Designing a communication system based around 'encounters' between users (and their devices) that enables a wide variety of mobile social applications, while providing strong privacy guarantees and using light-weight, energy-efficient protocols.
enClosure: Group Communication via Encounter Closures
Lillian Tsai, Roberta De Viti, Matthew Lentz, Stefan Saroiu, Peter Druschel, Bobby Bhattacharjee
Mobisys 2019 (Conference on Mobile Systems, Applications, and Services)
New applications enabled by personal smart devices and the Internet-
of-Things (IoT) require communication in the context of periods of spatial
co-location. Examples of this encounter-based communication (EbC) include
social exchange among individuals who met or shared an experience, and
interaction among personal and IoT devices that provide location-based
services. Existing EbC systems are limited to communication among
participants that share a direct encounter.
This paper is inspired by two insights: (1) encounters also enable group communication among devices connected by paths in the encounter graph that is contextual, spontaneous, secure, and does not require users to reveal identifying or linkable information; and (2) addressing communication partners using encounter closures subject to causal, spatial, and temporal constraints enables powerful new forms of group communication.
We present the design of enClosure, a service providing group communication based on encounter closures for mobile and IoT applications, and a prototype implementation for Android and the Microsoft Embedded Social Cloud platform. Using real-world traces, we show that enClosure provides a privacy-preserving, secure platform for a wide range of group communication applications ranging from connecting attendees of a large event and virtual guest books to disseminating health risk warnings, lost-and-found, and tracing missing persons.
Brave New World: Privacy Risks for Mobile Users
Paarijaat Aditya, Bobby Bhattacharjee, Peter Druschel, Viktor Erdelyi, Matthew Lentz
SPME 2014 (Workshop on Security and Privacy Aspects of Mobile Environments)
Emerging mobile social apps use short-range radios to discover nearby devices
and users. The device discovery protocol used by these apps must be highly
power efficient since it runs continuously in the background. Also, a good
protocol must enable secure communication (both during and after a period of
device co-location), preserve user privacy (users must not be tracked by
unauthorized third parties), while providing selective linkability (users
can recognize friends when strangers cannot) and efficient silent revocation
(users can permanently or temporarily cloak themselves from certain friends,
unilaterally and without rekeying their entire friend set).
We introduce SDDR (Secure Device Discovery and Recognition), a protocol that provides secure encounters and satisfies all of the privacy requirements while remaining highly power efficient. We formally prove the correctness of SDDR, present a prototype implementation over Bluetooth and show how existing frameworks, such as Haggle, can directly use SDDR. Our results show that the SDDR implementation, run continuously over a day, uses only ~10% of the battery capacity of a typical smartphone. This level of power consumption is four orders of magnitude more efficient than prior cryptographic protocols with proven security, and one order of magnitude more efficient than prior (unproven) protocols designed specifically for power-constrained devices.
EnCore: Private, Context-based Communication for Mobile Social Apps
Paarijaat Aditya, Viktor Erdelyi, Matthew Lentz, Elaine Shi, Bobby Bhattacharjee, Peter Druschel
MobiSys 2014 (International Conference on Mobile Systems, Applications, and Services)
Mobile social apps provide sharing and networking opportunities based on a user's
location, activity, and set of nearby users. A platform for these apps must meet a
wide range of communication needs while ensuring users' control over their privacy.
In this paper, we introduce EnCore, a mobile platform that builds on secure
encounters between pairs of devices as a foundation for privacy-preserving
communication. An encounter occurs whenever two devices are within Bluetooth radio
range of each other, and generates a unique encounter ID and associated shared key.
EnCore detects nearby users and resources, bootstraps named communication
abstractions called events for groups of proximal users, and enables communication
and sharing among event participants, while relying on existing network, storage
and online social network services. At the same time, EnCore puts users in control
of their privacy and the confidentiality of the information they share. Using an
Android implementation of EnCore and an app for event based communication and
sharing, we evaluate EnCore's utility using a live testbed deployment with 35 users.