ABSTRACT
Conventional mobile social services such as Loopt and Google Latitude rely on two classes of trusted relationships: participants trust a centralized server to manage their location information and trust between users is based on existing social relationships. Unfortunately, these assumptions are not secure or general enough for many mobile social scenarios: centralized servers cannot always be relied upon to preserve data confidentiality, and users may want to use mobile social services to establish new relationships. To address these shortcomings, this paper describes SMILE, a privacy-preserving "missed-connections" service in which the service provider is untrusted and users are not assumed to have pre-established social relationships with each other. At a high-level, SMILE uses short-range wireless communication and standard cryptographic primitives to mimic the behavior of users in existing missed-connections services such as Craigslist: trust is founded solely on anonymous users' ability to prove to each other that they shared an encounter in the past. We have evaluated SMILE using protocol analysis, an informal study of Craigslist usage, and experiments with a prototype implementation and found it to be both privacy-preserving and feasible.
- G. D. Abowd, G. R. Hayes, G. Iachello, J. A. Kientz, S. N. Patel, M. M. Stevens, and K. N. Truong. Prototypes and paratypes: Designing mobile and ubiquitous computing applications. In PerCom, 2005.Google ScholarDigital Library
- Alexa. Alexa the web information company. http://www.alexa.com/.Google Scholar
- S. Consolvo, P. Klasnja, D. W. McDonald, D. Avrahami, J. Froehlich, L. LeGrand, R. Libby, K. Mosher, and J. A. Landay. Flowers or a robot army?: encouraging awareness&activity with personal, mobile displays. In Ubicomp, 2008. Google ScholarDigital Library
- L. P. Cox, A. Dalton, and V. Marupadi. Smokescreen: flexible privacy controls for presence-sharing. In MobiSys, 2007. Google ScholarDigital Library
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: the second-generation onion router. In USENIX Security, 2004. Google ScholarDigital Library
- N. Eagle and A. Pentland. Social serendipity: Mobilizing social software. IEEE Pervasive Computing, 4(2):28--34, 2005. Google ScholarDigital Library
- Google Mobile. Latitude. http://www.google.com/latitude/.Google Scholar
- B. Greenstein, D. McCoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall. Improving wireless privacy with an identifier-free link layer protocol. In MobiSys, 2008. Google ScholarDigital Library
- M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In MobiSys, 2003. Google ScholarDigital Library
- M. Gruteser and D. Grunwald. Enhancing location privacy in wireless lan through disposable interface identifiers: A quantitative analysis. ACM MONET, 2005. Google ScholarDigital Library
- C. Gunter, M. May, and S. Stubblebine. A formal privacy system and its application to location based services. In Privacy Enhancing Technologies (PET), 2004. Google ScholarDigital Library
- C. Hauser and M. Kabatnik. Towards Privacy Support in a Global Location Service. In Proc. of the IFIP Workshop on IP and ATM Traffic Management, 2001.Google Scholar
- S. Jana, S. N. Premnath, M. Clark, S. K. Kasera, N. Patwari, and S. V. Krishnamurthy. On the effectiveness of secret key extraction from wireless signal strength in real environments. In Mobicom, 2009. Google ScholarDigital Library
- T. Jiang, H. J. Wang, and Y.-C. Hu. Preserving location privacy in wireless lans. In MobiSys, June 2007. Google ScholarDigital Library
- John Leyden. Teen hack suspects charged over myspace extortion bid, May 2006. The Register.Google Scholar
- P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias. Preventing Location-Based Identity Inference in Anonymous Spatial Queries. IEEE Trans. KDE, 2007. Google ScholarDigital Library
- S. Katti, J. Cohen, and D. Katabi. Information slicing: Anonymity using unreliable overlays. In NSDI, April 2007. Google ScholarDigital Library
- V. Lenders, E. Koukoumidis, P. Zhang, and M. Martonosi. Location-based trust for mobile user-generated content: applications, challenges and implementations. In HotMobile, February 2008. Google ScholarDigital Library
- Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang. Spate: Small-group pki-less authenticated trust establishment. In MobiSys, 2009. Google ScholarDigital Library
- Loopt, Inc. Your social compass | loopt. http://www.loopt.com.Google Scholar
- Louise Story and Brad Stone. Facebook retreats on online tracking, November 2007. The New York Times.Google Scholar
- J. Manweiler, R. Scudellari, Z. Cancio, and L. P. Cox. We saw each other on the subway: secure, anonymous proximity-based missed connections. In HotMobile, 2009. Google ScholarDigital Library
- D. W. Margo and H. U. Margo Seltzer. The case for browser provenance. In TaPP, 2009. Google ScholarDigital Library
- S. Mathur, W. Trappe, N. Mandayam, C. Ye, and A. Reznik. Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In Mobicom, 2008. Google ScholarDigital Library
- Megan McCarthy. How Facebook employees break into your profile, November 2007. http://www.valleywag.com.Google Scholar
- MixMinion. Mixminion anonymous remailer. http://www.mixminion.net.Google Scholar
- U. Moller, L. Cottrell, P. Palfrader, and L. Sassaman. Mixmaster protocol -- version 2. IETF Internet Draft, 2003.Google Scholar
- K. Muniswamy-Reddy, D. Holland, U. Braun, and M. Seltzer. Provenance-aware storage systems. In USENIX, 2006. Google ScholarDigital Library
- T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno. Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs. In USENIX Security, 2008. Google ScholarDigital Library
- S. Saroiu and A. Wolman. Enabling new mobile applications with location proofs. In HotMobile, 2009. Google ScholarDigital Library
Index Terms
SMILE: encounter-based trust for mobile social services
Recommendations
Location tracking via social networking sites
WebSci '13: Proceedings of the 5th Annual ACM Web Science ConferenceThe use of social media has steadily grown in recent years, and now more than ever, people are logging on to websites like Facebook, Twitter, Foursquare, and Google Latitude with the aim of broadcasting their location information. The ability to 'check ...
The Face-Off Between User Privacy and Information Exploitation in Online Social Networking
This research examines the extent to which and the path through which privacy concerns may trigger negative consequences in Social Networking Sites SNS. Contradicting conventional wisdom that privacy concerns could severely impede the adoption and ...
Self-disclosure at social networking sites: An exploration through relational capitals
In this research the authors examine member self-disclosure phenomenon at social networking sites. Self-disclosure enables member interactions, service customizations, and digital content generation and hence self-disclosure is imperative to the success ...
Comments