Secure Encounter-Based Mobile Social Networks: Requirements, Designs, and Tradeoffs

Encounter-based social networks and encounter-based systems link users who share a location at the same time, as opposed to the traditional social network paradigm of linking users who have an offline friendship. This new approach presents challenges that are fundamentally different from those tackled by previous social network designs. In this paper, we explore the functional and security requirements for these new systems, such as availability, security, and privacy, and present several design options for building secure encounter-based social networks. To highlight these challenges, we examine one recently proposed encounter-based social network design and compare it to a set of idealized security and functionality requirements. We show that it is vulnerable to several attacks, including impersonation, collusion, and privacy breaching, even though it was designed specifically for security. Mindful of the possible pitfalls, we construct a flexible framework for secure encounter-based social networks, which can be used to construct networks that offer different security, privacy, and availability guarantees. We describe two example constructions derived from this framework, and consider each in terms of the ideal requirements. Some of our new designs fulfill more requirements in terms of system security, reliability, and privacy than previous work. We also evaluate real-world performance of one of our designs by implementing a proof-of-concept iPhone application called MeetUp. Experiments highlight the potential of our system and hint at the deployability of our designs on a large scale.

[1]  A. Acquisti Privacy in the Age of Augmented Reality , 2011 .

[2]  John Kelley,et al.  WhozThat? evolving an ecosystem for context-aware mobile social networks , 2008, IEEE Network.

[3]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[4]  Aziz Mohaisen,et al.  Secure encounter-based social networks: requirements, challenges, and designs , 2010, CCS '10.

[5]  Adrian Perrig,et al.  SafeSlinger: An Easy-to-use and Secure Approach for Human Trust Establishment , 2011 .

[6]  Justin Manweiler,et al.  SMILE: encounter-based trust for mobile social services , 2009, CCS.

[7]  Justin Manweiler,et al.  We saw each other on the subway: secure, anonymous proximity-based missed connections , 2009, HotMobile '09.

[8]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[9]  Roger Wattenhofer,et al.  VENETA: Serverless Friend-of-Friend Detection in Mobile Social Networking , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.

[10]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[11]  Alex Pentland,et al.  Social serendipity: mobilizing social software , 2005, IEEE Pervasive Computing.

[12]  Thomas E. Anderson,et al.  Privacy-preserving P2P data sharing with OneSwarm , 2010, SIGCOMM '10.

[13]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[14]  V. Bruce,et al.  Face processing: Human perception and principal components analysis , 1996, Memory & cognition.

[15]  Alessandro Acquisti,et al.  Face Recognition and Privacy in the Age of Augmented Reality , 2014, J. Priv. Confidentiality.

[16]  Margaret Martonosi,et al.  Location-based trust for mobile user-generated content: applications, challenges and implementations , 2008, HotMobile '08.

[17]  M. Macy Learning to Cooperate: Stochastic and Tacit Collusion in Social Exchange , 1991, American Journal of Sociology.

[18]  David R. Karger,et al.  Kademlia: A peer-to-peer information system based on the xor metric , 2003 .

[19]  Charles M. Gartrell SocialAware: Context-aware multimedia presentation via mobile social networks , 2008 .

[20]  Russell J. Clark,et al.  D-book: a mobile social networking application for delay tolerant networks , 2008, CHANTS '08.

[21]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[22]  Guido Wirtz,et al.  Performance Measurements of Tor Hidden Services in Low-Bandwidth Access Networks , 2009, ACNS.

[23]  Lujo Bauer,et al.  Don't Bump, Shake on It: the exploitation of a popular accelerometer-based smart phone exchange and its secure replacement , 2011, ACSAC '11.

[24]  Bo-Yin Yang,et al.  GAnGS: gather, authenticate 'n group securely , 2008, MobiCom '08.

[25]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[26]  George Varghese,et al.  MobiClique: middleware for mobile social networking , 2009, WOSN '09.

[27]  Hung-Min Sun,et al.  SPATE: Small-Group PKI-Less Authenticated Trust Establishment , 2010, IEEE Transactions on Mobile Computing.