encore: private, context-based communication for mobile social apps
DESCRIPTION
EnCore: Private, Context-based Communication for Mobile Social Apps. Paarijaat Aditya 1 , Viktor Erdelyi 1 , Matthew Lentz 2 , Elaine Shi 2 , Bobby Bhattacharjee 2 , Peter Druschel 1 Max Planck Institute for Software Systems (MPI-SWS) 1 University of Maryland 2. - PowerPoint PPT PresentationTRANSCRIPT
1
EnCore: Private, Context-based Communication for Mobile Social Apps
Paarijaat Aditya1, Viktor Erdelyi1, Matthew Lentz2, Elaine Shi2, Bobby Bhattacharjee2, Peter Druschel1
Max Planck Institute for Software Systems (MPI-SWS) 1 University of Maryland2
MobiSys 2014, 17th June 2014, Bretton Woods, NH, USA
2
Mobile social apps
Provide services based on users’ location, activity, nearby users
Social discovery
Discover relevant nearby users
Social sharing
Share content with nearby people
Social tagging
Search and organize content by
social context
6
Discover friends and strangers
Form socially relevant groups
Steve JohnAndy
Julia
Goal: enable rich functionality while protecting user privacy
7
Via short range radio
Discover presence
Exchange a key
Implementing mobile social appsVia app provider
Info uploadedLocationActivityContent
Social profile
Sensitive info shared with app provider Tracking via Bluetooth
encrypted content shared
via cloud
8
Requirements
EnCore
Social Discovery
Social sharing
Secure encounters
Events:groups of socially
relevant encounters
Secure communication between event members
Search & organize content by events
Social tagging
Our previous work: SDDR[To appear: Usenix Security ‘14]
This talk
In the paper
Background
9
SDDR - secure encounters
Cryptographic handshake over Bluetooth
Produces a shared-key for each encounter
orEncrypted with
shared-key
Secure discovery Selectively reveal identifiable info
Power efficiency
Untrusted channel
Prevents tracking via Bluetooth Identify ‘friends’ while remaining
anonymous to all others
10
Requirements
EnCore
Social discovery
Social sharing
Secure encounters
Events:groups of socially
relevant encounters
Secure communication between event members
Search & organize content by events
Social tagging
11
Identify relevant encounters usingcontextual information
Context App
Encounters
Location & Activity
Calendar
Events
Time and Date
DurationKnown contacts
UnknownIn close proximity
Further away
JuliaYou
Unknown
Events: groups of socially relevant encounters
Event 1 - discussion Event 2: stay at the cafe
Contextual info helps in identifying
relevant encounters
12
discussion
stay at cafe
Discussion
stay at the cafe
?
Julia You
Reading group
Unknown
Others at the Cafe
13
Requirements
EnCore
Social discovery
Social sharing
Secure Encounters
Events:groups of socially
relevant encounters
Secure communication between event members
Search & organize content by events
Social tagging
14
Secure communication within ‘Events’
1. Create a group key and a folder
folderurl +
folderurl +
Julia
Unknown
shared key with “unknown”
shared key with “Julia”
2. Encrypt with the group keyand upload to the folder
You
During event creationWhile sharing documents
folderurl
+
15
Requirements
EnCore
Social discovery
Social sharing
Secure Encounters
Events:groups of socially
relevant encounters
Secure communication between event members
Search & organize content by events
Social tagging
In the paper
16
Evaluation – live deployments4 deployments over 1 year
‘rooted’ devices running the Context app
35 researchers, up to 2 weeks @ MPI-SWS
and as the storage backend
Integrated in the ‘share’ menu
MPI-SWS, Saarbrucken
Context app
17
Usage128 events, 400 posts• Mostly photos and text
Types of events created
Karaoke Lunch Bus ride
Lecture Meetings “Free food!”
Taking a break
“Coffee anyone?”
KVM bug – help!Reading group
18
Usage
Users automatically resolved conflicts(multiple events for a single gathering)
Conversations within events continued even after the actual gathering ended
19
User feedback
“Can I install it on my phone?”
“Please integrate this with WhatsApp and
Gmail!”
“Can you make it automatically create
events?”
“I would rather share pics via this app, than
to write an email!”
20
ConclusionMobile social apps introduce significant privacy challenges
EnCore:platform that enables rich mobile social apps while putting user in control of their privacy
Users found it useful and found creative uses that we didn’t anticipate!
mobilesystems.mpi-sws.org/encore
22
Sharing over individual encounters
Past Encounter
(EncounterID & shared-secret)
Hi, I met you in the Cafe today. Here is the
link to the video I mentioned.
Message Encrypted with shared-secret
Email to [email protected]
Query messages [email protected]
A commercial disposable email service
23
SDDR is optimized for power efficiencyHandshake protocol is non-interactive• Handshake info. encoded on Bluetooth low energy (BLE)
advertisements
Device in sleep modeCPU asleepBroadcasting BLE adv.
Device awakeCPU awake
Discovering BLE adv.Forming encounters
Advertising rate: few secondsDiscovery rate: ~15 sec
Diffie-Hellman forshared- secret
Bloom filter forselective linkability SDDR’s BLE advertisement
Adv Adv