Designing a communication system based around 'encounters' between users (and their devices) that enables a wide variety of mobile social applications, while providing strong privacy guarantees and using light-weight, energy-efficient protocols.
Brave New World: Privacy Risks for Mobile Users
Paarijaat Aditya, Bobby Bhattacharjee, Peter Druschel, Viktor Erdelyi, Matthew Lentz
SPME 2014 (Workshop on Security and Privacy Aspects of Mobile Environments)
Emerging mobile social apps use short-range radios to discover nearby devices
and users. The device discovery protocol used by these apps must be highly
power efficient since it runs continuously in the background. Also, a good
protocol must enable secure communication (both during and after a period of
device co-location), preserve user privacy (users must not be tracked by
unauthorized third parties), while providing selective linkability (users
can recognize friends when strangers cannot) and efficient silent revocation
(users can permanently or temporarily cloak themselves from certain friends,
unilaterally and without rekeying their entire friend set).
We introduce SDDR (Secure Device Discovery and Recognition), a protocol that provides secure encounters and satisfies all of the privacy requirements while remaining highly power efficient. We formally prove the correctness of SDDR, present a prototype implementation over Bluetooth and show how existing frameworks, such as Haggle, can directly use SDDR. Our results show that the SDDR implementation, run continuously over a day, uses only ~10% of the battery capacity of a typical smartphone. This level of power consumption is four orders of magnitude more efficient than prior cryptographic protocols with proven security, and one order of magnitude more efficient than prior (unproven) protocols designed specifically for power-constrained devices.
EnCore: Private, Context-based Communication for Mobile Social Apps
Paarijaat Aditya, Viktor Erdelyi, Matthew Lentz, Elaine Shi, Bobby Bhattacharjee, Peter Druschel
MobiSys 2014 (International Conference on Mobile Systems, Applications, and Services)
Mobile social apps provide sharing and networking opportunities based on a user's
location, activity, and set of nearby users. A platform for these apps must meet a
wide range of communication needs while ensuring users' control over their privacy.
In this paper, we introduce EnCore, a mobile platform that builds on secure
encounters between pairs of devices as a foundation for privacy-preserving
communication. An encounter occurs whenever two devices are within Bluetooth radio
range of each other, and generates a unique encounter ID and associated shared key.
EnCore detects nearby users and resources, bootstraps named communication
abstractions called events for groups of proximal users, and enables communication
and sharing among event participants, while relying on existing network, storage
and online social network services. At the same time, EnCore puts users in control
of their privacy and the confidentiality of the information they share. Using an
Android implementation of EnCore and an app for event based communication and
sharing, we evaluate EnCore's utility using a live testbed deployment with 35 users.