Defending against Sybil Devices in Crowdsourced Mapping Services
Gang Wang
Bolun Wang
Tianyi Wang
Ana Nika
Haitao Zheng
Ben Y. Zhao
Proceedings of 14th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2016)
[Full Text in PDF Format, 1.8MB]
Paper Abstract
Real-time crowdsourced maps such as Waze provide timely updates on traffic,
congestion, accidents and points of interest. In this paper, we demonstrate how
lack of strong location authentication allows creation of software-based Sybil
devices that expose crowdsourced map systems to a variety of security and privacy
attacks. Our experiments show that a single Sybil device with limited resources
can cause havoc on Waze, reporting false congestion and accidents and
automatically rerouting user traffic. More importantly, we describe techniques to
generate Sybil devices at scale, creating armies of virtual vehicles capable of
remotely tracking precise movements for large user populations while avoiding
detection. We propose a new approach to defend against Sybil devices based on
co-location edges, authenticated records that attest to the one-time physical
co-location of a pair of devices. Over time, colocation edges combine to form
large proximity graphs that attest to physical interactions between devices,
allowing scalable detection of virtual vehicles. We demonstrate the efficacy of
this approach using large-scale simulations, and discuss how they can be used to
dramatically reduce the impact of attacks against crowdsourced mapping services.