skip to main content
10.1145/1653662.1653692acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

SMILE: encounter-based trust for mobile social services

Published:09 November 2009Publication History

ABSTRACT

Conventional mobile social services such as Loopt and Google Latitude rely on two classes of trusted relationships: participants trust a centralized server to manage their location information and trust between users is based on existing social relationships. Unfortunately, these assumptions are not secure or general enough for many mobile social scenarios: centralized servers cannot always be relied upon to preserve data confidentiality, and users may want to use mobile social services to establish new relationships. To address these shortcomings, this paper describes SMILE, a privacy-preserving "missed-connections" service in which the service provider is untrusted and users are not assumed to have pre-established social relationships with each other. At a high-level, SMILE uses short-range wireless communication and standard cryptographic primitives to mimic the behavior of users in existing missed-connections services such as Craigslist: trust is founded solely on anonymous users' ability to prove to each other that they shared an encounter in the past. We have evaluated SMILE using protocol analysis, an informal study of Craigslist usage, and experiments with a prototype implementation and found it to be both privacy-preserving and feasible.

References

  1. G. D. Abowd, G. R. Hayes, G. Iachello, J. A. Kientz, S. N. Patel, M. M. Stevens, and K. N. Truong. Prototypes and paratypes: Designing mobile and ubiquitous computing applications. In PerCom, 2005.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Alexa. Alexa the web information company. http://www.alexa.com/.Google ScholarGoogle Scholar
  3. S. Consolvo, P. Klasnja, D. W. McDonald, D. Avrahami, J. Froehlich, L. LeGrand, R. Libby, K. Mosher, and J. A. Landay. Flowers or a robot army?: encouraging awareness&activity with personal, mobile displays. In Ubicomp, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. L. P. Cox, A. Dalton, and V. Marupadi. Smokescreen: flexible privacy controls for presence-sharing. In MobiSys, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. Dingledine, N. Mathewson, and P. Syverson. Tor: the second-generation onion router. In USENIX Security, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. N. Eagle and A. Pentland. Social serendipity: Mobilizing social software. IEEE Pervasive Computing, 4(2):28--34, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Google Mobile. Latitude. http://www.google.com/latitude/.Google ScholarGoogle Scholar
  8. B. Greenstein, D. McCoy, J. Pang, T. Kohno, S. Seshan, and D. Wetherall. Improving wireless privacy with an identifier-free link layer protocol. In MobiSys, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Gruteser and D. Grunwald. Anonymous usage of location-based services through spatial and temporal cloaking. In MobiSys, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Gruteser and D. Grunwald. Enhancing location privacy in wireless lan through disposable interface identifiers: A quantitative analysis. ACM MONET, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. C. Gunter, M. May, and S. Stubblebine. A formal privacy system and its application to location based services. In Privacy Enhancing Technologies (PET), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Hauser and M. Kabatnik. Towards Privacy Support in a Global Location Service. In Proc. of the IFIP Workshop on IP and ATM Traffic Management, 2001.Google ScholarGoogle Scholar
  13. S. Jana, S. N. Premnath, M. Clark, S. K. Kasera, N. Patwari, and S. V. Krishnamurthy. On the effectiveness of secret key extraction from wireless signal strength in real environments. In Mobicom, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. T. Jiang, H. J. Wang, and Y.-C. Hu. Preserving location privacy in wireless lans. In MobiSys, June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. John Leyden. Teen hack suspects charged over myspace extortion bid, May 2006. The Register.Google ScholarGoogle Scholar
  16. P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias. Preventing Location-Based Identity Inference in Anonymous Spatial Queries. IEEE Trans. KDE, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. S. Katti, J. Cohen, and D. Katabi. Information slicing: Anonymity using unreliable overlays. In NSDI, April 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. V. Lenders, E. Koukoumidis, P. Zhang, and M. Martonosi. Location-based trust for mobile user-generated content: applications, challenges and implementations. In HotMobile, February 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang. Spate: Small-group pki-less authenticated trust establishment. In MobiSys, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Loopt, Inc. Your social compass | loopt. http://www.loopt.com.Google ScholarGoogle Scholar
  21. Louise Story and Brad Stone. Facebook retreats on online tracking, November 2007. The New York Times.Google ScholarGoogle Scholar
  22. J. Manweiler, R. Scudellari, Z. Cancio, and L. P. Cox. We saw each other on the subway: secure, anonymous proximity-based missed connections. In HotMobile, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. W. Margo and H. U. Margo Seltzer. The case for browser provenance. In TaPP, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. S. Mathur, W. Trappe, N. Mandayam, C. Ye, and A. Reznik. Radio-telepathy: extracting a secret key from an unauthenticated wireless channel. In Mobicom, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Megan McCarthy. How Facebook employees break into your profile, November 2007. http://www.valleywag.com.Google ScholarGoogle Scholar
  26. MixMinion. Mixminion anonymous remailer. http://www.mixminion.net.Google ScholarGoogle Scholar
  27. U. Moller, L. Cottrell, P. Palfrader, and L. Sassaman. Mixmaster protocol -- version 2. IETF Internet Draft, 2003.Google ScholarGoogle Scholar
  28. K. Muniswamy-Reddy, D. Holland, U. Braun, and M. Seltzer. Provenance-aware storage systems. In USENIX, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno. Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs. In USENIX Security, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. S. Saroiu and A. Wolman. Enabling new mobile applications with location proofs. In HotMobile, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. SMILE: encounter-based trust for mobile social services

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Conferences
      CCS '09: Proceedings of the 16th ACM conference on Computer and communications security
      November 2009
      664 pages
      ISBN:9781605588940
      DOI:10.1145/1653662

      Copyright © 2009 ACM

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 9 November 2009

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article

      Acceptance Rates

      Overall Acceptance Rate1,261of6,999submissions,18%

      Upcoming Conference

      CCS '24
      ACM SIGSAC Conference on Computer and Communications Security
      October 14 - 18, 2024
      Salt Lake City , UT , USA

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader