The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - Nov.-Dec. (2013 vol.10)
pp: 380-393
Abedelaziz Mohaien , VeriSign Labs., Reston, VA, USA
Denis Foo Kune , Univ. of Minnesota, Minneapolis, MN, USA
Eugene Y. Vasserman , Kansas State Univ., Manhattan, KS, USA
Myungsun Kim , Univ. of Suwon, Suwon, South Korea
Yongdae Kim , Korea Adv. Inst. of Sci. & Technol., Daejeon, South Korea
ABSTRACT
Encounter-based social networks and encounter-based systems link users who share a location at the same time, as opposed to the traditional social network paradigm of linking users who have an offline friendship. This new approach presents challenges that are fundamentally different from those tackled by previous social network designs. In this paper, we explore the functional and security requirements for these new systems, such as availability, security, and privacy, and present several design options for building secure encounter-based social networks. To highlight these challenges, we examine one recently proposed encounter-based social network design and compare it to a set of idealized security and functionality requirements. We show that it is vulnerable to several attacks, including impersonation, collusion, and privacy breaching, even though it was designed specifically for security. Mindful of the possible pitfalls, we construct a flexible framework for secure encounter-based social networks, which can be used to construct networks that offer different security, privacy, and availability guarantees. We describe two example constructions derived from this framework, and consider each in terms of the ideal requirements. Some of our new designs fulfill more requirements in terms of system security, reliability, and privacy than previous work. We also evaluate real-world performance of one of our designs by implementing a proof-of-concept iPhone application called MeetUp. Experiments highlight the potential of our system and hint at the deployability of our designs on a large scale.
INDEX TERMS
Social network services, Privacy, Mobile communication, Authentication, Mobile radio mobility management,privacy, Social networks, location-based services
CITATION
Abedelaziz Mohaien, Denis Foo Kune, Eugene Y. Vasserman, Myungsun Kim, Yongdae Kim, "Secure Encounter-Based Mobile Social Networks: Requirements, Designs, and Tradeoffs", IEEE Transactions on Dependable and Secure Computing, vol.10, no. 6, pp. 380-393, Nov.-Dec. 2013, doi:10.1109/TDSC.2013.19
REFERENCES
[1] "Android Broadcast Documentation," http://goo.glFTxzV, 2013.
[2] A. Acquisti, R. Gross, and F. Stutzman, "Faces of Facebook: Privacy in the Age of Augmented Reality," BlackHat, 2011.
[3] "Android Development Kit," http:/developer.android.com, Oct. 2010.
[4] "Apple iOS Networking & Internet," http://developer. apple.com/technologies/ iosnetworking.html, Oct. 2010.
[5] A. Beach, M. Gartrell, S. Akkala, J. Elston, J. Kelley, K. Nishimoto, B. Ray, S. Razgulin, K. Sundaresan, B. Surendar, M. Terada, and R. Han, "Whozthat? Evolving an Ecosystem for Context-Aware Mobile Social Networks," IEEE Network, vol. 22, no. 4, pp. 50-55, July/Aug. 2008.
[6] "Bluetooth Specification Version 4.0," Bluetooth SIG, Bluetooth, 2010.
[7] Brightkite, http:/brightkite.com/, Oct. 2010.
[8] Bump, https:/bu.mp, 2010.
[9] C.-H. O. Chen, C.-W. Chen, C. Kuo, Y.-H. Lai, J.M. McCune, A. Studer, A. Perrig, B.-Y. Yang, and T.-C. Wu, "GAnGS: Gather, Authenticate 'N Group Securely," MobiCom, pp. 92-103. 2008,
[10] R.J. Clark, E. Zasoski, J. Olson, M.H. Ammar, and E.W. Zegura, "D-Book: A Mobile Social Networking Application for Delay Tolerant Networks," Proc. Third ACM Workshop Challenged Networks, pp. 113-116, 2008.
[11] CMS Wire, "Android Dominates Burgeoning US Smartphone Market," http://goo.glWZ4tZ, Aug. 2012.
[12] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (IETF RFC 5280)," Internet Eng. Task Force, Request for Comments, 2008.
[13] "Council Regulation (EC) No 2252/2004 of 13 Dec. 2004 on Standards for Security Features and Biometrics in Passports and Travel Documents Issued by Member States," Official J. European Union, vol. 385, pp. 1-6, 2004.
[14] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," Proc. USENIX Security Symp., 2004.
[15] J. Douceur, "The Sybil Attack," Proc. First Int'l Workshop on Peer-to-Peer Systems, pp. 251-260, 2002.
[16] N. Eagle and A. Pentland, "Social Serendipity: Mobilizing Social Software," IEEE Pervasive Computing, vol. 4, no. 2, pp. 28-34, Jan.-Mar. 2005.
[17] M. Farb, M. Burman, G. Chandok, J. McCune, and A. Perrig, "SafeSlinger: An Easy-to-Use and Secure Approach for Human Trust Establishment," Technical Report CMU-CyLab-11-021, Carnegie Mellon Univ., 2011.
[18] C.M. Gartrell, SocialAware: Context-Aware Multimedia Presentation Via Mobile Social Networks. ProQuest, 2008.
[19] P. Hancock, A. Burton, and V. Bruce, "Face Processing: Human Perception and Principal Components Analysis," Memory and Cognition, vol. 24, pp. 26-40, 1996.
[20] T. Isdal, M. Piatek, A. Krishnamurthy, and T.E. Anderson, "Privacy-Preserving P2P Data Sharing with OneSwarm," Proc. ACM SIGCOMM, pp. 111-122, 2010.
[21] V. Lenders, E. Koukoumidis, P. Zhang, and M. Martonosi, "Location-Based Trust for Mobile User-Generated Content: Applications, Challenges and Implementations," Proc. Ninth Workshop Mobile Computing Systems and Applications (HotMobile '08), pp. 60-64, 2008.
[22] J. Lenhard, K. Loesing, and G. Wirtz, "Performance Measurements of Tor Hidden Services in Low-Bandwidth Access Networks," Proc. Seventh Int'l Conf. Applied Cryptography and Network Security (ACNS '09), pp. 324-341, 2009.
[23] Y.-H. Lin, A. Studer, H.-C. Hsiao, J.M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang, "SPATE: Small-Group PKI-Less Authenticated Trust Establishment," Proc. Seventh Int'l Conf. Mobile Systems, Applications, and Services (MobiSys '09), pp. 1-14, 2009.
[24] Loopt, http://en.wikipedia.org/wikiLoopt, Oct. 2010.
[25] M. Macy, "Learning to Cooperate: Stochastic and Tacit Collusion in Social Exchange," Am. J. Sociology, vol. 97, no. 3, pp. 808-843, 1991.
[26] J. Manweiler, R. Scudellari, Z. Cancio, and L.P. Cox, "We Saw Each Other on the Subway: Secure, Anonymous Proximity-Based Missed Connections," Proc. 10th Workshop Mobile Computing Systems and Applications (HotMobile '09), pp. 1-6, 2009.
[27] J. Manweiler, R. Scudellari, and L.P. Cox, "SMILE: Encounter-Based Trust for Mobile Social Services," Proc. ACM Conf. Computer and Comm. Security, pp. 246-255, 2009.
[28] P. Maymounkov and D. Mazières, "A Peer-to-Peer Information System Based on the XOR Metric," Proc. First Int'l Workshop Peer-to Peer Systems (IPTPS '02), 2002.
[29] A. Mohaisen, E.Y. Vasserman, M. Schuchard, D.F. Kune, and Y. Kim, "Secure Encounter-Based Social Networks: Requirements, Challenges, and Designs," Proc. ACM Conf. Computer and Comm. Security, pp. 717-719, 2010.
[30] A.-K. Pietiläinen, E. Oliver, J. LeBrun, G. Varghese, and C. Diot, "MobiClique: Middleware for Mobile Social Networking," Proc. Second ACM Workshop Online Social Networks (WOSN '09), pp. 49-54, 2009.
[31] R.L. Rivest, A. Shamir, and D.A. Wagner, "Time-Lock Puzzles and Timed-Release Crypto," technical report, MIT, Cambridge, 1996.
[32] S. Saroiu and A. Wolman, "Enabling New Mobile Applications with Location Proofs," Proc. 10th Workshop Mobile Computing Systems and Applications (HotMobile '09), pp. 1-6, 2009.
[33] A. Studer, T. Passaro, and L. Bauer, "Don't Bump, Shake on It: The Exploitation of a Popular Accelerometer-Based Smart Phone Exchange and its Secure Replacement," Proc. 27th Ann. Computer Security Applications Conf. (ACSAC '11), pp. 333-342, 2011.
[34] M. von Arb, M. Bader, M. Kuhn, and R. Wattenhofer, "VENETA: Serverless Friend-of-Friend Detection in Mobile Social Networking," Proc. IEEE Int'l Conf. Wireless and Mobile Computing, Networking and Comm. (WiMob '08), pp. 184-189, 2008.
92 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool