<%BANNER%>

Identifying Social Markers from Network Data Based on Location, Mobility and Proximity

Permanent Link: http://ufdc.ufl.edu/UFE0044888/00001

Material Information

Title: Identifying Social Markers from Network Data Based on Location, Mobility and Proximity
Physical Description: 1 online resource (133 p.)
Language: english
Creator: Kumar, Udayan
Publisher: University of Florida
Place of Publication: Gainesville, Fla.
Publication Date: 2012

Subjects

Subjects / Keywords: anonymity -- encounter -- gender -- mobile -- proximity -- social -- trust -- wireless
Computer and Information Science and Engineering -- Dissertations, Academic -- UF
Genre: Computer Engineering thesis, Ph.D.
bibliography   ( marcgt )
theses   ( marcgt )
government publication (state, provincial, terriorial, dependent)   ( marcgt )
born-digital   ( sobekcm )
Electronic Thesis or Dissertation

Notes

Abstract: The ubiquitous spread of mobile devices, global connectivity and tight coupling of mobile phones with the users has lead to an era, where mobile phones have become alter ego of the users. Mobile devices accompany users to places where not even the closest of family and friends are allowed (e.g. office, meetings, conferences among other places). The access to these movement and network access logs from mobile devices can shed light on human behavior, which in turn can be used to solve several research challenges. In this work, we present our measurements, analysis and designs obtained by utilizing network traces collected at both personal and group level. We have used network traces from several thousands of devices to understand, identify and extract social markers or characteristics. The social markers we have studied include social grouping based on gender, proximity-based trust and the difficulty of anonymizing traces because of mobility. In the first part, we discuss how social-grouping information can be extract from anonymized network traces. Using a gender-based case study, we demonstrate our approach, along with different methods to validate the results. In the second part, we study the fundamental trade off between the utility of WLAN traces and privacy of the users. We show how privacy of users in anonymized traces can be compromised. In the third and the final part, we implement, and evaluate an effective framework to establish trust in mobile networks through a protocol that we call iTrust. We present results of our trace based-analysis and of user-study based on the deployment of iTrust mobile application.
General Note: In the series University of Florida Digital Collections.
General Note: Includes vita.
Bibliography: Includes bibliographical references.
Source of Description: Description based on online resource; title from PDF title page.
Source of Description: This bibliographic record is available under the Creative Commons CC0 public domain dedication. The University of Florida Libraries, as creator of this bibliographic record, has waived all rights to it worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.
Statement of Responsibility: by Udayan Kumar.
Thesis: Thesis (Ph.D.)--University of Florida, 2012.
Local: Adviser: Helmy, Ahmed H.

Record Information

Source Institution: UFRGP
Rights Management: Applicable rights reserved.
Classification: lcc - LD1780 2012
System ID: UFE0044888:00001

Permanent Link: http://ufdc.ufl.edu/UFE0044888/00001

Material Information

Title: Identifying Social Markers from Network Data Based on Location, Mobility and Proximity
Physical Description: 1 online resource (133 p.)
Language: english
Creator: Kumar, Udayan
Publisher: University of Florida
Place of Publication: Gainesville, Fla.
Publication Date: 2012

Subjects

Subjects / Keywords: anonymity -- encounter -- gender -- mobile -- proximity -- social -- trust -- wireless
Computer and Information Science and Engineering -- Dissertations, Academic -- UF
Genre: Computer Engineering thesis, Ph.D.
bibliography   ( marcgt )
theses   ( marcgt )
government publication (state, provincial, terriorial, dependent)   ( marcgt )
born-digital   ( sobekcm )
Electronic Thesis or Dissertation

Notes

Abstract: The ubiquitous spread of mobile devices, global connectivity and tight coupling of mobile phones with the users has lead to an era, where mobile phones have become alter ego of the users. Mobile devices accompany users to places where not even the closest of family and friends are allowed (e.g. office, meetings, conferences among other places). The access to these movement and network access logs from mobile devices can shed light on human behavior, which in turn can be used to solve several research challenges. In this work, we present our measurements, analysis and designs obtained by utilizing network traces collected at both personal and group level. We have used network traces from several thousands of devices to understand, identify and extract social markers or characteristics. The social markers we have studied include social grouping based on gender, proximity-based trust and the difficulty of anonymizing traces because of mobility. In the first part, we discuss how social-grouping information can be extract from anonymized network traces. Using a gender-based case study, we demonstrate our approach, along with different methods to validate the results. In the second part, we study the fundamental trade off between the utility of WLAN traces and privacy of the users. We show how privacy of users in anonymized traces can be compromised. In the third and the final part, we implement, and evaluate an effective framework to establish trust in mobile networks through a protocol that we call iTrust. We present results of our trace based-analysis and of user-study based on the deployment of iTrust mobile application.
General Note: In the series University of Florida Digital Collections.
General Note: Includes vita.
Bibliography: Includes bibliographical references.
Source of Description: Description based on online resource; title from PDF title page.
Source of Description: This bibliographic record is available under the Creative Commons CC0 public domain dedication. The University of Florida Libraries, as creator of this bibliographic record, has waived all rights to it worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.
Statement of Responsibility: by Udayan Kumar.
Thesis: Thesis (Ph.D.)--University of Florida, 2012.
Local: Adviser: Helmy, Ahmed H.

Record Information

Source Institution: UFRGP
Rights Management: Applicable rights reserved.
Classification: lcc - LD1780 2012
System ID: UFE0044888:00001


This item has the following downloads:


Full Text

PAGE 1

IDENTIFYINGSOCIALMARKERSFROMNETWORKDATABASEDONLOCATION,MOBILITYANDPROXIMITYByUDAYANKUMARADISSERTATIONPRESENTEDTOTHEGRADUATESCHOOLOFTHEUNIVERSITYOFFLORIDAINPARTIALFULFILLMENTOFTHEREQUIREMENTSFORTHEDEGREEOFDOCTOROFPHILOSOPHYUNIVERSITYOFFLORIDA2012

PAGE 2

c2012UdayanKumar 2

PAGE 3

ASanskritsayingwhichmeansGoodrapportandfriendshipdevelopsamongthosewhoshareasimilaroutlookonlifeandhobbies.Thus,deerockwithdeer,cowswithcows,andhorseswithhorses.Inthesamemanner,foolsfrequentfoolsandthewisebondwiththewise. 3

PAGE 4

ACKNOWLEDGMENTS FrommyinitialthoughtsofpursuingaPhDtoactuallynishingit,almosteverystepwasconfusingandtheendoftunnelwasnevervisible.However,theconstantsupportandencouragementIreceivedalongthewaykeptthehopealive;onebyoneallthepiecesofthepuzzlefellintoplace.Reectingback,IfeelthattherearemorepeopletoacknowledgethanIcanpossiblyremember.WhetherIthinkaboutmyfamilymembers,teachers,friends,andevenrandomstrangerswhoweretolerantenoughtolistentomycrazyideasandgivemetheirpointofview.However,ifIlookatabroaderlevel,Iwouldliketothanknotonlythesepeoplebutalsotheirparentsbecauseobviouslythesepeopleareherebecauseoftheirparents.Buttheirparentsalsohadparentswhothemselveshadparents,soIwouldliketothankeveryoneonthischaingoingbackwardsallthewayuptotherstlivingcreatureonEarth.IamalsothankfultothecreatoroflifeoftheEarthandthecreatortheEarth.ObviouslylifewouldnothavebeenpossiblewithoutthecreationofSunandrestoftheUniverse.SoIwanttothankthecreatoroftheUniverse.Butthismakesmewonderwhywouldanybodyundertakesuchagiantenterprise?Thatiscreatingthewholeuniverse,withbillionsandbillionsofgalaxies,stars,planetsandlifeforms.Maybethisissomeone'sPhDproject.So,amIasimulationobject?Inthatcase,Iwanttowithdrawallmythanks,thiswasanywayssupposedtohappen! 4

PAGE 5

TABLEOFCONTENTS page ACKNOWLEDGMENTS .................................. 4 LISTOFTABLES ...................................... 8 LISTOFFIGURES ..................................... 10 ABSTRACT ......................................... 13 CHAPTER 1INTRODUCTION ................................... 15 2USERCLASSIFICATIONANDFEATUREEXTRACTIONFROMWLANTRACES 20 2.1Approach .................................... 22 2.1.1LocationBasedClassication(LBC) ................. 24 2.1.1.1IndividualBehaviorbasedFiltering(IBF) ......... 25 2.1.1.2GroupBehaviorbasedFiltering(GBF) ........... 26 2.1.1.3HybridFiltering(HF) .................... 32 2.1.2NameBasedClassication(NBC) .................. 33 2.2ValidationofLocationBasedClassication ................. 34 2.2.1TemporalConsistencyValidationUsingAdjacentMonths ...... 35 2.2.2IBFvsGBF ............................... 35 2.2.3CrossValidation ............................ 37 2.3UserBehaviorAnalysis ............................ 39 2.3.1UserSpatialDistribution ........................ 39 2.3.2AverageDurationorTemporalAnalysis ................ 41 2.3.3DevicePreference ........................... 42 2.4Applications ................................... 45 2.4.1MobilityModels ............................. 45 2.4.2ProtocolDesign ............................. 46 2.4.3Privacy .................................. 46 2.4.4ResourceManagement ........................ 46 2.5ConclusionAndFutureWork ......................... 47 3BREAKINGANONYMITYINWLANTRACES ................... 49 3.1InformationInWLANTraces .......................... 51 3.2NeedForAnonymity .............................. 52 3.3RelatedWork .................................. 53 3.4AttackScenarios ................................ 56 3.4.1IdentifyYourOwnMACInTrace .................... 57 3.4.2IdentifyingBuildingCodes ....................... 57 3.4.3IdentifyingAPerson .......................... 58 3.4.4MultipleFiltering ............................ 58 5

PAGE 6

3.5AnalysisandMitigation ............................ 59 3.5.1TheoreticalAnalysis .......................... 61 3.5.2Practical/TraceAnalysis ........................ 62 3.6ConclusionsandFutureWork ......................... 65 4ANENCOUNTER-BASEDFRAMEWORKFORTRUST ............. 67 4.1RelatedWork .................................. 70 4.2Architecturaloverview ............................. 72 4.2.1DesignGoals .............................. 72 4.2.2OverallDesign ............................. 73 4.3TrustAdviserFilters .............................. 74 4.3.1AggregationBasedSimilarity ..................... 75 4.3.1.1FrequencyofEncounters(FE) ............... 75 4.3.1.2DurationofEncounters(DE) ................ 76 4.3.2BehaviorBasedSimilarity ....................... 76 4.3.2.1ProleVector(PV): ..................... 76 4.3.2.2LocationVector(LV): .................... 77 4.3.2.3BehaviorMatrix(BM) .................... 77 4.3.3HybridFilter(HF) ............................ 78 4.4AnomalyDetection ............................... 80 4.4.1DetectionModel ............................ 81 4.4.2AttackerModel ............................. 83 4.5TraceBasedEvaluationandAnalysis .................... 86 4.5.1Traces .................................. 86 4.5.2FilterEvaluations ............................ 88 4.5.2.1StatisticalCharacterization ................. 90 4.5.2.2Correlation .......................... 90 4.5.2.3Stability ............................ 91 4.5.2.4GraphAnalysis ........................ 91 4.5.2.5AnomalyDetection ...................... 92 4.5.3Selshness&TrustRoutinginDTN .................. 93 4.6SurveyandImplementationBasedValidation ................ 96 4.6.1Survey .................................. 96 4.6.2iTrustApplication ............................ 99 4.6.2.1ApplicationEvaluation: ................... 100 4.6.2.2EnergyEfciency ...................... 105 4.6.2.3Locationestimation ..................... 105 4.7Discussion:OtherTrustInputs ........................ 106 4.7.1Blacklist&Whitelist ........................... 106 4.7.2Recommendation&ReputationSystems ............... 107 4.7.3Contextual&EventInformation .................... 107 4.7.4CombinedTrustRecommendation .................. 108 4.8ConclusionandFutureWork ......................... 109 6

PAGE 7

5CONCLUSIONANDFUTUREWORK ....................... 112 APPENDIX ACODESNIPPETSFROMiTrustAPPLICATION .................. 115 A.1EnergyEfcientScanning ........................... 115 A.2CalculatingLV(Sec. 4.3.2 ) .......................... 116 BENERGYEFFICIENTDEVICEDISCOVERY ................... 118 B.1AvailableDirections .............................. 118 B.2EvaluationsTechniques ............................ 118 B.3CurrentProgress ................................ 119 B.3.1CombiningWiFiAndBluetoothScanning ............... 120 B.4Conclusion ................................... 121 CUSERBEHAVIORANALYSIS ............................ 123 C.0.1SpatialDistribution ........................... 123 C.0.2TemporalDistribution .......................... 123 DSURVEYFORM-iTrustVALIDATION ....................... 126 REFERENCES ....................................... 127 BIOGRAPHICALSKETCH ................................ 133 7

PAGE 8

LISTOFTABLES Table page 2-1AverageSilhouetteWidthforSororityandFraternitiesfromUniversityU1andU2 ........................................... 30 2-2ResultsofclassicationofusersfromU1(LBC)andU2(NBC).`Common'signiestheuserswhichwerecommontobothmaleandfemalepopulation. 34 2-3SimilarityintheuserpopulationselectedafterlteringfraternityusersforU1 36 2-4SimilarityintheuserpopulationselectedafterlteringsororityusersforU1 .. 37 2-5Validation-comparingusersselectedbyIBFandGBFforU1 .......... 37 2-6CrossvalidationofLBCbyNBCforU2 ....................... 38 3-1WLANtracesample:beforeandafteranonymization ............... 51 3-2Fieldspresentineachrecordofwiredtrace,basicallyaIP-Header ....... 53 3-3Resultofndinguserswithsimilarlocationvisitingsequenceswithvaryingdurationofthetrace ................................. 62 4-1OverheadofFiltersintermsofprocessingandstorage.Heremisthetotalno.ofrecordsintheencounterle,nistheno.ofuniqueencountereduser,lisno.oflocationsvisiteddrepresentstheno.ofdaysusedforBMcalculations.Wealsoassumethatm>>n. ........................... 80 4-2Factsaboutstudiedtraces .............................. 87 4-3Falsepositivesandnegativeswhileusingtheproposedanomalydetection(inpercentage) ...................................... 93 B-1AccuracyLossusingtracesfor20users,EE4means4timestheminimumscanperiodistheupperboundofscaninterval,similarlyinEE8,theupperboundonskipperiodis8.ThisresultusedBluetoothtracesonly.Lesservaluesisbetter ........................................ 120 B-2ScanEfciencyusingtracesfor20users,EE4means4timetheminimumscanperiodistheupperboundofscaninterval,similarlyinEE8&EE16its8&16timesrespectively.ThisresultusedBluetoothtracesonly.Highervalueisbetter ........................................ 121 B-3s/eratioforStar,MIMDandFIBOalgorithms ................... 121 B-4CombiningWi-FiandBluetoothscanning ..................... 122 C-1SpatialDistributionofUsersatU2 ......................... 124 8

PAGE 9

C-2SpatialDistributionofUsersatU1 ......................... 124 C-3AverageDurationofUsersatU2 .......................... 124 C-4AverageDurationofUsersatU1 .......................... 125 9

PAGE 10

LISTOFFIGURES Figure page 2-1Querybasedusergroupingtechnique ....................... 22 2-2Asampletracedatabasesnapshot ......................... 22 2-3GendergroupinginFraternitiesandSororities ................... 24 2-4Sessioncountforfraternityandsororityusers ................... 27 2-5Sessioncountforfraternityandsororityusers ................... 28 2-6Sessioncountforfraternityandsororityusers ................... 30 2-7Sessioncountforfraternityandsororityusers ................... 31 2-8Sessioncountforfraternityandsororityusers ................... 31 2-9Sessioncountforfraternityandsororityusers ................... 32 2-10ComparisonofuserdistributionacrosstheuniversityU1campus(inPercentage) 40 2-11ComparisonofuserdistributionacrosstheuniversityU2campus(inPercentage) 41 2-12AveragedurationofmaleandfemalesindifferentAreasofuniversityU1campus 42 2-13AveragedurationofmaleandfemalesindifferentAreasoftheuniversityU2campus ........................................ 43 2-14DevicedistributionbymanufactureratuniversityU1 ............... 44 2-15DevicedistributionbymanufactureratuniversityU2 ............... 45 3-1Attackercapabilities ................................. 56 3-2Percentageofno.ofusersfound,when111ltersbasedongender+major+manufacturerareapplied ...................................... 60 3-3ULatn=5 ...................................... 61 3-4Resultsofthecombinationgenerationandsequencematchingforrandomlychosen230usersoutof27KusersbelongingtothemonthofNov2007.ThisgraphshowsPiandni. ................................ 63 4-1BlockDiagramoverviewoftheiTrustarchitecture.DottedlinesindicatemodulesneededbyiTrust.Shadedblocksindicatemodulesdiscussedinthiswork. ... 73 4-2LocationVectorLVforauser ............................ 77 4-3BehaviorMatrixforauser .............................. 79 10

PAGE 11

4-4ThegrowthoftrustscoreusingFElterforaspecicuser.Eachlinecorrespondstoanencounterduser. ................................ 85 4-5ThegrowthoftrustscoreusingFElterusingtheattackermodel.Eachlinecorrespondstoaninstanceofattackergeneratedbythemodel. ......... 85 4-6SimilarityscoreforvariouslterforalltheencounteredpairsofusersinNov2007fromU1trace .................................. 87 4-7CorrelationbetweenthetrustedlistsproducedbyvariousltersatT=40% ... 88 4-8ComparisonoftrustlistbelongingtodifferenthistoryforvariousltersatT=40%(notethatthey-axisscaleforDE,FE,andLV)]TJ /F4 11.955 Tf 11.73 0 Td[(Cstartsat85%andforLV)]TJ /F4 11.955 Tf -400.72 -14.45 Td[(DandBMthescalestartsat35%) ......................... 89 4-9NormalizedClusteringCoefcientandNormalizedPathLength ......... 92 4-10FlowchartforiTrustrouting ............................. 95 4-11AverageunreachabilitywithvaryingTrustandSelshnessusingDElter ... 97 4-12HybridlterresultswhenT=40%.Numberonthelegendindicatedtheratioofscorefromeachlter.Fore.g.1211impliesDE=0.2,FE=0.4,LV)]TJ /F6 7.97 Tf 6.59 0 Td[(D=0.2,andBM=0.2and0100impliesDE=0,FE=1,LV)]TJ /F6 7.97 Tf 6.58 0 Td[(D=0,andBM=0(Sec. 4.3.3 ) ................................. 98 4-13SurveyResultsshowinguser'spropensitytocommunicatewithotherusersinvariouscommunicationscenarios .......................... 98 4-14IllustrationofiTrust'scomponentandtheirinteractions .............. 99 4-15ScreenshotsofiTrustapplication.Fig.Ashowsthemainscreenwhereencounterusersaresortedbythelterscore.CurrentencountersmarkedwithGreencircles.TrustedusersareshowninBluecolor.Fig.Bshowsdetailsforanencountereduser.Fig.CshowsuserencountersonMap.Fig.Dshowstheregistrationscreenforoptionalusersinformationdiscoveryservice.Fig.Eshowsscreenwheredisplayorderofencountereduserscanmodied.Fig.FshowsthescreentoselectweightsfortheHybridlter(intheappitisreferredascombinedlter).FigG.Showsthescreenwhereusercancheckselfstatisticsregardingencounters.Italsoshowsthenumberofscanssavedduetheuseofenergyefcientscanner.FigH.Showsthemenu.Menuallowstheusertojumpfromonescreentoanther. ......................................... 101 11

PAGE 12

4-16ContinuationofscreenshotsofiTrustapplication.Fig.Ashowsthesettingsscreen.Fig.Bshowsnumberofencounterstheuserhadwithaparticularuseroveraperiodoftime.Thisfeatureallowsausertoknowmoreaboutencounteringusers.Fig.CshowsagraphsfromtheSelf-Statscreenoftheapplication.Herethegraphsshowthetotalnumberofencounterthisuserhadwithrespecttotime.Fig.DshowstheaboutpagewithauthorinformationandweblinkforiTrust. ......................................... 102 4-17iTrustevaluationsbasedonapplicationusage.Fig.Ashowsthepercentageoftrustedusersin1to10Topuser,11to20Topusersforeachlter.Fig.BshowsthepercentageoftotaltrustedusersinTop1to10,11to20,etc.FigC.showsfractionofencounterusersneeded(fromtop)tocapture`x'%oftrustedusersforeachlter.FigD.showstheNormalizedDiscountCumulativeGainscoreforiTrustrecommendations. ......................... 103 A-1EvolutionoffeaturesintheiTrustappbasedonfeedbackfromuser. ...... 115 12

PAGE 13

AbstractofDissertationPresentedtotheGraduateSchooloftheUniversityofFloridainPartialFulllmentoftheRequirementsfortheDegreeofDoctorofPhilosophyIDENTIFYINGSOCIALMARKERSFROMNETWORKDATABASEDONLOCATION,MOBILITYANDPROXIMITYByUdayanKumarDecember2012Chair:AhmedHelmyMajor:ComputerEngineeringTheubiquitousspreadofmobiledevices,globalconnectivityandtightcouplingofmobilephoneswiththeusershasleadtoanera,wheremobilephoneshavebecomealteregooftheusers.Mobiledevicesaccompanyuserstoplaceswherenoteventheclosestoffamilyandfriendsareallowed(e.g.ofce,meetings,conferencesamongotherplaces).Theaccesstothesemovementandnetworkaccesslogsfrommobiledevicescanshedlightonhumanbehavior,whichinturncanbeusedtosolveseveralresearchchallenges.Inthiswork,wepresentourmeasurements,analysisanddesignsobtainedbyutilizingnetworktracescollectedatbothpersonalandgrouplevel.Wehaveusednetworktracesfromseveralthousandsofdevicestounderstand,identifyandextractsocialmarkersorcharacteristics.Thesocialmarkerswehavestudiedincludesocialgroupingbasedongender,proximity-basedtrustandthedifcultyofanonymizingtracesbecauseofmobility.Intherstpart,wediscusshowsocial-groupinginformationcanbeextractfromanonymizednetworktraces.Usingagender-basedcasestudy,wedemonstrateourapproach,alongwithdifferentmethodstovalidatetheresults.Inthesecondpart,westudythefundamentaltradeoffbetweentheutilityofWLANtracesandprivacyoftheusers.Weshowhowprivacyofusersinanonymizedtracescanbecompromised.Inthethirdandthenalpart,weimplement,andevaluateaneffectiveframeworktoestablish 13

PAGE 14

trustinmobilenetworksthroughaprotocolthatwecalliTrust.Wepresentresultsofourtracebased-analysisandofuser-studybasedonthedeploymentofiTrustmobileapplication. 14

PAGE 15

CHAPTER1INTRODUCTIONTheubiquitousspreadofmobiledevices,globalconnectivityandtightcouplingofmobilephoneswiththeusershasleadtoanera,wheremobilephoneshavebecomealteregooftheusers.Mobiledevicesaccompanyuserstoplaceswherenoteventheclosestoffamilyandfriendsareallowed(e.g.ofce,meetings,conferencesamongotherplaces).ThistightcouplingcanbeusedtonotonlyprovideconnectivitytotheInternetbutalsotoprovidepersonalizedservicesbasedonthebehaviorpatternsoftheuser.Anexampleapplicationcanbeagameapplicationthatcustomizesitselfbasedonthefreetimeauserhas.Letssaythatauseralwayscommutestoworkusingpublictransportandonthewayusesthemobiledevicetoplaygames.Adevicethatcandetectthiscontextcanpassontheapproximatedurationofthecommutetothegameapplication,allowingthegameapplicationtogenerateagamethatcanbenishedduringthecommute.HerethephonewasreadingthesensorssuchasGPSandaccelerometertoinferringusercontext.Thegeneralideaisthatwecanuse/designsensorsthatcansenseeverythingexperiencedbyauser.Oncewehavethesesensorreadings,everythingpresentedtoausercanbecustomized.Applicationsintheaboveexamplewerebasedonthebehaviorsensingfromasingledevice,whatifwehaveaccesstosensorinformationfromallthedevices?Canwepredicttrafccongestionevenbeforeithappensbyconsideringthetotalnumberofpeopleheadingtowardsthefreeway.Canwestudythemovementpatternsofthepopulationtopredictthespreadofinfectiousdiseases.Canweguessthetypeofrelationshipsexistingbetweenapairofusers?Severalcrowdsourcingapplicationshavebeendevelopedtocollectdatafromalargepoolofusers(ifnotall)togetaglobalview.Thechallengesthatstillremainevenafterhavingaccesstothiskindofdataincludehandlingthisdata(scaleofdatacanbehuge,imaginethatadatatupleisgeneratedforeverypersonateveryminute),developingalgorithmsthatcangeneratemeaningful 15

PAGE 16

inferences,andimplicationsovertheprivacyoftheusers.Inmanycases,obtaininginferencesischallengingduetonon-existenceofstandardmodelsandtheoremthatcanrelatesensorreadingswithhumanbehaviorcharacteristics.Itisalsodifculttovalidateandverifyinferencepropositionsasitisachallengebyitselftoaccessthegroundtruthbecauseofthescaledatacollection(fromseveralhundredstobillionsofusers).Inthiswork,wepresentourmeasurements,analysisanddesignsobtainedbyutilizingnetworktracescollectedatbothpersonalandgrouplevel.Wehaverestrictedourselvestoconsideranalysisanddesignbasedonlocation,mobilityandproximityfeatures.Wehaveattemptedtorelatedthesefeaturestosocialcharacteristicsormarkersincludingsocialgroupingbasedongender,homophilybasedtrustandtheimplicationsonanonymizationoftracesduetomobility.Duetothelackofanysuitablevericationmethods,wehavedevelopedourownvericationmethods.Weperceivethatseveralapplicationcanbenetfromouranalysistechniquesandresults,butalsofromthevericationmethodsdevelopedinthiswork.Theaccesstothesocialmarkersandcontextcanallowresearcherstounderstandandmodelcharacteristicsofhumanbehavior,createnewservices,makeapplicationscontextawareamongotherpossibilities.Forexample,ithasbeenshownhowtherandommobilitymodeldoesnotcapturetheactualhumanmobility[ 16 ]andhavinginformationonsocialandcommunitystructurescancreatebettermobilitymodels[ 37 ].Recently,researchershaveshownhowcontextcanbesensedandusedtoprovidenewapplications[ 51 ].Inlastpartofthiswork,wepresenthowsocialscience'sprincipleofhomophilycanbemeasuredusingmobiledevicesandhowthatcanbeusedtogeneratetrustinthenetwork.TheunderstandingofsocialdataanduserbehaviorhasleadtodevelopmentofaneweldofstudycalledComputationalSociology[ 52 ][ 71 ].Inthiswork,wepresentmethodstoextractsocialmarkerssuchasgenderbasedgroupingandproximity-basedtrust.Thechallengewefacedinaccomplishingthistaskincludenon-availabilityofanykindofpersonalinformationabouttheusers(mainlydue 16

PAGE 17

toanonymizationforprivacyprotection).Thuswehavenotonlydevelopedmethodstoextractthiskindofinformationfromanonymizedtraces(data-sets),wealsodevelopedmethodstovalidateourresultsinabsenceofgroundtruth.Thisworkisdividedprimarilyintothreemaintopics:1.userclassicationintogroupswithcasestudyongenderbasedgrouping,2.Challengesofanonymizationoftracesduetomobility,3.Proximitybasedtrust.Inthestudyonuserclassication,wepresenttwonovelscientictechniquestoclassifyWLANusersintosocialgroups.Thersttechniqueusesmappingofthetracesintobuildings(e.g.,dept.buildings,libraries,sororitiesandfraternities)toextractafliationandgenderinformationbasedonnetworkusagestatistics.Thesecondtechniqueutilizesdirectory(phone-book)informationthatcanbelinkedtoWLANuserstoextractusefulinformation.Forexample,usernamesoftheWLANusers(ifavailable)canbeusedtonduser'sgenderbasedonrstnameanddatabases.Asacasestudyweperformclassicationandbehavioranalysisofusersbygender.ExtensiveWLANtracesfromtwomajoruniversitiesarecollectedoverthreeyearsandanalyzed.Resultsfromboththemethodsarecross-validatedandshowmorethan90%correspondence.ComparingusagepatternsprovidedinterestingresultsincludingmalesspendmoretimeonlinethatfemalesandfemalespreferApplecomputersoverPCs.InthesecondpartwestudythefundamentaltradeoffbetweentheutilityofWLANtracesandprivacyoftheusers.Thestudyprovidesseveralrealisticcasestudiesinwhichprivacyattacksmaybeconducted.Wethenprovideananalysisoftheseattacksanddrawbacksoftheexistinganonymizationtechniques.Ourinitialquantitativeanalysistoestimatemobileusers'k-anonymityinWLANtracesshowssurprisinglyuniqueusagepatterns,whichmaycompromiseanonymity.Themaincontributionofthisworkistoarticulatethecompellingchallengesfacinganonymizationofwirelessnetworkstracesandtoshedlightontheanswertoanintriguingquestion:Justhowprivatearewirelessnetworkstraces? 17

PAGE 18

Forthethirdpart,weimplement,andevaluateaneffectiveframeworktoestablishtrustinmobilenetworksthroughaprotocolthatwecalliTrust.ThegoalofiTrustistoprovideaccurateandrobusttrustscorestoencountereddevices,inanefcient,privacy-preservingandresilientmanner.Weborrowfromthesocialscienceprincipleofhomophily;atendencyofindividualstointeractandtrustsimilarothers.Weintroduceandanalyzeafamilyofencounter-basedtrustadviserltersthatmaketrustrecommendationsbasedonencounterfrequency,duration,locationbehavior-vector,andlocationpreferencebehavior-matrix.WepresentaproofofconceptapplicationforAndroidandLinux-basedmobiledevices.WealsoconductauserstudytovalidatethetrustrecommendationsgeneratedbyiTrust.Withthistrust,severalpotentialapplicationscanbeenabledincludingmobilesocialnetworking,buildinggroupsandcommunitiesofinterest,localizedalertandemergencynotication,context-awareandsimilarity-basednetworking.Thecontributionsofthisworkcanbecategorizedintotwocomponents,1.Intellectualcontributionsand2.Effortcontributions.Intellectualcontributionsinclude: 1. Appliedexistingdataminingtechniquestoclassifynetworkusersintosocialgroups.Createdmethodstostatisticallyvalidatetheresultsintheabsenceofgroundtruth. 2. Identiedtechniquestobreakanonymizationofthetracesbycapitalizingonthemobilityofauser. 3. Introducedmethodstoinfer/recommendtrust/friendshipamongencounteringuser,usingseveraloutlooks.Weproposedseveralprivacypreservinglterormetricsthatcanbeusedtomeasuresimilarity.Effortcontributioninclude: 1. iTrustandProle-Castimplementationonmobiledevices. 2. CollectionofUFwirelessnetworktraces 3. CreationofBluetoothtracelibrary. 18

PAGE 19

4. Developedseveralbasicbuildingblockslikescanner,parsersforAndroid,NokiaandOpenmokoplatform.Inthefollowingsectionswepresenteachpieceofworkindetail,startingwithuserclassicationintogroups,thenanonymizationandnallydiscussingproximitybasedtrust. 19

PAGE 20

CHAPTER2USERCLASSIFICATIONANDFEATUREEXTRACTIONFROMWLANTRACESInfuturemobilenetworks,withmanyhandhelddevicestightlycoupledwithauser,communicationperformanceisboundtousermobilityandbehavior.Thisappliestovariouskindsofmobilenetworks,includingcellularnetworks,butmoreparticularlyad-hocanddelaytolerantnetworks(DTNs),becauseeverynodemayactasarouterandthenetworkmaybeinfrastructure-less.Insuchanenvironment,itisimperativetounderstandthevariousaspectsofuserbehavior,includingmobility,commonalities,differencesinpreference,andnetactivitybetweenclassesofusers,inordertodesignefcientprotocolsandeffectivenetworkservices.Weproposeanewapproachtoclassicationandfeatureanalysisofuserbehaviorbasedonsocialgrouping,usingasetoftechniqueswhichcanbeusedtoprovideinformationaboutauserfromsocialperspective.ThebestsourceofinformationaboutrealusermobilityandnetworkusagecomesfromWLAN(WirelessLANs)traces.Thesetraceshavebeenusedinmanystudieswheneverrealuserdataisrequired.Theyhavebeenpreviouslyusedtovalidatemobilitymodels[ 37 65 ]andunderstanduserassociations[ 36 ]amongotherusages.We,inthiswork,proposetouseWLANtraces(generallyconsideredforstudyingnetworkcharacteristics)tominesocialbehavioroftheusersbasedongender,majors,andotherinterestgroups.Wepresentageneralmethodologywithanexamplecasestudyofgroupingbygender,andinvestigategendergapsinWLANusage.Thelackofsuchempiricaldataposesaninterestingchallengeandraisesseveralresearch(andprivacy)questions:Howcanwemeaningfullyinfergenderinformationfromsuchanonymoustraces?Doesgenderinformationinuenceuserbehaviorandpreferenceinasignicantandconsistentmanner?Finally,whatistheimpactofthesendingonnetworkmodeling,protocolandservicedesigninthefuture?GenderbasedstudieshavebeenconductedinthepasttostudyissuessuchasdifferenceintechnologyadoptionforthewiredInternet[ 30 ].Thispaperistherst, 20

PAGE 21

toourknowledge,toscienticallyanalyzeWLANusagepatternsinmobilesocietiesacrossusergroups.Ourstudybeginsbyintroducingalocation-basedmethodforgenderclassicationoncampus.Itprovidesrobustlters,basedonindividualandgroupnetworkbehavior,inadditiontoclusteringtechniques,toidentifymalesandfemaleswithhighcondence.WeanalyzeextensiveWirelessLANtracescollectedforover3yearsfrom2majoruniversitiescoveringmorethan50,000users.ThendingsarecrossvalidatedwithgroundtruthfromNamebasedmethodandyieldover90%success.Oncethegenderclassicationisperformed,athoroughinvestigationofthespatio-temporalcharacteristicsofthegenderbasednetworkactivityisconducted.Amongtheparameterswehaveconsideredforevaluatingthegendergaps,wefoundenoughstatisticalevidencetoconcludethat(forthetracesusedinourstudy)usagepatternsofmalesandfemalesaredifferent,andthatgenderdoesaffectuseractivityandvendorpreference.Webelievethatsuchattributeswillcertainlyenhancetheunderstandingofthemobilesocietyandisessentialtoprovideefcientnetworkprotocolsandservicesinthefuture.Ourndingsalsoindicatethattheproblemofmobileuserprivacyshouldbere-visited.Contributions:Thispaperprovidesfollowingcontributions:i.classandgenderinferencemethodsbasedonlocation,usageandnamelteringfromextensiveWLANtraces,ii.providingtherstgender-basedtrace-drivenanalysisinmobilesocieties,includingstudyofmajorsanddevicepreferences,iii.identifyinguniquefeaturesinthestudiedgroupingthatsuggestsconsistentbehaviorandthedesignofpotentialfutureapplications.Therestofthepaperisoutlinedasfollows:Sec. 2.1 discussesmultipletechniquesforuserclassication,followedbySec. 2.2 ,whichprovidesseveralmethodsforvalidatingtheclassication.Sec. 2.3 providesthegender-basedfeatureanalysisandresultsandSec. 2.4 discussespotentialapplications.ConclusionandthefutureworkispresentedinSec. 2.5 21

PAGE 22

Figure2-1. Querybasedusergroupingtechnique Figure2-2. Asampletracedatabasesnapshot 2.1ApproachInthiswork,weconsiderWLANtracestounderstandusagecharacteristics/behaviorpatternofsocialgroups.WLANtracesarelogsofuserassociationwithaWirelessAccessPoint(AP).Tracesgenerallycontainmachine'sMACaddress,associatingtime,durationandassociatedAP.MACaddressisalwaysanonymizedtoprotectprivacyoftheuser.Howcanwebegintoclassifyallthestudentsintosocialgroupslikegenderandstudymajorusingonlythepubliclyavailableinformationandtraces[ 7 ][ 41 ]?Havingameaningfulclassicationwiththispartialinformationisthemainchallengethatweaddressinthiswork.Ideally,wewouldwanttoclassifyallusersintogroups.Takingarststepinthisdirectionwepresentageneraltechnique,whichcanbeusedtoclassifyasmallersectionofWLANusersintogroups.Doingitforalltheusersstillremainsachallengeasweshallsee.Instead,wefocusonobtainingasamplesignicantenoughforastatisticalanalysis. 22

PAGE 23

OurtechniqueworksonrawWLANSNMPandSYSLOGtraces.ThetracesareaccumulatedforatimeperiodandparsedintoastandardformatasshowninFig. 2-1 .WeusethelocationinformationoftheAPs,intheformofbuildingsinwhichtheyarelocated.Thishelpstoidentifythegeographiclocationsofauseratalaterstage.MobilityofuserscanbetrackedbylookingattheapproximategeographiclocationsoftheAPs.TheprocesseddataisfedintoadatabaseonwhichSQLqueriescanberuneasily(andgenerically)toextractinformationofinterest.Fig 2-2 illustratesthegenerictracedatabaselayout,whichisusedinourexperiment.Theeldsincludethefollowing:1.anonymizedMACaddressesofthewirelessdevicesloggedontotheWLAN,2.thesessionstarttime(inseconds),3.theAPwithwhichthewirelessdeviceassociated,4.DurationoftheassociationwiththeAP,5.themanufacturerofthewirelesscard(whichweinferredfrompartialMACaddress),and6.thebuildingatwhichtheAPislocated(inferredbasedonamap),thiseldisexternaltotheactualtraces.Two-dimensionalco-ordinatescanbeinbuiltintothedatabasebasedonacampusgridmaptoallowmobilitybasedqueriestobeperformedaswell.Insomecases,ifmoreinformationsuchasusernamesareavailable,wecanaddmoreeldstothedatabase.Theadvantageofhavingastandardschemaforthedatabaseisthatsimilarqueriescanbeusedontracescomingfrommultiplesources.WehaveusedthissamedatabaseframeworktoanalyzetracesfromUSC[ 41 ],Dartmouth[ 7 ],UFandUNC[ 3 ];themethodisgeneralandapplicabletomanytraces(campusesandurban)andseveralgroupingcriteria.Tracecollectionprocess,environment,andanonymizationusedhaveagreatimpactontheutilityofthetracesandsincetracescomingfromdifferentsourcesmayhavetotallydifferentprocessingandinformation.Itsverydifculttondonegeneralmethod,whichwouldclassifyusersinallsettings,thereforeweproposemultiplemethods.Asitisverydifculttogetholdofthisdata,itisevenmoredifculttovalidateit.Wehaveusedseveralstatisticalmethodstogiveuscondenceintheclassicationandcross-validatedwithname-basedapproach;closestpossibletothegroundtruthatalargescale. 23

PAGE 24

Figure2-3. GendergroupinginFraternitiesandSororities Weusetracesfromtwouniversities,U1andU2(nameswithheldforprivacyreasons)thatprovideinformationasshowninFig. 2-2 exceptthatuniversityU2tracealsoprovidestheusernames.TracesfromU1belongtoFeb2006,Oct2006andFeb2007,andTracesfromU2belongtoNov2007andApr2008.Thegroupingparameterweuseinthisworkforinvestigationisgenderbased.Todothiscategorization,weproposetwonoveltechniques:LocationbasedClassication(LBC)andNamebasedClassication(NBC),andsubsequently,weexamineanddiscusstheiradvantages. 2.1.1LocationBasedClassication(LBC)MostUSuniversitieshavesororities(femaleorganizations)andfraternities(maleorganizations)associalorganizations.Thebuildings,whichhousestheseorganizationsalsoserveasresidencesformostofthemembers.GiventhephysicallocationofAPsoncampus,APslocatedinsororitiesandfraternitiesareidentied,andtheusersassociatedwiththemareclassiedasfemalesormalesrespectively.Fig. 2-3 illustrateshowgroupingisdoneinthissetting.Thismethodcanalsobeusedtoclassifyusersbyothergroupingcriteriasuchasstudymajor.ForexampleallusersassociatingwithComputerSciencebuildingAPcanbeclassiedasComputerSciencemajorstudents.SincewirelessnetworksmaybeusedbyanyoneinthephysicalproximitytotheAP,thiskindofclassicationwillalsohaveun-relatedusersorvisitorsaccessingtheseAPs, 24

PAGE 25

whichcanmaketheclassicationinaccurate.WenextpresenttechniquestolteroutregularusersfromvisitorsatanAP.Filtering:LBCrequiresltering,asfraternitiesandsororitieshavemaleandfemalevisitors.Withoutfurtherrenementsandltering,thismethodwouldnotbeaccurate.Butevenifwevalidatethepresenceofvisitors,howcanwelterthemfromourclassication?First,visitorsareinfrequentusersofthemobilenetworkinthevisitedlocations.Second,weexpectasignicantdifferencebetweenresidentsandvisitorsintermsofnetworkactivity(innumberanddurationofon-linesessions).Third,auserwhoisvisitoratonelocationcanbearegularuseratsomeotherlocation.Hence,wecandeneavisitorasauserwithlessnumberofsessionsandsmallerdurationofsessionsthantheaverageuserinthatlocation(groupbehavior)orasuserwhohasmoresessionsandlargeronlinedurationatotherlocations(individualbehavior).Ourlteringtechniquesrateusersbasedontwometrics:thenumberofsessionsandsessionduration.Onceweratealltheusersonthesetwometrics,weapplycut-offthresholdstodetermineregularusers.Filteringcanbeperformedontheseratingsconsideringindividualand/orgroupbehaviorasdescribedinrestofthesection. 2.1.1.1IndividualBehaviorbasedFiltering(IBF)InIndividualBehaviorbasedFiltering(IBF),wendtheprobabilityofauserbeingmaleorfemalebycountingthenumberofsessionsandmeasuringthedurationhe/shespendsinfraternitiesversussororities.Thiscanbedoneusingtheequationsbelow.Theprobabilityofauserbeingmale,consideringonlysessioncountsatfraternitiesandsororitiesisgivenby: PCM(u)=Cf(u) Cf(u)+Cs(u)wherefunctionCfgivessessioncountforuseruinfraternitiesandfunctionCsgivesthesessioncountforuseruinsororities.Similarly,theprobabilityofauserbeingmale,consideringonlysessiondurationsatfraternitiesandsororitiesisgivenby: 25

PAGE 26

PDM(u)=Df(u) Df(u)+Ds(u)wherefunctionDfgivesthetotaldurationofsessionsforuseruinfraternitiesandfunctionDsgivesthetotaldurationofsessionsforuseruinsororities.Fig. 2-4 showsuserswhovisitedfraternityand/orsororitiesindecreasingorderofPCM(u)andPDM(u)fortracesfromuniversityU1.InterestingobservationisthatbothPCMandPDMfollowasimilartrendandthereisasuddendrop(transition)from1to0(between500thand700thuser),essentiallyseparatingmalesfromfemales.InFig. 2-4A ,Outof1119users,thereisalargenumber(425)ofuserswhoseprobabilityofbeingmaleis1.TheseusershaveneverassociatedwithsororitiesAPs.Wealsohavelargenumber(362)ofuserswhohaveneverassociatedwithfraternitiesAP(PCM=0andPDM=0),whowecanclassifyasfemales.Asfraternitiesandsororitieshavevisitors,manymaleswillhaveprobabilitylessthan1(vice-versaforfemales),ifweonlyconsideruserswithprobability1or0,wewouldconsiderablyremovelegitimateuserswhohavevisitedandusedWLANatotherlocations(sororitiesformalesandfraternitiesforfemales).WehaveinsteadclassiedalltheusershavingPCM>0.80andPDM>0.80asmalesandPCM<0.20andPDM<0.20asfemales,usingthe80-20ruleortheParetoprinciplesuchthat80%oftheregularusersshouldfallintop20%probability.Otherusersdiscardedfromtheourstudies.TheresultsfromUniversityU2arealsosimilar( 2-5 ).Thismethod,IBF,isgenericandcanalsobeusedinothergroupingcriteriasuchasstudymajoramongothers. 2.1.1.2GroupBehaviorbasedFiltering(GBF)InGroupbasedFiltering(GBF),welterauserbasedonwherehisusagepatternlieswithrespecttoalltheusersataparticularlocation.GBFisalsousefulwhentracesareavailableonlyfromlimitednumberofbuildingsandwecannotuseIBFduetolackoftracesfromallthebuildings.Forexampleletsconsiderthatataparticularlocation,wediscoverthataveragesessiondurationofregularusersis3000secandtheirsession 26

PAGE 27

Figure2-4. UsersVisingFraternityand/orSororityindecreasingorderoftheirMaleprobabiltyatUniversityU1. A )Feb2006. B )Oct2006. C )Feb2007. countis10inaperiodofonemonth.Soalluserswhoatleastmeetthesecriteriacanbecomeregularusersandareclassiedasmaleorfemalebasedonthelocation,everyoneelseisconsideredavisitorandthereforeremoved.Findingthesethresholdsisnotatrivialtaskasthesethresholdswouldvaryfrombuildingtobuildingandmayalsochangewithtime.Forthistaskweemployclusteringtechniques[ 18 ](oneofthekeymethodsforunsupervisedlearning)topartitionourdataintoregularusersandvisitors.Clustering:ClusteringcanbeusedtodivideasetofusersintoseveralsubsetssuchthatusersineachsubsetaremostsimilarbasedonWLANusagemetrics(duration,sessioncount,distinctlogindays).Fromtwogeneralcategoryofclustering 27

PAGE 28

A BFigure2-5. UsersVisingFraternityand/orSororityindecreasingorderoftheirMaleprobabiltyatUniversityU2. A )Nov2007. B )Apr2008. algorithms;namelyhierarchicalandpartitionscheme,wechoosearobustpartitioningmethodcalledPartitioningAroundMediods(PAM)[ 45 ].Thismethodhasdistinctadvantages(overstandardk-means[ 18 ])inthatitusesdissimilarityscoretominimizedissimilarityinthesamecluster,makingclustersrobusttooutliers.ItalsoprovidesanovelmethodcalledSilhouetteWidthsandPlotsforestimatingclusterquality.TheaverageSilhouetteWidthsareusefulinestimatingthenumberofclusterspresentinthedata(oftenachallengingjobinclusteranalysis).OnehastorunPAMseveraltimes, 28

PAGE 29

eachtimefordifferentnumberofclustersandthencomparetheresultingSilhouetteWidths.Theclusteringsizethatproducesmaximumaveragewidthisthebestclusteringpossible.Theaveragewidthcanalsobeusedtoestimatethequalityoftheclustering;above0.70forstrongclustering,between0.500.70forareasonablestructureandbelow0.50forweakstructure[ 45 ].WeusePAMtodistinguishvisitorsfromregularusers(i.eresidents).Weusenumberofdistinctdaysoflogin,sessioncount,andsumofsessiondurationsasthemetricsforuserevaluation.Thismetricscanhelpidentifyandthusseparateuserswhomakeseveralsessionsonlyinfewdays(maybevisitors)fromuserswhomakesessionseveryday.WeappliedthisclusteringtechniquetoSororitiesandFraternityusertracefrombothUniversitiesU1andU2.Wefoundthatthebestclustersizeineachcaseis2.Ineachsetwefoundthataveragesilhouettewidthisabove0.65,0.84beingthemaximuminoneofthecases(moreresultsinTab. 2-1 ).Theclustersizeof2clearlyidentiesourintuitionofregularusersandvisitorsandseparatesthemusingusagebehaviorinthatparticularbuilding/location.Also,thehighaveragesilhouettewidthindicatesthehighqualityofclustering.DetailedresultsofGBFareinmiddlecolumnofTab. 2-2 Fig. 2-6 showseffectoftotalsessionduration,totalnumberofsessionsanduniquedaysofloginoverclusteringofusers.Wecanseeacleardropinthenumberofsessionsanduniquedayswhentheclusteringchangesfrom2to1(2ndclustersigniestheresident).Wenoticethatatthebeginningofcluster1thereisaspikeinthetotaldurationbutstilltheseusersarenotincludedintheregularusersastheirnumberofsessionsanduniquedaysofloginarecomparativelylessthanusersbelongingtocluster2.Clusteringensuresthatallthreemetricsareincorporatedwhenmakingadecision.SimilarresultsareobtainedforothertracesfromuniversityU1(Fig. 2-7 )andU2(Fig. 2-8 andFig. 2-9 ).GBFisgenericandcanbeusedtoidentifyothersocialgroupingssuchasstudy-major,whichwillbeinvestigatedinourfutureresearch. 29

PAGE 30

Table2-1. AverageSilhouetteWidthforSororityandFraternitiesfromUniversityU1andU2 U1 U2 Feb2006Oct2006Feb2007Nov2007Apr2008Fraternity0.720.740.750.840.78Sorority0.650.720.690.780.76 A B CFigure2-6. ClusteringresultsforUniversityU1Sororities. A )Feb2006. B )Oct2006. C )Feb2007.. 30

PAGE 31

A B CFigure2-7. ClusteringresultsforUniversityU1Fraternities. A )Feb2006. B )Oct2006. C )Feb2007.. A BFigure2-8. ClusteringresultsforUniversityU2Fraternities. A )Nov2007. B )Apr2008.. 31

PAGE 32

A BFigure2-9. ClusteringresultsforUniversityU2Fraternities. A )Nov2007. B )Apr2008.. 2.1.1.3HybridFiltering(HF)Aswedonotknowthegroundtruthorhavetherealdataabouttheusers,itisdifculttovalidatetheresultsoftheseclassications.Inordertohaveameaningfulanalysisaftertheclassication,weneedtovalidatetheclassication.WevalidateLBCviamultipletechniquesinSec. 2.2 .Inoneofthetechniques,wecomparetheresultsfromIBFandGBF.ResultsaretabulatedinTab. 2-5 .Wendthatbothmethodsmainlyselectsamesetofusers,whichshouldbethecaseasbothmethodsattempttoidentifyregularusers(malesinfraternitiesandfemalesinsororities).Therefore,forhighercondence/correctclassicationandanalysisinthelatersectionsofthepaper,wechoosetheusersselectedbybothlteringmethods.WecallthismethodHybridFiltering(HF)asthisusesresultsfrombothIBFandGBF.Bydoingsowesuccessfullyclassifymajorityoftheusers(morethan90%oftheusersselectedbyGBFarecommontousersselectedbyIBFbasedmethodasshowninTab. 2-5 ).OurproposedschemeofLBCisgenericandcanclassifyusersintosocialgroupsifthesegroupshaveinherentlocationpreferences(Sororitiesarefemalesresidences,ComputerSciencemajorhasstrongtieswithComputerSciencebuildingsortheatergroupmeetsoftenattheauditorium).OnethingtonoteisthatLBCanditsltering 32

PAGE 33

techniquesdonotneedaccesstounanonymizedMACaddress.AslongastheMACaddressesareconsistentlyanonymized,LBCisapplicable.ThispropertymakesLBCusableinmostoftheavailableWLANtraces.Next,wepresentNameBasedClassication(NBC)technique,analternativetoLBC. 2.1.2NameBasedClassication(NBC)Inthistechnique,weusetheusernamesoftheWLANusers,whicharesometimesavailableinthetraces.ThiseldmaybeobtainedoncampusesandenterprisesthatrequireauthorizationmechanismsuchaspasswordstoaccessWLAN.Includingusernameshouldnotaffectprivacyoftheuserastheseusernamesarenotprivateandusuallycannotidentifyaperson.WeapproachourclassicationproblembyexploitingthefactthatuniversityU2,fromwhichthesetraceswerecollected,providesusernamesandmaintainsadirectory.Thisdirectorycanbesearchedwiththeusername(WLAN)andusershavetheoptionofnotlistingtheirnamesinthephonebook.Thisimpliesthatwecansearchandndtherstnamescorrespondingtotheusernamesfortheuserswhohavemadetheirinformationavailableinthephonebook.Wethenusethelistoftop1000malesandfemalesrstnamesfromtheUSSocialSecurityadministrationwebsite[ 2 ]andremovethenamespresentinbothlists(neutralnames).Thus,wegetthelistofmostpopularmale-onlyandfemale-onlynames.Werunthislistagainstthelistofnameswendfromthephonebook,thusndingthegenderoftheusers[ 32 66 ].Inthistechnique,wedonothaveproblemofvisitorsthuswedonotneedanyltering.WeobservethatnamesfromtheUSSocialSecuritylistmaynotbeabletoclassifyforeignnationalstudentsandnon-popularnamesintogendergroups,thishoweverisnotalimitationofourmethodbutofthenamedatabase.Usingamorecomprehensivedatabaseshouldprovidebetterclassication.Inthispaper,however,wearemoreconcernedwithageneralmethodologyofclassifyingWLANusers,thedetailsofhowtoacquireabetterdatabaseareoutofscopeofthepaper. 33

PAGE 34

Table2-2. ResultsofclassicationofusersfromU1(LBC)andU2(NBC).`Common'signiestheuserswhichwerecommontobothmaleandfemalepopulation. U1-IBF U1-GBF U2-NBC Feb2006Oct2006Feb2007 Feb2006Oct2006Feb2007 Nov2007Apr2008TotalUsers164162240520302 164162240520302 2706829982Males(only)506553545 451437417 52455807Females(only)513570509 441456410 59556817Common000 223729 00 UsingNBCclassication,wecouldclassify11,000asmalesorfemalesoutof27,000usersinthetraceperiodofNov2007,and12,500asmalesorfemalesoutof30,000usersinthetraceperiodofApr2008atUniversityU2.Someoftheusersfrombothtraceperiodshavebeenmarkedas`Common'sincetheirnamesappearedinbothmaleandfemalenamelist.Forpurposeofthisstudy`Common'userswereexcludedfrombothmaleandfemaleusersets.DetailsoftheclassicationarelistedinTab. 2-2 .ComparedtoNBC,LBCrequireslessinformation(usernamenotneeded);however,weneedtondawayvalidateLBC.OnewaytovalidateistocompareclassicationresultsofLBCwithNBCasshowninSec. 2.2.3 .NBCmethodismuchclosertothegroundtruth.TheuseofNBCislimitedastheavailabilityofusernamesislimitedtoaveryfewcurrentlyavailabletraces.OncewecheckthecorrectnessofLBC,thiscanbecometheprimarymethodforclassication. 2.2ValidationofLocationBasedClassicationValidationofLBCisneededtoraisecondenceintheresultsfromU1i.e.usersclassiedasvisitorsareindeedvisitorsandnottheregularusersofthatAccessPoint(malesincaseoffraternitiesandfemalesincaseofsororities).Validationoftheresultswiththegroundtruth/actualrealityisdifcult,especiallywhenwehavedevelopedthemethodsforpubliclyavailabletracesandinformation.Evenifwegetaccesstostudents'universityrecords,wewouldnotbeabletomatchitwithstudent'sdevice(especiallywhenMACaddressesareanonymized).Oneapproachistoconductsurveysfor50,000usersineachcampus,theresultsarelikelytobeincompleteandnoisy(erroneous) 34

PAGE 35

asidefromtheenormousefforts/resourcesneededifatallpossible.Instead,wehavedevisedthreestatisticalmethodstovalidateourlteringmechanisms.Therstmethodndsoutregularusersinthetrace-setbelongingtoadjacentmonthsandcomparesthislisttoseehowmanyarecommon(temporalconsistency).ThesecondmethodcomparesresultsfromIBFandGBFtocheckthesimilaritiesintheresults.ThethirdmethodtakestheclassicationachievedusingNBCmethodandcomparesitwiththeresultsofLBCbecauseNBCshouldbeveryclosetothegroundtruth.Themethodsarediscussedindetailbelow. 2.2.1TemporalConsistencyValidationUsingAdjacentMonthsInthismethodofvalidation,weconsiderapairofonemonthlongtrace-setsbelongingtoadjacentmonthsinthesamesemester(suchasFebruary2006andMarch2006fromSpring2006semester)anduseIBF,GBF,andHFlteringtechniquestondouthowmanyusersarecommonbetweenthetwoadjacentmonthsbeforeandafterltering.Assumptionbeingthatthesetofuserslivinginfraternitiesandsororitiesdonotchangefromonemonthtoanotherinthesamesemester.Ifafterltering,thepercentageofcommonusersincreasesthenitislikelythatthismethodworkscorrectlyinidentifyingregularusers.Tab. 2-3 andTab. 2-4 showtheresultsweobtainforbothfraternityandsororityusers.Weseethatforfraternities,beforeltering,thepercentageofcommonMACsintwoconsecutivemonthsisaround60%to64%andafterlteringitgoesuptobetween72%to80%inallthreelteringschemes.Incaseofsororities,beforeltering,weseethatcommonusersarebetween66%to72%andafterlteringthepercentageofcommonusersshootsupto80%to93%.Thisshowsthatlteringschemesareselectingregularusers,aspercentageofcommonusersrisesdramaticallyafterltering. 2.2.2IBFvsGBFTheLBCtechniqueinSec. 2.1.1 describestwomainlteringtechniques-IBFandGBF.Bothuselocationinformationtoidentifythegender;however,cut-offthresholds 35

PAGE 36

Table2-3. SimilarityintheuserpopulationselectedafterlteringfraternityusersforU1 BeforeFiltering Month(a)Month(b)#ofUsers(a)#ofusers(b)Common%users Feb2006Mar-Apr20061350144181660.4Oct2006Nov20061520157296963.8Feb2007Mar-Apr200716921875105062.1 AfterFiltering-IBF Month(a)Month(b)Male(a)Male(b)CommonMales%Common Feb2006Mar-Apr200650650738676.2Oct2006Nov200655351840172.5Feb2007Mar-Apr200754561340776.5 AfterFiltering-GBF Month(a)Month(b)Male(a)Male(b)CommonMales%Common Feb2006Mar-Apr200647346337880.0Oct2006Nov200647444537178.27Feb2007Mar-Apr200744648235479.4 AfterFiltering-HF Month(a)Month(b)Male(a)Male(b)CommonMales%Common Feb2006Mar-Apr200641640933279.8Oct2006Nov200641838732778.2Feb2007Mar-Apr200739941931177.9 forlteringregularusersandvisitorsaresetdifferently.Comparingtheresultsofbothmethodsprovidesuswithanothervalidationmechanism.Tab. 2-5 showscomparisonoflteringresultsfor3monthslongtraces(Feb2006,Oct2007,Feb2007)fromuniversityU1.Wecanseethatgreaterthan400(75%)usersareconsistentlycommoninboththemethods.Thispointstothehighdegreeofsimilarity,whichvalidatesthelteringthatbothmethodsremovevisitorsandresultinsimilarregularusers(increasingthecondenceinourresults).WenotethatGBFismoreconservative(lessnumberofregularusers)thanIBF,whichcouldbeattributedtothefactthatGBFtakesintoconsiderationtheusageattributes(sessioncount,duration,distinctdaysoflogin)ofanaverageuserforcomparison(byusingclustering),whichcanbehigherthanaregularuserselectedbyIBF.Fortheuserbehavioranalysis,inthefollowingsection,weonly 36

PAGE 37

Table2-4. SimilarityintheuserpopulationselectedafterlteringsororityusersforU1 BeforeFiltering Month(a)Month(b)#ofUsers(a)#ofusers(b)Common%users Feb2006Mar-Apr2006991115571772.3Oct2006Nov20061264130584466.8Feb2007Mar-Apr20071169132782170.2 AfterFiltering-IBF Month(a)Month(b)Female(a)Female(b)CommonFemales%Common Feb2006Mar-Apr200651353645087.7Oct2006Nov200657055746180.9Feb2007Mar-Apr200750951141781.9 AfterFiltering-GBF Month(a)Month(b)Female(a)Female(b)CommonFemales%Common Feb2006Mar-Apr200646347442992.7Oct2006Nov200649345643287.6Feb2007Mar-Apr200743945840592.3 AfterFiltering-HF Month(a)Month(b)Female(a)Female(b)CommonFemales%Common Feb2006Mar-Apr200643544940292.4Oct2006Nov200645443240188.3Feb2007Mar-Apr200740641336790.4 Table2-5. Validation-comparingusersselectedbyIBFandGBFforU1 MonthGenderIBFGBFHF Feb2006Male506451416Female513441435Oct2006Male553437418Female570456454Feb2007Male545417399Female509410406 considertheusersselectedbybothlteringmethodsalsoreferredtoasHybridFiltering(HF). 2.2.3CrossValidationNBCdoesnotclassifyallusersaseithermaleorfemale(Sec. 2.1.2 ),however,thisclassicationhasalowerrorratebecauseofusingstatisticsfromrealdatacomingfromtheUSSocialSecurityOfce.UsingthispropertyofNBC,wecanndouttheerrorboundfortheLBC.Availabilityoftheerrorpercentagecanhelpinrealizing 37

PAGE 38

Table2-6. CrossvalidationofLBCbyNBCforU2 MonthFLFL\MNEfMLML\FNEm Nov20071280740.058334250.074Apr200816901230.072349290.083 theerrormarginsforLBC.Tocalculatetheerrorbounds,theusers(fromsororitiesandfraternities)classiedbyLBCasfemalesandmalesareputinsetsFLandMLrespectively.UsingNBC,weclassifyallusersfromFraternitiesandSororitiesandputthemindifferentsets.FemalesinsetFNandmalesinsetMN,andremovetheunclassiedusers.Theunclassiedsetofusersarethosewhosenameexistedinbothmaleandfemaledatabasesorwhosenamewasnotinthedatabase.TheerrorinfemaleclassicationbyLBCcanbegivenbyEf,whereEf=(FL\MN)=FLandtheerrorinmaleclassicationbyLBCcanbegivenbyEm,whereEm=(ML\FN)=ML.Tab. 2-6 providesresultsonthecrossvalidationofLBCbyNBC.WedidtheanalysisfortracesetscomingfromuniversityU2asitprovidesusernamesalongwiththeinformationaboutAPlocatedinthesororitiesandfraternities,whichallowsustoperformbothNBCandLBC.ForApr2008tracesfromuniversityU2,thesetFLhas1690usersafterdoingLBCandEfisequalto7.2%.IncaseofsetML,whichhas349users,wendthatEmis8.3%.Similarly,inNov2007traces,EmandEfislessthan8.3%.Thelowvalueoferror,E,furtherincreasesourcondenceintheLBCandvalidatestheclassicationmethod.Tosum,wendourlocationclassicationLBC(withthreelteringtech-niques-IBF,GBF&HF)aresupportedbythreevalidationtechniques.Validationensurestheusersselectedbythelteringareindeedtheregularusers,whichinsororitiesmeansselectingfemalesandinfraternitiesselectingmales.Thelteringstatisticalerrorswerebelow10%,andthecondencewasfoundtobeover90%. 38

PAGE 39

2.3UserBehaviorAnalysisClassicationofusersintosocialgroupsistherststepinunderstandingtheusagedifferencesbetweenthegroups.TheclassicationtechniquesdiscussedinSec. 2.1 takealltheWLANusersanddividethemintovarioussets(dependingonthegroupingcriterion).Forthegenderbasedgrouping,wehavethreesets:Male,FemaleandUnclassied(groupingcouldnotbedetermined).Thesegroupscannowbeevaluatedonmultiplemetricsdependingontheapplication.Inthisworkwehaveconsideredthreegenericmetrics(notcorrespondingtoanyapplication).Weinvestigatethespatio-temporaldistributionforwirelessusageacrossgendersinadditiontovendorpreference.Themainaimofthesemetricsistoexaminetheexistenceofdifferencesbetweenthegroups.Weattempttoidentifydifferencesthatarestatisticallysignicantandconsistentacrossthemultipletraceswehavestudied.Oneobservationtomakehereisthatitmaynotbenecessarythatsuchdifferencesholdtrueindifferentcampusesortime-periods.However,knowledgeofthesedifferences(evenexistence)maybeimportanttoprotocolsandservicestargetedatthesegroupsofusers.Thethreemetricsweuseare: a. WLANUsageandGenderSpatialDistribution:WhatarethetrendsinWLANusageacrossdifferent(buildings)areasoncampus? b. AverageOnlineTime(Temporaldistribution):Aretheretrendsintheaverageonlinetimesofusersandcandifferencesbeidentiedbasedongenderandareas(buildings)withinthecampus? c. ManufacturerPreferences:Whichdevicevendorsdodifferentgendersprefer?Towhatdegreedoesgenderaffectthechoiceofvendor? 2.3.1UserSpatialDistributionAnexampleofametricisthespatialdistributionoftheusers.Thismetricscanidentifywheretheclassiedusersspendmostoftheirtime(regularusers).Forexample,bysearchingthefemaleusersinthecompletetracewecanndoutthelocationsvisitedbythem.WerefertheselocationsasArea,sincetheyalsorepresentmajor/department 39

PAGE 40

Figure2-10. ComparisonofuserdistributionacrosstheuniversityU1campus(inPercentage) housedatthatlocation.Hereweonlylookintomajortrendsbytheactiveuser.Auserisconsideredactive(regular)atanareabyusingGBF.Differenceinthenumberofusersamongthegenderscantellusaboutthebuildingpreferencesofthegenders.Fig. 2-10 andFig. 2-11 showpercentagedistributionformalesandfemalesatUniversitiesU1andU2atvariousbuildings.Atbothuniversities,wecanseethattherearemoremalesthanfemalesintheareasofEconomics(by39%atU1and33%atU2),Engineering(5%atU1and89%atU2)andLaw(by83%atU1and6%atU2).LawareainformationforFeb2007isaoutlieraswedonothaveanymalestudentduringthatperiod.FemalesaremoreinnumberthanmalesintheareaofSocialScience(by16%atU1and3%atU2)andSports(by41%atU1and2%atU2).WeseethatatU1andU2trendsareoppositefortheareaofMusic(U1has40%morefemaleshoweverU2has33%moremales).Formoredetailssee[ 47 ].Existenceoflocations,whichareconsistentlypreferredbyoneofthetwogenders,highlightstheexistenceofdifferenceinWLANusagebytwogenders.Manyofthetrendsholdevenacrossthetwocampuses.WebelievethiscanbebenecialtoseveralapplicationasdiscussedinSec. 2.4 40

PAGE 41

Figure2-11. ComparisonofuserdistributionacrosstheuniversityU2campus(inPercentage) 2.3.2AverageDurationorTemporalAnalysisAveragedurationofasessionformalesandfemalesgivesusanunderstandingoftheextentofWLANusageatdifferentareas.FromFig. 2-12 andFig. 2-13 ,weobservethatmalesonaveragehavelongersessionsthanfemalesinmostoftheareas(onaveragebymorethan9%,inextremecasesbyasmuchas200%).Onaverage,maleuserstendtostay-asWLANusers-atcertainplacesforlongertimesthanfemales.Atbothuniversities,weseethatfemalesconsistentlyhavehigheraveragedurationthanmalesintheareaofSocialScience(by12.8%atU1and10%atU2)andSports(by17.2%U1and8%U2).MalesconsistentlyhavehigherdurationsessionatbothuniversitiesintheareasofEngineering(by76%atU1and15.4%atU2)andMusic(by39.9%atU1and36.8%atU2).WeseethatfemalesatuniversityU1consistentlyhavehigheraveragedurationintheareaofcommunication(by12%)whereasmaleshavehighersessiondurationatuniversityU2(by10%).WealsoseecleartrendsatuniversityU2thatmaleshavehighersessiondurationatareaofEconomics.AnotherobservationofinterestisthataveragedurationpersessiondecreasesfromFeb2006toFeb2007(from2789secto2454sec)inalmostallthecasesforuniversity 41

PAGE 42

Figure2-12. AveragedurationofmaleandfemalesindifferentAreasofuniversityU1campus U1campus,weobservesimilartrendinuniversityU2(from3800secinNov07to3609secinApr08).Thispointstothepossibilitythatstudentsarebecomingmoremobile,andthushaveshortersessionsatthesamelocation.Whileinsomecasesthetrendswereequalacrossgenders,inseveralscenar-ioswedonddifferencesinWLANusageamongthegenders.Someofthesedifferenceswerefoundtobesignicantandspatio-temporallyconsistentevenacrosscampuses;females'wirelessactivityisstrongerinSocialScienceandSportsareas,whereasmales'activityisstrongerinEngineeringandMusic.Inotherscenarioseachuniversitycampushadadifferenttrendspecictoit.Thesendingsarelikelytohaveasignicantimpactonusagemodelinginwirelessnetworks 2.3.3DevicePreferenceInmanyavailabletraces,partialMACanonymizationisdone,suchthattopthreeoctetsoftheaddress(whichidentifytheManufacturer)areleftunchanged.TracesfrombothU1andU2usepartialanonymization.Thesetopoctetscanbeusedto 42

PAGE 43

Figure2-13. AveragedurationofmaleandfemalesindifferentAreasoftheuniversityU2campus ndpreferredvendorsforthegroups(MaleandFemale).Inthismetric,weareonlyconsideringmajorvendors(bythenumberofusers).Fig. 2-14 andFig. 2-15 showthenumberofuserspervendoratUniversityU1andU2.AtuniversityU1,itisinterestingtonotethatApplecomputersaremorepopularamongstfemalesthanmales.Inteldevicesaremorepopularamongstmales.Forexample,usingtheFeb2006traceswendthat25%ofthemalesuseAppleand32%useIntel,sothatthereare28%moremaleusersusingIntelwithrespecttoAppleusers.InthecaseofFemales,30%useAppleand27%useIntel,so12%morefemaleusersuseApplethanIntel.Totestwhethergenderprovidesabiastowardsspecicvendors,weusetheChi-Squarestatisticalsignicancetest.TheChi-Squaretestshowswith90%condencethatthereisabiasbetweengenderandvendor/brand.ThisholdstrueforallthethreetracesetsfromuniversityU1.WealsonoticeaconsistentincreaseinpercentageofApplecomputerusersofbothgendersoverthethreetracesamples.ForcomparisonoftheresultsfromuniversityU1withuniversityU2,forthiscaseonly,weconsideredusersonlyfromfraternitiesandsororitiesfromuniversityU2. 43

PAGE 44

Figure2-14. DevicedistributionbymanufactureratuniversityU1 TheclassicationofuserswasperformedusingLBC(similartouniversityU1).AtuniversityU2,wedonotndtrendssimilartouniversityU1,weseethatboththegendersconsistentlypreferInteldevicesmorethantheAppledevices.WetendtobelievethatpreferenceofWLANuserscanwarywithgeographiclocationandfactorssuchasafuentsociety,presenceofApplestoreoncampusamongothers.WealsoobservethatvendorslikeEnterasys,Linksys,D-linkandAskeyCorp.haveadecreasingtrendintermsofpercentageofusers.OneofthereasonsisthatthesemanufacturersmostlymakeexternalWi-Fidevicesforoldlaptops(withnobuilt-inWi-FiNICs).Currentlyalmostallnewlaptopscomewithabuilt-inWi-Fi,sotheusersofexternaldevicesaredecreasing.Theseresultsindicateoncemorethattherearestatisticallysignicantdifferencesintheusagepatternofthetwogender.OnepossibleimplicationofthisdevicepreferenceisthatPCvirusesormalwarepropagationinsomefemalegroupsmaybelesseffective,whichwillhaveadirectimpactonsecuritystudiesinfuturewirelesssocietiesasinDTN[ 77 ]. 44

PAGE 45

Figure2-15. DevicedistributionbymanufactureratuniversityU2 2.4ApplicationsAnalysisofuserbehaviorintheprevioussectionhighlightsthatstatisticallysignicantdifferencesexistintheusagepatternofthetwogenders.Therecanbeseveralmetricsonwhichagroupofuserscanbeevaluatedandtheirbehaviorquantied.Theresultsfromthesemetricscanthenbeappliedtoanexistingornewapplicationtomakeitcontextsensitive.Inthissection,wediscussfewapplicationswhichwillbenetfromthequantieddifferencesamongthegroupssuchasmobilitymodelingandprotocoldesign.Wealsodiscussimpactofthisanalysisonuserprivacy,wirelessnetworkdeployment,andresourcemanagementamongothers.Forthelackofspace,moredetailsoftheapplicationareomitted. 2.4.1MobilityModelsMobilitymodelsareimportanttoolstounderstandusermovementsandcreatemodelsonwhichprotocolscanbetested.Theknowledgeofgroupscanbeusedtore-evaluatemobilitymodelssuchasTVC[ 37 ],IMPORTANT[ 16 ],andseveralothers[ 15 ].Thisenhancementcanallowustomodel/evaluatesocialgroupson`behavioral'aspects,load(sessionsduration)anddensityamongothers.Thiskind 45

PAGE 46

ofstudycanonlybepossiblebyusingthemethodsmentionedinthiswork,othermethodsliketakingasurveyof50,000userswouldrequiretremendouseffortandmaystillhavesimilarerrorrates. 2.4.2ProtocolDesignProtocolandservicedesigninMobileAd-Hocnetworkscantakefeaturesofvariousgroupstoevaluateitsperformance.IthasbeenshowninProle-Cast[ 39 ]thatconsideringbehaviorofusers(proles),onecancreateefcientprotocolsforMobileAd-HocNetworks.Thisworkdoesnotconsiderdifferenceamonggroupsofpeople.Ithasalsobeenshownthatuserswithsimilaritiesmeetoftenandhavecloserties[ 60 ].Cansimilarpeople(belongingtosamegroup)havehigherchancesofmeetingmoreoften?Canthisknowledgeincreasethemessagedeliverysuccess?Ourmethodhelpsinidentifyingthesocialgroups,however,furtherinvestigationneedstobedonesuchascombiningthisgroupinformationwithservicessuchasProle-Cast 2.4.3PrivacyAmajorimpactofthisworkisbringingtheprivacyrelatedissueswithtracestoforefront.Determininggenderfromthetraceswhichwereanonymized,showsweaknessesincurrentanonymizationtechniques.Itmaybearguedthatanonymizationoflocationinformationmaypreventthiskindofclassication,however,thisnotonlydecreasestheutilityofthetraces,butalsotheauthorsin[ 48 ]showthatlocationanonymizationcanbeeasilyundone.TheprimaryreasonistheuniquesessionpatternsoftheWLANusers.AnonymizationofWLANtraceswhilemaintainingutilityofthetracesisachallengingtask.Ourworkalsopointsatthissignicantproblem. 2.4.4ResourceManagementKnowledgeofgroupbehaviorcanalsobehelpfulinplanningWLANresourcedeploymentandcapacitymodeling.Questionslikehowtheusagewouldchangeifmoreadmissionsaregiventocomputersciencestudentsversuslawstudentsorfemales/malescannowbeansweredinbetterlight. 46

PAGE 47

WeallhaveintuitionwhereandhowacertaingroupofusersmayuseWLAN,ourmethodallowstoquantifythisintuition.Webelievethatmethodsdiscussedinthisworkarethefundamentalstepformanyinterestingstudiesinthefuture. 2.5ConclusionAndFutureWorkInthisstudy,weproposenovelmethods,whichuseWLANtracestoclassifyWLANusersintosocialgroupsbasedonfeaturessuchasgenderandstudy-majoramongothers.Theworkpresentsageneralframeworkthatcanbeappliedtotracescomingfrommultiplesources.Asanexample,tracesfromtwouniversitycampuseshavebeenusedandgenderbasedgroupingclassicationisperformed.Multipletechniquesforgroupingusersarediscussedsinceeachonehasslightadvantagesincertainscenarios.Thestudycross-validatestheresultsbycomparingresultsprovidedbyeachoftheclassicationmethods.Resultsfromthisresearcharebasedonasampleoftheuserpopulation,sincegendermaybeidentiedbasedonsororityandfraternitywirelessaccesspointassociationsorbasedonnamelter.WendthatthereisadistinctdifferenceinWLANusagepatternsfordifferentgendersevenwithsimilarpopulationsizes.Availabilityofresultscomparinggroupsofuserscanallowresearcherstoquantifythebehavioraldifferencesbetweenthegroups.Weseethatthesetrendsandcharacteristicsareconsistentoverperiodsoftimeandacrossdifferentsemestersandsometimesevenacrossuniversitycampuses.Wealsoseesometrendsthatarenotconsistentacrossthetwouniversitycampuseslikethevendorpreference.AtoneuniversityfemalesshowastatisticaltrendforpreferencetowardstheApplecomputers,however,nosimilarobservationismadeattheotheruniversity.WethinkthatsomesocialcharacteristicsaredependentonthelocationoftheUniversitycampusandotherfacilitiesaroundthecampus(likepresenceofApplestore,afuentpopulation).Eventhoughtheresultsvarywithtimeandlocation,itmaybeessentialforaprotocoldesignerofmobilenetworkstounderstandthecharacteristicsofthisnetwork. 47

PAGE 48

Interestingly,wewereabletoclassifyusersintomalesandfemalesandweresuccessfulinobtainingtheirpreferenceofvendor,basedonanalysisofanonymizedtraces(universityU1studydidnotuseusernames).Wewerealsoabletovalidateourresults.Thisraisesseveralprivacyissues.Canprivateinformationofindividualsbeidentiedbyanalyzinganonymizedtraces?Whatkindofanonymizationalgorithmsshouldbeusedformobilenetworkstraces?Andhowcansuchalgorithmsprovideanotionofk-anonymity[ 76 ]forthemobilesocietywhileretainingusefulinformationforresearchers?Thesearequestionsthatbearfurtherresearchandweplantoaddresstheminourfuturework.Inthefuture,weplantopreparemathematicalmodels,whichcanrepresentauserinaparticulargroup.Thisprocesswouldallowustounderstandvariousfeatures,whichrepresenttheuser'sWLANusagecharacteristics.Itwouldalsoallowustoclassifyusersintogroupsbylookingatthefeaturesonly.Usermodelwouldalsobeusefulintailoringtheprotocolsformulticastandprole-casttoincorporatethegroupbehavior.Wehopeforthisstudytoopenthedoorforothermobilesocialnetworkingstudiesandprole-basedservicedesignsbasedonsensingthehumansocieties. 48

PAGE 49

CHAPTER3BREAKINGANONYMITYINWLANTRACESTheadventofportable/mobiledevicesandavailabilityofubiquitousnetworkcoverageusingheterogeneouswirelesstechnologieslikeWi-Fi(IEEE802.11),GPRS,3GandWi-Max,hasallowedhumanstobrowseinformationonthego.Fromsharingacomputingdeviceathome,ofce,oracommercialestablishment,wehavecometoanerawherethesedeviceshavebecomeverypersonalandcustomizedtouser'staste.Amajorimpactofthischange(apartfromallthebenetsofbeingmobile)isthatthesedeviceshavebecomesensorsofthehumansociety.Asthesedevicesremainwiththeirownersformanyhoursinaday,theycancapturelargeamountsofuserbehaviorpatterns,whichcanbemadeavailabletoresearchers.Ononehand,thestudyofsuchdatacanbeusedtodevelopbetterunderstandingofhumanbehaviorandprovideimprovedservices,ontheotherhand,availabilityofthiskindofdatacanbeconsideredaninfringementontheprivacyoftheuser.SeveralresearchersuseWLANtracesforresearchandanalysispurposessuchastoexamineusagebehaviorofusers[ 35 38 49 ],discovercharacteristicsfordevelopingnetworkprotocols[ 39 ]ortostudyusermobilitypatterns[ 25 37 65 ].ManyoftheWLANtracesarepubliclyavailable[ 7 41 ].Itis,therefore,importanttounderstandhowtheprivacyofWLANusersgetsaffected.Inthiswork,weinvestigatetheextentofuser'sprivateinformationthatcanbeextractedfromtheanonymizedWirelessLocalAreaNetwork(WLAN)traces.Eventhoughmostofthetracelibrariesanonymize/sanitizethetracestoprotectuser'sprivacy,wepresentseveralmethods,whichcanbeusedtoreversetheanonymization.WeattempttoexposetheweaknessinthecurrentlyusedanonymizationtechniquesandbringattentionoftheWLANresearchcommunityonthisfundamentalproblem.WendthatWLANtracesareuniqueinthesensethathumanmovementpatterngetsembeddedinthem,whichcanhaveuniquesignatures.Thesesignaturescanbelatercombinedwithpubliclyavailableinformationfromsuchsources 49

PAGE 50

asdirectoriesorschedulestoidentifyauserevenafteranonymization.DespitetheimportanceofprivacyissuesinWLANtraces,thereisalackofsignicantresearchinthiseld.Thepurposeofthisstudy,therefore,istoshedlightontheneedofbetteranonymizationtechniquesandidentifyarichsetofplausiblescenariosinwhichanonymitycanbecompromised.Theissuesofprivacyandanonymizationhavealwaysbeenpresentinnetworktraces.Researchershavealsofacedchallengesinanonymizingthewiredtraces[ 69 ].Recently,wirelesstraceshavealsobeencollectedandarchivedaton-linepubliclibrarieslikeCRAWDAD[ 7 ]andMobiLib[ 41 ]thatcollectivelyholdwellover50traces.Asthesearepervasivelycaptureduserinformation,severalquestionshavebeenraisedabouttheprocessofcollectingtraces[ 12 74 ].Techniquesarebeingresearchedsuchthatusersthemselvescansharestheirtraces[ 73 ].However,thepertinentquestion,whichstillremainsunansweredisthatoncetracesarecollected,howcantheybepreparedfordistributionsuchthattheyhaveagoodutility,aswellas,theydonotcompromisetheprivacyoftheusers.Oureffortsaretargetedatthisquestion,whichhasbecomeevenmorechallengingwiththeWLANtraces,asweshalldiscussinthispaper.Inthiswork,wepresentouranalysisofthecurrentlyusedanonymizationmethodsandtheirshortcomings.ThenextsectionpresentstheinformationavailableintheWLANtraces.Sec. 3.2 presentsexamplescenarioswhereidentifyingauserandmonitoringhisusagepatterncanbedetrimentaltohisprivacy.Thesecasesjustifytheneedforfail-proofanonymizing/sanitizingofWLANtraces.WediscussprevalentmethodsofanonymizingWLANtracesinSec. 3.3 ,followingwhichwediscussattackscenariosandmethods,whichcanbeusedtobreakWLANanonymization.Sec. 3.4 presentsananalysisofhowtheanonymizationcouldbebroken.Sec. 3.5 providesananalysisoftheattacksanddiscussesdifferentpossibleapproachesthatcanbeusedtopreventevasionofprivacy, 50

PAGE 51

thoughthisremainsanopenquestion.Inthelastsection,wesummarizeourndingsandpresentdirectionsforfutureresearch. 3.1InformationInWLANTracesWLANtracesarelogsofuserassociationwithwirelessAccessPoints(AP).Agenericinformationtuple,aftersomeprocessingoftherawtrace,hasMACID,Starttime,DurationandAccessPoint/Location. Table3-1. WLANtracesample:beforeandafteranonymization MACStartTimeDuration(sec)AP/Location 00:11:22:33:44:5501Jun200821:00:51GMT3000secsCS buildingAP111:22:33:44:55:6601Jun200821:01:30GMT10secsECE buildingAP201:02:03:04:05:0601Jun200822:11:00GMT200secsMSL buildingAP110:20:30:40:50:6001Jun200822:15:30GMT600secsMACA buildingAP111:22:33:44:55:6601Jun200822:23:10GMT180secsCS buildingAP3 a.Sampleun-anonymizedtracejjjjjjjjPartial&consistentNochangeNochangeLocationAnonymizationjjjj#### MACStartTimeDuration(sec)AP/Location 00:11:22:035301Jun200821:00:51GMT3000secsAcadBldg10AP111:22:33:052101Jun200821:01:30GMT10secsAcadBldg2AP201:02:03:987701Jun200822:11:00GMT200secsLibrary5AP110:20:30:326001Jun200822:15:30GMT600secsAcadBldg22AP111:22:33:052101Jun200822:23:10GMT180secsAcadBldg10AP3 b.Sampleanonymizedtrace Asnapshotfromanun-anonymizedtrace,isshowninTab. 3.1 a.Sometracesmayprovidemoreinformationsuchasusername.Forthesakeofsimplicity,wehaveconsideredthebasictuplesimilartoshowninTab. 3.1 .Usingatuplewithlessinformationmakesthebreakingofanonymityanyeasierascompromisinganonymitywithlessinformationismoredifcult. 51

PAGE 52

3.2NeedForAnonymityAlthoughtheimplicationsoflosingprivacyintherealworldarewellknown,inthissection,wediscusstheimplicationsrelatedtothelossofprivacyinWLANtraces.AsTab. 3.1 shows,MACaddressisoneoftheeldsinthetraces.Thiseldisthelink-layeraddressofthehardware/deviceusedtoaccesstheWLANnetwork.UsersgenerallydonotchangetheirMACaddressesbetweenthesessions(perhapsduetolackoftools,whichdoiteffortlesslyorduetolackofawareness)andcurrentprotocolsdonotallowausertochangehisMACaddressduringthesession.ThisimpliesthatMACaddressbecomesapermanentidentierofthemachine.Sincemostofthemachinesusingwirelessareportable,theyarelessfrequentlysharedbypeople.MACaddress,thus,becomesassociatedtothepersonandhencehis/heridentier.IfweknowMACaddressofadeviceanditsuser,thenwecansearchforthatuserintheWLANtracesandessentiallyknowtheplacesvisited.MACaddressofadevicecanbefoundbyvariousmethodssuchassnifngthewirelesschannel.Greensteinetal.[ 34 ],withthehelpofcasestudies,haveshownhowcapturingandanalyzingof802.11protocolpacketscanbeusedtoevadeuserprivacy.Thecases,whichwepresent,showsimilarthreatsasshowninthispaper[ 34 ];however,weareusingonlytheWLANtracesandarenotcouplingitwithactivelycaptureddatapackets.Inourcase,threatsbecomeevenmoreseriousbecausetheattackerneednotbepresentinthesamegeographiclocationastheattacked/victim(tracesareavailableontheInternet[ 7 41 ]).TrackingtheattackercanalsobedifcultduetothefactthatsomeoftheWLANtracesarepubliclyavailablewithlittleornosecuritychecksorlogmechanism.Belowaresomecasesthatshowpossibleattacksonuserprivacy: 1. Onecanprovesomeone'spresenceatalocationbyshowingtheassociationofhismachinewithAPlocatedinthatvicinity. 2. IfoneknowsMAC-to-namemappingofauser,he/shecantracetheuserbyndingthelocationofAPwithwhichtheuserassociates.Therefore,he/shecangetuser's 52

PAGE 53

Table3-2. Fieldspresentineachrecordofwiredtrace,basicallyaIP-Header Fields VersionHeaderLentTypeofServiceIdenticationFlagsFragmentOffsetTimetoLiveProtocolHeaderChecksumSourceAddressDestinationAddressOptionsData dailyactivitypattern/schedule(Imagineifathieveknowsexactlywhenoneisgoingtobeawayfromhouseorinwhichtimeintervalnobodyisintheofce). 3. BylookingattheMACaddressesassociatedwithaparticularAPwithwhichauserassociates,onecanmakeaguessaboutthepeopletheuserismeetingwith.IfMACaddressestonamemappingisavailableforallMACs,thiswouldbeatrivialtask. 4. Informationcanbeusedasaforensicevidenceagainsttheuser(orasanalibi).Thesescenariosshowussomeofthepossibleprivacyinfringements,iftheWLANsareavailablewithoutanonymization.Traceprovidersareawareoftheseconcernsandthereforeanonymizethetracesbeforemakingthempublic.Inthisstudy,however,weshowthattheanonymizationtechniquesusedcanbecompromisedanduserscanbeidentiedtosomeextentevenafteranonymization.Thenextsectionprovidesanin-depthdiscussionoftheanonymizationtechniquesusedinWLAN,thiswouldallowustobetterappreciatetheattackaswellasthecomplexitiesinvolvedinanonymizingthetraces. 3.3RelatedWorkThewirednetworktraceshaveexistedforsometimeandmanylibrarieshavebeencreatedforsharingthetraces[ 4 6 ].Researchershavedevelopedseveralanonymizationtechniques[ 63 69 81 ]forwirednetworktraces.SeveraltoolshavebeendevelopedsuchasTcpmkpub[ 69 ]andTcpdpriv[ 62 ].WelookedintothesetracesandtechniquestoinvestigateiftheycanbeappliedtoWLANtraces.We,however,foundthateventhoughhighlysophisticatedtechniqueshavebeenproposedtoanonymizethewiredtracestheyarenotcompletelyunbreakable[ 27 ].Inaddition,therearefundamental 53

PAGE 54

differencesbetweenWiredandWirelessLAN(WLAN)traces,whichmakesitdifculttoapplyWiredtraceanonymizationonWLANtraces.Intermsofanonymizationgoals,inwiredtraces,thegoalistopreventdiscoveryofidentitiesofnetworkresourcesandleakageofsecuritypolicies[ 69 ];however,anonymizationinWLANtraces,alsorequiresprotectionofuser'sidentity[ 34 68 ]asthenetworkresourcesarepersonaldevices.Wiredtraces(alsocallednetow)haveeldsasshowninTable 3.3 ,whichisessentiallyanIPheader(IPv4).WLANtracescanhavethisinformationalongwithotherinformationasinTable 3.1 a,whichisgeneratedbyassociationanddisassociationofthedevicewiththeaccesspoints(AP).AsthisfeatureisuniquetoWLANusage,wefacenewerchallengesinanonymization.WecanseethatcompleteWLANtrace(alongwithnetow)isasupersetofwiredtrace(onlynetow).InWLANs,generallyIPaddressareassignedusingDHCPprotocolandthesubnetvarieswithWLANaccesslocation.Thisreduceschancesofsamemachinegettingthesameaddressoneverysession,whichinwiredtracescanbeconsidered100%(assumingstaticassignmentsonly).ThismakesanonymizationofnetowinformationfromWLANtracesmuchsimplerthanwiredtraces.Wendthatinmanystudies[ 25 35 36 39 49 ]regardingWLANtraces,researchershaveonlyusedassociationtracessuchasshowninTable 3.1 .Infact,mostoftheWLANtracelibraries[ 7 41 ],donothavecomprehensivenetowtracesastheyhavetheassociationtraces.OneofthereasonisthedifferencebetweenassociationtracesovernetowdatainWLAN.Netowinformation(likeinwiredtraces)areusuallyusedtounderstandthebehavioroftheapplications[ 44 64 ],todetectanomaliesinthenetwork[ 5 82 ],networkprotocoldesigns,andnetworkplanning[ 28 75 ].Wirelesstraceshavebeenusedfornetworkplanning[ 25 35 ],understandinguserbehavior[ 25 36 49 ],DTNprotocoldesigns[ 39 ],andunderstandingsocietalinteractionwithtechnology[ 49 ].Overall,weseethateventhoughrichsetoftechniquesareavailableforwiredtraces,theirapplicabilitytoWLANtracesseemsinsufcientduetoabovereasonsand 54

PAGE 55

becauseofsimilarreasons,theattacksonWLANtraceswouldbequitedifferentthantheattacksonwiredtraces.AlthoughanonymizationisaveryimportantstepinreleasingWLANtraces,wecouldnotndanypublishedworkthatdealswiththetechniquesmostsuitableforWLAN.MostofthetechniquesusedarenotthoroughlyinvestigatedinthelightofWLANtraces.Thiswillbemoreclearinthenextsectionwherewetalkaboutthepossibleattacksanddrawbacksoftheexistingmethods.RestofthissectionexaminestheanonymizationtechniquescurrentlyusedinWLANtraceanonymization.CurrentTechniques:AnonymizationinWLANtracesisdoneoneldbyeldbasis[ 41 46 ].Eitheraeldisfullyanonymized(mappedtoarandomnumber)oronlyaportionoftheeldisanonymized.InthetraceshavingmultiplesessionsperMACaddresses,traceproviderscaneitherrandomizetheMACaddresstoauniquevalueforeachsession,orusethesameanonymizationmappingoftheMACaddressforallthesessions(consistentmapping).Thisstepdecidestheinformationandutilityofthetraces.ConsistentmappingforeachMACthroughoutthetraces,providesabilitytotrackauserthroughmultiplesessions.MajorityofthetracesavailableatMobiLib[ 41 ]andCrawdad[ 7 ]providetheconsistentmappings.SometraceslikeDartmouthtraces[ 46 ]atCrawdad[ 7 ]anonymizethelocationeldbygivingabuildinglevelgranularityoftheAP'slocationorbyanonymizingthebuildingnamewithcodenamessuchasAcadBldg10AP3[ 46 ],whichsigniesanAP(numbered3)locatedinabuildingusedforacademicpurposes.Inthiscase,allthebuildingsaregroupedintobuildingclassessuchasacadbldg,librarybldgetc.Tab. 3.1 bshowshowWLANtraceswouldlookwhenanonymizedforconsistentandpartialMACanonymizationwithreducedlocationinformation.Wewillattempttoextractprivateinformationfromtraceswhichhavebeenanonymizedusingthistechniqueasthisisusedbymanytraceproviders[ 46 ]. 55

PAGE 56

Figure3-1. Attackercapabilities 3.4AttackScenariosInthissection,wepresenttechniqueswhereuserprivacycanbetheoreticallycompromised.Fig. 3-1 showsattackercapabilitiesintermsofinformationrelatedtothetracescollectionenvironmenthecanaccess.Attackerisassumedtohaveaccesstoanonymizedtracesinallthescenarios.Inthisworkweare,however,notdealingwithallthepossiblescenariosasouraimhereistobringforththeshortcomingsofthecurrentanonymization,whichcanbeachievedevenifwecanbreaktheanonymizationforonecase.Weareconsideringtwopossibleattackscenarios:onewhereattackercaninjectdataintothetracesbyaccessingtheWLANnetwork(Sec. 3.4.1 3.4.2 and 3.4.3 )andsecondwhereattackerhasphysicalaccesstothecampusbutcannotaccesstheWLANnetwork(Sec. 3.4.4 ).IfwecanidentifyanonymizedMACaddressinthetracesforanyuser,wewillconsiderthatanonymityhasbeencompromised.Thiscanbejustiedsincethemainpurposeofanonymizationistopreventuseridenticationistopreventuseridentication.Usingthisdenitionofcompromise,wewillshowhowanattackercanidentifyhisownanonymizedMACaddressandthenhowcanheidentifyanyotheruser'sMACaddress. 56

PAGE 57

3.4.1IdentifyYourOwnMACInTraceUsingthedenitionofanonymitycompromise,evenifanattackercanidentifyhisownMACaddress,itshouldbeconsideredafailureofanonymizationtechniques.Althoughthisisnotaseriousbreachofprivacyperse,yetanattackercannowusethisinformationtondoutbuildingcodesandidentifyMACaddressesforotherusers.Stepsforobtainingone'sownMACaddressareasfollows: 1. GotoaWLANcoveredareainthecampus,atatimewhenitisnotfrequentlyvisitedandtheWLANusageisminimum(ndthispatternfromtheprevioustraces). 2. AssociatewithanAPbelongingtocampusnetwork,andmarkthestarttimeandendtime. 3. Iftherearesomepeoplearoundthearea,movetoanewlocationwhichisatleast100ftaway(beyondrangeofthepreviouswirelessAP)andrepeatStep2. 4. NowgobacktostudythetracesandndalltheMACaddresses(anonymizedthough),whichlog-inatthesametimeandlog-outatsametimeatthetwolocationsvisited. 5. IfthereareseveralMACaddresses,oneneedstorepeatthisexperimentfromStep1to4andthentakeaintersectionoftheMACs.Intheend,thereshouldbeonlyoneMACaddressleftaftertheintersection.ThiswillprovideonesMACaddress'smappinginthetraces.InSec. 3.5 ,wemathematicallyshowthateveninalargeenvironment(over500AP),atmost5iterationsofsteps1to4wouldbeenoughtoidentifyyourownMACaddress. 3.4.2IdentifyingBuildingCodesIdentifyingthebuildingcodesisusefulforndingusersataparticularlocation.TheattackerwhoknowshisanonymizedMACaddresscanvisitallthebuildingsofinterestinthecampusandmarkhisloginandlogouttimeateachbuilding.Whilelookingbackatthetracehecanreversemapallthebuildingcodestoactualbuildingcodes/namesbycorrelatingthetimingsinthenoteswiththeactualtrace. 57

PAGE 58

3.4.3IdentifyingAPersonOncewehavethebuildingcodes,onecantargetaspecicperson,followhimandmarkhisdevice'sstartorendtimes(observingopeningandclosingoflaptoplid).Filteringthetraceswiththisapproximatetiminginformationandbuildinginformation,oneshouldnotgetmanysessions.IfonedoesthenonecanrepeatthisprocessandzerodowntoasingleMACaddressbelongingtothetarget(publiclyavailableschedules,statusmessagesonsocialnetworkingwebsitescanalsobeusedtondapproximateloginandlogouttimings).TodiscovermappingoflargenumberofMACaddressestotheirrealMACaddress,onecansniffallthewirelesstrafcatalocation(AP)whosetracemappingisalreadyknown,parsingthiscaptureddataformessageswhichclearlyshowthatamachineistryingtoassociatewiththeAP[ 68 ].Inthiscase,wehavetheprecisetimeoftheuser'slog-inandalsotheMACaddresswithlocation.IdentifyinghisanonymizedMACshouldbetrivial.AndonceweknowthemappingtorealMACaddressinthetracesonecantrackthatpersonanywhereonthecampus.Usingtheabovemethods,intheory,anattackercantrackanypersonthroughoutthecampus,causingabreachofprivacy.Thismethodpresentsaseriousshortcomingtotheprevalentmethods.Itshowsapossibilityofaprivacyattackwithoutmucheffort.IfonedoesnothaveaccesstothecampusWi-Fi,onecanaskafriendoronemayusesocialnetworkingskillstoaskacompletestrangertodoit.Wealsoobservethatevenifthetraceprovidersdonotprovidetracesondailybasis,acarefulplannercanundertakeseveralsuchexperimentsandthenwaitforthetraceprovidertoreleasethetraceandperformhisattack. 3.4.4MultipleFilteringInabovedescribedmethods,theattackerhastohaveacapabilitytoinjectdataintotracescollectionsystem(shouldhaveauthorizationtoaccesstheWLAN).Inthecurrentcase,weconsideranattackerwithnoabilitytoaccess(andinjectdatainto)WLANs. 58

PAGE 59

Heislimitedtothephysicalaccesstothetracescollectionenvironment.ResearchershaveattemptedtoclassifyWLANusersbasedontheirgenders[ 49 ].Weextendthisideafurtherbygroupingusersbasedondifferentcategorieslikegender,logintime,building,andmanufacturerofthedevice.We,thenattempttoidentifyuserswhoappearundermultiplecategories(ndintersection).Inalltheseindividualcategories,thegroupsizeislarge(100).However,whenweintersectthegroups,thissizedropsrapidly.Forexample,femalestudentgoingtoLawbuildinginthemorningwithanApplecomputerresultedinasingleuser.Thisndinghasprivacyimplications.Takingtheaboveexample,justbywatchingafemalestudentgoingtoalawschoolbuildingwithanAppledeviceinhand,shouldenableaattackertogondtheanonymizedMACIDofthestudentinthetraces.Onceitisaccomplished,theattackercantracethestudent'smovementthroughoutthecampus.Thisisaseriousbreachofprivacy.Wehaveconductedanalysistoexaminehowmanyuserscanbeidentiedusingalterusinggender,studymajorandnetworkcardmanufacturer(onafeb2006tracedownloadedfromMobiLib[ 41 ]).Wefoundthatfor111differentlters(formedbydifferentcombinationsofgender,studymajorandmanufacturer),35%resultedinasingleuserand60%ofthecaseshadlessthan3users(Fig. 3-2 ).Wedidtheanalysisforthreedifferenttracesperiods(feb2006,oct2006,feb2007)andfoundsimilarresults.Wealsouseddifferentlterslikegender-major-time,andagainobtainedasimilarresult.Thismethodexposesamajorawintheanonymizationtechnique.. 3.5AnalysisandMitigationTheattacksmentionedintheprevioussectionwerefeasiblebecauseattackercouldidentifyuniqueWLANusageinthetraces.TheattackercouldidentifyMACaddressofhismachinebycreatingusagepatternsthatwereuniqueforthattracescollectionenvironment.PatternsareformedbecauseMACaddressesareconsistentlyanonymized.Therefore,consideringallthesessionsmadebyadevice(identiedby 59

PAGE 60

Figure3-2. Percentageofno.ofusersfound,when111ltersbasedongender+major+manufacturerareapplied MACaddress),onecanidentifyindividualusagesequencesfromeldsinthetracelikelocation,starttimeandduration.Forexample,auserwhostartsusingWLANeverydayaround9amiscreatingapatternwithrespecttostarttime.ThispatternmaynotbeuniqueastheremaybeseveralusersstartingWLANusagearound9am.However,onecanreducethesearchspaceormayevenmakethepatternuniquebycombininglocationanddurationpatternswithstarttime.Consideremployeesworkinginsameofcespaceandhavingsameofcehoursandworkload.Theywouldhavesimilarstarttime,locationanddurationpatterns.However,iftheofceandresidencesshareacommonWLANservice(sayCity-widewiorstudentslivingon-campus),thelocation,starttimeanddurationofWLANatresidenceswouldbecomedifferentforalltheusers(unlesseachandeveryemployeehasthesameresidenceandfollowsasimilarlifestyle!).Theargumenthereisthatuserscanhavesufcientlyuniqueusage,whichcanbeusedtoidentifythemeventhoughtracesareanonymized.Inthenexttwosub-sectionswepresentourreasoninginsupportoftheaboveargument.WedoatheoreticallyandapracticalanalysisonrealWLANtraces. 60

PAGE 61

Figure3-3. ULatn=5 3.5.1TheoreticalAnalysisMathematically,itcanbeshowthateacheldinthetracecancreateenormousamountsofpatterns.Forthesakeofsimplicity,weareonlyconsideringthepatternsgeneratedbylocationbecausesimilarequationscanbeusedforotherelds.LetULbethenumberofuniqueusagepatternspossibleusinglocationeldonly. UL(a,pu,n)=Ca(a.pu).(a.pu)nwhereaisthetotalnumberofAccessPoints/locations,puisthepercentageoftotalAccessPoints/locationsauservisits,nisthenumberofsessionsandCdenotesthecombinationfunction.Fig. 3-3 showsthedistributionofUL.ULisaproductofthenumberofwaysa.puAccesspointscanbeselectedoutoftotalaAccessPoints(Ca(a.pu))withnumberofwaysinwhicha.puAccessPointscanbeselectedinnsessions((a.pu)n).Asanexample,considerauniversitycampushavinghundredsofbuildings,sayUniversityofFlorida(UFL),whichhasover500hundredwirelessaccesspoints,sowecanhave500differentvaluesinthelocationeld.Ithasbeenshown,thatusersgenerallyuselessthat5%oftheAccessPoints90%ofthetime[ 17 36 ].Therefore,inourcase(a=500APs),weassumeeachpersonusesonly5%(=pu)ofthem(a.pu=25).Becauseinapatternnotonlyvisitingalocationbutalsotheorderofvisiting 61

PAGE 62

Table3-3. Resultofndinguserswithsimilarlocationvisitingsequenceswithvaryingdurationofthetrace Period(5Nov2007)(5to11Nov2007)(5to18Nov2007)(Nov2007)(AugtoDec2007)(Aug2007toJul2008)TotalUsers98441760222333270684776652217 100%matchscoreusers428848474969446142884880>1session147718722061192818402186>5sessions31121108131187235 90%matchscoreusers429144945300487947435486>1session148020182391234522942791>5sessions34268439548642839 80%matchscoreusers447360686924687274848954>1session166230924015433950366260>5sessions11310851777227230573930 alocationisimportant,wecanseethattotalnumberofcombinationsofAPspeoplecanchoosefromisC500251046.Assumingthattracescontainonly5sessionsperuser(n=5),thetotalnumberofpathspossibleforauser,using25APs,isequalto255=9765625106.Therefore,thetotalnumberofuniquelocationpatternpossible,ULis1046106=1052.TotalnumberofstudentsatUFL5104.So,theoreticalnumberofuniquelocationpatternperuser=201046.Eventhoughthisisaveryloseupperboundandinrealitythisnumbercanbesmaller,whatitshowsistheenormousnumberofpossibleuniquepatternsthatcanbegeneratedusingjustoneeld(location).Thisimpliesthattheoreticallyeveryusercanhaveauniquepatterninashorttime,whichcanbeusedtoidentifyhim.Thisfurtherimpliesthatsanitizationtechniquescannotworkwell,ifonlytheeldsareanonymized;oneshouldaimtoanonymizethepatterns.OneofthewaysistouseinconsistentMACanonymization,whichisextremelydetrimentaltotheutilityofthetraces,theveryreasontracesareshared.Afundamentalquestionabouttherelationshipbetweentheutilityandtheanonymization/privacyisevidenthere,whichweplantodiscussinourfutureworks. 3.5.2Practical/TraceAnalysisTocheckthevalidityofthetheoreticallylimitsdiscussedabove,wedidanexperimentonWLANtracescomingfromUFLforaperiodofoneyear.Tab. 3-3 hasthendingsforusershavingsamelocationvisitingsequence.WecalculateanddistinguishusersbasedonlocationeldusingLongestCommonSubsequencealgorithm[ 26 ].We 62

PAGE 63

Figure3-4. Resultsofthecombinationgenerationandsequencematchingforrandomlychosen230usersoutof27KusersbelongingtothemonthofNov2007.ThisgraphshowsPiandni. ndthenumberofusershavingsimilarlocationvisitingpatternwithatleastoneotheruser,consideringseveraltimeperiods(1dayto1year),listingtotalWLANusersinthatspecicperiod.Tab. 3-3 alsoshowsnumberofuserswhohadnumberofsessionsgreaterthan1and5.Resultssupportourinsightbehindthetheoreticallylimits.Wenotice,thatforaperiodofoneyear,only4880usershadasimilarlocationvisitingsequencewithoneormoreusersoutof52Kusers(9%),ifweconsider100%match.Thismeansthatalmost91%ofusershavedistinctlocationvisitingsequenceandaattackerfollowingausercanlateridentifyhim/herinthetraceswithprobabilitygreaterthat0.9.Anotherresultthatfurthersupportstheabovestatementisthatonly235users(0.45%),whohavesamelocationvisitingsequencewithotherusers,havemorethan5sessions(incaseof100%matchscore).Thisfurtherstrengthensthetheoreticallimitwediscussedearlier(tomakeitmoreinterestingwefoundthatmostoftheseusershadloggedintothesameaccesspointthroughouttheirmultiplesessions).Wealsoattempttoidentifythesourceofthesesequences,whichbecomeuniqueinashorttimespan.Wenotethatnotonlyeacheldcanbeusedtoformuniquesequencesbutseveraleldsmaybecombinedtoformuniquesequences.We 63

PAGE 64

generatevarioussequencesusingseveralcombinationsoflocationeldforauser,maintainingthetemporalorderinginthecombinations.Thishelpsustoidentifyhowmuchinformationanattackermayobtainaboutauser,eveniftheattackerfollowshimforonlyafewsessions.Becauseofthis,attackerwouldndinformationholesintheobservedsequencefortheuser.Forexample,hemaybeabletoobserveonly2nd,3rd,6th,8thand10thsessionsofauser.Weinvestigated230randomlyselectedusersfromasetof27KusersappearinginNov2007WLANtracesfromUFL.Foreachuser,wecreatedallthepossiblecombinationsofsequencesoflength5usingLocationeld,maintainingtemporalorder(earlierwesawthatuserswithnumberofsessionsgreaterthan5sessionshavehigherchancesofbeingunique).Eachcombinationrepresentsapossiblesetofsequenceanattackermaybeabletocapturebyfollowingauser,assumingattackermaynotbeabletocapturealltheusersessions.Thissimulateslosswhilecapturinguserinformation.Thenwesearchforthesesequencesintracesbelongingtoall27Kusers.LetPibethepercentageofmatchesforuseri,wherePiisdenedasPi=Mi=Cni5.HereCni5representsthetotalnumberofcombinationofsequencespossibleoflength5foruseri,niisthenumberofsessionsforuseriandMirepresentsthenumberofmatchesfoundforCni5sequencesinthetracebelongingto27Kusers.Fig. 3-4 showstheresultsforthisexperiment.Wendthatoutof230users,78hadlessthan5sessionsinthewholemonthandwerediscarded.FortherestoftheusersweplotPiindescendingorderalongwithni.Oneinterestingresultisthatevenwhenthetotalnumberofcombinationsgeneratedisveryhigh(ni=100,Cni5=75287520107)andthenumberofmatchesisverylow(Mi=81).Thisindicatesthatifthelocationinformationof5sessionsisavailableintemporalorderwithmanyintermittentlymissinglocationinformationofauser,eventhenthereisaveryhighchanceofidentifyingtheuserinthetrace.Aspertheanalysisweconducted,therecantobetwowaysofmitigatingtheattacksdiscussedintheprevioussection.Oneistomanipulatethetracesinsucha 64

PAGE 65

mannerthatnoonecanidentifyuniquepatternsandtheotheristopreventlinkingofusagepatternstousers.Boththeseabstractideascanbeappliedtothetracesindependentofeachother.Ifonecanidentifyusagepattern,butcannotassignittoaspecicuser,onecanneverbesureofidentifyingthecorrectuserorthecorrectpatternoftheuser.Ontheotherhand,ifwecanpreventlinkingofusagepatternstousers,thennomatterhowmanyuniqueusagepatternsonecanidentify,onewouldnotbeabletolinkitbacktoauser.Bothmethodsshouldindividuallyprovidesufcientprivacyfortheusers.Fortherstmethodmanytechniquesexistinliteraturesuchask-anonymity[ 76 ]orl-diversity[ 57 ].Forthesecondmethod,weneedtodevisetechniques,whichcanobscurelinkinginformation. 3.6ConclusionsandFutureWorkWehaveuncoveredaseriousprobleminthewayWLANtracesareanonymized.WebelievethatthiskindofattackispossibleasWLANtraceshavehumanbehaviorpatternembeddedinthem,whichcanbeeasilyobservedbyanattackerfollowingthevictim.Theaimofanyprivacyprotectingtechniqueshouldbetoensurethatevenifattackerhasaccesstoallthepubliclyavailableinformationaboutauseroragroupofusers(butnotthemappingbetweenanonymizedMACandrealMAC),heshouldnotbeabletoreducethesamplesizebelowanumber,sayK.ThisKshouldbeaparametercongurablebythetracereleasingauthority.Inthefuture,weplantoworkonthefeasibilityofanonymizingusingtechniqueslikeperturbationsandreleaseoftracesinmultipledifferentformatslikeonewithnolocationortimeinformation.Wewouldalsoliketoinvestigateinfurtherdetailshowtheeldslikestarttime,durationandlocationsareresponsibleforgeneratinguniquepatterns.Itmaybeduetotheatomicpropertiesoftheseeldslikeperiodicityandhistory.Wewouldliketoworkonasystem,whichcangenerateanonymizedtracesaccordingtothesecurityclearanceofthedemandinguser,thiswouldallowustoservetraceswith 65

PAGE 66

varyinganonymizationandprivacycriterionandwouldmaketracesmoreuseable.Wealsoplantoinvestigate,ifk-anonymitymodel[ 76 ]canbeappliedtoWLANtrace.FindingsinthisworkcertainlycallforanewresearchintheareaofWLANtraceanonymizationandprivacy,detailsofwhicharetobepursuedinourfuturework. 66

PAGE 67

CHAPTER4ANENCOUNTER-BASEDFRAMEWORKFORTRUSTThesuccessoffuturemobileapplicationshingesonitswideadoptionandacceptancebythemobileusersthroughincreasedinteractionandcooperation.Thesefactorsbecomeparticularlycrucialforemergingclassesofmobilenetworksthatincludepeer-to-peernetworking;suchasmobileadhoc(MANETs),sensoranddelaytolerantnetworks(DTNs).Thisstudyintroducesandinvestigatesanewmobileapplicationaimingtoimproveinteractionandcooperationbyleveragingsocialconnectionsandgainingcondenceandtrustinnewopportunisticencounters.Theestablishmentoftrustworthynetworkingisofprimeimportance,sincemostinteractionsrelyontrustestablishment.Thischallengingproblemisfurtherexacerbatedbytheuncertaintyanddynamicsinmobilenetworks.Furthermore,inMANETsandDTNscooperationandtrustworthynetworkingareimperativetotheconstructionandoperationofthenetwork,withoutwhichthesenetworkswouldfail.Severalfactorsposegreatchallengetothepracticalandeffectivestudyandestablishmentoftrustandcondence.First,conventionalreputationandcredit-basedsystemsrelyonpriorinteractiontoscoretrust.However,intheabsenceofsuchpriorinteractions(duetointroductionofnewtechnologyorpsychologicalbarrier),suchsystemsarenoteffective.Werefertothisproblemasthetrustbootstrapproblem,anditssolutionisessentialforjumpstartingtrustworthyoperation.Second,theutilityofthetrustsystemisdifculttovalidateagainstthegroundtruth.Trustisasocialtrait;itissubjectiveandcontextual.Onlythroughdeploymentandtestingcantheefcacyofsuchasystembeevaluated.Third,attackstogainunwarrantedtrustarehardertodetectduetomobility,resource-constraineddevicesorlackofinfrastructure.Asecuretrustsystemshouldbestableandresilientagainstattacks.Atthesametime,severaluniquecharacteristicsofmobilenetworksprovidenewopportunitiestotackletheabovechallenges.Theuseofshortrangeradios 67

PAGE 68

(e.g.,Bluetooth,Wi-Fi)enablesdetectionandutilizationofproximityandencounters.Encountersrepresentaninterestingprimitivethatcanbeusedtoconstructabstractionsforreasoningprobabilisticallyabouttrust,andforestablishingencounter-basedkeys[ 24 55 ]thatcanseedfuturesecurecommunications.Inaddition,theincreasedcapabilitiesofmobiledevices,intermsofcomputation,storage,communicationandsensing,canaddimportantcontextualinformationtoencounters,suchaslocations,events,andstatisticalhistory.Theprocessingofsuchinformationcouldaugmenttheusersnetworkviewandawarenesstoscoretrustworthinessofothernodesandtoestablishencounterkeysorchallenges(throughout-of-bandface-to-faceexchanges).Furthermore,thetightcouplingbetweenusersandmobiledevicesenablesnewandaccuratewaystoestablishbehavioralprolesthatcanbeusedtone-tunethetrustprocessing;e.g.,byaddingmoreweighttotrustedlocations.Itisthefusionandintegrationofthesemulti-dimensionaldata,thatprovidethepromiseinestablishingtrustworthyopportunisticnetworkinginwayswecouldnotbefore,andinwaysthatarenotpossibleinwirednetworksduetolackofconnectivityproximity.Thisstudyintroducesasystematicframeworkandnewprotocolforgatheringandprocessingtheaboveinformationtogaincondenceandtrust1.Ourprotocolisfullydistributed,self-bootstrapping,andintegratesattackresiliencemechanisms.Thecoreofourmethodutilizesatrustadviseralgorithmthatemploysasetofparameterizedtrustlters.Thetrustltersanalyzemobileencounters,proximity,location,andcontextdatainnovelways,toaugmenttheusersnetworkviewandawareness.Itsgoalistoidentifyopportunitiesoftrust(orattackprevention)basedonweightedlterscoresthatarecoupledwiththeusersinputandencounterkeystobuildatrustworthynodelist. 1Weshallusetheterm`trust'toindicatecondenceandopportunitiestoexchangeencounter-keysinmobilenetworks. 68

PAGE 69

Focusisgiventotheinvestigationoftherelationship(orlackthereof)betweenbehaviorsimilarity(i.e.,networkhomophily)andtrustworthymobilenetworking.Effectiveestablishmentoftrustworthynetworkedmobilecommunitiescanenableseveralpotentialapplications;includingmobilesocialnetworking,formationofinterestcommunitiesandsupportgroups(inhealthcare,education),localizedresponseandemergencynotication,contextawareandsimilarity-basednetworking[ 8 39 ],andwormvaccination[ 77 ].Ourprotocol'smechanisticdesignandimplementationstrivetoachievethefollowingmaindesigngoals:stability,scalability,efciency,distributedoperation,andresilience.Inaddition,carefulthoughtisgiventoutility,accuracyandsimplicityoftheapplication.Evaluationoftheproposedtrustadviserltersandappisathree-phaseprocess:i-realworldmobilenetworkstracestatisticalanalysis,ii-extensivetrace-drivensimulationoftheframeworkcomponents,andiii-prototypeimplementationandparticipatorytestingonsmartphones.First,weusewirelessnetworktracesfrom3differentmajoruniversitycampusesspanning9monthswithover70Kusersand150millionencounters.Wendthatseverallterspossessdesirablestabilitycharacteristics,andthattrustscoresingeneralformasmallworld.Resiliencetoattacks(usinganomalydetection)achieveslessthan10%falsepositivesand7%falsenegatives.Second,wemeasuretheeffectivenessofConnectEnconepidemicroutinginDTNwithselshnessusingthenewtrustroutingengine,andobtainstabletrustroutingwithoutthesacriceofnetworkperformance.Third,weconductaseriesofsurveysandparticipatoryexperimentstoevaluatetheperformanceofConnectEncagainstthegroundtruth.Wendusers'willingnesstotrustothersinamobilenetworkhasastatisticallystrongcorrelationwiththeirbehavioralsimilarity.Further,ConnectEnclterscancapture80%ofthealreadyknownuserwithintop25%oftheencounteredusers.Keycontributionsofthisworkinclude:1.introducingaframeworktoaugmentmobileuser'sperceptionandawarenessofthenetworkneighborhoodbyfusing 69

PAGE 70

multi-dimensionalencounterandcontextualdata,2.analyzingvarioustrustadviserlterswithextensivenetworktraces,3.proposeamodelforanomalyorattackerdetection,4.developingamobileapp`ConnectEnc'thatintegratestheltersandcontextualinformationtoaidusertrustclassication,and5.deployedConnectEncasproof-of-conceptandtoevaluatethesystembasedongroundtruthviaparticipatorytesting. 4.1RelatedWorkSeveralresearchershaveproposednovelapproachestoestablishtrustandcooperationinadhocandDTNsusingcreditandreputationbasedschemes,incentivebasedschemes,andgametheory.Thereputationbasedschemestargetbetterpeerselectionbasedonpreviousinteractionrecordsandtransferbyratingtrustandcooperationtonodesinamobileadhocnetwork.In[ 20 ],anodedetectsmisbehaviorlocallybyobservationanduseofsecond-handinformation.In[ 19 ],afullydistributedreputationsystemisproposedthatcancopewithfalseinformation,whereeachnodemaintainsareputationratingandatrustratingforothernodes.In[ 14 29 70 ],analysisofrewardsprovisionsandpunishmentisconductedbasedongametheoreticapproachestoprovideincentivesformessagedelivery.In[ 13 ],authorsderiveperformanceandoptimizationstatisticstomeasuresthesuccessindeliveryprobabilityforamessagecoveringbothcooperativeandnoncooperativescenarios.Thestudyin[ 67 ],analyzestheeffectofcooperationonthreedifferentroutingalgorithms.Theauthorsinvestigatetheperformanceofepidemic,two-hoprelayingandbinarysprayandwaitroutingtomodelanode'scooperationprobabilitytoeitherdroporforwardamessage.Theincentivebasedcreditschemesranktrustforneighboringnodes.In[ 22 ],authorsproposeagame-theoreticmodeltodiscourageselshbehaviorandstimulatecooperationbyleveragingNashequilibriawithsociallyoptimalbehavior.In[ 84 ],authorsproposeapricingmechanismtogivecredits 70

PAGE 71

tonodesthatparticipateinthemessageforwardingmechanism.Thecooperationisdevelopedbasedonthenumberofmessagestransferedbytheusers.Acommonthemeintheseworksistherelianceondeviceinteractiontoevolvethetrustscores.Inherently,thiscreatesanundesirablecirculardependence,whereinteractionrequirestechnologyadoption(sayofadhocnetworksorDTNs),which-inturn-requirestrust.Hence,thereisacompellingneedforabootstrapmechanismfortrust,whichwedirectlyaddressinourdesign.Furthermore,otherstudiesdonotutilizeencountercontextwhichwedofocusoninthispaper.Ourworkcontributestowardssolvingthischallengebyprovidinginputsfromuser'slocationpreferencesandcontextual(e.g.,social)behavior.ItthenusesthetrustestablishedusingiTrusttoestablishfurthertrustworthycommunicationinvarioustypesofmobilenetworks,including,butnotlimitedto,adhocnetworksandDTNs.Messagedeliverymechanismsinadhoc,sensoranddelaytolerantnetworksnecessarilyrequirenodecooperation.However,inrealityduetoselshnessorlackoftrustsomenodesmaynotcooperate.Lackofcooperation,insuchcases,maylargelydisconnectorpartitionthenetwork.Suchselshnodes(orfreeriders)[ 61 ]couldexploitnetworkservicesbutrefusetoforwardmessages.Ananalyticalmodelthatbuildstheconceptoftrustisdiscussedin[ 42 58 ].Theauthorsshowtrustsupportscooperationandisheavilybasedontheinteractionsandbondsthatgovernbehaviorinadhocandopportunisticscenarios.Otherapproachesdiscussedin[ 24 55 59 ]proposeexplicitauthenticationmechanismtogeneratetrustandcooperationinnetwork.Theseapproachesarebettermodeledforsmallgroups[ 55 ]andrequireexchangeofpublickeysandtheinstallationoftheprivatekeyontheusersdevice[ 24 ].Weshallborrowfromtheseworksfortheestablishmentofopportunisticencounterkeysinourtrustframework.Afewstudies[ 53 56 ]haveattemptedtouseencounterinformationtorouteinDTNs.Theseprotocolsseemtocontributetowardsimprovedpredictionandroutingin 71

PAGE 72

DTNs.However,therelationbetweenencountersandtrusthasnotbeeninvestigatedintermsofthegroundtruth.Thefocusofthisworkistoestablishsuchrelationshipbetweenencounterstatistics,stability,location,andcontextandtrustthroughthoroughsystematicanalysisaswellsurveysandexperimentation.Oursistherstwork,weareawareof,tocontributetothisareaofresearch. 4.2ArchitecturaloverviewInthissection,wedescribethedesigngoalsandmajorcomponentsofiTrustandtheirfunctionality.Webeginwithdesigngoals,thenpresentahighleveldiagramofthedesigninthissection.Wethenproceedtodescribeallthemodulesinthefollowingsections. 4.2.1DesignGoalsThemaindesigngoalsfortheiTrustprotocolinclude: 1. Accuracy-Therecommendationsshouldbeasclosetousersperceptionaspossible.Weachievethisbyutilizingstateofthearttrustadvisersandadaptingrecommendationsbasedontheusers'usageoftheprotocol. 2. Robustness-Thetrustrecommendationshouldbestableovertimeandinsensitivetominor,temporarychangesandnoiseinuserbehavior.Outliersandanomaliesshouldbedetectedandremoved. 3. EnergyEfciency-Mobiledevicesareenergyconstrained.iTrustshouldstrivetominimizeuseresourceofthedeviceintermsofcomputation,storageandcommunications. 4. DistributedOperation-iTrustshouldbeabletoprovideallthefunctionalitiesinadistributedfashionwithouttheneedforacentralizedinfrastructureortrustedthirdparty. 5. Privacy-Preservation-theusageoftheprotocolshouldnotaffecttheprivacyoftheuser.Alloperationsshouldbeperformedlocallyontheuser'sdevice.Informationaboutuser,ifany,shouldbesendoutofthedeviceonlyonuser'scommand. 6. Resilience-Thesystemshouldfunctionproperlyinthefaceofintrusionattacksandselshness.Weproposeananomalydetectiontechniquetoavoidintrusionattacks.Selshness,orlackofcooperation,isinvestigatedandanalyzedespeciallyinthecontextofadhocanddelaytolerantnetworking. 72

PAGE 73

Figure4-1. BlockDiagramoverviewoftheiTrustarchitecture.DottedlinesindicatemodulesneededbyiTrust.Shadedblocksindicatemodulesdiscussedinthiswork. Othergoalsinclude:theabilityoftheprotocoltoaugmentandintegratewithotherreputationandcreditbasedtrustsystems,thecapabilitytobootstraptrust(withoutrequiringdevicecooperation),andexibilitytoutilizeotheruserpreferencesandinformation(throughexternalsourcesandsocialnetworks)inthefuture. 4.2.2OverallDesignFig. 4-1 providesanarchitecturaloverviewoftheiTrustframeworkanditsinterconnectionswithrelatedsubsystems.ThemaincomponentoftheiTrustengine(shadedblocks)includes:a.trustadviserlters,b.trustrecommendationgenerator,c.weightgenerator,andd.anomalydetector.Othermodules(insidethedottedline)neededbyiTrustinclude:a.radioscanner,andb.locator.The`TrustAdviserFilter'istheblockthatgeneratestrustscoresusingafamilyoflters(describedinthenextsection).Thedifferenttrustlists(producedbydifferentlters)arefedintothe`TrustRecommendationGeneration'module.Thisblockcombinesallthetrustlterresultswiththeinputfromanomalydetection,recommendationsystem, 73

PAGE 74

reputationsystem,andblackandwhitelistsusingtheweightsgeneratedbythe`WeightGenerator'.The`WeightGenerator'usesbuilt-inweightscoresandadaptsitselfusingtheselectionsmadebytheuser.The`AnomalyDetection'providesarecommendationregardingsuspiciousencounteractivities.Thiscanalsotakeuser'sinputifneeded.The`ShortRangeRadioScanning'moduleprovidesbasicencounterinformation.Similarly,the`LocationInformation'moduleprovidesthedevice'spositioningdatato`TrustAdviserFilters'.Othermodulessuchas`Reputation'and`Recommendation'provideextrafunctionalityandwouldbebasedonalreadyexistingtechniques.Withthisconceptualunderstandingofthesystem,wenowdescribeeachofthemoduleshowninFig. 4-1 4.3TrustAdviserFiltersThetrustadviserltersconstitutetheheartofiTrust.Itsfunctionistoprovidemeaningful,stablescoresoftrustforencountereddevices.Theprimarymotivationofourworkisto:a.encourageinteractioninmobilesocietiesandadoptionofnewmobileservices(e.g.,mobilesocialnetworks)b.establishnetworkconnectivityinthecontextofadhocnetworksandDTNs.Trustcaninspirecooperationinnetworks,particularlyininfrastructure-lessnetworks.Here,trustmeansthatauser:1.iswillingtointeractthroughthenetworkwithtrustednodes,and2.InDTNs,isreadytoacceptamessageforthetrusteduserandgenuinelyattempttorouteit.Todeveloptrustbetweenapairofusers,weleverageproximityofmobileusers(whenthedevicescomewithinradiorange)andencounterinformation,locationandcontext.Severalpropertiesofnodalencounterbehaviorhavebeeninvestigatedin[ 40 ].Ourprimaryreasonsforchoosingencountersandproximityasmeasurestogeneratetrustareinspiredbytheworkonhomophily[ 60 ].Theprincipleofhomophilysuggestsastrongcorrelationbetweensimilarityofinterestandfrequencyofmeetingandinteraction.Trustingfrequentlyencountereduserswouldmeantrustingsimilarpeople(e.g.workcolleaguesorclassmates).Thistrustcanhavesocialincentivestoo. 74

PAGE 75

Second,whenusersarewithintheradiorangeofeachother(forBluetoothitis15m),theycanpotentiallyexchangeout-of-bandinformationincludingidentityinformationandcryptographickeys[ 24 ].Suchproximity-basedout-of-bandinformationexchangeisnotpossibleinwirednetworks(inherentlyrelationalgraphs,asthetwoterminalsmaybegeographicallyfarapart)butcanbeutilizedinmobilenetworks(inherentlyspatialgraphs).Thechallengeistondmethodsthatcansuccessfullydiscoverpotentialsimilaritiesbetweentheusers.WerefertothesemethodsasTrustAdviserFilters.Intheimplementation,auserwoulddecideonwhichuserstotrustandthelterswouldserveasanadviser.Thus,userswouldhavefullcontrolovertheselectionoftrustedusers.Theselterswouldactasthescoringsystemthatrecommendsuserswhoaremostsimilartotheuser.Wehaveclassiedtheltersintotwomajorcategories(AggregationandBehaviorbased)basedonthesimilaritytheymeasure.Athirdcategoryoflters(HybridFilter)combinesresultsfromthetwomaingroupoflterstoproduceatrustscore. 4.3.1AggregationBasedSimilarityTheseltersaggregatetheencounterdatausingstatisticalmethodsandprovideameasureofencounter-basedsimilarity.Wepresenttwosuchltersbasedonfrequencyanddurationofencounters. 4.3.1.1FrequencyofEncounters(FE)Oneofthebasiclterstoestimatesimilaritybetweenauser-pairisthenumberoftimestheyencounter(Anencounterisdenedastheeventwhereadeviceisinradiorangeofanotherdevicetoallowdevicediscovery).Thislterassumesthatthemoredevicesmeet,themoresimilar(andaremoretrustworthy)theyare.Onthisassumption(whichmaynotbealwaysvalid),wedesigntheFElterthatcountsthefrequencyoftheencountersoftheuserwithalltheotherusers.TogetthetrustlistfromFElterforauser,wesortalltheencounteredusersbytheirnumberofencountersandselecttopusersbasedonthetrust(T)value. 75

PAGE 76

4.3.1.2DurationofEncounters(DE)Thepercentageoftimespendbyauserwithanotheruserisanothermeasureofsimilarity.Themorethetimespenttogetherbytheusers,themoresimilar(andtrustworthy)theyarelikelytobe.OnthisbasiswedesigntheDEltertokeepcountofthedurationoftimespentbyauserwithalltheotherusers.Fromtheorderedlistofdurationofencountersfortheuser,DElterselectstoptrustedusersbasedontheTvalue. 4.3.2BehaviorBasedSimilarityBehaviorbasedsimilaritymeasuressimilaritybasedonlocationvisitationsandpreferences.Wecouplelocationinformationwithencounterstodeterminethesimilaritybetweenusers. 4.3.2.1ProleVector(PV):Tocapturebehavioralcharacteristic,wehavedesignedPVlterthatstoreslocationvisitationsofauserinasingledimensionalvector.Itisassumedforthislterthatadevicehassomelocalizationcapability,whichisquitecommonfortoday'sdevices.Eachdevicemaintainsavector.Thecolumnsofthevectorsrepresentthedifferentlocationsvisitedbyauserandthevaluesstoredineachcellindicateeitherdurationorcountofthesessionsatthatparticularlocation.Ateachlocationvisit,thevectorisupdatedwithrespecttothelocation.Togetsimilarityscore,thisvectorisexchangedwithotheruserandtheinnerproductofthetwovectorsiscomputed.ThissimilarityscoreishigherifthetwoPVsaresimilarandcanbezero,iftheusersdonothaveanyvisitedlocationincommon.Here,implicitweightisgiventolocationsbasedonthecount/durationspend.Wecanalsoprovideanoptiontotheuser,wheretheusercangiveweightstothelocationsexplicitly.However,thislterisnotprivacypreservingandcanintroduceattacksinthesystem,whereausercantamperwithitsvector,alsotherearecommunicationcosts 76

PAGE 77

Figure4-2. LocationVectorLVforauser involvedinexchangingthevectors.ThisprobleminsolvedbyLVltersatcostofhavinglesserinformationtocomputesimilarityscoreswith. 4.3.2.2LocationVector(LV):LVlterisverysimilartoPV,exceptthatausernotonlymaintainsavectorforitselfbutalsoforeachoftheencounteredusers.Thecolumnsofthevectorsrepresentthedifferentlocationsvisitedbyauserandthevaluesstoredineachcellindicateeitherduration(LV-D)orcount(LV-C)ofthesessionsatthatparticularlocation.Foreveryencounter,thevectorfortheencounteringnodeisupdatedwithrespecttotheencounterlocation.IllustrationinFig. 4-2 .Sincevectorsforalltheencounteringusersaremaintainedlocallyonthedevice,LVrequiresnoexchangeofvectorsamongusersforcalculatingsimilarity.Thisismoreprivacy-preservingandmoreresilienttoattackssinceonlyrst-handinformationisused(equivalenttowhatusermighthaveobserved).Thisprivacycomesatthecostofrequiringextrastoragespaceforstoringvectorsforeachuser.Considerablestorageoptimizationisachievedbystoring(foreachencounteringuser)onlythelocationswhereencountershappened.SimilaritycalculationsaresimilartoPV. 4.3.2.3BehaviorMatrix(BM)Thebehaviormatrixcapturesaspatio-temporalrepresentationofuserbehavior.Columnsofthebehaviormatrixdenotealocationandrowsrepresentatimeunit(herethetimeunitistakenasadayforsimplicity).Thevaluestoredateachcellisafractionoftheon-linetimespentbytheuserataparticularlocationonaparticularday(see 77

PAGE 78

Fig. 4-3 ).Eachusermaintainstheirownmatrix.Togetthesimilarityscore,userscanexchangeandcomparethetwomatrices.Tomakethebehaviorsimilaritycheckefcient(intermsofspaceandcomputationcomplexity)andprivacypreserving(asonlythesummaryofmatrixisexchanged),weusetheeigenvaluesofthebehaviormatrixforexchangebetweenthetwousers.TheeigenvaluesaregeneratedusingSVD(SingularValueDecomposition).SVDisappliedtoabehaviormatrixM,suchthat: M=UVT,(4)whereasetofeigen-behaviorvectors,v1,v2,...,vrank(M)thatsummarizetheimportanttrendsintheoriginalmatrixMcanbeobtainedfrommatrixV,withtheircorrespondingweights,wv1,wv2,...,wvrank(V)calculatedfromtheeigen-valuesinthematrix.Thissetofvectorsisreferredtoasthebehavioralproleoftheparticularuser,denotedasBP(M),astheysummarizetheimportanttrendsinuserM'sbehavioralpattern.Thebehavioralsimilaritymetricbetweentwousers'associationmatricesAandBisdenedbasedontheirbehavioralproles,vectorsai'sandbj'sandthecorrespondingweights,asfollows: Sim(BP(A),BP(B))=rank(A)Xi=1rank(B)Xj=1waiwbjjaibjj(4)whichisessentiallytheweightedcosineinnerproductbetweenthetwosetsofeigen-behaviorvectors. 4.3.3HybridFilter(HF)Eachlterprovidesadifferentperspectiveonanencounterorbehavioralaspect.Thehybridlterprovidesasystematicandexiblemechanismtocombinethescoresfromallltersandpresentauniedscoretotheusers.Theselectionofweightsforvariouslterswoulddependonseveralfactorsincludinguser'spreferenceandfeedback(checkSec. 4.6.1 )andapplicationrequirements.AgenericHybridFilterscore(H)fora 78

PAGE 79

Figure4-3. BehaviorMatrixforauser userUjcanbegeneratedbyusingthefollowing: H(Uj)=nXiiFi(Uj)(4)whereFi(Uj)isthenormalizedscoreforuserUjaccordingtolteri.TheiistheweightgiventolterscoreFiandnisthetotalnumberofltersused.WeselectisuchthatPi=1,and0i1.Notethatourdesign(Fig. 4-1 )providesfeedbacktothesystembasedonuserselections.Thisfeedbackcanbeusedtomaketheweightsadaptive.Decayoflterscores:Socialsciencestudieshaveshownthatsocialrelationshiparedynamicandrequirefrequentinteractionstopreventdecay.Thestrengthofrelationshipwaneswiththeincreaseintimebetweeninteractions.Thisdecayfollowsaexponentialdecaypatternwithhalftimedependentontherelationshiptype[ 21 ](3.5yearsforfamily,6monthsforcolleagues).CongurabledecaywasintegratedinourConnectEncappwithdefaulthalftimesetto6months. 79

PAGE 80

Table4-1. OverheadofFiltersintermsofprocessingandstorage.Heremisthetotalno.ofrecordsintheencounterle,nistheno.ofuniqueencountereduser,lisno.oflocationsvisiteddrepresentstheno.ofdaysusedforBMcalculations.Wealsoassumethatm>>n. FilterProcessingOverheadStorageOverhead FEO(m)O(n)DEO(m)O(n)PVO(m)O(l)LVO(m)O(nl)BMO(m)O(ld2)forSVDHFO(n)O(n) 4.4AnomalyDetectionIncorporatingresiliencetoattacksisaprimaryrequirementforourdesign.Here,theattackonthetrustsystemincludesanattemptbyanuntrusteduser(e.g.astranger)togaintrustofthesysteminarelativelyshorttimebyinjectingmanyencounterevents(e.g.viastalking).Agrowthoftrustscoresinthisfashioncanbeconsideredananomaly,andaspecializedanomalydetectionsystemisneededtocombatsuchattacks.SinceiTrustscoresindividualencounterednodes,atpresentweconsidersingleattackerscenarios.Anattackerwouldwanttogetontothetrustedlistassoonaspossibletohavehigheffectsforlimitedeffort.Thegoalofthetrustsystemdesignwouldthenbetoconsiderablyraisethelevelofeffortneededforasuccessfulattack,tobenolessthangenuinetrustednodesandfriends,whichmayentailweeksofconsistentencountersattrustedlocationsbytheattacker.Thespatio-temporalgranularityusedinouradviserltersdeterminessuchattackeffortandprovidesuswiththeanomalyweaimtodetect.Notethatinourimplementation,ausercanopttoapproveorremoveanytrustednodebeforebeingaddedtothetrustedlist.Theroleofanomalydetectionwouldthenbetoraisearedagwhenanattackissuspected.Ouranomalydetectionapproachinvestigatestheevolutionofencounterpatternsandtrustsovertime,anddoesnotrequireinformationexchangebetweennodes. 80

PAGE 81

Normaloperationisobservedwhereregularusersareencounteredovertime.Theanomalydetectionmechanismconsiderstheslopeofthegrowthofencounterstatistics(includingfrequency,durationorbehavioralsimilarityasdenedbythetrustadviserlters).Thedetectionsystemlearnsnormalbehaviorovertime,andincorporatesdeviationsfromthenormaltodetectsuspectnodesandtriggeruseralerts.Admittedly,thisapproachhaspromisewhentheuser'sbehaviorisconsiderednormal.Insituationswhereencounterpatternsuctuateconsiderably(e.g.,duringirregularevents,tripsorcitychange),are-evaluationofthisapproachiswarranted(partoffuturework). 4.4.1DetectionModelForattackerdetection,weintegratescoresfromvariouslterswithlocationinformationasavailable.Forexample,usingFE,theslopeandstandarddeviationofgrowthoftrustscoreperusercanbeusedtoidentifyoutliers,markingthemasattackers.IfweconsidertheLVlter,attackerscanbeidentiedbycomparingthedifferencesinscoresbasedonlocations(usersencounteredatmorelocationsthanothers).Here,weuseFElterasanexampletodesigntheanomalydetectionsystem.Forauser,wedeneafunction,FE(i,T)thatyieldstheFEscoreforencountereduseriaftertimeT.Sincewearecalculatingslopeoftrustscoregrowthovertime,timeintervalneedstobedenedintwowaysandthereforeslopewillbedenedintwoways.Timeintervalcaneitherbetotalnumberofdayssincetherstencounteroritcanbethesumofnumberofdayswhenencounterhappened.Thesetwomethodsarenecessarytoensurethatanattackerwhowaitsforalongdurationafteraninitialencounterwiththeusertohavemultipleencountersinashorttimedoesnotgoundetectedbecauseofaslowgrowthslope.Twoslopesarecalled1and2: 1i(T)=FE(i,T) C1(i,T)(4) 81

PAGE 82

2i(T)=FE(i,T) C2(i,T)(4)where,functionC2(i,T)givesthenumberofdayssincetherstencounterwithuseriandC1(i,T)givesthesumofnumberofdayswhenencounterhappenedwithuseri.Todetectattackerfromotherusers,weproposetoselectneighborsofuseriintermsofnumberofencounterswiththeuser,creatingasetSi,T.Here,Si,Tisasetofallusersk(0
PAGE 83

scoresimilartotheuserbeingevaluated(neighborsizecontrolledbyx)andiftheslope(bothmeasures)oftheuserisdifferentthanthatoftheneighbors,theuserissuspectedtobeanattackerandaggedforevaluation. 4.4.2AttackerModelEvaluatingtheanomalydetectionsystemdesignedinSec. 4.4 ischallengingaswedonotknowhowtomodelattackers.Weassumethatbeforethisserviceisavailableforgeneraluse,thiskindofattackwouldnothappen.Sothetraceswehavewillnothaveanypatternsbelongingtotheattackerwehavediscussedhere.Thismakesdetectionandvalidationsdifcult.Todealwiththischallenge,wepresenthereanattackermodelcreatedsoastobeattheanomalydetectionweearlierdesigned(itisjustoneofthepossiblemodelsforattackers).Wehavecreatedaparametrizedmodelfortheattacker,basedonnumberofencounter,Maxdaysavailableandperiodicityofencounters.Numberofencounter,isthenumberofencountersanattackerwillhave.Inthesimulationthisnumberiskeptclosetotheminimumnumberofencountersneededtoovercomethetrustthreshold.Maxdaysprovidesthelengthofperiodinwhichattackercanhaveencounters.Period-icityofencounterprovidesthepatternofencounterinformation.Theattackerfollowsaperiodicencounterpatternasithasbeenshownbystudies(citesungwookglobecom)thatusersshowperiodicencounterbehavior(suchasweeklypattern).However,theperiodmayvaryfromusertouser.Theattackerwouldliketofollowthepatterndisplayedbyotherencounterssoastoreducesuspicion.(Eventhough,inreality,attackermayonlyguessandnotaccuratelygettheperiodicityinformation).Inourworkhere,wehaveconsideredtimegranularityofdaysi.e.weconsidercumulativeencountersonperdaybasis.Itisalsopossibletotakeseconds,minutes,hour,orweekbasedtimegranularity.Theeffectsofchangingtimegranularityarenotdiscussedinthisworkandareleftasthefuturework. 83

PAGE 84

Usingtheperiodicityinformation,wecanidentifythedaysduringwhichattackerhasencounters(restrictedbyMaxdays).Thenwedistributethesessionsequallytoeachdayofencounters.InoursimulationswevaryMaxdaysfrom1to30(thetraceweconsiderforanomalydetectionis30dayslong).ForeachvalueofMaxdays,wecomputetheattackerpattern(AP).ThisAPistheninjectedbackintothetracesandanomalydetectorisrunontheentiretracestodetectit.TheAlgorithm 1 describesthemodelusedfortheattacker. Input: timeperiodallowedforattack(MaxDay),averagedays(AvgDay),NumberofEncounter(NumEnct) Output: AttackerPattern(AP[])fori 0toMaxDaydo AP[i] 0endEncDay NumEnct/(AvgDayMaxDay?AvgDay:MaxDay);period ceil(MaxDay/(AvgDayMaxDay?AvgDay:MaxDay)-0.5);left 0fori 0toMaxDay,Steps=perioddo ifAvgDay==0then Break;endAP[j] =EncDay;left left+EncDay;AvgDay AvgDay-1;endleft NumEnct-left;j 0;whileleft!=0do ap[j] ap[j]+1;left left-1;j j+period;ifjMaxDaythen j 0;endforj 1toMaxDaydo ap[j] ap[j]+ap[j-1];endend Algorithm1:AlgorithmofAttackermodelforAnomalydetection 84

PAGE 85

Figure4-4. ThegrowthoftrustscoreusingFElterforaspecicuser.Eachlinecorrespondstoanencounterduser. Figure4-5. ThegrowthoftrustscoreusingFElterusingtheattackermodel.Eachlinecorrespondstoaninstanceofattackergeneratedbythemodel. 85

PAGE 86

Fig. 4-4 showsasampletrustscoregrowthusingFElter.Wecanobservehowtrustscoreforencounteredusersprogressesforauser.Wenoticethataroundday13,17,23,25mostofscorecurveisslantedanditsinthesedayswherescoreincreases.Thescorechange(orencounters)doesnothappeneveryday,insteadithappensoncertaindaysanditisbroadlyperiodic.Thisperiodicpropertyiscapturedinourattackermodeltoo.Fig. 4-5 showsmultipleattackerencounterpatternsspecictargetedforaspecicuser.Thecurvesaresimilartothepreviousgures,howevermoredense(becausenumberofpatternsherearemuchmorethanFig. 4-4 )andscorebuildingstartsearly(Thisshouldnotmakealotdifferenceasinslopecalculations2weonlyconsiderexactdaysofencounter,sototallengthofperiodwillnothaveanyeffect). 4.5TraceBasedEvaluationandAnalysisInthissection,weevaluatethedesignofiTrustltersincludinganomalydetectionandanalyzetheeffectsofrecommendationsonDTNroutingwithselshnodes.SincemuchofthefollowinganalysisuseWLANtraces,webeginwithdescribingthetracesusedandthenproceedtotheevaluation. 4.5.1TracesToevaluateourdesign,weconsideranonymziedtracesetsfromthreeuniversities(seeTab. 4.5.1 formoredetails;theinformationprovidedinthetracesisanonymized).Tab. 3.1 showsasampletraceusedinthiswork.TheadvantageofusingWLANtracesisthattheyaremuchclosertorealityintermsofusermobilitythantheexistingsyntheticmobilitymodels.However,thesetraces,muchlikeotherrealtraces,havesmallpercentageofnoiseanderror.Weassumethatusersassociatingtosamewirelessaccesspointencountereachotherastherangeofanaccesspointisgenerallylessthan50metersinanindoorenvironmentandmostofthetracesarefromindoorusage.Also,sinceonlyafewusersmaychange/modifytheMACaddressoftheirdevices,weassumethataMACaddressuniquelyidentiesadeviceandisalwaysassociatedtoasingleuser.Therecouldbeafewuserswhosharethedevices. 86

PAGE 87

Table4-2. Factsaboutstudiedtraces TraceSourceU1USC[ 41 ]Dartmouth[ 7 ] Time/durationoftraceFall2007Spring2007Fall2005Start/Endtime09/01/07-11/30/0701/01/07-03/30/0709/01/05-11/30/05UniqueLocations845APs137buildings133APsUniqueMACsanalyzed34694320844906 A.FrequencyofEncounter(FE) B.DurationofEncounter(DE) C.LocationVectorusing(LV)]TJ /F6 7.97 Tf 8.47 0 Td[(D) D.BehaviorMatrix(BM)Figure4-6. SimilarityscoreforvariouslterforalltheencounteredpairsofusersinNov2007fromU1trace 87

PAGE 88

A.U1 B.Dartmouth C.USCFigure4-7. CorrelationbetweenthetrustedlistsproducedbyvariousltersatT=40% 4.5.2FilterEvaluationsUsingthetraces,fourpropertiesoftheltersareinvestigated:1.Abilityoflterstodistinguishbetweendifferentencounters(statisticalcharacterization),2.Correlationamonglterresults,3.Stabilityovertime,and4.Smallworldcharacteristics.Thentheresultsfromanomalydetectionarediscussed.Togeneratethetrustscoresfromvariouslters,WLANtraceisconvertedtoencountertraceforeachuserbydeterminingandstoringalltheotheruserswhohadoverlappingsessionswiththisuseratthesameaccesspoints(location).Filterstake 88

PAGE 89

A.DurationofEncounter(DE) B.FrequencyofEncounter(FE) C.LocationVector-Count(LV)]TJ /F22 9.963 Tf 9.96 0 Td[(C) D.LocationVector-Duration(LV)]TJ /F22 9.963 Tf 9.96 0 Td[(D) E.BehaviorMatrix(BM)Figure4-8. ComparisonoftrustlistbelongingtodifferenthistoryforvariousltersatT=40%(notethatthey-axisscaleforDE,FE,andLV)]TJ /F4 11.955 Tf 11.96 0 Td[(Cstartsat85%andforLV)]TJ /F4 11.955 Tf 11.95 0 Td[(DandBMthescalestartsat35%) 89

PAGE 90

encountertraceasaninputandproducearankedlistbasedonthesimilaritymeasureusedbythatlter.Foranalysis,wepicktopT%usersfromtheserankedlist. 4.5.2.1StatisticalCharacterizationTheproposedltersarejustiedifthescoresgeneratedforencounteredusersallowustodiscernthem.Inthissection,weconsideronemonthlongWLANtracefromU1(othertraceshavesimilarcharacteristics)andpresentthedistributionoftrustscoresforalllters,foralltheencounteredpairs(seeFig. 4-6 ,LV-C'scharacteristicaresimilartoLV-D).WenoticethatforFElter,3,000usershaveover1,000encounterseachinamonthandmorethan15,000users(over2/3ofthepopulation)haveover100encounters.Similarly,forDElter,averageencounterdurationformorethan20,000usersisover1,000seconds.ResultsfromLV-Dltershowthatlargenumberofuserpairshavelowscore(closetozero),whichmaymeanthatmostoftheusersarenotsimilartoeachotherandweseethatonlyafewuserpairshaveahighsimilarityscore.BMlterscore,likeLV,isclosetozeroformostoftheuserpairsandishighforafewuserpairs.Theseresultsjustifyourchoiceofltersfordistinguishingencounteredusers. 4.5.2.2CorrelationWeexaminethedegreeofsimilarity(correlation)amongtrustlistsfromdifferentlters.Whilehighsimilarityindicatesredundancyofthelters,lowsimilarityimpliesorthogonalityofthetrustrecommendations.Forthisinvestigation,wehaveconsidered9weeklongtracesandcreatedtrustlistatT=40%forvaryinglength(at1weekinterval)ofencounterhistory(resultsforotherTvaluesshowsimilartrend).AsFig. 4-7 shows,thetrendsaresimilaracrossthetraces.LV)]TJ /F4 11.955 Tf 11.57 0 Td[(DandLV)]TJ /F4 11.955 Tf 11.57 0 Td[(Clterresultsshow70%similarityastheliststabilizearound9weeksofhistory.FEv.s.DEstabilizearound60%to70%.Restoftheltersstabilizebetween55%to30%,meaningtheyproducedifferentsetsoftrustlist.Thelowsimilarityindicatesthatltersarenotredundantandcanbeusedtogeneraterichsetofrecommendations. 90

PAGE 91

4.5.2.3StabilityFluctuationsintrustrecommendationsovertimecouldconfuseusers.Therefore,itisimperativetoexaminestabilityinthetrustrecommendationovertime.WeinvestigatethestabilityoftrustlistsatT=40%using9weeksofU1traces(otherTvaluesandtracesshowsimilartrend).Trustlistcomparisonfrommultiplelengthoftracesisusedtoexaminestability.Morethan90%similarityisfoundbetween1and9weekstraceforDE,FEandLV-Clters(seeFig. 4-8 ),implyingthatusersselectedin1stweekofencountercontinuedtobeinthetrustlistof9weeklongencounterhistory.BMltershowshighstabilitywhenthedifferenceinhistoryislessthan2weeks(80%)andfallsto55%for1weekand9weeks.TheLV-Dltershowssimilarityofabout40%betweenanylist,implyingthateveryweekthelistchangesby60%.Thisindicatesthatusersmayencounterregularly(bystabilityinLV-C)butmayspenddifferentamountoftimeencounteringovertheweeks.Overall,wenotethatsomelters(DE,FE,andLV-C)stabilizeinjust1weekofhistory,whichmakesthemsuitableforrecommendationswhentrusthistoryisshort.Thetimeintervalbetweenthetrustlistregenerationcanalsobelong(reducingprocessingrequirements).AsthestabilityofLV-Dlteriscomparativelylow,wemayneedtoredothetrustlistweekly. 4.5.2.4GraphAnalysisWeanalyzedtheeffectoftrustonthenetworkgraphandcompareditwiththeregularandrandomgraphswhileincreasingtrust(T)(usingDElter,otherltersshowsimilarresults).Anedgeisaddedbetweenapairofnodesonlywhenatleastoneofthemtrustseachother(un-directedgraph).Wenotethatclusteringcoefcient(CC)[ 11 ]ofthenetworkincreaseswithT%andthepathlength(PL)decreaseswithincreaseinT%.Fore.gusing9weekU1trace,CCis0.171atT=10%andbecomes0.201atT=100%.However,inthesamescenarioPathLengthdecreasesfrom3.64to2.59.Morethan99%ofthenodeswereconnectedevenatT=10%. 91

PAGE 92

A.UF B.Dartmouth C.USCFigure4-9. NormalizedClusteringCoefcientandNormalizedPathLength Asmallworldanalysisisperformedasdescribedin[ 11 ].WendthatnormalizedCC(NCC)isclosetoCCofregulargraphandthenormalizedPL(NPL)isclosetoPLoftherandomgraph(Fig. 4-9 showsNCCandNPLfordifferentlengthsoftracesandvaluesofT).Itappearsthatnetworkcreatedbytrustlisttobeasmallworldnetwork. 4.5.2.5AnomalyDetectionHereweanalyzetheeffectivenessoftheanomalydetectionsystemweproposed.EvaluatingtheanomalydetectionsystemdesignedinSec. 4.4 ischallenging.SinceiTrustserviceisstillnotavailable,noattackpatternsormodelsexist.Therefore,toevaluateouranomalydetectionsystem,wehavecreatedanattackermodel(itisjustoneofthepossiblemodelsforattackers).Tomimicusers'encounterpatternsthatareperiodicwheretheperiodisdeterminedbyindividualuserbehavior,wekeptattacker'sencountersperiodic.Thisperiodisobtainedfromthevictim'sencounterpattern(soattackercanavoidobvioussuspicion). 92

PAGE 93

Thenumberofencountersneededtogetintoavictim'strustlistisalsoknown.Theonlytunableparameteristhenumberofdaysinwhichattackerwantstoachievetherequiredencounterscore(detailedalgorithmishere[ 1 ]).Toevaluate,wevariedthenumberofdaysfrom1to30(thetraceisfromU1and30dayslong).Fortyuserswereanalyzed(20usershavemaximumnumberofencountersand20haveaveragenumberofencountersinthe30daystrace).Tovalidateourmodelanddetectionschemewechoosefalsepositivesandfalsenegativesasmetrics.Thepercentageofregularusersidentiedasattackerclassifyasfalsepositivewhereaspercentageoffailurestoidentifyattackersclassifyasfalsenegatives.AsTab. 4.5.2.5 shows,thepercentageoffalsepositivedecreasesasweincreasethesizeofsetSi,Tandpercentageoffalsenegativeincreasesasweincreasethefactorforstandarddeviation(FElterscoreswhereused).Wenoticethatbestdetectionoccursat=1andneighborhoodsize(orjSi,Tj)=10.Theseresultsarepromising,yetwarrantfurtheranalysistooptimizeandcreateabetterattackermodelanddetectionsystem(outsidethescopeofthisstudy).However,theresultsshowthatiTrustcanworkwithanomalydetectionandcanagsuspectedusers. Table4-3. Falsepositivesandnegativeswhileusingtheproposedanomalydetection(inpercentage) jSi,TjFalse+veFalse-ve 1510.038.301108.156.271159.736.44253.8020.112102.7719.972152.1619.38353.1848.273101.1244.243150.9842.04 4.5.3Selshness&TrustRoutinginDTNDTNsasoneofthenetworkscenarioswhereiTrustcanwork.DTNsareinfrastructurelessnetworksthatworkonthecooperationofthenodes.Sincenodesspendtheir 93

PAGE 94

resourcesinroutingmessages,thenodesmayonlyroutemessagesfornodestheyknoworwhentheyhavesomeincentives.Inthesescenarios(wherenodesareselsh),wendthatusingiTrustimprovesthenetworkconnectivityandroutingperformance.ToexaminetheeffectivenessofiTrust,weintroduceselshnessanduseepidemicrouting[ 79 ]asatooltostudyperformanceofaroutingprotocolovertheWLANtraces.Theselshnessisdenedastheprobability(S)thatanodewillnotacceptandroutepacketsforanodeitdoesnottrust.Epidemicroutingperformsacontrolledoodingandhasbeenprovedtoprovidelowerboundaryinperformanceintermsofhopsandtimeneeded.Epidemicroutingalsoprovidestheupperboundonreachability.Thesepropertiesmakeitanappropriatetoolforthepurposeofourevaluations.Fig. 4-10 showstheowchartforiTrustroutinginsideeachnode.Whenanodereceivesamessagefromatrustedsender,itacceptsthepacketandattemptstorouteit.Otherwise,thenodeacceptsthepacketbasedonfactorssuchasuser-conguredselshness.Forourpurpose,wehaveconsideredtheacceptanceofpacketsfromuntrustednodebasedontheselshnessprobability(S).Forthepurposeofsimulation,nodesaretrusted(asrecommendedbyiTrust)basedontheTvalues.Theperformanceofepidemicroutingismeasuredusingthreemetrics:Unreachability,Delay,andOverhead.WedeneUnreachabilityasthenumberofnodesoutofallreceiversthatcouldnotbereachedbyagivensource.Delayisdenedastheratioofaveragetimetakenbyamessagetoreachallthepossiblereceiversoverthemaxpossibledelay.Finally,Overheadistheaveragenumberofhopsamessagetooktoreachallthepossiblereceiversusingtheshortestpath.Sinceoverheadanddelaywereseentovarydirectlywithunreachability,wehavenotshownoverheadanddelayresults(theyareavailablehere[ 1 ]).Fig. 4-11 showstheaverageunreachabilityforvariouscombinationsoftrustandselshnessusingtheDElter(resultsfromotherltersshowsimilartrend).Usingrst60daysoftraces,wecreatepreliminarytrustlistsafterwhichwerunepidemicrouting 94

PAGE 95

Figure4-10. FlowchartforiTrustrouting foraperiodofnext30days.Trustlistsareupdatedweeklyduringtherunofepidemicrouting(tomimicamobiledeviceascomputingtrustlistaftereveryencounterordailywouldberesourceintensiveforthedevice).Around800nodesarerandomlyselectedassourcesfortheepidemicrouting.Duringaround,onlyonenodesendsamessage,andwemeasuretheunreachabilityofthemessageforthatnode.Eachpointonthegraphrepresentstheaverageunreachabilityfor800rounds(oneforeachsender).Intuitively,selshnessshouldcrippletheconnectivityinthenetwork.Fig. 4-11 showsthatthenetworkunreachabilityincreasesasSincreases(andT=0).Tothebenetofourscheme,wendthatastrustisintroducedinthenetwork,theeffectofselshnessisreduced.HereweusetrustlistfromDElter(otherltersshowsimilartrend).ForU1,whenT=0%andS=0.9,unreachabilityincreasesby83%fromthecasewhenS=0.However,addingTrustT=40%(S=0.8)increasesunreachabilitytoonly31%fromthecasewhenS=0.Likewise,forDartmouth,whenT=0andS=0.9,unreachabilityincreasesby40%fromthecasewhenS=0.However,addingtrustT=40%(S=0.9)increasesunreachabilitytoonly10%fromthecasewhenS=0.ForUSC,T=0andS=0.9increasesunreachabilityby1.7%ofthecasewhenS=0.However,addingtrustT=40%(S=0.9)bringsunreachabilitytoonly0.48%fromthecasewhenS=0.Theeffectoftrustishigherwhenselshnessishigh,whichmakesiTrustmoresuitableinnetworkswithhighselshness.TheeffectoftrustisnotsignicantinUSCtraces,whichcouldbearesultofhighunreachabilityinthenetwork 95

PAGE 96

evenatS=0(5timesofU1orDartmouth).Also,addingselshnessdoesnotincreasetheunreachabilitysignicantlyforUSC.WenowshowthecomparisonbetweentheperformanceoftheltersandafewpossibleHybridFilters(Sec. 4.3.3 ).Forthispurpose,weusetheU1traces(asthetrendsfromothertracesaresimilar)andvarytheweightsfrom0to2(seeFig. 4-12 ).ThehighestunreachabilityisproducedbyusingonlytheBMlterscoreandthelowestbyusingtheFElter.ThecombinationofltersatequalweightshasunreachabilityclosetoFElterandisbetterthaneitherBMorFE.Thisanalysisgivesustwoimportantresults.First,thatcombinationoflterscorescanproducebetterresults(analsoavoidsuserconfusion)thanusingindividualltersandsecond,thatbydefaultcongurationiTrustcanuseequalweightsforcombiningthelterscores. 4.6SurveyandImplementationBasedValidationTovalidatetheapproachofiTrustwiththegroundtruth,wehaveemployedsurveysanduserfeedbackfromiTrustapplication. 4.6.1SurveyToinvestigatethetrustneedsofusersandtheimportancetheygivetotrust,weconductedasurveyatamajorcomputernetworkconference.Evenwhenthisisabiasedsampleofsurveytakers,thispopulationhasgoodunderstandingofcomputernetworks.Wereceived32usableresponses.Participantswereaskedtoindicatetheirwillingnesstocommunicate(usingadhocorDTNs)underdifferentscenariosonascaleof1to10.AsFig. 4-13 shows,willingnessoftheuserstocooperatewithunknownuserislow(meanis2.31).However,willingnessincreaseswhenusershaveknowledgeabouttheencounterhistory.ThisreinforcestheapproachofiTrustofusingencounterstobuildtrustinthenetwork.Wealsoobservethatusersgivemoreimportancetocombinedscores(FEandDEscorearehigh)thanindividualscores(FEishighorDEishigh).ThisjustiesiTrust'suseofHybridFilterforcombiningtrustrecommendations. 96

PAGE 97

A.U1 B.Dartmouth C.USCFigure4-11. AverageunreachabilitywithvaryingTrustandSelshnessusingDElter 97

PAGE 98

Figure4-12. HybridlterresultswhenT=40%.Numberonthelegendindicatedtheratioofscorefromeachlter.Fore.g.1211impliesDE=0.2,FE=0.4,LV)]TJ /F6 7.97 Tf 6.59 0 Td[(D=0.2,andBM=0.2and0100impliesDE=0,FE=1,LV)]TJ /F6 7.97 Tf 6.59 0 Td[(D=0,andBM=0(Sec. 4.3.3 ) Figure4-13. SurveyResultsshowinguser'spropensitytocommunicatewithotherusersinvariouscommunicationscenarios Standarddeviationsinresultssuggestthatalthoughmostuserswantinformationaboutencounteredusersbeforecooperating,theindividualimportanceoftheltersmayvary.ThisexibilityismadeavailableiniTrust'sHybridFilterbyassigningweightsaccordingtouser'spreference. 98

PAGE 99

Figure4-14. IllustrationofiTrust'scomponentandtheirinteractions 4.6.2iTrustApplicationToshowtheviabilityofiTrustandtovalidateourdesignwithuserstudies,wehaveimplementedmostofthecorefeaturesofiTrustformobileplatform.Currently,iTrustisavailableforAndroidplatformandLinuxbasedNokiaTabletN810.ItprovidestheabilitytorateencounterusersbasedonFE,DE,LVandHybridlters.EncountereduserscanbesortedbyanylterandweightsfortheHybridltersareusercongurable.Ifsomeoftheencounteredusersarecurrentlydiscoverable,theirlistingwouldhaveagreencircularmarkasshowninFig. 4-15A. .TheapplicationprovidesinbuiltfacilitiesforscanningBluetoothdevicesandWirelessAccessPoints(forlocalizationasGPSisenergy-wiseexpensive.UsercanselectGPS,ifneeded).Onselectingaparticularuser,encounterdetails(Fig. 4-15B. arepresentedandclickingonthemapoptiononecanseeencounterlocationsonmap(Fig. 4-15C. ).Encounteringdevicescanberatedfortrustbytheuseronthescalefrom-2(noTrust)to2(highTrust).Thisallowsuserstostoretheirevaluationsforencounterdevicesandcanbealsousedbyotherapplicationsontheuser'sdevice. 99

PAGE 100

ApplicationblockdiagramisshowninFig. 4-14 .Thearrowsinthediagramrepresenthowtheencounterdataowsintheapplication.ThebasicblocksofiTrustareBluetoothandWi-FiScanning.BluetoothscanningisusedtodiscoverandrecordBluetoothdevicesandWi-Fiscanningisusedtoobtainlocalizationinformation.Tracesfromboththescannersarethenparsedandgivingtothelters.Encountersarethenratedandrankedbyltersandbasedontheweightsforthehybridlter,acombinescoreisalsogenerateandsaved.UsercanalsochoosetoupdatelocationswhichentailsgoingtothirdpartyserversuchasGoogleandSkyhooktogetlocationdatabasedontheWi-FiAPdata(userscanalsoswitchtomorepowerhungryGPSforlocalization).Thisallowsuserstovisualizeencountersonamap.Intheapplication,wehavealsoaddedanoptionaldiscoveryservicethatcanshowmoreinformationabouttheencounteringusersuchasname,email,socialprolelinkandpersonalwebpage.Thisservicecanallowuserstoweedoutpotentiallyuninteresting/unsuitableencounteringusersbeforeinitiatingcontactandkeyexchanges.TheFig. 4-15D. showshowausercanregisterthedeviceandprovideinformationabouthim/herselfsothatotherencounteringuserscanndmoreaboutthisuser.Whenprivacyoptionisselected,theinformationisonlysharedtoauserwhenapprovedbythisuser.Forlookingupinformationfromthisregistry,usershavetoclickatthenameoftheencountereddeviceonthescreenshowingencounterdetails. 4.6.2.1ApplicationEvaluation:Weaskedagroupof30students(gradandundergrad)fromCSmajortoruniTrustappforamonth.Usersalreadyowningandroidphone,raniTrustontheirphones,restweregivenNokiaN810devices.Userswereaskedtomarkdevicestheytrustintheapplication.Finally,outofthe30studentswereceivedusabletraces(atleastonemonthlong)from22users.Onaverage,numberoftrustedusermarkedbyeachuseris15andnumberofuniquedevicesencounteredperuseris175.Weusethisdatatoinvestigateifbehavioralsimilarityascapturedbythetrustltersiscorrelatedtotrusteduser 100

PAGE 101

A. B. C. D. E. F. G. H.Figure4-15. ScreenshotsofiTrustapplication.Fig.Ashowsthemainscreenwhereencounterusersaresortedbythelterscore.CurrentencountersmarkedwithGreencircles.TrustedusersareshowninBluecolor.Fig.Bshowsdetailsforanencountereduser.Fig.CshowsuserencountersonMap.Fig.Dshowstheregistrationscreenforoptionalusersinformationdiscoveryservice.Fig.Eshowsscreenwheredisplayorderofencountereduserscanmodied.Fig.FshowsthescreentoselectweightsfortheHybridlter(intheappitisreferredascombinedlter).FigG.Showsthescreenwhereusercancheckselfstatisticsregardingencounters.Italsoshowsthenumberofscanssavedduetheuseofenergyefcientscanner.FigH.Showsthemenu.Menuallowstheusertojumpfromonescreentoanther. 101

PAGE 102

A. B. C. D.Figure4-16. ContinuationofscreenshotsofiTrustapplication.Fig.Ashowsthesettingsscreen.Fig.Bshowsnumberofencounterstheuserhadwithaparticularuseroveraperiodoftime.Thisfeatureallowsausertoknowmoreaboutencounteringusers.Fig.CshowsagraphsfromtheSelf-Statscreenoftheapplication.Herethegraphsshowthetotalnumberofencounterthisuserhadwithrespecttotime.Fig.DshowstheaboutpagewithauthorinformationandweblinkforiTrust. identication.Wenotethatnotallencountereduserswhomaybetrusted/non-trustedmayhavebeenmarked.Alsoonlythediscoverablebluetoothdevicesarecaptured,manytrustedusersthatdonothavediscoverablebluetoothwillnotbeshown.ThisissuewillbeoflesserconcernastheadoptionofiTrustincreases.WeratedtherecommendationsofiTrustforeachofthe5lters(includingHybridFilterwithequalweights)on4metrics,1:numberoftrusteduserinrangetop1to10,11to20,etc(alsoknownasPrecisionmetricinInformationRetrievalliterature),2.percentageoftotaltrustedusersinTop1to10,11to20,etc,3.fractionofencounterusersneeded(fromtop)tocapture`x'%oftrustedusersforeachlter,and4.NormalizedDiscountCumulativeGain(NDCG)[ 43 ].Formetrics1,2and3,weconsideredusersindescendingorderoftheencounterscorebyeachlter.Formetric1,wethencountedthenumberoftrustedusers(asmarkedbytheuser)in1to10topuser,11to20topusers,etc.Fig. 4-17A. showsthe 102

PAGE 103

A. B. C. D.Figure4-17. iTrustevaluationsbasedonapplicationusage.Fig.Ashowsthepercentageoftrustedusersin1to10Topuser,11to20Topusersforeachlter.Fig.BshowsthepercentageoftotaltrustedusersinTop1to10,11to20,etc.FigC.showsfractionofencounterusersneeded(fromtop)tocapture`x'%oftrustedusersforeachlter.FigD.showstheNormalizedDiscountCumulativeGainscoreforiTrustrecommendations. graphforthismetricsforallthelters.Itshowsthatonaverage,outoftop10rankedusersbyFE,DEandHybridlters,5(50%)ormoreusersaremarkedtrusted.WeseethatLVlter'stop10rankshave3to4usersonaverage,howeverifweconsidertop20users,alllterscapture6-8trustedusers(morethan50%ofthetotaltrustedusers).Thenumberoftrusteduserinrestoftherangescontinuetofallexceptinthelastrangeasitcontainsalltheusersrankedbeyond80.Forallthelters,thereisastrongstatisticallysignicantcorrelationbetweenthescoreandtherankoftrustedusers(e.g.,forLVC,r=0.84,p<0.01).ThisshowsthatuserswillingnesstotrustothersinamobilenetworktobestatisticallycorrelatedwiththeirbehavioralsimilarityascapturedbyiTrust. 103

PAGE 104

Resultformetric2aresimilartometric1asshowinFig. 4-17B. .Wenotethatoutofalltheusersmarkedtrusted,morethan50%ofthetrustedusersareinrank1to10(exceptLVlters).Andalmost80%ofthetrustedusersarecaptureinrank1to20.Metric3measuresthefractionofencounterusersneeded(fromtop)tocapture`x'%oftrustedusersforeachlter.Thismetricsshowsthat80%ofthetrustedusersarecapturedbytop25%oftheencounteringuserasrankedbytheltersandtheirisastrongstaticallysignicantcorrelation(Fig. 4-17C. ).Metric4,whichisbasedonDCGmeasureisusedtomeasureeffectivenessofsearchenginesbygivingmorescoretosearchresultsthataremorerelevant.NormalizedDCG(NDCG)isaratioofDCGandIDCG(IdealDCG).TheIDCGcanbecalculatedbyndingoutthebestpossiblesearchresult(inourcaseallthetrustedusersshouldberankedrstandthennontrustedusersshouldfollow).NDCG,thereforetellsushowfarthecurrentresultsarefromideal.WenotefromFig. 4-17D. thatiTrustisabletocapturecloseto70%oftheIDCGviaFE,DEandHybridltersandcloseto50%ofIDCGviaLVlters.Thisshowsthatourrecommendationsarerelevantandclosetotheidealcase.Wealsonotethatthereareuserswhohavehighrank,yettheyarenottrusted.Webelieve,thesecanbetheencounteredusers,whoareverysimilartotheuserandcanprovidenewinteractionopportunitiestotheuser.Otherobservationsfromthedeploymentincludethatalmost70%userpreferredusingequalweightsfortheHFlter.Theamountofstorageusedbytheapplication,onaveragewas6.2MB,withstorageoflterscorestakingonly98KB,restwasoccupiedbytheencountertraces.ThisshowsthatstorageoverheadofiTrustltersisquitesmallwhencomparedtotherawtraces.Therawtracescanberemovedfromthedeviceafterprocessingtosavespace.Alsoatthisrate,75MBisneededforstoringtracesforthewholeyear. 104

PAGE 105

4.6.2.2EnergyEfciencyScanningofBluetoothandWiFidevicesconsumesmaximumpower(sincethescanningprocessisperiodic).Afterreceivingthetraces(whichwerescannedat1mininterval),wenotedthatduetospatiallocalityinthetraces,wecanskipthescanningroundsifwendthesamedevicesagaininthenextround,assumingthattheuserisinsamelocationwithsamedevices.Basedonthisassumptionofspatiallocality,wehavedesignedandimplementedanenergyefcientalgorithmsforiTrust.MoredetailsareintheAppendix B 4.6.2.3LocationestimationForcalculationmeaningfulLocationVectors,atleastbuildinglevelgranularityisneeded(granularityneededmayalsobedependedonthetrustcontext).Onamobiledevice,locationcanbeestimatedbyusingseveraltechniques.Somestandardtechniquesare:1.GPS(doesnotworkwellindoorsandhaswarmupdelays),2.WiSignals(maynotbeveryaccurateandmaynotworkeverywhere)3.CellTowerID(cannotworkwithdevicesthatdonthavephonefunctionality).GPSmaybethemostaccuratelocalizationtechnologybutneedsthemostenergyandWi/CellTowerIDmethodneedsaonlinedatabaselookuptogetcoordinates[ 50 54 ].Inourapplication,whereweimmediatelydon'tneedlocationcoordinates(onlywhenencounterlocationsareshownonthemap)andsincewehaveobservedthatusershavespatiallocality,scanningofWisignalsandCelltowersworks.OnceinawhiletheappcanfetchmappingofWiandCelltowerstolocationcoordinatesandbecauseofthespatiallocalityinusermovementpattern,weonlyneedtofetchmappingforlocationsthathavenotbeenvisitedpreviously.Thisschemesavesenergy(notusingGPSeverytime)atthecostofcommunication(communicationcanwaittillthephoneisfullychargedandconnectedtohighspeednetwork)andaccuracy.WhenusingWi/CellIDforlocalization,wewanttominimizecommunicationcosts(doasfewacoordinate/locationlookupsaspossible).Forreducinglookups,wecache 105

PAGE 106

thewiAPsets(wegetasetofAPseverytimewescan,numberofAPdependsonthelocation)whosecoordinatesweknow.UpongettingasetofWiAPsfromanewscan,wegothroughthecachedwiAPsetswhoseaddresswealreadyknow.Fewchallengeswiththisschemeinclude1.APsscannedatsamelocationmaychangewithtime(APcouldhavemovedtoanotherlocationormaynotgetscannedeverytime(scanningnoise))2.SinceeverylocalizationschemeusingWisignalsemploysheuristicsforlocationestimates(accuracyforGoogledatabaseis150m),differentAPsetsmaygivesamecoordinates(collisioninlocationspace).Tosolvedtherstchallengewelookattheintersectionofthetwosets(onecachedandanotherrecentlyscanned)andiftheintersectionisgreaterthanapercentage(say30%)thetwosetsareconsideredtobethesame.Forthesecondchallengewecurrentlydonothaveaworkedoutsolution.Itisimportanttocreateanewlocationeldonlywhentheuservisitsanewlocation,otherwiseactualtimespendatalocationcangetfragmentedorfusedandmayresultinincorrectscores.WenotethatsometimeswhenwehaveslightlyoverlappingAPssets(sayonly10%),addresslookupforbothofthemmayreturnsamecoordinates.Weplantoaddresstheseissuesinthefuture. 4.7Discussion:OtherTrustInputsAsexplainedinsection3,iTrustwasarchitectedtopotentiallyintegratewithothertrustcomponentsandsub-systems,includingblacklisting,otherrecommendationsystems,andcontextualinformation. 4.7.1Blacklist&WhitelistAblacklistcontainsalistofdevicesthathavebeenmarkedbytheuserasuntrustworthy(eitherexplicitly,orafteragreeingwithananomalydetectionag)andshouldnotbetrustedregardlessoftheirsimilarityorscore.Awhitelistcontainsalistofdevicestobetrustedregardlessofthesimilarityscores.Theblacklist/whitelistmodulewasimplementedintheiTrustapptoallowausertooverridethetrustadviser 106

PAGE 107

lters'scores.Therateofsystemoverridingwasoneaccuracymetricconsideredintheevaluation. 4.7.2Recommendation&ReputationSystemsSeveraltechniquesforrecommendationssystemshavebeenproposed[ 33 72 ]andiTrustisdesignedtointegrate/adoptsuch(orsimilar)recommendationsystems.iTrustcanalsobootstraparecommendationsystem,sincerecommendationsystemscoresstarttoevolveonlyafterinitialdirectinteraction.Furthermore,atrustednode,overaperiodoftime,maystartshowingmaliciousnetworkbehavior(e.g.,droppingpacketsfrequently).Reputationsystemsattempttodetectsuchnodes,andcanbeintegratedwithiTrusteffectivelytoallowiTrustuserstodetectandremovedevicesthatatonetimeshowedhightrustpotentialbutlaterturnedmalicious/selsh.Anexamplereputationsystemcanbe[ 19 ].Thisreputationsystemconsiderssecond-handinformation,whereusersmaintainreputationonlyforuserstheycommunicatewith(foriTrustitcanbealltheencounteredusers).Onechallengeherewouldbetokeepthecommunicationcoststoaminimumandtodetectfalseadvice.Thisintegratedsystemcanalsokeeptrackofincorrectrecommendationsprovidedandfailedmessageroutinginfo. 4.7.3Contextual&EventInformationThecontextofanencounter;e.g.,eventand/orlocation,issometimesmoreimportantthantheencounterstatisticsperse.Exampleofsuchscenariomaybeaconferencewhichonlyallowsregistereduserstoenterthevenueorasecurebuildingthatrequiresspecialpermitstoenter.Inthesecases,ausermaybewillingtotrustusersregardlessoftheencounterfrequencyorduration.Forthesescenarios,iTrustprovidesthismodulethatcanchangetrustrecommendationbasedonthecontextandthelocationoftheuser.Here,contextsensingsystems[ 8 71 ]oruserinputcanbeusedtoinferthecontext. 107

PAGE 108

4.7.4CombinedTrustRecommendationiTrustneedstoprovideeasilyunderstandableinformationtotheuser.Providingscoresfromindependentmodulesseparatelymayconfusetheuser.Asarststeptosimplifytheoutput,wecreatedaHybridFilter,combiningthetrustlterscores.Asimilarideacanbeusedtocombinethescoresfromallthemodulesdiscussedaboveandgenerateasinglescoreoftrustforanencountereduser.Thescorescanbecombinedusingthefollowing: T(Uj)=(H(Uj)+(1)]TJ /F24 10.909 Tf 10.91 0 Td[()(mXi=1iRi(Uj)))+(1)]TJ /F24 10.909 Tf 10.91 0 Td[()Context(Uj),(4)whereT(Uj)representsthecombinedtrustrecommendationfortheencountereduserUj,itisalwaysbetween0(notrust)and1(maxtrust).H(Uj)isthescorefromHybridFilter(Sec. 4.3.3 )).irepresenttheweightsforothernormalizedtrustrelatedinputs(Ri)suchasanomalydetection,recommendationsystem,reputationsystemsamongothers.HerePmi=1i=1.ThefactordecidesthecombinationratioofHybridFilterandothertrustrelatedinputs.variesbetween0and1sothecombinedscoreisalsobetween0and1.Context(Uj)isthefunctionthatgivescontextscoretotrustUj.Theoutputvariesfrom0to1.Thecontributionofcontextinthetrustiscontrolledbyparameter.Iftheuser(Uj)isincludedinwhitelisttheniTrustdoesnothavetoevaluatethisuserasitisalreadytrusted.However,ifauserexistsinblacklisthecannotbetrusted(trustscoresaredisregarded).Thechallengeliesinndingoutthecorrectweights(,,)tocombinedifferentinputs.Theseweightsdependontheuserpreferencesandapplications.Fromasurveyweconducted,itisclearthatthereisnosingleweightschemethatisacceptabletoallusers(moredetailsinSec. 4.6.1 ).Onepossiblewaytoovercomethischallengeistohavestandardweightswhenstartingthesystemanditadapts(setsweight)accordingtotheselections/feedbackgivenbytheuser. 108

PAGE 109

4.8ConclusionandFutureWorkThisworkintroduces,iTrust,aneffectiveencounterbasedframeworkfortrustestablishmentinmobilecommunitiesinanefcient,privacy-preservingandresilientmanner.iTrustisdrivenbytrustadviserltersthattakeadvantageoftheincreasedsensingcapabilitiesofthemobiledevicesandtheircloseassociationwithusers,whichenablesthemtocapturebehavioralsimilaritywithencountereddevicesandassesslevelsoftrust.Weusefournovelencounterbasedtrustadviserlters,basedonencounterfrequency,duration,locationbehavior-vectorandbehavior-matrixtogeneratetrustrecommendations.iTrustprovidesscoresreectingtheleveloftrusttoaidtheusertochoosetrustworthynodesincoordinationwithpersonalpreferences,locationpriorities,contextualinformationand/orencounterbasedkeys.Thecalculationsaredoneinfullydistributedfashion,whicheliminatestheneedforanyserverortrustedthirdpartyResultsofthreephasesofevaluationrevealthatseverallterspossesshighstabilityandthattrustformsasmallworldamongtrustingusers.Further,resiliencetoattackusinganomalydetectionachieveslessthan10%falsepositivesand7%falsenegatives.Selshnessanalysisusingtrustbasedepidemicroutingshowsthatitispossibletoefcientlyusemeaningful,stabletrustroutingwithoutsacricingnetworkperformanceinDTNs.Ultimately,aseriesofsurveysandparticipatoryexperimentsconsolidateourbeliefthatuserswillingnesstotrustotherdevicesishighlycorrelatedwithbehavioralsimilarity.FeedbackfromiTrustapplicationshowsthatusersfavorthehybridlter,therecommendationofwhichconformswith80%ofusers'selections.iTrusthasbeendesignedtoinspireseveralpotentialapplicationsthatcanbeenabledinfuture.However,thereareafewavenuesthatrequirefurtherresearch.Infuture,weplantoaddresssomeofthesequestionssuchashandlingmultipledevicesbelongingtoauser.Inaddition,addressingissuesemergingfromMACaddressspoongarepartoffutureresearch(severalcrypto-basedandnoncrypto-based 109

PAGE 110

techniquesexist[ 83 ]).Futureworkwillincludeanalysisofotherltersformeasuringbehavioralsimilarities.WealsowanttodevelopanddeployiTrustforpopularmobileplatformsandstudytheeffectofitsusageonalargerscale.WiththereleaseoftheiTrustapplication,wecanmeasuretheencounterstogeneratethetrustscores.Inthefuturewewouldliketoinvestigatehowexchangeofindirecttrustrecommendationsaffectthetrustscores(transitivityoftrust).Thetrustframeworkpresentedinthisstudysitsbelowtheapplicationlayerinthemobileplatformandcanprovidetrustscorestoanyrequestingapplicationonthemobiledevice.Inthefutureweplantobuildapplicationsthatcanbenetfromtrustscores.Anexampleofsuchanapplicationcanbecrowd-sourcing.Incrowd-sourcingapplicationsusersreportobservations(itmayberegardinggaspricesintheirneighborhood[ 9 ],restaurantreviews,freewaytrafc[ 10 ]).Withtheknowledgeofwhouploadedthedata(isthispersoninmytrustlist),thephonecanautomaticallyhighlightinformationcomingfromtrustedsources,whichmaybemorebelievable.Theknowledgeofencountersandestablishmentoftrustusingthem,canbeusedtoprovideemergencyservices,anexampleapplicationSOS[ 78 ],utilizesiTrustscorestoalerttrustworthyuserintheneighborhoodincaseofemergencysituations.Withtheinclusionofanomalydetection,iTrustcanalsogeneratelistsofpossiblethreatsinthesosurroundings(suchaspresenceofastalker).IntheiTrustapplication,ausercanrateauseronarangeoflevelsfromnot-trustatalltofullytrusted.TheselevelscanalsobeutilizedbyapplicationssuchasSOStoautomaticallyaccessthethreatlevel.SinceiTrustgeneratestrustscoresviaencounterinformation,itcanalsobeusedtoidentifyuserswithsimilarinterests.Thisinformationcanbeusedtoautomaticallyformsupportormeetupgroups.Wewouldliketoinvestigatehowsuccessfulanencounterbasedschemecanbeindiscoveringuserswithsimilarinterests.Wewouldalsoliketoexaminehowhavingaencountermeasuringsysteminplacessuchashospitalcanbeusedtoevaluatepatientcare(numberofdoctorvisits)andcanalsobeusedto 110

PAGE 111

forensicallyexamineandquarantinethespreadofpathogensinahospitalbylookingattheencounterhistory.iTrustcanalsoappliedtocommunicationscenarioswhereexistinginfrastructurecannotbetrust(anextremeexamplecanbeascenariowhereasectionofpopulationisrevoltingagainaregimeandregimeismonitoringallthecommunication).Inthesecases,iftherevoltingsectionofthepopulationhasbeenusingiTrustandhaveestablishedpair-wisesecuritykeys,theycancommunicationoveranymedium(includingAhdocandDTN)byencryptingthemessages.HeretheroleofiTrustistoidentifytheuserswithwhomthisusermightwanttocommunicatelaterandthusenablekeyexchangeswithonlyrelevantusers.Forthisscenarioandothers,wewouldliketoinvestigatethecorrelationbetweentrustlevelandfrequencyofcommunicationbetweenusers.Thereisaneedtoconductmoreresearchinordertounderstandhowtrustcanbeestablishedinmobilesocieties.Wehopethatthisresearchcontributestothateffort. 111

PAGE 112

CHAPTER5CONCLUSIONANDFUTUREWORKInthiswork,weproposeseveraltechniquestoinfercomplexsocialrelationshipsandpatternsusingnetworkdata.Weproposenovelmethods,whichuseWLANtracestoclassifyWLANusersintosocialgroupsbasedonfeaturessuchasgenderandstudy-majoramongothers.Theworkpresentsageneralframeworkthatcanbeappliedtotracescomingfrommultiplesources.Asanexample,tracesfromtwouniversitycampuseshavebeenusedandgenderbasedgroupingclassicationisperformed.Multipletechniquesforgroupingusersarediscussedsinceeachonehasslightadvantagesincertainscenarios.Thestudycross-validatestheresultsbycomparingresultsprovidedbyeachoftheclassicationmethods.WeuncoveredaseriousprobleminthewayWLANtracesareanonymized.WebelievethatthiskindofattackispossibleasWLANtraceshavehumanmobilitypatternembeddedinthem,whichcanbeeasilyobservedbyanattackerfollowingthevictim.Theaimofanyprivacyprotectingtechniqueshouldbetoensurethatevenifattackerhasaccesstoallthepubliclyavailableinformationaboutauseroragroupofusers(butnotthemappingbetweenanonymizedMACandrealMAC),heshouldnotbeabletoreducethesamplesizebelowanumber,sayK.ThisKshouldbeaparametercongurablebythetracereleasingauthority.Thisworkproposes,iTrust,aneffectiveencounterbasedframeworkfortrustestablishmentinmobilecommunitiesinanefcient,privacy-preservingandresilientmanner.iTrustisdrivenbytrustadviserltersthattakeadvantageoftheincreasedsensingcapabilitiesofthemobiledevicesandtheircloseassociationwithusers,whichenablesthemtocapturebehavioralsimilaritywithencountereddevicesandassesslevelsoftrust.Weusefournovelencounterbasedtrustadviserlters,basedonencounterfrequency,duration,locationbehavior-vectorandbehavior-matrixtogeneratetrustrecommendations.iTrustprovidesscoresreectingtheleveloftrusttoaidthe 112

PAGE 113

usertochoosetrustworthynodesincoordinationwithpersonalpreferences,locationpriorities,contextualinformationand/orencounterbasedkeys.Thecalculationsaredoneinfullydistributedfashion,whicheliminatestheneedforanyserverortrustedthirdparty.Resultsofthreephasesofevaluationrevealthatseverallterspossesshighstabilityandthattrustformsasmallworldamongtrustingusers.Further,resiliencetoattackusinganomalydetectionachieveslessthan10%falsepositivesand7%falsenegatives.Selshnessanalysisusingtrustbasedepidemicroutingshowsthatitispossibletoefcientlyusemeaningful,stabletrustroutingwithoutsacricingnetworkperformanceinDTNs.Ultimately,aseriesofsurveysandparticipatoryexperimentsconsolidateourbeliefthatuserswillingnesstotrustotherdevicesishighlycorrelatedwithbehavioralsimilarity.FeedbackfromiTrustapplicationshowsthatusersfavorthehybridlter,therecommendationofwhichconformswith80%ofusers'selections.Inthefuture,wewanttolookintouserbehaviorstudyfromtheperspectiveofbuildingsandlocations.Thiswillallowustondoutthetrendsinuserbehaviorbasedonthestudy-majorandbuildingpreferences.Theabilitytoclassifyusersintosocialgroupscanallowustocreatemodelsfordifferentgroupsofusersbasedonusagecharacteristics.Thesemodelscannotonlybeusedtounderstanddifferentuserscharacteristicsbutcanalsobeusedtolterusersthatourproposedschemescouldnot.Wealsowanttotestifhomophily,basedonofencountersexistsamongdifferentsocialgroups.Anotherareaofresearchthatwewouldliketotargetistolookatthepacketorthenetowtracestounderstandeffectsofsocialgroupafliationsonbrowsingcharacteristics.Fortheprivacyandanonymitywork,wewouldwanttoworkondesigninganonymizationschemesthatareapplicationspecic.Forexample,thetracesareanonymizedsuchthatroutingprotocolscanbetestedonitwithoutanyprivacyleak.Thismayallowsustomaintainprivacyandyetutilizetracesforresearchpurposes.OneofthedirectionsforMobileAd-hocroutingprotocoltestingwouldbetoanonymizedthe 113

PAGE 114

traces(suchthatitiscompletelyprivacypreserving)withoutaffectingtheencounterprobabilitiesbetweenthepairofusers. 114

PAGE 115

APPENDIXACODESNIPPETSFROMITRUSTAPPLICATIONInthisappendixwewillpresentsomesectionsofiTrustcodealongwiththeblockdiagramshowingtheevolutionofiTrustapplicationwitheachrelease.Therstversionoftheapplicationwasunderinternalreleasetothemembersofourresearchgroup.Basedonthefeedbackwereceived,morefeatureswereaddedandthenitwasreleasedtoagroupof30students.Thisleadtoathoroughtestingoftheapplications.Theuserscomplainedaboutunavailabilityofdevicetonamemappingandenergyefciencythemost.Thesefeatureswerealsoaddedintheversion3oftheiTrustapplication.TheapproximateevolutionofthedevelopmentincludingthefeaturesaddedisshownintheFig. A-1 .Thetextoverthearrowsconnectingoneblocktoanotherdepicttherequestoffeatures/functionalitybytheusers.Inthefollowingsections,wepresentsomeofthecodesnippetswhichhavebeendevelopedfortheiTrustapplication.WehopethatthesesnippetswillprovidesufcientimplementationdetailsabouttheiTrustapp. FigureA-1. EvolutionoffeaturesintheiTrustappbasedonfeedbackfromuser. A.1EnergyEfcientScanningiTrustapplicationhasthreealgorithmsofscanningbluetoothandwiscanning.Simplestoneofthemisaninniteloopwith100secsleepbetweentheconsecutiveexecutionandineachcycleitbasicallyscansbothWi-FiandBluetoothdevices.Twoofthealgorithmsperformenergyefcientscanning.ThecodeinList. A.1 illustratesthe 115

PAGE 116

algorithmusedtodecidethescanninginterval.Theinputparameterstateissettozeroifanynewdeviceisfound,otherwise publicstaticint[]fibo=f0,1,2,3,5,8,13,21,34,55,89g; intcalSkipFactor(intstate)f if(state==0)f factor=1; gelseif(state==1)f //MaxThresindicatesthemaximumvalueallowedinFIBOseries if(fibo[factor)]TJ /F1 11.955 Tf 9.86 0 Td[(1]userMap,floatsumCU2,floatsumDU2)f//scoreiscalwrtuserMap EncLocationl1=null,l2=null; floatsumCU1=0,sumDU1=0,prodC=0,prodD=0; Collectionc=locMap.values(); Iteratoritr=c.iterator(); while(itr.hasNext())f l1=(EncLocation)itr.next(); //Log.i(TAG,calLvScoreforuser:+this.Name+Locationid+u1.locId+durationandcount+u1.duration+u1.count); if((l2=userMap.get(l1.getLocId()))==null)f Log.e(TAG,EncUserChecktheuserMap..itismissingvaluespresentinlocMap..impossible); return)]TJ /F1 11.955 Tf 9.75 0 Td[(1; g sumCU1+=(float)l1.getCount()(float)l1.getCount(); sumDU1+=(float)l1.getDuration()(float)l1.getDuration(); prodC+=(float)l1.getCount()(float)l2.getCount(); prodD+=(float)l1.getDuration()(float)l2.getDuration(); g 116

PAGE 117

score[2]=(float)(prodC/(Math.sqrt(sumCU1sumCU2))); score[3]=(float)(prodD/(Math.sqrt(sumDU1sumDU2))); return0; g ListingA.2.FunctionthatcalculatestheLVvaluesforauser.`userMap'containslocationvisiteddatafortheownerofthedeviceand`locMap'containstheencounterinformationalongwiththelocationforaparticularencounteringdevice 117

PAGE 118

APPENDIXBENERGYEFFICIENTDEVICEDISCOVERYEfcientuseofenergyisessentialforalwaysrunningmobileapplicationssuchasiTrust.WehavelookedintosomeaspectsofitanddevelopedanenergyefcientscannerforiTrustasdiscussedearlier.Weusethisspacetoprovidemoredetailsaboutourtechnique. B.1AvailableDirectionsBelowaresomeofthedirectionsthatcanbeutilizedtodesignanenergyefcientdevicediscoveryforbothBluetoothandWiFi.Ineachofthemethodsthecoreideaistoavoid/reducescanningwhennonewdevicesarediscovered.Thechallenge,however,isnottomissanynewdevices. 1. Usecurrentscanresponsetodeterminenextscanningtime 2. Usetemporallocality:Useweeklypatterntopredictnumberofencountersperweekonperhrbasis...systemwillhavetomaintainatimetablefor7dayx24hours 3. Usespatiallocality:Uselocationinformationtopredictencounters.Newlocationmayneedaggressivescans.SincescanningprocessisverysimilarinBluetoothandWi,anytechniquedevelopedforBluetoothcanbeusedforWiandvice-versa.ShowthatscanningcharacteristicsofBluetootharesimilartoWii.e.sametechniquesappliedtoBluetoothwillalsoworkwithWi.showeffectofskippinginBluetoothhasequivalentaffectonWiFi.Detailsaboutscanningareexplainedhere[ 31 ]. B.2EvaluationsTechniquesThroughthedeploymentofiTrust,wehavecollectedatleastonemonthoftracesfrom20usersandsomeoftheusershaveusediTrustformorethanoneyear.ThesetracesincludedbothBluetoothandWiFiscansdoneat100secondsinterval.Fortheevaluationandcomparisonofenergyefcientmethods,weproposedtousethesetracesasthegroundtruth.Theenergyefcientalgorithmcantakethesetracesas 118

PAGE 119

inputandproduceanoutputtracesbasedonthealgorithm.Bycomparingtheinputandoutputandthenumberofscanswecancomparetheeffectivenessoftheenergyefcientalgorithms. B.3CurrentProgressCurrently,wehaveonlylookedintoalgorithmsthatusecurrentscanresponsetodeterminenextscanningtimeperiod.Thesemethodsgenerallyworkbylookingthatthenumberofdevices(newandalreadyseen)foundinthecurrentscantodeterminethesleepintervalbeforethenextscan.ResearchershavedevelopedseveralalgorithmsincludingSTAR[ 80 ]andothers[ 31 ].OnlySTARisevaluatedusingreal-traces,restusesomekindofarticialtraces.Hencetotestourproposedalgorithms,wehaveconsideredonlySTARAlgorithm.Thetwoofourproposedalgorithmsare:onebasedonmultiplicativeincreaseandmultiplicativedecrease(MIMD)(similarto[ 31 ])andanotherbasedongrowthrateofFibonacciSeries.StarAlgorithm:Usesamethodtoestimatearrivalratebasedonthenumberofnewdevicesdetectedinthecurrentscanroundandalsoincreasethescanrateifthecurrenttimeisgreaterthan8am.MIMDAlgorithm(EE):doublescurrentscantimeintervalifnonewdeviceisfound(wehaveanupperboundonthetimeinterval).Ondetectinganewdevice,thescantimeintervalisreducedtotheminimumpossibleperiod.FibonacciSeriesbasedAlgorithm(FIBO):usestheFibonacciseriestodecidethenumberofscancyclestoskip(otherwisesimilartoEE).Thegrowthis0,1,1,2,3,5,8,13,21andsoon.Wehavecomparedtheabovethreealgorithmsforefciency(savingofscans)andaccuracy(notmissinganyencounter).Wemeasureaccuracybycountingoccurrenceofeachdeviceinthetraceproducedbyeachmethod.Tomakeefciencymetricindependentofaccuracy,weassumethatduringthetimeintervalwhennoscanningis 119

PAGE 120

performed,eachofthealgorithmsassumethatlastencountereddevicesarebeingseen(thereforetheyskippedscanning).TheTab. B.3 showstheaccuracyresultsfromrunningdifferentenergysavingalgorithms.WenotethatourschemeEE4outperformsbothSTARandFIBOandalsoshowslowerStandardDeviation.WecanndthecomparisonofefciencyinTab. B.3 .EE16seemstobegivingthebestsavings,followedbyEE8andFIBO16andthenSTAR.However,sincewewantanalgorithmthatisbothaccurateandefcientatthesametime.Wehavedevisedanewmetriccalled`s/e'ratio.Thisaratiobetweentheefciencyandaccuracy-loss.Ifanenergysavingschemeprovidesmoresavingandlesserrorthe`s/e'ratiowouldbehigherthantheoneprovidingsimilarsavingbutworseerrorrates.Tochooseanalgorithm,onemayrstdecideonthesavingsneeded(basedonthecurrentenergybudget)andthenchooseanalgorithmthatperformsthebestbasedon`s/e'.TheTab. B.3 TableB-1. AccuracyLossusingtracesfor20users,EE4means4timestheminimumscanperiodistheupperboundofscaninterval,similarlyinEE8,theupperboundonskipperiodis8.ThisresultusedBluetoothtracesonly.Lesservaluesisbetter AverageStd.Dev. STAR 9.977.49EE4 7.454.38EE8 10.455.84EE16 13.656.81FIBO4 8.243.90FIBO8 8.583.95FIBO12 10.935.42FIBO16 12.266.04 B.3.1CombiningWiFiAndBluetoothScanningWenowpresenttheresultsofcombiningWi-FiandBluetoothscanningwiththeenergyefcientscanner.ThescantimeintervalnowdependsontheresultsofbothWi-FiandBluetoothscans.Wi-FiscanninghasfollowingpropertiesdifferentthatBluetoothscans,i.MajorityofAccessPointsarestationary,ii.itispossibletomissout 120

PAGE 121

TableB-2. ScanEfciencyusingtracesfor20users,EE4means4timetheminimumscanperiodistheupperboundofscaninterval,similarlyinEE8&EE16its8&16timesrespectively.ThisresultusedBluetoothtracesonly.Highervalueisbetter Algo.AverageStd.Dev. STAR64.648.22EE457.819.56EE866.4511.56EE1670.8113.12FIBO460.2811.68FIBO862.7912.86FIBO1264.8712.80FIBO1666.1114.40 TableB-3. s/eratioforStar,MIMDandFIBOalgorithms Algo.s/e STAR6.49EE47.76EE86.36EE165.19FIBO47.31FIBO87.32FIBO125.93FIBO165.39 onanAP,eventhoughithasstrongsignalsstrengthatthelocation,andiii.RangeofaWiFiAPismuchlargerthanaBluetoothdevice.UsingthesepropertiesofWiFi,wedesignedthematchingupofscannedAPlessstringent,i.e.ifnumberofcommonAPinthetwosetsofscansismorethannumberofdistinctAPfoundandnumberofcommonisgreaterthan0,weconsiderittobethesamelocation(samesetofAPseen).ThisisslightlydifferentthanBluetoothscanningwhereexactsamenumberofusersareneededtoconsiderthetwoscanstogivesameresults.Also,duetotheapplicationrequirementsofiTrust,wecannotletWi-FiandBluetoothworkindependentofeachother. B.4ConclusionWenotethatSTAR,EE4andFIBO4algorithmsperformclosely,butEE4algorithmisaclearwinnerintermsofthe`s/e'ratio,nextbeingFIBOalgo.WenotethatEEandFIBOalgorithmsareparametric.Inanevent,whereaccuracycanbesacricedtosave 121

PAGE 122

TableB-4. CombiningWi-FiandBluetoothscanning Algo.ErrorSavings/e STAR11.4765.845.74EE47.4554.427.30EE810.9463.035.76EE1614.6667.544.60FIBO48.2356.756.89FIBO89.0959.276.52FIBO1611.7662.205.29 energy,higherthresholdforscantimeintervalcanbeselectedthatisnotpossibleinSTARalgorithm,thustheyprovideaefciencygradeselectionmechanism.CurrentimplementationofiTrustusesEE4andFIBO4algorithmforperformingenergyefcientscanning. 122

PAGE 123

APPENDIXCUSERBEHAVIORANALYSISBelowareresultsfromalltheareaswecouldidentifyintheUniversities. C.0.1SpatialDistributionThedetailsareinTab. C-2 andTab. C-1 C.0.2TemporalDistributionDetailsareinTab. C-4 andTab. C-3 123

PAGE 124

TableC-1. SpatialDistributionofUsersatU2 AreaMale-Oct07Female-Oct07Male-Nov07Female-Nov07Male-Mar08Female-Mar08Male-Apr08Female-Apr08 Administration11521140109611361254132715071656Agricultureandbiology197113180127339264471343Architecture543587464569589651708784Biology330331339337411435524515Bookstore172125145128247176333264Economics8465919076669657041118867Cafeteriafood278223263205301248332287ComputerEngineering975763930789108084113001097FineArts488543410505524610642787Fraternity25484246113268123326184Healthsporthuman556460495450562598679806Inrmary151124161152203202159148Communication406418411475445538545659Law566511558523522495696656Music12210511170230197330308PhilosophyandStati9410911912412192152163Psychology787180838777116106Recreationfoodcafeteria192273137254154302111263SocialScience81881581888085883310431042Sorority2719692999593319915291138SpacescienceandCNS321229282258377321224236Sportrecreation11912185103131136148131Theater121139121146131143155211UniversityAuditorium4341453748486158Engineering190089517848882033113924371371Library37673749341536673556390344974968 TableC-2. SpatialDistributionofUsersatU1 AreaMale-Feb2006Female-Feb2006Male-Oct2006Female-Oct2006Male-Feb2007Female-Feb2007 Accounts11521221514Admin791316710chemistry9897Communication96811151091948Economics372669585636Engineering263537374431Law315203Medicines6368715Music911712410Residence424853475249Social88113143161110128Sports16191221411 TableC-3. AverageDurationofUsersatU2 AreaMale-Oct07Female-Oct07Male-Nov07Female-Nov07Male-Mar08Female-Mar08Male-Apr08Female-Apr08 Administration2830.542674.352708.182515.913005.992735.442535.492756.56Agricultureandbiology5496.842835.954605.612804.16646.085334.134045.33166.2Architecture3102.694472.133819.615723.873990.284247.613774.164221.17Biology2855.783770.863259.263801.922643.612385.452397.152471.11Bookstore1425.171717.321720.15737.41568.721398.411238.441485.88Communication3062.222974.993240.943067.822652.3426932830.522758.33Cafeteriafood1322.971755.131779.431332.481617.811283.371655.41546.05ComputerEngineering2226.742017.672387.852070.762266.881735.372613.422038.3FineArts3723.133234.674788.843702.773945.243509.834439.73519.1Fraternity6102.323132.255627.622724.896250.42825.146041.432275.41Healthsporthuman2021.732345.551719.182161.112063.471895.392083.52004.84Inrmary851.931702.52885.81224.36978.221114.761392.411140.61Journalism1895.752125.342288.492179.881976.581801.812143.431880.18Law3191.823212.9734303614.93849.593760.194555.094695.18Music1911.71711.292565.341851.831767.291167.491764.871210.22PhilosophyandStati4464.412168.242484.022475.972923.9114693576.862241.14Psychology4317.275591.43740.354841.614541.853262.463415.074058.18Recreationfoodcafeteria3346.323949.63977.894763.732754.92955.622528.343130.86SocialScience1513.081809.371582.341858.611728.011643.111563.031736.9Sorority3681.185881.254396.695658.942035.765035.052131.985171.22SpacescienceandCNS2200.491492.752082.871681.061819.91423.213427.351895.1Sportrecreation1489.491683.242230.281600.731064.571763.8941.311141.93Theater1548.751810.341791.421658.962434.572035.922377.372109.12UniversityAuditorium3088.453131.852902.464571.471362.951902.151497.051852.46Engineering2696.452361.652693.972433.752664.032167.382825.32486.6Library3953.344156.354168.54531.483875.234067.774388.334618.98 124

PAGE 125

TableC-4. AverageDurationofUsersatU1 AreaMale-Feb2006Female-Feb2006Male-Oct2006Female-Oct2006Male-Feb2007Female-Feb2007 Accounts1108636956.651114.984841206AccountsAdmin8351612346.891162.18536432AdminChemistry18061411842.24896900720ChemistryCommunication186220071474.381417.2718382758CommunicationEconomics204415871826.882204.2517292745EconomicsEngineering279718342341.092380.022181782EngineeringLaw154520964776.091468.76913528LawMedicine28609631562.81940.7817232450MedicineMusic235413951090.04686.81493534MusicResidence234115101491.921185.6318611401ResidenceSocial234127872162.142336.5320082243SocialSports16522191636.22895.02650594Sports 125

PAGE 126

APPENDIXDSURVEYFORM-ITRUSTVALIDATION SURVEY:Encounter-basedTrustUdayanKumarandAhmedHelmyfukumar,helmyg@cise.u.edu,UniversityofFlorida,Gainesville.[Assumeyourdevicehasenoughbatteryandcomputationpower.Also,yourdevicerunsaBluetoothscannerprogramthatrecordsnumber,durationandlocationofencounterswithotherdevices.Anencounteroccurswhentwodevicesappearintheradiorangeofeachother.]Pleaserate(onscaleof1through10)yourwillingnesstocooperatewithotherpeerdevicestosetupanAdHocorDelayTolerantNetwork(DTN). 1. Ifyourdevicedoesnothaveanyinformationaboutotherdevices(Strangers)? 2. Ifyourdeviceidentiesanotherdeviceasfrequently-encountered(e.g.,morethan10timesinthelastweek)? 3. Ifyourdeviceidentiestheotherdeviceasencounteredforlongduration(e.g.,formorethan5hrstotalinthelastweek)butinfrequently(e.g.,lessthan4timesinthelastweek) 4. Ifyourdeviceidentiestheotherdeviceasencounteredwithbothhighfrequencyandlongdurations. 5. Iftheencounterlocationsarevisitedfrequentlybyyourdevice. 6. Iftheencounterlocationshaverestrictedaccess(e.g.,mobicomorNSF). 7. Rateeachofthefactorsthatwouldmostaffectyourwillingnesstoacceptamessage: a. Frequencyofencounters b. Durationofencounters c. Locationvisited 8. WhatdoyouthinkisthemostimportantcombinationoftheabovefactorstohaveyoutrustotherstocooperateinanAdHocorDTNsetting?(e.g.,doyouneedallfactors(freq,duration,locations)orstatsintherestrictedlocationsareenough?)OtherComments: Yourparticipationinthisstudyiscompletelyvoluntary.Therearenoanticipatedrisks,compensationorotherdirectbenetstoyouasaparticipantinthisstudy.Youarefreetowithdrawyourconsenttoparticipateandmaydiscontinueyourparticipationinthestudyatanytimewithoutconsequence. 126

PAGE 127

REFERENCES [1] SupplementaryInformation.Availablefrom: https://sites.google.com/site/confanon/ [2] Popularbabynames,September2007.Availablefrom: http://www.ssa.gov/OACT/babynames/ [3] UNC/FORTH:Repositoryoftracesandmodelsforwirelessnetworks,SyslogDataset#2,August2007.Availablefrom: http://netserver.ics.forth.gr/datatraces/ [4] ThePassiveMeasurementandAnalysisProject,June2008.Availablefrom: http://pma.nlanr.net/ [5] Predict:ProtectedRepositoryforthedefenseoftheInfrastructureAgainstCyberAttacks,June2008.Availablefrom: http://www.predict.org [6] TheSkitterProject,June2008.Availablefrom: http://www.caida.org/tools/measurement/skitter/ [7] CRAWDAD,August2008.Availablefrom: http://crawdad.cs.dartmouth.edu/data.php [8] Themetrosenseproject,Feb2011.Availablefrom: http://metrosense.cs.dartmouth.edu/projects.html [9] GasBuddy,2012.Availablefrom: http://gasbuddy.com/ [10] ParticipatorySensing,2012.Availablefrom: http://participatorysensing.org/ [11] R.AlbertandA.L.Barabsi.Statisticalmechanicsofcomplexnetworks.Rev.Mod.Phys.,Vol.74,pp.47-97,2002. [12] MarkAlllmanandVernPaxson.Issuesandetiquetteconcerninguseofsharedmeasurementdata.InIMC'07:Proceedingsofthe7thACMSIGCOMMconferenceonInternetmeasurement,pages135,NewYork,NY,USA,2007.ACM. [13] EitanAltman.Competitionandcooperationbetweennodesindelaytolerantnetworkswithtwohoprouting.InNET-COOP,2009. [14] EitanAltman,ArzadA.Kherani,PietroMichiardi,RekMolva,PietroMichiardi,andRekMolva.Non-cooperativeforwardinginad-hocnetworks.Technicalreport,PIMRC,2004. [15] FanBaiandAhmedHelmy.Chapter1ASURVEYOFMOBILITYMODELSinWirelessAdhocNetworks.Springer,2006. 127

PAGE 128

[16] FanBai,NarayananSadagopan,andAhmedHelmy.TheIMPORTANTframeworkforanalyzingtheimpactofmobilityonperformanceofroutingprotocolsforadhocnetworks.AdHocNetworksJournal,1:383,2003. [17] MagdalenaBalazinskaandPaulCastro.Characterizingmobilityandnetworkusageinacorporatewirelesslocal-areanetwork.InACMMobiSys,2003. [18] ChristopherM.Bishop.PatternRecognitionandMachineLearning(InformationScienceandStatistics).Springer,August2006. [19] SonjaBucheggerandJean-YvesLeBoudec.Arobustreputationsystemformobilead-hocnetworks.InP2PEcon,2003. [20] SonjaBucheggerandJean-YvesLeBoudec.Self-PolicingMobileAd-HocNetworksbyReputation.IEEEComm.Mag.,43(7):101,2005. [21] RonaldS.Burt.Decayfunctions.SocialNetworks,22(1):128,2000. [22] LeventeButtyanandetal.Barter-basedcooperationindelay-tolerantpersonalwirelessnetworks.InWoWMoM,2007. [23] VarunChandola,ArindamBanerjee,andVipinKumar.Anomalydetection:Asurvey.ACMComput.Surv.,2009. [24] Chia-HsinOwenChenandetal.Gangs:gather,authenticate'ngroupsecurely.InMobiCom'08,2008. [25] G.Chen,H.Huang,andM.Kim.Miningfrequentandperiodicassociationpatterns.ComputerScienceTR2005-550,DartmouthCollege,2005. [26] ThomasH.Cormen,CharlesE.Leiserson,RonaldL.Rivest,andCliffordStein.IntroductiontoAlgorithms(secondeditioned.),pages350.MITPressandMcGraw-Hill,2001. [27] ScottE.Coull,CharlesV.Wright,FabianMonrose,MichaelP.Collins,andMichaelK.Reiter.Playingdevilsadvocate:Inferringsensitiveinformationfromanonymizednetworktraces.InProc.ofthe14thAnnualNetworkandDistributedSystemSecuritySymposium,pages35,2007. [28] MarkE.CrovellaandAzerBestavros.Self-similarityinworldwidewebtrafc:Evidenceandpossiblecauses.IEEE/ACMTransactionsonNetworking,5:835,1997. [29] JonCrowcroft,RichardGibbens,FrankKelly,andSvenOstring.Modellingincentivesforcollaborationinmobileadhocnetworks.PerformanceEvaluation,57,2004. [30] RubyRoyDholakiaandetal.TheInternetEncyclopedia,chapterGenderandInternetUsage.Wiley,2003. 128

PAGE 129

[31] CatalinDrula,CristianaAmza,FranckRousseau,andAndrzejDuda.Adaptiveenergyconservingalgorithmsforneighbordiscoveryinopportunisticbluetoothnetworks.IEEEJ.Sel.A.Commun.,25(1),January2007. [32] A.C.GallagherandT.H.Chen.Estimatingage,gender,andidentityusingrstnamepriors.InCVPR,2008. [33] ElizabethGray,Jean-MarcSeigneur,YongChen,andChristianJensen.Trustpropagationinsmallworlds.InTrustmanagement,2003. [34] BenGreenstein,RamakrishnaGummadi,JeffreyPang,MikeY.Chen,TadayoshiKohno,SrinivasanSeshan,andDavidWetherall.Canferrisbuellerstillhavehisdayoff?protectingprivacyinthewirelessera.InHOTOS'07:Proceedingsofthe11thUSENIXworkshoponHottopicsinoperatingsystems,pages1,Berkeley,CA,USA,2007.USENIXAssociation. [35] T.Henderson,D.Kotz,andI.Abyzov.Thechangingusageofamaturecampus-widewirelessnetwork.InACMMobiCom'04,September2004. [36] W.HsuandA.Helmy.Onmodelinguserassociationsinwirelesslantracesonuniversitycampuses.InWiNMee,2006. [37] W.Hsu,T.Spyropoulos,K.Psounis,andA.Helmy.Modelingtime-variantusermobilityinwirelessmobilenetworks.InProc.IEEEINFOCOM,May2007. [38] WeijenHsu,DebojyotiDutta,andAhmedHelmy.Miningbehavioralgroupsinlargewirelesslans.InMobiCom,2007. [39] WeijenHsu,DebojyotiDutta,andAhmedHelmy.Prole-Cast:Behavior-awaremobilenetworking.InIEEEWCNC,2008. [40] WeijenHsuandAhmedHelmy.Onnodalencounterpatternsinwirelesslantraces.InWiNMee,2006. [41] WeijenHsuandAhmedHelmy.MobiLib,June2008.Availablefrom: http://nile.cise.ufl.edu/MobiLib/ [42] PeterHwangandWillemP.Burgers.Propertiesoftrust:Ananalyticalview.OrganizationalBehaviorandHumanDecisionProcesses,69(1):67,January1997. [43] KalervoJarvelinandJaanaKekalainen.Cumulatedgain-basedevaluationofirtechniques.ACMTrans.Inf.Syst.,October2002. [44] T.Karagiannis,A.Broido,N.Brownlee,K.C.Claffy,andM.Faloutsos.Isp2pdyingorjusthiding?[p2ptrafcmeasurement].GLOBECOM,2004. [45] LeonardKaufmanandPeterJ.Rousseeuw.FindingGroupsinData:AnIntroduc-tiontoClusterAnalysis.Wiley-Interscience,March1990. 129

PAGE 130

[46] DavidKotz,TristanHenderson,andIlyaAbyzov.CRAWDADdatasetdartmouth/campus(v.2007-02-08).Downloadedfromhttp://crawdad.cs.dartmouth.edu/dartmouth/campus,February2007. [47] UdayanKumarandAhmedHelmy.Userclassicationandfeatureextractionfromwlantraces:Agender-basedcasestudy(detailedtechnicalreport).Availablefrom: http://www.cise.ufl.edu/$\sim$ukumar/techreport-gender.pdf [48] UdayanKumarandAhmedHelmy.HumanbehaviorandchallengesofanonymizingWLANtraces.InIEEEGLOBECOM,2009. [49] UdayanKumar,NikhilYadav,andAhmedHelmy.Gender-basedgroupingofmobilestudentsocieties.InMODUSWorkshop,IPSN2008,http://www.motorola.com=innovators=ModusWorkshop=Gender Based.pdf,2008. [50] AnthonyLaMarca,YatinChawathe,SunnyConsolvo,JeffreyHightower,IanSmith,JamesScott,TimothySohn,JamesHoward,JeffHughes,FredPotter,JasonTabert,PaulinePowledge,GaetanoBorriello,andBillSchilit.Placelab:devicepositioningusingradiobeaconsinthewild.InProceedingsoftheThirdinternationalconferenceonPervasiveComputing,2005. [51] N.D.Lane,E.Miluzzo,HongLu,D.Peebles,T.Choudhury,andA.T.Campbell.Asurveyofmobilephonesensing.CommunicationsMagazine,IEEE,48(9),sept.2010. [52] DavidLazer,AlexPentland,LadaAdamic,SinanAral,Albert-LszlBarabsi,DevonBrewer,NicholasChristakis,NoshirContractor,JamesFowler,MyronGutmann,TonyJebara,GaryKing,MichaelMacy,DebRoy,andMarshallVanAlstyne.Computationalsocialscience.Science,323(5915):721,2009. [53] QinghuaLi,SencunZhu,andGuohongCao.Routinginsociallyselshdelaytolerantnetworks.InInfocom,2010. [54] KaisenLin,AmanKansal,DimitriosLymberopoulos,andFengZhao.Energy-accuracytrade-offforcontinuousmobiledevicelocation.InMobiSys,2010. [55] Yue-HsunLinandetal.Spate:small-grouppki-lessauthenticatedtrustestablishment.InMobiSys,2009. [56] AndersLindgren,AvriDoria,andOlovSchelen.Probabilisticroutinginintermittentlyconnectednetworks.LNC,pages239,2004. [57] AshwinMachanavajjhala,JohannesGehrke,andDanielKifer.l-diversity:Privacybeyondk-anonymity.pages24,April2006. [58] SergioMarti,T.J.Giuli,KevinLai,andMaryBaker.Mitigatingroutingmisbehaviorinmobileadhocnetworks.InMobicom,2000. 130

PAGE 131

[59] JonathanM.McCune,AdrianPerrig,andMichaelK.Reiter.SeeingIsBelieving:usingcameraphonesforhumanauthentication.Int.J.Secur.Netw.,4(1/2):43,2009. [60] MillerMcpherson,LynnS.Lovin,andJamesM.Cook.Birdsofafeather:Homophilyinsocialnetworks.AnnualReviewofSociology,27(1):415,2001. [61] PietroMichiardi,,PietroMichiardi,andRekMolva.Simulation-basedanalysisofsecurityexposuresinmobileadhocnetworks.InEuropeanWirelessConference,2002. [62] GregMinshall.Tcpdpriv,1996,1996. [63] JeffreyC.MogulandMartinArlitt.Sc2d:analternativetotraceanonymization.InMineNet'06:Proceedingsofthe2006SIGCOMMworkshoponMiningnetworkdata,pages323,NewYork,NY,USA,2006.ACM. [64] D.Moore,V.Paxson,S.Savage,C.Shannon,S.Staniford,andN.Weaver.Insidetheslammerworm.Security&Privacy,IEEE,1(4):33,July-Aug.2003. [65] MircoMusolesiandCeciliaMascolo.Acommunitybasedmobilitymodelforadhocnetworkresearch.InACMREALMAN,2006. [66] MartinO'ConnellandGretchenEGooding.Theuseofrstnamestoevaluatereportsofgenderanditseffectonthedistributionofmarriedandunmarriedcouplehouseholds.InPopulationAssociationofAmerica(PAA)2006AnnualMeeting,2006. [67] A.Panagakis,A.Vaios,andI.Stavrakakis.OntheEffectsofCooperationinDTNs.InCOMSWARE,2007. [68] JeffreyPang,BenGreenstein,RamakrishnaGummadi,SrinivasanSeshan,andDavidWetherall.802.11userngerprinting.InMobiCom'07:Proceedingsofthe13thannualACMinternationalconferenceonMobilecomputingandnetworking,pages99,NewYork,NY,USA,2007.ACM. [69] RuomingPang,MarkAllman,VernPaxson,andJasonLee.Thedevilandpackettraceanonymization.SIGCOMMComput.Commun.Rev.,36(1):29,2006. [70] VikramSrinivasanPavan,VikramSrinivasan,PavanNuggehalli,CarlaF.Chiasserini,andRameshR.Rao.Cooperationinwirelessadhocnetworks.InIEEEInfocom,2003. [71] KiranK.Rachuriandetal.Emotionsense:amobilephonesbasedadaptiveplatformforexperimentalsocialpsychologyresearch.InUbicomp,2010. [72] GlennShafer.Perspectivesonthetheoryandpracticeofbelieffunctions.Int.JournalofApproximateReasoning,1990. 131

PAGE 132

[73] KatieShilton,JeffreyA.Burke,DebraEstrin,MarkHansen,andManiSrivastava.Participatoryprivacyinurbansensing.InMODUS:InternationalWorkshoponMobileDeviceandUrbanSensing,2008. [74] DouglasC.Sicker,PaulOhm,andDirkGrunwald.Legalissuessurroundingmonitoringduringnetworkresearch.InIMC'07:Proceedingsofthe7thACMSIGCOMMconferenceonInternetmeasurement,pages141,NewYork,NY,USA,2007.ACM. [75] NeilSpring,RatulMahajan,DavidWetherall,andThomasAnderson.Measuringisptopologieswithrocketfuel.IEEE/ACMTrans.Netw.,12(1):2,2004. [76] LatanyaSweeney.k-anonymity:amodelforprotectingprivacy.InternationalJournalonUncertainty,FuzzinessandKnowledge-basedSystems,10(5):557,March2002. [77] SaponTanachaiwiwatandAhmedHelmy.WormPropagationandInteractioninMobileNetworksinHandbookonSecurityandNetworks.WorldScienticPublishingCo.,2010. [78] G.S.Thakur,M.Sharma,andA.Helmy.Shield:Socialsensingandhelpinemergencyusingmobiledevices.InGLOBECOM,pages1.IEEE,2010. [79] AminVahdatandDavidBecker.Epidemicroutingforpartially-connectedadhocnetworks.Technicalreport,DukeUniversity,2000. [80] WeiWang,VikramSrinivasan,andMehulMotani.Adaptivecontactprobingmechanismsfordelaytolerantapplications.InProceedingsofthe13thannualACMinternationalconferenceonMobilecomputingandnetworking,MobiCom,2007. [81] JunXu,JinliangFan,MostafaH.Ammar,andSueB.Moon.Prex-preservingipaddressanonymization:Measurement-basedsecurityevaluationandanewcryptography-basedscheme.InComputerNetworks,pages280,2002. [82] BojanZdrnja,NevilBrownlee,andDuaneWessels.Passivemonitoringofdnsanomalies.InDIMVA,pages129,2007. [83] KaiZeng,KannanGovindan,andPrasantMohapatra.Non-cryptographicauthenticationandidenticationinwirelessnetworks.WirelessCommunications,2010. [84] ShengZhong,JiangChen,andRichardYang.Sprite:ASimple,Cheat-Proof,Credit-BasedSystemforMobileAd-HocNetworks.InINFOCOM,2002. 132

PAGE 133

BIOGRAPHICALSKETCH UdayanKumarreceivedhisB.TechdegreefromDA-IICT,Gandhinagar,IndiaandMSdegreeinComputerEngineeringfromUniversityofFlorida.HestartedhisPhDinComputerEngineeringatUniversityofFloridain2008.Hisresearchinterestsincludeunderstandingusers'socialbehaviorfromnetworktracesandutilizingthebehaviorpatternstodevelopnewinsightsandapplications. 133