this paper was submitted on
2 points (100% like it)
2 up votes 0 down votes

papers

subscribe8 readers

Welcome to the public review site of papers appearing in MobiSys 2012. Here you can find the public review written by a PC member for each paper and the authors' rebuttal to it. You can comment on any of them or add your own opinion. Finally you can vote to "like" or "dislike" a paper by clicking the up or down arrows next to its title.

all 5 comments

[–]OpaakIsAwesome 0 points1 point ago

sorry, this has been archived and can no longer be voted on

Great paper!

[–]ConferenceQA 0 points1 point ago

sorry, this has been archived and can no longer be voted on

Q: (Parijat from Max Planck) - what does it take to verify an IMEI number and what is overhead

A: IMEI is just one example - cellular carrier can verify it easily. You can verify phone numbers easily (as another example). One way is that we can push SMS verification to the AIP. Instead of Craigslist doing it every time, we do it only once with the AIP.

Q: is AIP a trusted all-powerful component>?

A: Use it to trust that user owns the resource

[–]ConferenceQA 0 points1 point ago

sorry, this has been archived and can no longer be voted on

Q: I don’t think cellular provider can verify IMEI. SMS spammers often fake this. It also seems to me .. that system is based on the fact that user has a phone number. How about others -- e.g., credit card numbers? Banks can’t use IMEI and phone numbers come and go

A: Sure. Credit card numbers is a good example, but they can be fake too. It depends on the AIP to verify.

[–]ConferenceQA 0 points1 point ago

sorry, this has been archived and can no longer be voted on

Q: Can you comment on why you have to use this vs. other anonymous web based identities?

A: Key differentiation is the rate limiting. Most existing k-anonymous scheme require range proofs. Our architecture is simpler and more efficient. They have very broad goals -- we focus on just simpler problems.

[–]ConferenceQA 0 points1 point ago

sorry, this has been archived and can no longer be voted on

Q: (David Chu, MSFT) Does your system fall apart if the attacker has access to personal information e.g., via botnet, get access to a bag of IMEI numbers etc.

A: Yes, attacker can assume a million*k (the limit for anonymous identities allowed at AIP) but this is too expensive. That was our goal - to make it expensive for such hacks.