EnCore: private, context-based communication for mobile social apps

Authors:
Paarijaat Aditya

Max Planck Institute for Software Systems, Saarbruecken, Germany

Max Planck Institute for Software Systems, Saarbruecken, Germany
View Profile

,
Viktor Erdélyi

Max Planck Institute for Software Systems, Saarbruecken, Germany

Max Planck Institute for Software Systems, Saarbruecken, Germany
View Profile

,
Matthew Lentz

University of Maryland, College Park, USA

University of Maryland, College Park, USA
View Profile

,
Elaine Shi

University of Maryland, College Park, USA

University of Maryland, College Park, USA
View Profile

,
Bobby Bhattacharjee

University of Maryland, College Park, USA

University of Maryland, College Park, USA
View Profile

,
Peter Druschel

Max Planck Institute for Software Systems, Saarbruecken, Germany

Max Planck Institute for Software Systems, Saarbruecken, Germany
View Profile

MobiSys '14: Proceedings of the 12th annual international conference on Mobile systems, applications, and servicesJune 2014Pages 135–148https://doi.org/10.1145/2594368.2594374

Published:02 June 2014Publication History

MobiSys '14: Proceedings of the 12th annual international conference on Mobile systems, applications, and services

Pages 135–148

ABSTRACT

Mobile social apps provide sharing and networking opportunities based on a user's location, activity, and set of nearby users. A platform for these apps must meet a wide range of communication needs while ensuring users' control over their privacy. In this paper, we introduce EnCore, a mobile platform that builds on secure encounters between pairs of devices as a foundation for privacy-preserving communication. An encounter occurs whenever two devices are within Bluetooth radio range of each other, and generates a unique encounter ID and associated shared key. EnCore detects nearby users and resources, bootstraps named communication abstractions called events for groups of proximal users, and enables communication and sharing among event participants, while relying on existing network, storage and online social network services. At the same time, EnCore puts users in control of their privacy and the confidentiality of the information they share. Using an Android implementation of EnCore and an app for event-based communication and sharing, we evaluate EnCore's utility using a live testbed deployment with 35 users.

References

AllJoyn. http://www.joyn.org. Last accessed: September 2013.Google Scholar
Android Beam. http://developer.android.com/guide/topics/connectivity/nfc/nfc.html#p2p%. Last accessed: June 2013.Google Scholar
Bluetooth Specification Core Version 4.0. https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=22973%7. Last accessed: March 2014.Google Scholar
FireChat. https://itunes.apple.com/us/app/firechat/id719829352?mt=8. Last accessed: March 2014.Google Scholar
Foursquare. https://foursquare.com/. Last accessed: June 2013.Google Scholar
Friday: automated journal. http://www.fridayed.com/. Last accessed: October 2013.Google Scholar
Google fires engineer for violating privacy policies. http://www.physorg.com/news203744839.html. Last accessed: September 2012.Google Scholar
Haggle. http://www.haggleproject.org. Last accessed: September 2013.Google Scholar
Highlight. http://highlig.ht/. Last accessed: December 2013.Google Scholar
iOS 7 AirDrop. http://support.apple.com/kb/HT5887. Last accessed: January 2014.Google Scholar
Lokast. http://www.lokast.com. Last accessed: September 2013.Google Scholar
Mailinator: Free disposable email. http://mailinator.com/. Last accessed: January 2014.Google Scholar
Memoto: automatic lifelogging camera. http://memoto.com/. Last accessed: September 2013.Google Scholar
Near Field Communication -- Interface and Protocol (ISO/IEC 18092:2013). http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.ht%m?csnumber=56692. Last accessed: September 2013.Google Scholar
Nintendo 3DS. http://www.nintendo.com/3ds. Last accessed: September 2013.Google Scholar
Secret. https://www.secret.ly/. Last accessed: March 2014.Google Scholar
Sony PlayStation Vita. http://us.playstation.com/psvita/. Last accessed: September 2013.Google Scholar
Tile. http://www.thetileapp.com/. Last accessed: September 2013.Google Scholar
Whisper. http://whisper.sh/. Last accessed: March 2014.Google Scholar
Wi-Fi Direct. http://www.wi-fi.org/discover-and-learn/wi-fi-direct. Last accessed: September 2013.Google Scholar
N. Aharony, W. Pan, C. Ip, I. Khayal, and A. Pentland. Social fMRI: Investigating and shaping social mechanisms in the real world. Pervasive Mob. Comput., 7(6), Dec. 2011. Google ScholarDigital Library
W. Apolinarski, M. Handte, M. U. Iqbal, and P. J. Marrón. Secure interaction with piggybacked key-exchange. Pervasive Mob. Comput., 10, Feb. 2014. Google ScholarDigital Library
R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online social network with user-defined privacy. In Proceedings of the ACM SIGCOMM conference on Data communication, SIGCOMM '09, 2009. Google ScholarDigital Library
L. B. Baker and J. Finkle. Sony PlayStation suffers massive data breach. http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73%P6WB20110426. Last accessed: September 2012.Google Scholar
M. Bakht, M. Trower, and R. H. Kravets. Searchlight: won't you be my neighbor? In Proceedings of the 18th annual international conference on Mobile computing and networking, MobiCom '12, 2012. Google ScholarDigital Library
V. Brik, S. Banerjee, M. Gruteser, and S. Oh. Wireless device identification with radiometric signatures. In Proceedings of the 14th ACM international conference on Mobile computing and networking, MobiCom '08, 2008. Google ScholarDigital Library
J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov. "you might also like: " privacy risks of collaborative filtering. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, 2011. Google ScholarDigital Library
C. Castelluccia and P. Mutaf. Shake them up!: a movement-based pairing protocol for CPU-constrained devices. In Proceedings of the 3rd international conference on Mobile systems, applications, and services, MobiSys '05, 2005. Google ScholarDigital Library
L. P. Cox, A. Dalton, and V. Marupadi. Smokescreen: flexible privacy controls for presence-sharing. In Proceedings of the 5th international conference on Mobile systems, applications and services, MobiSys '07, 2007. Google ScholarDigital Library
E. D. Cristofaro, Y. Lu, and G. Tsudik. Efficient techniques for privacy-preserving sharing of sensitive information. Cryptology ePrint Archive, Report 2011/113, 2011. http://eprint.iacr.org/.Google Scholar
W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, 22(6), nov 1976. Google ScholarDigital Library
B. Dodson, I. Vo, T. Purtell, A. Cannon, and M. Lam. Musubi: disintermediated interactive social feeds for mobile devices. In Proceedings of the 21st international conference on World Wide Web, WWW '12, 2012. Google ScholarDigital Library
P. Dutta and D. Culler. Practical asynchronous neighbor discovery and rendezvous for mobile sensing applications. In Proceedings of the 6th ACM conference on Embedded network sensor systems, SenSys '08, 2008. Google ScholarDigital Library
B. Ford, J. Strauss, C. Lesniewski-Laas, S. Rhea, F. Kaashoek, and R. Morris. Persistent personal names for globally connected mobile devices. In Proceedings of the 7th symposium on Operating systems design and implementation, OSDI '06, 2006. Google ScholarDigital Library
M. Goetz and S. Nath. Privacy-aware personalization for mobile advertising. Technical report.Google Scholar
B. Greenstein, D. McCoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall. Improving wireless privacy with an identifier-free link layer protocol. In Proceedings of the 6th international conference on Mobile systems, applications, and services, MobiSys '08, 2008. Google ScholarDigital Library
S. Guha, M. Jain, and V. N. Padmanabhan. Koi: a location-privacy platform for smartphone apps. In Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation, NSDI'12, 2012. Google ScholarDigital Library
C. A. Gunter, M. J. May, and S. G. Stubblebine. A formal privacy system and its application to location based services. In Proceedings of the 4th international conference on Privacy Enhancing Technologies, PET'04, 2005. Google ScholarDigital Library
B. Han and A. Srinivasan. ediscovery: Energy efficient device discovery for mobile opportunistic communications. In Proceedings of the 20th IEEE International Conference on Network Protocols (ICNP), ICNP '12, 2012. Google ScholarDigital Library
B. Hoh, M. Gruteser, R. Herring, J. Ban, D. Work, J.-C. Herrera, A. M. Bayen, M. Annavaram, and Q. Jacobson. Virtual trip lines for distributed privacy-preserving traffic monitoring. In Proceedings of the 6th international conference on Mobile systems, applications, and services, MobiSys '08, 2008. Google ScholarDigital Library
P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, 2011. Google ScholarDigital Library
P. Jappinen, I. Laakkonen, V. Latva, and A. Hamalainen. Bluetooth device surveillance and its implications. WSEAS Transactions on Information Science and Applications, 1(4), Oct. 2004.Google Scholar
S. Jarecki and N. Saxena. Authenticated key agreement with key re-use in the short authenticated strings model. In Proceedings of the 7th international conference on Security and cryptography for networks, SCN'10, 2010. Google ScholarDigital Library
P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias. Preventing location-based identity inference in anonymous spatial queries. IEEE Trans. on Knowl. and Data Eng., 19(12), Dec. 2007. Google ScholarDigital Library
A. Kandhalu, K. Lakshmanan, and R. R. Rajkumar. U-connect: a low-latency energy-efficient asynchronous neighbor discovery protocol. In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks, IPSN '10, 2010. Google ScholarDigital Library
V. Lenders, E. Koukoumidis, P. Zhang, and M. Martonosi. Location-based trust for mobile user-generated content: applications, challenges and implementations. In Proceedings of the 9th workshop on Mobile computing systems and applications, HotMobile '08, 2008. Google ScholarDigital Library
M. Lentz, V. Erdelyi, P. Aditya, E. Shi, P. Druschel, and B. Bhattacharjee. SDDR: Light-Weight Cryptographic Discovery for Mobile Encounters. http://www.cs.umd.edu/projects/encore.Google Scholar
Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang. Spate: small-group pki-less authenticated trust establishment. In Proceedings of the 7th international conference on Mobile systems, applications, and services, MobiSys '09, 2009. Google ScholarDigital Library
J. Manweiler, R. Scudellari, and L. P. Cox. Smile: encounter-based trust for mobile social services. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, 2009. Google ScholarDigital Library
R. Mayrhofer and H. Gellersen. Shake well before use: authentication based on accelerometer data. In Proceedings of the 5th international conference on Pervasive computing, PERVASIVE'07, 2007. Google ScholarDigital Library
J. S. Plank. A tutorial on reed-solomon coding for fault-tolerance in raid-like systems. Software-Practice & Experience, 27(9), Sept. 1997. Google ScholarDigital Library
F. Y. Rashid. Epsilon data breach highlights cloud-computing security concerns. http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/. Last accessed: September 2012.Google Scholar
I. S. Reed and G. Solomon. Polynomial codes over certain finite fields. Journal of the Society for Industrial & Applied Mathematics, 8(2), jun 1960.Google Scholar
S. Saroiu and A. Wolman. Enabling new mobile applications with location proofs. In Proceedings of the 10th workshop on Mobile Computing Systems and Applications, HotMobile '09, 2009. Google ScholarDigital Library
A. Schulman, T. Schmid, P. Dutta, and N. Spring. Demo: Phone power monitoring with BattOr. In In the 17th ACM international conference on Mobile computing and networking, MobiCom '11, 2011.Google Scholar
R. Shokri, G. Theodorakopoulos, J.-Y. Le Boudec, and J.-P. Hubaux. Quantifying location privacy. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, 2011. Google ScholarDigital Library
J. Su, J. Scott, P. Hui, J. Crowcroft, E. De Lara, C. Diot, A. Goel, M. H. Lim, and E. Upton. Haggle: seamless networking for mobile applications. In Proceedings of the 9th international conference on Ubiquitous computing, UbiComp '07, 2007. Google ScholarDigital Library
W.-T. Tan, M. Baker, B. Lee, and R. Samadani. The sound of silence. In Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems, SenSys '13, 2013. Google ScholarDigital Library
K. Thomas. Microsoft cloud data breach heralds things to come. http://www.pcworld.com/article/214775/microsoft_cloud_data_breach_sign_of_future.html. Last accessed: September 2012.Google Scholar
W. Wang, V. Srinivasan, and M. Motani. Adaptive contact probing mechanisms for delay tolerant applications. In Proceedings of the 13th annual ACM international conference on Mobile computing and networking, MobiCom '07, 2007. Google ScholarDigital Library

Index Terms

EnCore: private, context-based communication for mobile social apps
1. Security and privacy
  1. Network security

Recommendations

I-Pic: A Platform for Privacy-Compliant Image Capture
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

The ubiquity of portable mobile devices equipped with built-in cameras have led to a transformation in how and when digital images are captured, shared, and archived. Photographs and videos from social gatherings, public events, and even crime scenes ...
Read More
Anonymizing user location and profile information for privacy-aware mobile services
LBSN '10: Proceedings of the 2nd ACM SIGSPATIAL International Workshop on Location Based Social Networks

Due to the growing use of mobile devices, location-based services have become popular. A location service often requires the user's exact location to provide appropriate services and this brings the risk of threats to privacy. In this paper, we propose ...
Read More
Fine-Grained Cloaking of Sensitive Positions in Location-Sharing Applications

Geosocial networking applications magnify the concern for location privacy because a user's position can be disclosed to diverse untrusted parties. The Privacy Preserving Obfuscation Environment (Probe) framework supports semantic-location cloaking to ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MobiSys '14: Proceedings of the 12th annual international conference on Mobile systems, applications, and services
June 2014
410 pages
ISBN:9781450327930
DOI:10.1145/2594368
General Chairs:
Andrew Campbell
Dartmouth College, USA
,
David Kotz
Dartmouth College, USA
,
Program Chairs:
Landon Cox
Duke University, USA
,
Z. Morley Mao
University of Michigan, USA
Copyright © 2014 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 2 June 2014
Check for updates
Author Tags
location-based services
mobile computing
pervasive computing
privacy
proximity-based services
social networking
Qualifiers
- research-article
Conference

Acceptance Rates
MobiSys '14 Paper Acceptance Rate25of185submissions,14%Overall Acceptance Rate274of1,679submissions,16%
More
Upcoming Conference
MOBISYS '24

Sponsor:

sigmobile

The 22nd Annual International Conference on Mobile Systems, Applications and Services

June 3 - 7, 2024

Minato-ku, Tokyo , Japan
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 29
  Total Citations
  View Citations
- 1,743
  Total Downloads
- Downloads (Last 12 months)70
- Downloads (Last 6 weeks)23
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

ePub

View this article in ePub.

View ePub

EnCore: private, context-based communication for mobile social apps

MobiSys '14: Proceedings of the 12th annual international conference on Mobile systems, applications, and services

ABSTRACT

References

Cited By

Index Terms

Recommendations

I-Pic: A Platform for Privacy-Compliant Image Capture

Anonymizing user location and profile information for privacy-aware mobile services

Fine-Grained Cloaking of Sensitive Positions in Location-Sharing Applications