messages are present. As with any encryption system, public keys and private keys are utilized to ensure that messages arrive where they should and are readable to the intended recipient. However, an AFGH re-encryption key is included with each message and serves as the accountability information which links the destination of the message to its source. Without this AFGH re-encryption key, messages are unreadable.

At the request of the message recipient, law enforcement officials can use the AFGH re-encryption key to track the source of the message. Law enforcement can subpoena data from the key generator and the internet service provider’s registration database and use this data with the message’s AFGH re-encryption key to determine the source of the message.

“If no one reports the message as malicious,” Guan says, “law enforcement cannot get involved. There would be no way for them to know about it.”

Guan envisions his system as a way for law enforcement to track down senders of threatening emails and those who leak important documents. THEMIS represents the first system to provide both anonymity and accountability in an incentive-compatible fashion and the first anonymous network to use multi-hop proxy re-encryption.

“The next step,” Guan says, “is to test it on a large scale over the Internet. This way, we can really see how well it performs.”

|

Story Source:

The above story is based on materials provided by Iowa State University, via Newswise.

Note: Materials may be edited for content and length. For further information, please contact the source cited above.

 

 

Direct Link:   http://www.sciencedaily.com/releases/2013/11/131107191822.htm

 

 

 

NSA using Firefox flaw to snoop on Tor users

NSA using Firefox flaw to snoop on Tor users

Good news / Bad news in latest Snowden leak

 

The Register / UKby Iain Thomson
October 3, 2013

 

NSA using Firefox flaw to snoop on Tor users
NSA using Firefox flaw to snoop on Tor users

 

 

An NSA presentation released by Edward Snowden contains mixed news for Tor users. The anonymizing service itself appears to have foxed US and UK government snoops, but instead they are using a zero-day flaw in the Firefox browser bundled with Tor to track users.

“These documents give Tor a huge pat on the back,” security guru Bruce Schneier told The Register. “If I was a Tor developer, I’d be really smiling after reading this stuff.”

The PowerPoint slide deck, prepared in June last year and entitled “Tor stinks”, details how the NSA and the UK’s Government Communications Headquarters (GCHQ) have been stymied by trying to track Tor users, thanks to the strength of the open source system.

“We will never be able to de-anonymize all Tor users all the time,” the presentation states. “With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user.”

The presentation says that both the NSA and GCHQ run Tor nodes themselves (the Brits use Amazon Web Services for this under a project entitled Newton’s Cradle), but these are only a very small number in comparison to the whole system. This makes tracking users using traditional signals-intelligence methods impossible.

There’s also a case of diminishing returns as Tor becomes more popular. With each user acting as a transport node, the sheer scale of the system means it becomes steadily more difficult for the intelligence community to run enough nodes to be useful for tracking.

The agencies have also tried to use “quantum” cookies to track targets who are using Tor. Some cookies appear to persist after Tor sessions, the presentation notes, and the agencies are investigating if this can be developed into a working tracking system.

A separate leaked document from GCHQ, published in the Washington Post, gives an indication of how this could be done. Operation Mullenize is a technique for “staining” individual user’s computers with trackable code, and is now being rolled out after a year of development. Over 200 stains were injected onto systems in two months last year, the report notes.

There are also indications that the NSA had been trying to influence the design of Tor to make it more crackable, a somewhat Kafkaesque approach given that Tor is primarily funded by the US government itself to provide anonymity to internet users operating under repressive governments.

The NSA has been accused of this before, having been said to be deliberately weakening NIST encryption standards. But Schneier said in the case of Tor, the agency appears to have had little luck.

“It’s harder than you think to sneak stuff in,” Schneier said. “If you show up and say ‘Here, I’ve got some Tor code!’ I don’t think you’re going to get it in. As far as we know, they’ve had no success doing that.”

But documents shown the The Guardian by Snowden indicate that the intelligence organizations have also been trying sneakier methods in a delightfully named attack dubbed EgotisticalGiraffe. This targets the software that is bundled with Tor, specifically version 17 of the Firefox browser which was vulnerable to a zero-day attack.

It’s an attack vector that was adopted by the hacking community after operating system vendors started getting smarter about security, and which spawned a rash of attacks against third-party software such as Java and Adobe Reader. Now the NSA is using the same methods to track and crack Tor users.

“It should hardly be surprising that our intelligence agencies seek ways to counteract targets’ use of technologies to hide their communications,” the NSA told the paper in a statement.

“Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.”

Mozilla has now fixed the Firefox flaw used in EgotisticalGiraffe, but it seems likely that a fair few Tor users won’t have updated their software as often as they should and may still be vulnerable. But Cindy Cohn, legal director of the Electronic Frontier Foundation, told The Register that the methods used by the NSA and GCHQ were immensely worrying.

“They are using the kind of techniques that federal prosecutors send people to jail for decades for using,” she said. “These are tools that are criminal, and I’m still wondering what’s the authority? What kind of authority are they claiming that they can do this?”

Cohn said the courts need to know how data is being collected before warrants are issued. She pointed out that the NSA has already been fingered for passing information to the Drug Enforcement Agency and the Internal Revenue Service, which then covered up where they got their data from.

“You really have to question if there is a rule of law anymore?” Cohn said.

“If the government gets to essentially burn down your house because it thinks you’re engaging in illegal activity and then hide the fact by pretending there was an arsonist around at some point, it’s not a lawful situation,” she said. “There’s a fundamental thing that’s being lost here for an allegedly self-governing country.”

Direct Link:  http://www.theregister.co.uk/2013/10/04/nsa_using_firefox_flaw_to_snoop_on_tor_users/

California first to get electronic license plates? Easier to track?

California first to get electronic license plates?

Easier to track?

The California State Senate approves a bill that would allow for a pilot program to test digital license plates. Will it involve tracking?

 

C/Net News
by Chris Matyszczyk
September 7, 2013

 

Yes, sort of an iPad on your car's rear. (Credit: KCRA-TV screenshot by Chris Matyszczyk/CNET)
Yes, sort of an iPad on your car’s rear.
(Credit: KCRA-TV screenshot by Chris Matyszczyk/CNET)

 

California is the home of everything that’s new, exciting, and, well, accidentally nefarious.

It’s a delight, therefore, to hear that we here in the Golden State might be the first to get electronic license plates.

Yes, the young and the restless of tech will be able to have their new “TE$LA1” plate beamed directly to their car.

What could be more moving? I am beaming at Ars Technica for discovering that a bill has passed the California State Senate, allowing for a pilot program to launch the scheme.

If the Governor signs the bill, 0.5 percent of Californians might enjoy this perk quite soon.

They can look forward to rolling down their beautiful hills and having the word “EXPIRED” suddenly appear on their backside. (The car’s, that is.)

What fun it will be to see Ferraris with the word “STOLEN” — or Priuses with the word “TASTELESS.”

Actually, I’m not sure that last one will be an option. Even so, the sheer instancy and convenience will fascinate many.

The suspicious (which ought, these days, to include most people) might wonder whether these license plates — which very probably will be accessed through a mobile data network — will let the powers that be know where people are, yes, all the time.

The bill doesn’t seem clear about this. What is clear is that the company that operates the system will have access to everyone’s location.

That company is Smart Plate Mobile, which doesn’t appear to have so much as a Web site currently.

Electronic Frontier Foundation Staff Attorney Lee Tien told Ars Technica that the DMV would hopefully not have access to location information.

However, we all know how porous digital walls can be.

As with so many digital creations, the weak spot for people is the convenience. Some interviewed by KCRA-TV said they’d pay extra in order to not stand in the DMV line.

And so, yet more personal information might be traded to save a few minutes of boredom.

Direct Link:  http://news.cnet.com/8301-17852_3-57601846-71/california-first-to-get-electronic-license-plates-easier-to-track/