1 / 17

GeoVault: Secure Location Tracking System Review and Security Insights

This project review outlines the GeoVault system, which securely transmits location data from users' devices to the GeoVault server. The data is processed and sent from the server to a distributed database, ensuring confidentiality through secret sharing and OAuth for third-party access. Highlighted are challenges faced, including network complexity and the balance of military and civilian needs. Additionally, we discuss limitations, response to potential attacks, and the architecture of our system. Insights into the use of U.S. census data for accurate regional tracking are also provided.

anoki
Télécharger la présentation

GeoVault: Secure Location Tracking System Review and Security Insights

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GeoVault: Secure Location Tracking Final Project Review Nathan Franz Emily Nelson Thomas Petr Shanka Wijesundara

  2. System Overview

  3. System Overview • Location data is transmitted from either cell phone or computer to the GeoVault Server. • The server is where the resolution and access settings are stored and can be applied to the updated location. • The location is transmitted from the server to the distributed database and then to the specific node by secret sharing. • The data can also be transmitted from the server to a third party via OAuth. • Emails are sent from the server to the user via emial. • The users device directly interfaces with the google map API to display their location on a map.

  4. Feedback From CDR • Network was complicated • Lots of secret sharing • Trying to cover military and civilian has too many conflicts • Demo should include threats • Limitations in existing system

  5. Timing of Secret Sharing • Not as fast as other encryption methods • Chosen because of its threshold scheme.

  6. Political Boundaries • Used U.S. Census Data • Region selected by most overlapping area of accuracy circle • Able to see down to • Country • State • County (Massachusetts only for now) • Town (Massachusetts only for now)

  7. OAuth • Tokens are used to grant a third party website temporary access to GeoVault. • They regulate • What the third party has access to • How long they have access Location Data GeoVault Twitter OAuth

  8. Motivation for Attacks

  9. Attacks & Countermeasures

  10. Demo

  11. Division of Labor

  12. Thank you!

  13. Snooping Idle Timeouts Database Secret Sharing Passwords Distributed Database Database Encryption Database

  14. Impersonation Idle Time Outs Passwords Unrealistic Travel check

  15. DDOS CAPTCHA’s Failed Login Attempt Delay Update Delay

  16. Cross Site Request Forgery Protection GeoVault Session ID Verification Malicious Website

  17. Man in the Middle Attack HTTPS

More Related