Smartphone Accelerometers Distinguish Between Different Motorized Transportation Modalities
Science Daily November 13, 2013
Identifying the individual’s transportation behavior is a fundamental problem, as it reveals information about the user’s physical activity, personal CO2 -footprint and preferred transit type. On a larger scale, this information could be aggregated to discover information about the utilization of different transportation options to aid urban planning.
Researchers from the University of Helsinki have developed methods for extracting information about vehicular movement patterns from measurements of a smartphone accelerometer. The key idea is to extract characteristic acceleration and breaking patterns and to use these as a kind of signature to separate between different vehicular transportation modes.
The main researcher, Samuli Hemminki, explains: “Extracting vehicular movement information from smartphone accelerometers is challenging as the placement of the device can vary, users interact with the phone spontaneously, and as the orientation of the phone can change dynamically. We overcame these challenges by developing novel algorithms for processing and analyzing accelerometer measurements.”
Experimental evaluations demonstrate that the technique can detect most common public transportation types (bus, tram, metro, train, car, walking) with over 80 per cent accuracy. The benefits of the method are particularly pronounced in daily monitoring as the system has low power consumption and works robustly in continuous detection tasks.
Dr. Petteri Nurmi from University of Helsinki adds: “Our work enables fine-grained modeling of human transportation behavior and serves as an important building block for new kinds of mobile applications. For example, our methods would be beneficial to an application that provides feedback to encourage drivers towards more ecological driving style or to map deviations in public transportation.”
Professor Sasu Tarkoma explains: “This research shows that it is possible to accurately detect the transportation mode on smartphones in an energy efficient manner. The system enables a whole new breed of mobility-aware applications and services.”
Creating Accountable Anonymity Online: Systems That Currently Allow Users Complete Anonymity Are Being Abused
Science Daily November 7, 2013
The World Wide Web is, in many ways, still the Wild West. Though a large portion of internet traffic is monitored and traceable, systems like the Tor Project allow users to post and share anything anonymously. Anonymous systems provide enormous public benefits by helping journalists, activists, and others communicate in private, away from the prying eyes of the Internet at-large.
These systems, however, have been degraded by criminals who use them to support unlawful activities. Tor reportedly has been used to aid in the selling of illegal drugs and in the proliferation of child pornography, among other crimes. With complete anonymity, criminals are often free to do whatever they like with little or no repercussions.
Researchers at Iowa State University are working to solve this problem with an approach they call accountable anonymity. Yong Guan, an associate professor of electrical and computer engineering, and his students, have devised a system that offers anonymity for honest users, and accountability for dishonest users.
“The lack of accountability on these anonymous services is easy to exploit,” Guan says. “Criminals use anonymous systems to commit crimes against innocent people online and in the real world. I thought there was a real need for accountability within these systems to protect honest users that just wish to exchange lawful information anonymously.”
Tor works by sending information through a series of nodes and using layers of encryption at each stop. When the information arrives at its destination, the encrypted messages are unlocked with a key and the original message becomes readable. The layers of encryption disguise the origin of the message, thus providing anonymity, but at a high computing cost. Bouncing messages around a network, and adding a layer of encryption with each bounce, takes time and computing power. If a criminal uses the service to send a malicious message, the network expends the same computing power to send that message, and the victim has limited ways to trace it.
Guan’s system, named THEMIS, is designed to minimize the computing power used to send messages and provide a way to track the source of the message, should it be thought of as malicious. By its very design, the system avoids expending computing power to send illegal and harmful messages.
“With a level of accountability, criminal activity online will decrease,” Guan says. “By that measurement, computing power expended to support criminal activity will also decrease. That’s a good thing.”
The system aims to offer four features:
First and foremost, the system must provide anonymity under normal circumstances. Users looking to exchange information in a lawful manner without being tracked will be able to do so without problems.
“Providing reliable anonymity is the first step,” Guan says. “Without it, users won’t use the system.”
Second, the system must, under certain circumstances, allow for the identification of sources without impairing other users’ anonymity. This involves a number of steps, including notifying law enforcement. This feature would be used to find senders of malicious messages, and requires the cooperation of the system’s key generator and internet service provider’s registration database.
“Our system provides law enforcement with the means to catch criminals who wish to distribute illegal or harmful messages,” Guan says. “Without some kind of accountability, users tend to show an absence of restraint.”
Third, the system must be incentive compatible. This means users must have an incentive to use the system as it is intended to be used. Without incentive compatibility, users can simply bypass attributes of the system they don’t wish to comply with.
Fourth, the system must make framing or impersonating an honest user impossible. THEMIS achieves this by using digital signatures that are computationally infeasible to generate without source keys.
“Forging keys is computationally difficult,” Guan says. “If a node wishes to obtain a signing key, or sign a message without the source’s signing key, it would have to solve a problem that is incredibly difficult, even for the fastest computers.”
THEMIS is composed of two separate proxy re-encryption based schemes. Scheme one, a multi-hop proxy re-encryption-based scheme, provides an anonymous communication channel between the source of a message and its destination. Much like with Tor, messages in THEMIS are bounced through several proxies. However, instead of adding layers of encryption, THEMIS converts the original message at each stop using XAG encryption. Each proxy along the path knows only its predecessor and successor, and proxy re-encryption keys to corresponding channels are hidden in the message in an onion header. The layers of the onion header contain the information for the corresponding node.
Scheme two provides for accountability when malicious messages are present. As with any encryption system, public keys and private keys are utilized to ensure that messages arrive where they should and are readable to the intended recipient. However, an AFGH re-encryption key is included with each message and serves as the accountability information which links the destination of the message to its source. Without this AFGH re-encryption key, messages are unreadable.
At the request of the message recipient, law enforcement officials can use the AFGH re-encryption key to track the source of the message. Law enforcement can subpoena data from the key generator and the internet service provider’s registration database and use this data with the message’s AFGH re-encryption key to determine the source of the message.
“If no one reports the message as malicious,” Guan says, “law enforcement cannot get involved. There would be no way for them to know about it.”
Guan envisions his system as a way for law enforcement to track down senders of threatening emails and those who leak important documents. THEMIS represents the first system to provide both anonymity and accountability in an incentive-compatible fashion and the first anonymous network to use multi-hop proxy re-encryption.
“The next step,” Guan says, “is to test it on a large scale over the Internet. This way, we can really see how well it performs.”
An NSA presentation released by Edward Snowden contains mixed news for Tor users. The anonymizing service itself appears to have foxed US and UK government snoops, but instead they are using a zero-day flaw in the Firefox browser bundled with Tor to track users.
“These documents give Tor a huge pat on the back,” security guru Bruce Schneier told The Register. “If I was a Tor developer, I’d be really smiling after reading this stuff.”
The PowerPoint slide deck, prepared in June last year and entitled “Tor stinks”, details how the NSA and the UK’s Government Communications Headquarters (GCHQ) have been stymied by trying to track Tor users, thanks to the strength of the open source system.
“We will never be able to de-anonymize all Tor users all the time,” the presentation states. “With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user.”
The presentation says that both the NSA and GCHQ run Tor nodes themselves (the Brits use Amazon Web Services for this under a project entitled Newton’s Cradle), but these are only a very small number in comparison to the whole system. This makes tracking users using traditional signals-intelligence methods impossible.
There’s also a case of diminishing returns as Tor becomes more popular. With each user acting as a transport node, the sheer scale of the system means it becomes steadily more difficult for the intelligence community to run enough nodes to be useful for tracking.
The agencies have also tried to use “quantum” cookies to track targets who are using Tor. Some cookies appear to persist after Tor sessions, the presentation notes, and the agencies are investigating if this can be developed into a working tracking system.
A separate leaked document from GCHQ, published in the Washington Post, gives an indication of how this could be done. Operation Mullenize is a technique for “staining” individual user’s computers with trackable code, and is now being rolled out after a year of development. Over 200 stains were injected onto systems in two months last year, the report notes.
There are also indications that the NSA had been trying to influence the design of Tor to make it more crackable, a somewhat Kafkaesque approach given that Tor is primarily funded by the US government itself to provide anonymity to internet users operating under repressive governments.
The NSA has been accused of this before, having been said to be deliberately weakening NIST encryption standards. But Schneier said in the case of Tor, the agency appears to have had little luck.
“It’s harder than you think to sneak stuff in,” Schneier said. “If you show up and say ‘Here, I’ve got some Tor code!’ I don’t think you’re going to get it in. As far as we know, they’ve had no success doing that.”
But documents shown the The Guardian by Snowden indicate that the intelligence organizations have also been trying sneakier methods in a delightfully named attack dubbed EgotisticalGiraffe. This targets the software that is bundled with Tor, specifically version 17 of the Firefox browser which was vulnerable to a zero-day attack.
It’s an attack vector that was adopted by the hacking community after operating system vendors started getting smarter about security, and which spawned a rash of attacks against third-party software such as Java and Adobe Reader. Now the NSA is using the same methods to track and crack Tor users.
“It should hardly be surprising that our intelligence agencies seek ways to counteract targets’ use of technologies to hide their communications,” the NSA told the paper in a statement.
“Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.”
Mozilla has now fixed the Firefox flaw used in EgotisticalGiraffe, but it seems likely that a fair few Tor users won’t have updated their software as often as they should and may still be vulnerable. But Cindy Cohn, legal director of the Electronic Frontier Foundation, told The Register that the methods used by the NSA and GCHQ were immensely worrying.
“They are using the kind of techniques that federal prosecutors send people to jail for decades for using,” she said. “These are tools that are criminal, and I’m still wondering what’s the authority? What kind of authority are they claiming that they can do this?”
Cohn said the courts need to know how data is being collected before warrants are issued. She pointed out that the NSA has already been fingered for passing information to the Drug Enforcement Agency and the Internal Revenue Service, which then covered up where they got their data from.
“You really have to question if there is a rule of law anymore?” Cohn said.
“If the government gets to essentially burn down your house because it thinks you’re engaging in illegal activity and then hide the fact by pretending there was an arsonist around at some point, it’s not a lawful situation,” she said. “There’s a fundamental thing that’s being lost here for an allegedly self-governing country.”
California first to get electronic license plates?
Easier to track?
The California State Senate approves a bill that would allow for a pilot program to test digital license plates. Will it involve tracking?
C/Net News by Chris Matyszczyk September 7, 2013
California is the home of everything that’s new, exciting, and, well, accidentally nefarious.
It’s a delight, therefore, to hear that we here in the Golden State might be the first to get electronic license plates.
Yes, the young and the restless of tech will be able to have their new “TE$LA1” plate beamed directly to their car.
What could be more moving? I am beaming at Ars Technica for discovering that a bill has passed the California State Senate, allowing for a pilot program to launch the scheme.
If the Governor signs the bill, 0.5 percent of Californians might enjoy this perk quite soon.
They can look forward to rolling down their beautiful hills and having the word “EXPIRED” suddenly appear on their backside. (The car’s, that is.)
What fun it will be to see Ferraris with the word “STOLEN” — or Priuses with the word “TASTELESS.”
Actually, I’m not sure that last one will be an option. Even so, the sheer instancy and convenience will fascinate many.
The suspicious (which ought, these days, to include most people) might wonder whether these license plates — which very probably will be accessed through a mobile data network — will let the powers that be know where people are, yes, all the time.
The bill doesn’t seem clear about this. What is clear is that the company that operates the system will have access to everyone’s location.
That company is Smart Plate Mobile, which doesn’t appear to have so much as a Web site currently.
Electronic Frontier Foundation Staff Attorney Lee Tien told Ars Technica that the DMV would hopefully not have access to location information.
However, we all know how porous digital walls can be.
As with so many digital creations, the weak spot for people is the convenience. Some interviewed by KCRA-TV said they’d pay extra in order to not stand in the DMV line.
And so, yet more personal information might be traded to save a few minutes of boredom.
NSA loophole allows warrantless search for US citizens’ emails and phone calls
Exclusive: Spy agency has secret backdoor permission to search databases for individual Americans’ communications
The Guardian / UK by James Ball & Spencer Ackerman August 9, 2013
The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens’ email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden.
The previously undisclosed rule change allows NSA operatives to hunt for individual Americans’ communications using their name or other identifying information. Senator Ron Wyden told the Guardian that the law provides the NSA with a loophole potentially allowing “warrantless searches for the phone calls or emails of law-abiding Americans”.
The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA’s dragnet surveillance programs.
The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.
The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as “incidental collection” in surveillance parlance.
But this is the first evidence that the NSA has permission to search those databases for specific US individuals’ communications.
A secret glossary document provided to operatives in the NSA’s Special Source Operations division – which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies – details an update to the “minimization” procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US.
“While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data,” the glossary states, “analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence].”
The term “identifiers” is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.
The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.
Wyden, an Oregon Democrat on the Senate intelligence committee, has obliquely warned for months that the NSA’s retention of Americans’ communications incidentally collected and its ability to search through it has been far more extensive than intelligence officials have stated publicly. Speaking this week, Wyden told the Guardian it amounts to a “backdoor search” through Americans’ communications data.
“Section 702 was intended to give the government new authorities to collect the communications of individuals believed to be foreigners outside the US, but the intelligence community has been unable to tell Congress how many Americans have had their communications swept up in that collection,” he said.
“Once Americans’ communications are collected, a gap in the law that I call the ‘back-door searches loophole’ allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans.”
Wyden, along with his intelligence committee colleague Mark Udall, have attempted repeatedly to warn publicly about the ability of the intelligence community to look at the communications of US citizens, but are limited by their obligation not to reveal highly classified information.
But in a letter they recently wrote to the NSA director, General Keith Alexander, the two senators warned that a fact sheet released by the NSA in the wake of the initial Prism revelations to reassure the American public about domestic surveillance was misleading.
In the letter, they warned that Americans’ communications might be inadvertently collected and stored under Section 702, despite rules stating only data on foreigners should be collected and retained.
“[W]e note that this same fact sheet states that under Section 702, ‘Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorised purpose nor evidence of a crime,'” they said.
“We believe that this statement is somewhat misleading, in that it implied the NSA has the ability to determine how many American communications it has collected under Section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans.”
The foreign intelligence surveillance (Fisa) court issues approvals annually authorizing such operations, with specific rules on who can be targeted and what measures must be taken to minimize any details “inadvertently” collected on US persons.
Secret minimization procedures dating from 2009, published in June by the Guardian, revealed that the NSA could make use of any “inadvertently acquired” information on US persons under a defined range of circumstances, including if they held usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted or are believed to contain any information relevant to cybersecurity.
At that stage, however, the rules did not appear to allow for searches of collected data relating to specific US persons.
Assurances from Obama and senior administration officials to the American public about the privacy of their communications have relied on the strict definition of what constitutes “targeting” while making no mention of the permission to search for US data within material that has already been collected.
The day after the Guardian revealed details of the NSA’s Prism program, President Obama said: “Now, with respect to the internet and emails, this doesn’t apply to US citizens and it doesn’t apply to people living in the United States.”
Speaking at a House hearing on 18 June this year, deputy attorney general James Cole told legislators “[T]here’s a great deal of minimization procedures that are involved here, particularly concerning any of the acquisition of information that deals or comes from US persons.
“As I said, only targeting people outside the United States who are not US persons. But if we do acquire any information that relates to a US person, under limited criteria only can we keep it.”
Dianne Feinstein, the California Democrat who chairs the Senate intelligence committee, said in June 2012 that she believed the intelligence agencies and the Justice Department were sufficiently mindful of Americans’ privacy.
“The intelligence community is strictly prohibited from using Section 702 to target a US person, which must at all times be carried out pursuant to an individualized court order based upon probable cause,” Feinstein stated in a report provided to the Senate record.
While there are several congressional proposals to constrain the NSA’s bulk collection of Americans’ phone records, there has to date been much less legislative appetite to abridge its powers under Section 702 – as lawmakers are satisfied it doesn’t sufficiently violate Americans’ privacy.
“702 is focused outside the United States at non-citizens,” said Adam Schiff, a member of the House intelligence committee. “The evidence of the effectiveness of 702 is much more substantial than 215 [the bulk phone records collection]. So I think there are fewer fourth amendment concerns and more evidence of the saliency of the program.”
Wyden and Udall – both of whom say foreign surveillance conducted under Section 702 has legitimate value for US national security – have tried and failed to restrict the NSA’s ability to collect and store Americans’ communications that it accidentally acquires.
Wyden told the Guardian that he raised concerns about the loophole with President Obama during an August 1 meeting with legislators about the NSA’s surveillance powers.
“I believe that Congress should reform Section 702 to provide better protections for Americans’ privacy, and that this could be done without losing the value that this collection provides,” he said.
The Guardian put the latest revelations to the NSA and the Office of the Director of National Intelligence but no response had been received by the time of publication.