Solutions to Security and Privacy Issues in Mobile Social Networking

Speaker: Xiaoliang Li

Shijie Yang

Xinyang Li

Instructor: Shambhu Upadhyaya

Date: 04/30/2015

4 /30/20152

Outline

Introduction Background Security Analysis Solution Analysis Conclusion

4 /30/20153

Introduction

The focus is on security and privacy in location-aware mobile social network (LAMSN) systems.

Security and Privacy Problems. Propose a design for a system that provides

solutions for these security and privacy problems.

4 /30/20154

Outline

Introduction Background Security Analysis Solution Analysis Conclusion

4 /30/20155

Background

Mobile social networking.

Mobile social networking is social networking where individuals with similar interests converse and connect with one another through their mobile phone and/or tablet

A current trend for social networking websites, such as Facebook is to create mobile apps to give their users instant and real-time access from their device.

4 /30/20156

Background

Mobile social networking.

4 /30/20157

Background

Mobile social networking is hot.

Facebook: There are 1.9 billion mobile active users (MAU) (Source: Facebook as of 1/28/15) an increase of 26 percent year-over-year.

Twitter: 288 million monthly active users and 80% of Twitter active users are on mobile

4 /30/20158

Background

Relevant features of mobile social networking.

Context information

4 /30/2015 9

Background

Relevant features of mobile social networking.Many applications enables the

creation of context-aware (location-aware) services that exploit social network information found on existing online social network.

These Apps pay little heed to the security and privacy concerns associated with revealing one’s personal social networking preferences and friendship information to the ubiquitous computing environment.

4 /30/201510

Outline

Introduction Background Security Analysis Solution Analysis Conclusion

Security and privacy issue

Direct anonymity Indirect anonymity or K-anonymity Eavesdropping, spoofing, replay, and

wormhole attacks

4 /30/2015 11

Security and privacy issue

Peer-to-Peer Model Client-Server Model

4 /30/2015 12

Security and privacy issue

P2P system

CS system

Direct anonymity YES YES

Indirect anonymity or K-anonymity

YES YES

Eavesdropping, spoofing, replay, and wormhole attacks

YES NO

Security and privacy issue

Direct anonymity

4 /30/2015 13

Security and privacy issue

Indirect anonymity or K-anonymity

4 /30/2015 14

Security and privacy issue

Eavesdropping, spoofing, replay, and wormhole attacks

4 /30/2015 15

4 /30/201516

Outline

Introduction Background Security Analysis Solution Analysis Conclusion

Solutions Identity Server and Anonymous Identifier

4 /30/2015 17

IS & AID

Generate AID using a cryptographic hash function such as SHA-1, with a random salt value.

Consume AID or remove AID when it is timeout

IS does not support the retrieval of personally identifiable information

Solves the direct anonymity problem.

4 /30/2015 18

K-Anonymity

Exploring the use of logic simplification algorithms such as Quine-McCluskey to solve K-Anonymity problem.

Algorithms determine admissible sets that should maintain to guarantee at least k minimal sets of users are always indistinguishable as related to the n sequential sets.

4 /30/2015 19

Eavesdropping, Spoofing, Replay, and Wormhole Attacks AIDs prevent spoofing and replay attacks. IS verifies if mobile device who attempts to

obtain social network information for the mobile user associated with this AID is within an acceptable range of this AID to solve Wormhole Attacks.

Provide reasonable protection against eavesdropping such as HTTPS.

4 /30/2015 20

4 /30/201521

Outline

Introduction Background Security Analysis Solution Analysis Conclusion

Conclusion

support anonymous exchange of social network information with real world location-based systems.

enable context-aware systems that do not compromise users’ security and privacy.

Show it is possible to move forward with creative mobile social network applications without further compromising user security and privacy.

4 /30/2015 22

4 /30/201523

Thank you !