My research work investigates the following three fundamental social networking security challenges. First, review centered social networks (e.g., Yelp, Foursquare) have been shown to receive significant numbers of fraudulent reviews. For instance, up to 25% of Yelp reviews are claimed to be fraudulent. Search engine optimization (SEO) companies tap into review writer markets to offer review campaigns for business owners, to manipulate venues’ ratings (1–5 star) through multiple, coordinated artificial reviews. Second, new technology, including smartphones, social networking and media-sharing websites, are encouraging users to upload videos they capture, and share them with friends and the world. This technology raises however important authenticity questions. Third, we have shown that wearable personal trackers are vulnerable to a wide range of simple attacks. This makes their users easy sources of rich personal information, including profiles, locations, fitness information. Standard solutions for securing communications that rely on symmetric or public key cryptography (PKC) constructs, are ill suited to address all the constraints of portable fitness trackers. The goal of my research is to provide security and correctness assurances for users of online social networks.
Movee is a novel approach to video liveness analysis for mobile devices. It is based on measuring the consistency between the data from the accelerometer sensor and the inferred motion from the captured video. Contrary to existing algorithms, Movee has the unique strength of not depending on the audio track. Our experiments on real user data from cameras on handheld devices as well as wearable smart glasses have shown that Movee excels in both domains with 8% and 7% Equal Error Rate, respectively.
Marco increases the cost and complexity of attacks, by imposing a tradeoff on fraudsters, between their ability to impact venue ratings and their ability to remain undetected. Marco significantly outperforms state-of-the-art approaches, by achieving 94% accuracy in classifying reviews as fraudulent or genuine, and 95.8% accuracy in classifying venues as deceptive or legitimate. Marco successfully flagged 244 deceptive venues from our large dataset with 7,435 venues, 270,121 reviews and 195,417 users. Furthermore, Marco also evaluates the impact of Yelp events, organized for elite reviewers, on the hosting venues.
Our devised SensCrypt is a protocol for secure data storage and communication, for use by makers of affordable and lightweight personal trackers. We reverse engineered and identified security vulnerabilities in Fitbit Ultra and Gammon Forerunner 610, two popular and representative fitness tracker products. We introduce FitBite and GarMax, tools to launch efficient attacks against Fitbit and Garmin. We have built Sens.io, an Arduino Uno based tracker platform, of similar capabilities but at a fraction of the cost of current solutions. On Sens.io, SensCrypt imposes a negligible write overhead and significantly reduces the end-to-end sync overhead of Fitbit and Garmin.
Currently running project. Details will be provided after publication.
Our devised, ProfilR is a framework for constructing location centric profiles (LCPs), aggregates built over the profiles of users that have visited discrete locations (i.e., venues). We propose to take first steps toward addressing the conflict between profit and privacy in geosocial networks. ProfilR endows users with strong privacy guarantees and providers with correctness assurances. In addition to a venue centric approach, we propose a decentralized solution for computing real time LCP snapshots over the profiles of colocated users. An Android implementation shows that PROFILR is efficient; the end-to-end overhead is small even under strong privacy and correctness assurances.
iSafe is a privacy preserving algorithm for computing safety snapshots of co-located mobile devices as well as geosocial network users. We aim to enable the vision of smart and safe cities, by exploiting mobile and social networking technologies to securely and privately extract, model and embed real-time public safety information into quotidian user experiences. We present implementation details of iSafe, as both an Android application and a browser plugin, that visualizes safety levels of visited locations and browsed geosocial venues. We evaluate iSafe using crime and census data from the Miami-Dade (FL) county as well as data we collected from Yelp, a popular geosocial network.