Revocation Games in Ephemeral Networks

An ephemeral network is usually defined by the very short-lived and heterogeneous nature of interactions among self-organizing wireless devices. The wide penetration in everyday gadgets of radio technologies operating in unlicensed frequency spectrum, such as Bluetooth or 802.11 WLANs, accentuates the risk involved in communicating with unknown nodes, especially in hostile environments. Thus, misbehavior in ephemeral networks poses a serious threat to both well-behaving nodes and the network itself. The lack of centralized infrastructure and control makes such networks vulnerable to abuses, resulting in local service degradations and interruptions. Due to the short-lived and heterogeneous contacts among nodes, the reputation mechanisms based on repeated interactions are hard to establish and thus local revocation schemes seem to better cope with the highly volatile network model. In this report, we present a fully distributed scheme for local revocation of public-key certificates using a game-theoretic approach, in which each node selfishly decides on its actions and where, for each action, there is an associated cost and benefit. By providing incentives, dynamic costs and thanks to the history of previous behavior, our payoff model establishes the best course of actions for all the involved devices on-the-fly, such that the resulting revocation generates the least cost for the collectivity of players, i.e. a successful revocation that is also socially optimal. Based on the analytical results, we then formally define such algorithm and evaluate its performance through simulations. We show that our scheme is both accurate and effective in quickly removing malicious devices from the network

Inferring Social Ties in Pervasive Networks: An On-Campus Comparative Study

International audienceWiFi base stations are increasingly deployed in both public spaces and private companies, and the increase in their density poses a significant threat to the privacy of users. Prior studies have shown that it is possible to infer the social ties between users from their (co-)location traces but they lack one important component: the comparison of the inference accuracy between an internal attacker (e.g., a curious application running on the device) and a realistic external eavesdropper (e.g., a network of snifing stations) in the same field trial. We experimentally show that such an eavesdropper can infer the type of social ties between mobile users better than an internal attacker

Satellite Communications: Internet Challenges and Low-latency Applications

This paper analyzes several mitigation strategies and techniques that could enable delay sensitive applications to work properly over satellite IP networks. A study is conducted on different satellite classes (GEO, MEO and LEO) and the analysis of the current solutions for real-time interactive appli-cations is performed. The great distance from Earth results in an important RTT, which is the main aspect to consider for real-time interactive applications. To date, the multi-layered architecture seems to be the best way to go, since it overcomes the drawbacks of the single layer approaches. This, in turn, creates traffic balancing and quality of service concerns that are also discussed according to the proposed solutions

On Multi-Dimensional Privacy in Context-Aware Mobile Networks

By the end of 2013, the number of internet-connected mobile devices is expected to exceed that of humans. Omnipresent and context-aware, mobile devices enable people to communicate and exchange data anytime and almost anywhere. The myriad of ”digital footprints” that mobile devices leave can be used to infer a large amount of personal information about their owners. For instance, the IP address can be used to infer a coarse-grained location of the device, the temporary identifiers used in cellular networks can be used to track people’s whereabouts and infer numerous personal details. Similarly, online social networks often force members to share some personal information with all other users or service providers, de facto exposing users to unwanted profiling by advertisement companies and other private and state agencies. At each layer of the network stack, there is some information that can be used to track and profile mobile users; it is therefore crucial to investigate the privacy challenges present at different layers and design privacy protection mechanisms that work across these layers. In this thesis, we take a top-down approach on privacy in mobile networks by (i) studying the issues present in different network layers – the application, IP and link layers – and (ii) by proposing protection mechanisms and quantifying the extent of private information leakage. First, we look at the application layer, where we design protocols to protect users’ personal data from third-party entities and other unauthorized users. In particular, we focus on two relevant problems: meeting scheduling and optimal meeting location determination. For these two problems, we propose and evaluate privacy-preserving protocols that are both practical and more efficient than the existing approaches. Second, we study the privacy challenges that arise in the network and link layers, by quantifying the exposure of social community information in a large on-campus experiment. In addition, we evaluate the effect of the reconstructed community information on the inference of social ties among the participants to the experiment. For the first time in the same experiment, we compare the reconstruction accuracy of a realistic eavesdropper, who has only access to packet headers exchanged among the mobile devices, with that of a malicious application or entity that has access to the on-device data. Third, by taking a cross-layer approach, we design and evaluate a mobile social-networking application that enables users to share different kinds of personal information in a privacy-aware and inobtrusive way. In particular, we show how existing information-sharing policies are ineffective in correctly predicting users actual sharing behavior; then, based on a probabilistic decision-making framework, we demonstrate how machine learning can be used to automatically decide whether and how much to share – based on the users’ context and past behavior. Our results indicate that the proposed machine-learning-based approach is more comprehensive and practical than existing automated solutions and, at the same time, it is more effective than fixed policy-based rules – all while requiring a minimal effort from the users

Shorts vs. Regular Videos on YouTube: A Comparative Analysis of User Engagement and Content Creation Trends

YouTube introduced the Shorts video format in 2021, allowing users to upload short videos that are prominently displayed on its website and app. Despite having such a large visual footprint, there are no studies to date that have looked at the impact Shorts introduction had on the production and consumption of content on YouTube. This paper presents the first comparative analysis of YouTube Shorts versus regular videos with respect to user engagement (i.e., views, likes, and comments), content creation frequency and video categories. We collected a dataset containing information about 70k channels that posted at least one Short, and we analyzed the metadata of all the videos (9.9M Shorts and 6.9M regular videos) they uploaded between January 2021 and December 2022, spanning a two-year period including the introduction of Shorts. Our longitudinal analysis shows that content creators consistently increased the frequency of Shorts production over this period, especially for newly-created channels, which surpassed that of regular videos. We also observe that Shorts target mostly entertainment categories, while regular videos cover a wide variety of categories. In general, Shorts attract more views and likes per view than regular videos, but attract less comments per view. However, Shorts do not outperform regular videos in the education and political categories as much as they do in other categories. Our study contributes to understanding social media dynamics, to quantifying the spread of short-form content, and to motivating future research on its impact on society.Comment: 11 pages, 9 figures, to be published in the proceedings of ACM Web Science Conference 2024 (WEBSCI24

Shorts vs. Regular Videos on YouTube: A Comparative Analysis of User Engagement and Content Creation Trends

YouTube introduced the Shorts video format in 2021, allowing users to upload short videos that are prominently displayed on its website and app. Despite having such a large visual footprint, there are no studies to date that have looked at the impact Shorts introduction had on the production and consumption of content on YouTube. This paper presents the first comparative analysis of YouTube Shorts versus regular videos with respect to user engagement (i.e., views, likes, and comments), content creation frequency and video categories. We collected a dataset containing information about 70k channels that posted at least one Short, and we analyzed the metadata of all the videos (9.9M Shorts and 6.9M regular videos) they uploaded between January 2021 and December 2022, spanning a two-year period including the introduction of Shorts. Our longitudinal analysis shows that content creators consistently increased the frequency of Shorts production over this period, especially for newly-created channels, which surpassed that of regular videos. We also observe that Shorts target mostly entertainment categories, while regular videos cover a wide variety of categories. In general, Shorts attract more views and likes per view than regular videos, but attract less comments per view. However, Shorts do not outperform regular videos in the education and political categories as much as they do in other categories. Our study contributes to understanding social media dynamics, to quantifying the spread of short-form content, and to motivating future research on its impact on society

Trashing IMSI catchers in mobile networks

We address the decades-old privacy problem of disclosure of the permanent subscriber identity (IMSI) that makes IMSI catchers a real threat to all generations of mobile networks. A number of possible modifications to existing protocols have been proposed to address the problem; however, most require significant changes to existing deployed infrastructures. We propose a novel authentication approach for 3G and 4G systems that does not affect intermediate entities, notably the serving network and mobile equipment. It prevents disclosure of the subscriber's IMSI by using a dynamic pseudo-IMSI that is only identifiable by the home network for the USIM. A major challenge in using dynamic pseudo-IMSIs is possible loss of identity synchronisation between USIM and home network, an issue that has not been adequately addressed in previous work. We present an approach for identity recovery to be used in the event of pseudo-IMSI desynchronisation. The scheme requires changes to the home network and the USIM, but not to the serving network, mobile phone or other internal network protocols, enabling simple, transparent and evolutionary migration. We provide a detailed analysis of the scheme, and verify its correctness and security properties using ProVerif

FP-Fed: Privacy-Preserving Federated Detection of Browser Fingerprinting

Browser fingerprinting often provides an attractive alternative to third-party cookies for tracking users across the web. In fact, the increasing restrictions on third-party cookies placed by common web browsers and recent regulations like the GDPR may accelerate the transition. To counter browser fingerprinting, previous work proposed several techniques to detect its prevalence and severity. However, these rely on 1) centralized web crawls and/or 2) computationally intensive operations to extract and process signals (e.g., information-flow and static analysis). To address these limitations, we present FP-Fed, the first distributed system for browser fingerprinting detection. Using FP-Fed, users can collaboratively train on-device models based on their real browsing patterns, without sharing their training data with a central entity, by relying on Differentially Private Federated Learning (DP-FL). To demonstrate its feasibility and effectiveness, we evaluate FP-Fed's performance on a set of 18.3k popular websites with different privacy levels, numbers of participants, and features extracted from the scripts. Our experiments show that FP-Fed achieves reasonably high detection performance and can perform both training and inference efficiently, on-device, by only relying on runtime signals extracted from the execution trace, without requiring any resource-intensive operation

Security Issues in Next Generation Mobile Networks: LTE and Femtocells

Cellular mobile networks are used by more than 4 billion users worldwide. One effective way to meet the increasing demand for data rates is to deploy femtocells, which are low-power base stations that connect to the mobile operator through the subscriber's residential Internet access. Yet, security and privacy issues in femtocell-enabled cellular networks, such as UMTS and LTE, still need to be fully addressed by the standardization bodies. In this paper, we review significant threats to the security and privacy of femtocell-enabled cellular networks. We also propose novel solution directions in order to tackle some of these threats by drawing inspiration from solutions to similar challenges in wireless data networks such as WLANs and mobile ad hoc networks (MANETs)