EnCore: private, context-based communication for mobile social apps

Mobile social apps provide sharing and networking opportunities based on a user's location, activity, and set of nearby users. A platform for these apps must meet a wide range of communication needs while ensuring users' control over their privacy. In this paper, we introduce EnCore, a mobile platform that builds on secure encounters between pairs of devices as a foundation for privacy-preserving communication. An encounter occurs whenever two devices are within Bluetooth radio range of each other, and generates a unique encounter ID and associated shared key. EnCore detects nearby users and resources, bootstraps named communication abstractions called events for groups of proximal users, and enables communication and sharing among event participants, while relying on existing network, storage and online social network services. At the same time, EnCore puts users in control of their privacy and the confidentiality of the information they share. Using an Android implementation of EnCore and an app for event-based communication and sharing, we evaluate EnCore's utility using a live testbed deployment with 35 users.

[1]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[2]  Mary Baker,et al.  The sound of silence , 2013, SenSys '13.

[3]  Monica S. Lam,et al.  Musubi: disintermediated interactive social feeds for mobile devices , 2012, WWW.

[4]  Robert Tappan Morris,et al.  Persistent personal names for globally connected mobile devices , 2006, OSDI '06.

[5]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[6]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[7]  Srinivasan Seshan,et al.  Improving wireless privacy with an identifier-free link layer protocol , 2008, MobiSys '08.

[8]  Karthik Lakshmanan,et al.  U-connect: a low-latency energy-efficient asynchronous neighbor discovery protocol , 2010, IPSN '10.

[9]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[10]  Nitesh Saxena,et al.  Authenticated Key Agreement with Key Re-use in the Short Authenticated Strings Model , 2010, SCN.

[11]  Eyal de Lara,et al.  Haggle: Seamless Networking for Mobile Applications , 2007, UbiComp.

[12]  James S. Plank A tutorial on Reed-Solomon coding for fault-tolerance in RAID-like systems , 1997 .

[13]  Suman Nath,et al.  Privacy-aware personalization for mobile advertising , 2012, CCS.

[14]  Robin Kravets,et al.  Searchlight: won't you be my neighbor? , 2012, Mobicom '12.

[15]  Xu Chen The analysis and research about the standard of near field communication interface and protocol , 2006 .

[16]  Margaret Martonosi,et al.  Location-based trust for mobile user-generated content: applications, challenges and implementations , 2008, HotMobile '08.

[17]  Carl A. Gunter,et al.  A Formal Privacy System and Its Application to Location Based Services , 2004, Privacy Enhancing Technologies.

[18]  David E. Culler,et al.  Practical asynchronous neighbor discovery and rendezvous for mobile sensing applications , 2008, SenSys '08.

[19]  Wei Wang,et al.  Adaptive contact probing mechanisms for delay tolerant applications , 2007, MobiCom '07.

[20]  Hung-Min Sun,et al.  SPATE: Small-Group PKI-Less Authenticated Trust Establishment , 2010, IEEE Transactions on Mobile Computing.

[21]  Claude Castelluccia,et al.  Shake them up!: a movement-based pairing protocol for CPU-constrained devices , 2005, MobiSys '05.

[22]  Vitaly Shmatikov,et al.  "You Might Also Like:" Privacy Risks of Collaborative Filtering , 2011, 2011 IEEE Symposium on Security and Privacy.

[23]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[24]  Aravind Srinivasan,et al.  eDiscovery: Energy efficient device discovery for mobile opportunistic communications , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[25]  Elaine Shi,et al.  SDDR: Light-Weight, Secure Mobile Encounters , 2014, USENIX Security Symposium.

[26]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[27]  Alex Pentland,et al.  Social fMRI: Investigating and shaping social mechanisms in the real world , 2011, Pervasive Mob. Comput..

[28]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[29]  Saikat Guha,et al.  Koi: A Location-Privacy Platform for Smartphone Apps , 2012, NSDI.

[30]  Murphy J. Stephen,et al.  You Might Also Like , 2014 .

[31]  Emiliano De Cristofaro,et al.  Efficient Techniques for Privacy-Preserving Sharing of Sensitive Information , 2011, TRUST.

[32]  Justin Manweiler,et al.  SMILE: encounter-based trust for mobile social services , 2009, CCS.

[33]  Pedro José Marrón,et al.  Secure interaction with piggybacked key-exchange , 2014, Pervasive Mob. Comput..

[34]  Landon P. Cox,et al.  SmokeScreen: flexible privacy controls for presence-sharing , 2007, MobiSys '07.

[35]  René Mayrhofer,et al.  Shake Well Before Use: Authentication Based on Accelerometer Data , 2007, Pervasive.

[36]  Alexandre M. Bayen,et al.  Virtual trip lines for distributed privacy-preserving traffic monitoring , 2008, MobiSys '08.