E-Commerce Security Issues
Transcript of E-Commerce Security Issues
-
8/10/2019 E-Commerce Security Issues
1/17
-
8/10/2019 E-Commerce Security Issues
2/17
Overview
1. Introduction
2. Urban Sensing Examples3. Applications Examples4. Security Challenges
a. Confidentiality and Privacy Issuesb. Integrity Issuesc. Availability Issuesd. Challenges in Participatory Sensing
5. Conclusion
-
8/10/2019 E-Commerce Security Issues
3/17
Introduction
Opportunistic people centric sensingo Small devices carried by people that sense informationo Direct or indirect relation to human activityo Environmental conditions
Advantages
o Leverage millions of deviceso No need to manually deploy
o Highly mobile and accessible Disadvantages
o High risks in security
o Data integrity
-
8/10/2019 E-Commerce Security Issues
4/17
Urban Sensing ExamplesCarTel
Maps traffic patterns
BikeNet
Bicycle network infrastructure
CenceMe
User activity social networkingCarTel Interface
BikeNet InterfaceCenceMe Interface
-
8/10/2019 E-Commerce Security Issues
5/17
Application Examples
Urban data collection and processing
o Large scale online data collectiono Being able to locate lost objectso Measuring the flow of bicycles in an urban center
Environmental monitoring at the human level
o Optimize energy usage for heating and coolingo Personal Environmental Impact Report
-
8/10/2019 E-Commerce Security Issues
6/17
Security Challenges Overview
Challenges
1. Context privacy2. Anonymous tasking3. Anonymous data reporting
4. Reliable data readings
5. Data authenticity6. System integrity
7. Preventing data suppression8. Participation
9. Fairness
-
8/10/2019 E-Commerce Security Issues
7/17
Confidentiality and Privacy IssuesContext Privacy
Problems
It is cumbersome for users to specify fine grain policies Once the data is on the server who can access the h/w
Solutions
Virtual wallso Group settings in categories
o Only information outside the wall can be seen Faces
o Data changes according to who is viewing
Future Research
o Determining what data can be used without being able toinfer other data
o Grabbing only enough data for application purpose
without sacrificing usability
-
8/10/2019 E-Commerce Security Issues
8/17
Confidentiality and Privacy IssuesAnonymous Tasking
Problems
By tasking specific users it is possible to gain personalinformation
Determining reliability of participants could reduce
anonymitySolutions
Tasking Serviceo Users download all tasks and selectively choose which to
do
Attribute based authentication
o Users reveal only their attributes
-
8/10/2019 E-Commerce Security Issues
9/17
Confidentiality and Privacy IssuesMasking Users' Location
Blind Tasking
Transfer data to other nodes before uploadingo Overall routing structure must be protectedo Data needs to be encrypted to not be intercepted
Hitchhiking
o Only include characteristics about locationo Disadvantageous for limited popularity
Introduce blur and random jittero Decreases accuracy
oAmount of error needs to be constrained
Automatic Spatiotemporal Blurringo Generalize location through large geographical tileso Only upload data when enough sets are available
-
8/10/2019 E-Commerce Security Issues
10/17
Integrity IssuesReliable Data Storage
Problems
Any participant with an appropriately configured device canreport falsified data
Devices are controlled by users
Incentives to mask private informationSolutions
Redundancyo Task cloningo Fixed sensor ground truth
Game Theory
o Reputation based system
-
8/10/2019 E-Commerce Security Issues
11/17
Integrity IssuesData Authenticity
Problems
Tampered data during transit Current schemes correspond to fixed sensors where there is
a stable topological tree that spans sensors
Solutions
Cryptographoically enhanced error-correcting techniqueso Encrypted data that shows if it has been tampered with
Group signaturesoAllows multiple groups to use a single verifying signature
o Cracked signatures and be redistributed without takingdown the entire infrastructure
-
8/10/2019 E-Commerce Security Issues
12/17
Integrity IssuesSystem Integrity
Problems
Tasks need to have their source verified Data received needs to be accurate and temporally relevant
Solutions
Task specific languages
Secure crytographic stateso Provide topological, temporal and user-
related parameters to validate the information received.
-
8/10/2019 E-Commerce Security Issues
13/17
Availability IssuesPreventing Data Suppression
Denial of Service (DoS) due to devices ignoring taskrequests
Network availability of devices Data consuming applications could be killed by users
If users are unable to control the data access, they are lesslikely to carry the device or permit tasks to be performed
Distributed DoS (DDoS) Attack
-
8/10/2019 E-Commerce Security Issues
14/17
Availability IssuesParticipation
Problems
Users must have incentives to gain mass participation Difficult to convince giving away private information with little
to no benefit
Solutions
Convenience is key to appeal Provide incentives that are compatible with users' needs and
interests Privacy-aware hybrid payoff model
o Beneficial services vs privacy loss they experience
-
8/10/2019 E-Commerce Security Issues
15/17
-
8/10/2019 E-Commerce Security Issues
16/17
Challenges in Participatory Sensing
Users are tasked and have to manually partake in gatheringinformation
Additional security challenges arise as the user may leakmore information than the task specifies
o Taking a picture of a menu on a table
Integrity becomes difficult as the user can fabricate sensordata or not provide the correct results of the task
o Ratings of a restaurant
4 Rivers Smokehouse Google User Review
-
8/10/2019 E-Commerce Security Issues
17/17
Conclusion
Opportunistic people centric sensing
Most applications contain personal information Securing that information becomes key
o Providing a service that people would want to participate
o Keepings users data secure as to not be harmed
o Even obscuring the data may not be enough for completeanonymity
Participatory sensing needs additional security thought Questions?