ABSTRACT
Mobile social apps provide sharing and networking opportunities based on a user's location, activity, and set of nearby users. A platform for these apps must meet a wide range of communication needs while ensuring users' control over their privacy. In this paper, we introduce EnCore, a mobile platform that builds on secure encounters between pairs of devices as a foundation for privacy-preserving communication. An encounter occurs whenever two devices are within Bluetooth radio range of each other, and generates a unique encounter ID and associated shared key. EnCore detects nearby users and resources, bootstraps named communication abstractions called events for groups of proximal users, and enables communication and sharing among event participants, while relying on existing network, storage and online social network services. At the same time, EnCore puts users in control of their privacy and the confidentiality of the information they share. Using an Android implementation of EnCore and an app for event-based communication and sharing, we evaluate EnCore's utility using a live testbed deployment with 35 users.
- AllJoyn. http://www.joyn.org. Last accessed: September 2013.Google Scholar
- Android Beam. http://developer.android.com/guide/topics/connectivity/nfc/nfc.html#p2p%. Last accessed: June 2013.Google Scholar
- Bluetooth Specification Core Version 4.0. https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=22973%7. Last accessed: March 2014.Google Scholar
- FireChat. https://itunes.apple.com/us/app/firechat/id719829352?mt=8. Last accessed: March 2014.Google Scholar
- Foursquare. https://foursquare.com/. Last accessed: June 2013.Google Scholar
- Friday: automated journal. http://www.fridayed.com/. Last accessed: October 2013.Google Scholar
- Google fires engineer for violating privacy policies. http://www.physorg.com/news203744839.html. Last accessed: September 2012.Google Scholar
- Haggle. http://www.haggleproject.org. Last accessed: September 2013.Google Scholar
- Highlight. http://highlig.ht/. Last accessed: December 2013.Google Scholar
- iOS 7 AirDrop. http://support.apple.com/kb/HT5887. Last accessed: January 2014.Google Scholar
- Lokast. http://www.lokast.com. Last accessed: September 2013.Google Scholar
- Mailinator: Free disposable email. http://mailinator.com/. Last accessed: January 2014.Google Scholar
- Memoto: automatic lifelogging camera. http://memoto.com/. Last accessed: September 2013.Google Scholar
- Near Field Communication -- Interface and Protocol (ISO/IEC 18092:2013). http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.ht%m?csnumber=56692. Last accessed: September 2013.Google Scholar
- Nintendo 3DS. http://www.nintendo.com/3ds. Last accessed: September 2013.Google Scholar
- Secret. https://www.secret.ly/. Last accessed: March 2014.Google Scholar
- Sony PlayStation Vita. http://us.playstation.com/psvita/. Last accessed: September 2013.Google Scholar
- Tile. http://www.thetileapp.com/. Last accessed: September 2013.Google Scholar
- Whisper. http://whisper.sh/. Last accessed: March 2014.Google Scholar
- Wi-Fi Direct. http://www.wi-fi.org/discover-and-learn/wi-fi-direct. Last accessed: September 2013.Google Scholar
- N. Aharony, W. Pan, C. Ip, I. Khayal, and A. Pentland. Social fMRI: Investigating and shaping social mechanisms in the real world. Pervasive Mob. Comput., 7(6), Dec. 2011. Google ScholarDigital Library
- W. Apolinarski, M. Handte, M. U. Iqbal, and P. J. Marrón. Secure interaction with piggybacked key-exchange. Pervasive Mob. Comput., 10, Feb. 2014. Google ScholarDigital Library
- R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online social network with user-defined privacy. In Proceedings of the ACM SIGCOMM conference on Data communication, SIGCOMM '09, 2009. Google ScholarDigital Library
- L. B. Baker and J. Finkle. Sony PlayStation suffers massive data breach. http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73%P6WB20110426. Last accessed: September 2012.Google Scholar
- M. Bakht, M. Trower, and R. H. Kravets. Searchlight: won't you be my neighbor? In Proceedings of the 18th annual international conference on Mobile computing and networking, MobiCom '12, 2012. Google ScholarDigital Library
- V. Brik, S. Banerjee, M. Gruteser, and S. Oh. Wireless device identification with radiometric signatures. In Proceedings of the 14th ACM international conference on Mobile computing and networking, MobiCom '08, 2008. Google ScholarDigital Library
- J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov. "you might also like: " privacy risks of collaborative filtering. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, 2011. Google ScholarDigital Library
- C. Castelluccia and P. Mutaf. Shake them up!: a movement-based pairing protocol for CPU-constrained devices. In Proceedings of the 3rd international conference on Mobile systems, applications, and services, MobiSys '05, 2005. Google ScholarDigital Library
- L. P. Cox, A. Dalton, and V. Marupadi. Smokescreen: flexible privacy controls for presence-sharing. In Proceedings of the 5th international conference on Mobile systems, applications and services, MobiSys '07, 2007. Google ScholarDigital Library
- E. D. Cristofaro, Y. Lu, and G. Tsudik. Efficient techniques for privacy-preserving sharing of sensitive information. Cryptology ePrint Archive, Report 2011/113, 2011. http://eprint.iacr.org/.Google Scholar
- W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, 22(6), nov 1976. Google ScholarDigital Library
- B. Dodson, I. Vo, T. Purtell, A. Cannon, and M. Lam. Musubi: disintermediated interactive social feeds for mobile devices. In Proceedings of the 21st international conference on World Wide Web, WWW '12, 2012. Google ScholarDigital Library
- P. Dutta and D. Culler. Practical asynchronous neighbor discovery and rendezvous for mobile sensing applications. In Proceedings of the 6th ACM conference on Embedded network sensor systems, SenSys '08, 2008. Google ScholarDigital Library
- B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek, and R. Morris. Persistent personal names for globally connected mobile devices. In Proceedings of the 7th symposium on Operating systems design and implementation, OSDI '06, 2006. Google ScholarDigital Library
- M. Goetz and S. Nath. Privacy-aware personalization for mobile advertising. Technical report.Google Scholar
- B. Greenstein, D. McCoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall. Improving wireless privacy with an identifier-free link layer protocol. In Proceedings of the 6th international conference on Mobile systems, applications, and services, MobiSys '08, 2008. Google ScholarDigital Library
- S. Guha, M. Jain, and V. N. Padmanabhan. Koi: a location-privacy platform for smartphone apps. In Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation, NSDI'12, 2012. Google ScholarDigital Library
- C. A. Gunter, M. J. May, and S. G. Stubblebine. A formal privacy system and its application to location based services. In Proceedings of the 4th international conference on Privacy Enhancing Technologies, PET'04, 2005. Google ScholarDigital Library
- B. Han and A. Srinivasan. ediscovery: Energy efficient device discovery for mobile opportunistic communications. In Proceedings of the 20th IEEE International Conference on Network Protocols (ICNP), ICNP '12, 2012. Google ScholarDigital Library
- B. Hoh, M. Gruteser, R. Herring, J. Ban, D. Work, J.-C. Herrera, A. M. Bayen, M. Annavaram, and Q. Jacobson. Virtual trip lines for distributed privacy-preserving traffic monitoring. In Proceedings of the 6th international conference on Mobile systems, applications, and services, MobiSys '08, 2008. Google ScholarDigital Library
- P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, 2011. Google ScholarDigital Library
- P. Jappinen, I. Laakkonen, V. Latva, and A. Hamalainen. Bluetooth device surveillance and its implications. WSEAS Transactions on Information Science and Applications, 1(4), Oct. 2004.Google Scholar
- S. Jarecki and N. Saxena. Authenticated key agreement with key re-use in the short authenticated strings model. In Proceedings of the 7th international conference on Security and cryptography for networks, SCN'10, 2010. Google ScholarDigital Library
- P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias. Preventing location-based identity inference in anonymous spatial queries. IEEE Trans. on Knowl. and Data Eng., 19(12), Dec. 2007. Google ScholarDigital Library
- A. Kandhalu, K. Lakshmanan, and R. R. Rajkumar. U-connect: a low-latency energy-efficient asynchronous neighbor discovery protocol. In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks, IPSN '10, 2010. Google ScholarDigital Library
- V. Lenders, E. Koukoumidis, P. Zhang, and M. Martonosi. Location-based trust for mobile user-generated content: applications, challenges and implementations. In Proceedings of the 9th workshop on Mobile computing systems and applications, HotMobile '08, 2008. Google ScholarDigital Library
- M. Lentz, V. Erdelyi, P. Aditya, E. Shi, P. Druschel, and B. Bhattacharjee. SDDR: Light-Weight Cryptographic Discovery for Mobile Encounters. http://www.cs.umd.edu/projects/encore.Google Scholar
- Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang. Spate: small-group pki-less authenticated trust establishment. In Proceedings of the 7th international conference on Mobile systems, applications, and services, MobiSys '09, 2009. Google ScholarDigital Library
- J. Manweiler, R. Scudellari, and L. P. Cox. Smile: encounter-based trust for mobile social services. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, 2009. Google ScholarDigital Library
- R. Mayrhofer and H. Gellersen. Shake well before use: authentication based on accelerometer data. In Proceedings of the 5th international conference on Pervasive computing, PERVASIVE'07, 2007. Google ScholarDigital Library
- J. S. Plank. A tutorial on reed-solomon coding for fault-tolerance in raid-like systems. Software-Practice & Experience, 27(9), Sept. 1997. Google ScholarDigital Library
- F. Y. Rashid. Epsilon data breach highlights cloud-computing security concerns. http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/. Last accessed: September 2012.Google Scholar
- I. S. Reed and G. Solomon. Polynomial codes over certain finite fields. Journal of the Society for Industrial & Applied Mathematics, 8(2), jun 1960.Google Scholar
- S. Saroiu and A. Wolman. Enabling new mobile applications with location proofs. In Proceedings of the 10th workshop on Mobile Computing Systems and Applications, HotMobile '09, 2009. Google ScholarDigital Library
- A. Schulman, T. Schmid, P. Dutta, and N. Spring. Demo: Phone power monitoring with BattOr. In In the 17th ACM international conference on Mobile computing and networking, MobiCom '11, 2011.Google Scholar
- R. Shokri, G. Theodorakopoulos, J.-Y. Le Boudec, and J.-P. Hubaux. Quantifying location privacy. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, 2011. Google ScholarDigital Library
- J. Su, J. Scott, P. Hui, J. Crowcroft, E. De Lara, C. Diot, A. Goel, M. H. Lim, and E. Upton. Haggle: seamless networking for mobile applications. In Proceedings of the 9th international conference on Ubiquitous computing, UbiComp '07, 2007. Google ScholarDigital Library
- W.-T. Tan, M. Baker, B. Lee, and R. Samadani. The sound of silence. In Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems, SenSys '13, 2013. Google ScholarDigital Library
- K. Thomas. Microsoft cloud data breach heralds things to come. http://www.pcworld.com/article/214775/microsoft_cloud_data_breach_sign_of_future.html. Last accessed: September 2012.Google Scholar
- W. Wang, V. Srinivasan, and M. Motani. Adaptive contact probing mechanisms for delay tolerant applications. In Proceedings of the 13th annual ACM international conference on Mobile computing and networking, MobiCom '07, 2007. Google ScholarDigital Library
Index Terms
- EnCore: private, context-based communication for mobile social apps
Recommendations
I-Pic: A Platform for Privacy-Compliant Image Capture
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and ServicesThe ubiquity of portable mobile devices equipped with built-in cameras have led to a transformation in how and when digital images are captured, shared, and archived. Photographs and videos from social gatherings, public events, and even crime scenes ...
Anonymizing user location and profile information for privacy-aware mobile services
LBSN '10: Proceedings of the 2nd ACM SIGSPATIAL International Workshop on Location Based Social NetworksDue to the growing use of mobile devices, location-based services have become popular. A location service often requires the user's exact location to provide appropriate services and this brings the risk of threats to privacy. In this paper, we propose ...
Fine-Grained Cloaking of Sensitive Positions in Location-Sharing Applications
Geosocial networking applications magnify the concern for location privacy because a user's position can be disclosed to diverse untrusted parties. The Privacy Preserving Obfuscation Environment (Probe) framework supports semantic-location cloaking to ...
Comments