Waze is a popular, free navigation software tool available for download onto GPS-enabled devices.
The value-add provided by Waze comes in the form of providing real-time user-generated traffic information through user reports, and incorporating this information into its turn-by-turn navigation instructions based on the user's location.
Waze relies on the process of crowdsourcing information from its users; including maps, traffic reports, hazards, construction, and other pertinent travel notices. This info is transmitted to the Waze server, in addition to users' location and driving speed with the purpose of improving the service: to optimize driving routes for users. Using the information provided by users, Waze provides back driving routes and traffic alerts. Waze users can report a traffic alert to the service in real-time, and can accumulate 'points' as they continue to contribute to the platform.
Layer 1: Physical Layer
Wireless LAN access enables the Wazer to engage with the Waze service. While the user can enable GPS location access to the app at all times, the real-time traffic information and alerts require a data connection while in use. For this reason, Wi-Fi technology which can only provide utility at short-range is insufficient. Users must have 4G coverage to experience the app features.
The Wazer buckles their car seatbelt and opens up the Waze app to begin their route. They will type in their destination address in the search bar--this search string is translated into bits of 1s and 0s via the WLAN.
Layer 2: Data Link Layer
Provided there is a LAN connection to the mobile device, a switch forwards destination address information from the request originating in the user's LAN, to Waze's LAN that houses the corresponding requested address.
The converted bits that identify the search string are framed into network layer packets in the LLC sub-layer, and this is packaged with the MAC address for delivery to its destination with Waze.
Layer 3: Network Layer
The packets are routed from node-to-node between the user device's IP address to the Waze MAC address derived from the user request.
The receiving WLAN hub examines the MAC address to confirm it has reached its intended destination. The request is then routed to the destination network.
Layer 4: Transport Layer
The Waze server stores all data collected via historical user requests and maintains this directory to deliver back to the Waze user.
The TCP/IP method validates the user request and returns a list of possible search results for the user to begin their drive. For example; if the user simply typed in 'Walgreens', Waze would now return listings for Walgreens stores in the closest surrounding region to the requesting location.
When the user selects the appropriate destination for their drive from the search results and clicks "Go now", the TCP/IP process is initiated to prompt Waze to now deliver traffic and route information to the Waze user. The app screen is populated with initial route instructions and expected arrival time.
Layer 5: Session Layer
The relationship between Waze and the user remains open for the duration of the user's route. As these sessions are being established and broken by users nationwide, the Waze user is continually receiving real-time feedback from Waze provided by information transferred over the course of other user sessions. This allows the user to see a notification when another driver reports a pothole on the road they are traveling along, or perhaps generate an alternate route when Waze anticipates heavy traffic based on high concentrations of user sessions in a given location.
Each component of the user's behavior along their drive is stored by Waze to optimize the route for future sessions.
Layer 6: Presentation Layer
The information that has been transferred between Waze and the driver is translated into content for the Waze user. The information that is generated for the presentation layer may include a report of a traffic jam 2 miles ahead, or a notification to turn right on Main Street.
Layer 7: Application Layer
The real-time navigation support is provided to the user in the form of audio feedback to alert the user to upcoming directions, visual feedback in the form of map image files, alert graphics, as well as text formatting for user control labels and displayed directions.
These functions can all be toggled by the user settings to enhance their needs, i.e. increasing the volume of the audio directions, or shifting into 'night mode' graphic display for clearer visual accessibility when driving at night.
As Waze technology relies heavily on crowdsourcing data for its utility, threats to user security are a concern when weighing options for navigation tools like Waze.
The app requests user location in the background while the app is not in use, allowing Waze to alert the user to suggested departure times for upcoming events or scheduled drives, or tracking the location of the user's parked car following a completed route.
To prevent the exploitation of user location information and account history, there are a number of protocols that can be implemented to protect Waze users.
Route filtering prevents IP address hijacking by external users. Input filtering is implemented on users by limiting the accessible routes to only those assigned to the user.
Firewalls utilize conditional filters to allow or restrict network access based on a number of possible criteria, i.e. IP address, server port, or specific user behaviors that are limited.
Password encryption aims to prevent false users from initiating a session on the application by requiring an exact password match to accept a user session. The encryption element of this security measure means that the application does not actually store the user's unique password. It codes it into an indecipherable unique language that cannot be readily guessed, and as the user enters the correct password, this same coding generates a match to initiate the session. However, the actual encoded function cannot be utilized to access the session, as it is only a translation of the true password as registered with the authentic user.
Security testing is a process of scanning the application source code to track changes--identifying areas where the source code has been altered can alert the developer to security vulnerabilities and mitigate these risks at the application layer; the layer with the widest scope at risk of attack.