E-Commerce Security Issues

8/10/2019 E-Commerce Security Issues

1/17


2/17

Overview

1. Introduction

2. Urban Sensing Examples3. Applications Examples4. Security Challenges

a. Confidentiality and Privacy Issuesb. Integrity Issuesc. Availability Issuesd. Challenges in Participatory Sensing

5. Conclusion


3/17

Introduction

Opportunistic people centric sensingo Small devices carried by people that sense informationo Direct or indirect relation to human activityo Environmental conditions

Advantages

o Leverage millions of deviceso No need to manually deploy

o Highly mobile and accessible Disadvantages

o High risks in security

o Data integrity


4/17

Urban Sensing ExamplesCarTel

Maps traffic patterns

BikeNet

Bicycle network infrastructure

CenceMe

User activity social networkingCarTel Interface

BikeNet InterfaceCenceMe Interface


5/17

Application Examples

Urban data collection and processing

o Large scale online data collectiono Being able to locate lost objectso Measuring the flow of bicycles in an urban center

Environmental monitoring at the human level

o Optimize energy usage for heating and coolingo Personal Environmental Impact Report


6/17

Security Challenges Overview

Challenges

1. Context privacy2. Anonymous tasking3. Anonymous data reporting

4. Reliable data readings

5. Data authenticity6. System integrity

7. Preventing data suppression8. Participation

9. Fairness


7/17

Confidentiality and Privacy IssuesContext Privacy

Problems

It is cumbersome for users to specify fine grain policies Once the data is on the server who can access the h/w

Solutions

Virtual wallso Group settings in categories

o Only information outside the wall can be seen Faces

o Data changes according to who is viewing

Future Research

o Determining what data can be used without being able toinfer other data

o Grabbing only enough data for application purpose

without sacrificing usability


8/17

Confidentiality and Privacy IssuesAnonymous Tasking

Problems

By tasking specific users it is possible to gain personalinformation

Determining reliability of participants could reduce

anonymitySolutions

Tasking Serviceo Users download all tasks and selectively choose which to

do

Attribute based authentication

o Users reveal only their attributes


9/17

Confidentiality and Privacy IssuesMasking Users' Location

Blind Tasking

Transfer data to other nodes before uploadingo Overall routing structure must be protectedo Data needs to be encrypted to not be intercepted

Hitchhiking

o Only include characteristics about locationo Disadvantageous for limited popularity

Introduce blur and random jittero Decreases accuracy

oAmount of error needs to be constrained

Automatic Spatiotemporal Blurringo Generalize location through large geographical tileso Only upload data when enough sets are available


10/17

Integrity IssuesReliable Data Storage

Problems

Any participant with an appropriately configured device canreport falsified data

Devices are controlled by users

Incentives to mask private informationSolutions

Redundancyo Task cloningo Fixed sensor ground truth

Game Theory

o Reputation based system


11/17

Integrity IssuesData Authenticity

Problems

Tampered data during transit Current schemes correspond to fixed sensors where there is

a stable topological tree that spans sensors

Solutions

Cryptographoically enhanced error-correcting techniqueso Encrypted data that shows if it has been tampered with

Group signaturesoAllows multiple groups to use a single verifying signature

o Cracked signatures and be redistributed without takingdown the entire infrastructure


12/17

Integrity IssuesSystem Integrity

Problems

Tasks need to have their source verified Data received needs to be accurate and temporally relevant

Solutions

Task specific languages

Secure crytographic stateso Provide topological, temporal and user-

related parameters to validate the information received.


13/17

Availability IssuesPreventing Data Suppression

Denial of Service (DoS) due to devices ignoring taskrequests

Network availability of devices Data consuming applications could be killed by users

If users are unable to control the data access, they are lesslikely to carry the device or permit tasks to be performed

Distributed DoS (DDoS) Attack


14/17

Availability IssuesParticipation

Problems

Users must have incentives to gain mass participation Difficult to convince giving away private information with little

to no benefit

Solutions

Convenience is key to appeal Provide incentives that are compatible with users' needs and

interests Privacy-aware hybrid payoff model

o Beneficial services vs privacy loss they experience


15/17


16/17

Challenges in Participatory Sensing

Users are tasked and have to manually partake in gatheringinformation

Additional security challenges arise as the user may leakmore information than the task specifies

o Taking a picture of a menu on a table

Integrity becomes difficult as the user can fabricate sensordata or not provide the correct results of the task

o Ratings of a restaurant

4 Rivers Smokehouse Google User Review


17/17

Conclusion

Opportunistic people centric sensing

Most applications contain personal information Securing that information becomes key

o Providing a service that people would want to participate

o Keepings users data secure as to not be harmed

o Even obscuring the data may not be enough for completeanonymity

Participatory sensing needs additional security thought Questions?

Documents

E-Commerce Security Issues